On the cutting edge of cyber forensics

When Inspector Vijay Gehlavat joined Delhi Police Cyber ​​Cell in 2008, it included two workplaces in Malviya Nagar and a team of about eight officers.

Thirteen years later, the force’s cyber unit is working to meet its very own National Cyber ​​Forensic Laboratory (NCFL) and the technical investigation requirements of cases from across the country.

Mr. Gehlawat, now sitting in his own office at the Cyber ​​Prevention Awareness Detection (CyPAD) center at the NCFL office in Dwarka, recalled how he was the only officer to do all the analysis.

“At that time, there was less capacity and less requirement. The only essential things were analyzing email IDs, IP addresses and call detail records. CDR analysis meant seeking details from service providers and then manually analyzing it.

Increase workstation

Mr. Gehlawat said that there was a big change in 2011-12, when the number of workplaces increased to seven and the office shifted to Mandir Marg.

In 2015, Deputy Commissioner of Police (Cyber ​​Cell) Anish Roy joined the unit. Six years ago, there was no dedicated institutional mechanism to participate in cybercrime or even a dedicated forum to report them. It was still under the Economic Offenses Wing of the Delhi Police, Mr. Roy said, “Special units like Crime Branch and Special Cell had their own cyber cells, but they only focused on their needs. This cyber cell was headquartered at the headquarters level. Was taking care of the needs. ”

In 2019, CyPAD was inaugurated and brought directly under Special Cell, while the Economic Offenses Wing remained a separate entity.

Change platforms

However, Mr Roy said that the nature of complaints has remained mostly the same and only the platforms have changed. Two broad categories include: online harassment and online fraud. “Over the years, the number of cases has increased under both heads, proportionately,” he said.

Talking Hindu As to how the technology has evolved over the years and used in investigations, Mr. Roy pointed out that cybercrime investigations have two aspects: the digital footprint and the money trail.

The digital footprint, essentially involves examining the platforms used: the victim’s device and the suspect’s device.

“When it comes to platforms like Facebook, Google, Twitter, Instagram, we have to ask them for information. The difficulty for any law enforcement agency is that most of these platforms are foreign-based private entities and it is a challenge to get information, but since 2018, the government at the highest level is following up with these platforms So as to ensure that they respond to these agencies, ”he said.

Talking about the major changes, Mr. Roy said that the institutional mechanism for investigating and reporting cybercrime has now been firmly established. Over the years, each district of the capital has set up a separate cyber cell in addition to the CyPAD unit, which continuously participates with the district cyber cells. “Now there is structure and manpower. In 2015, we were only 53 officers and now we are more than 450 officers, including CyPAD and District Cyber ​​Cells, ”he said.

Mr. Roy said that the online portal where complaints are lodged is tracked on an hourly basis and there is a dedicated team for the same.

It was only from 2018 that the latest technologies have been actively acquired for the purpose of investigation. Listing some, Mr. Roy said that memory forensics has increased manifold in the last three years as Delhi Police can now extract information removed from the device using an improved version of the devices.

Police are currently using Encase, Forensic Tool Kit (FTK), Universal Forensic Extraction Device (UFED) in other devices capable of copying, analyzing and removing deleted information from most devices.

Citing an example, Mr. Gehlawat shared how the unit was burned down and a damaged phone was removed from the spot where a man was murdered.

“After extracting the deleted data from those phones, it was discovered that the wife had killed the man,” he said.

Phone data extraction

He said that with the current technology with the police, more than 40,000 types of PF phones can be extracted from the data.

Earlier, there was no way to remove the deleted information, Mr. Roy said. “FTK existed in 2008 but in a very primitive form,” Mr. Gehlawat said.

Another technique the department is proud of is malware and spyware-detection tools such as FireEye, which enable them to detect if a system is under attack for espionage.

“Previously, we had no technology to detect infected or hacked systems. This special technique enables us to analyze the type of attack and where the information is being sent, ”said Mr. Roy.

Since 2020, one technique that has been widely used during the investigation is video and photograph enhancements.

This has proved to be a boon in investigations related to last year’s communal riots. Currently, the force is using programs called Amped Five and Kanescence for this purpose.

Solving cases

Giving an example, Mr. Gehlawat said that while investigating a kidnapping case, he managed to grab a video from grainy CCTV footage to locate the number plate of a motorcycle. “This helped the police to locate the accused and rescue the child,” he said.

Currently, the Delhi Police has 10 dedicated laboratories, including memory forensics, mobile forensics, cloud forensics, network forensics, crypto forensics, malware forensics, image and video enhancement, damaged device labs for mobile and laptops, and not just officers Working in the information technology cadre, domain experts have also been hired from outside the force.

Although the city’s police have come a long way from the “dark ages”, they face some challenges, including obtaining encrypted data from locked devices and issuing privacy, which “to obtain information. Enable service providers to wash their hands ”.

Another major challenge is the increasing use of virtual private networks, which makes it difficult to track online activities.