Can EEE Eliminate Hurdles In Cybercrime Investigations?

by Priyanka Pugaokar    Mar 11, 2017

security

In a move to facilitate speedy prosecution of cybercrime and financial fraud cases, the government recently announced that it would appoint Examiner of Electronic Evidence (EEE) under section 79A of the IT Act 2000, to authenticate electronic evidences in the court. With the appointment of EEE, the government aims at eliminating the present hurdles in collecting, analyzing and proving digital evidences in the court of law.

Since digital forensics is a crucial element in the cybercrime investigations, cyber security analysts expect that EEE will improve the present state of digital forensics mechanism in India. However, scarcity of manpower, lack of infrastructure and awareness are the major hurdles EEE will have to overcome for ensuring justice to victims.

Significance Of Digital Forensics

Every crime has some aspect of digital, which sometimes is a vital link in the investigation. With the growing sophistication of cybercrimes, the traditional methods of investigation are no longer helpful in prosecution. Digital forensics is specialized investigative science, where specialized cyber forensic investigators identify, acquire, maintain, analyse and report the digital evidences.

Digital evidence aids in cases such as online fraud, harassment, IP theft, ID theft, hacking, pornography, malware attacks and many more, where incriminating documents are likely to be found on the victim’s or the suspect’s computer. However, for electronic evidence to be legally admissible in court, investigators need to follow proper legal procedures in recovering and analysing data from computer systems.

“There are various aspects associated with digital forensics like network forensics, memory forensics, file system forensics, mobile forensics, operating system forensics, browser forensics, email analysis, log analysis, disk imaging, establishing timeline of occurrence of events, identifying indicators of compromise and many more which need to be carried out in order to find substantial evidences that can be presented in court of law”, said Rohit Goel, Information Security Analyst, Tata Consultancy Services.

State Of Digital Forensic Labs In India

Despite of an exponential growth in the cybercrimes, the current state of cybercrime investigation mechanism is in a vulnerable state in India. Government forensic labs are presently over-burdened and in spite of good round the clock work of staff; pendency is growing every passing day. Also, as technology advances, these labs need to be updated on a real time basis. On the other hand, there are few private labs established in India for Cyber forensics assisting activities, but they are not approved by the government and hence not contributing significantly in the mainstream activities. Since there is no approval from the government to these private labs, cyber experts and agencies mostly find it impracticable to invest in such labs.

Cybercrime is happening across India, however, presently only a few cities have proper cyber forensic labs to assist police machinery. This results in huge pendency of cybercrime investigations. Secondly shortage of funds is another major cause of concern for LEA’s. Therefore, cybercrime experts voice for cyber forensics labs not only in metros and cities, but in every district and town, where internet penetration is high and IT infrastructure is strong.

Challenges In Obtaining Digital Evidences

Though digital evidences form a major component in the cybercrime crimes, there are several obstacles in collecting the evidences and prove it in the court of law. The collection and analysis of massive data generated from multiple devices, is the biggest challenge in front of the investigation agencies. Encryption is another hurdle in terms of retrieving the information from encrypted devices. Today, organizations highly leverage cloud for data storage. In such scenario, an absence of a cooperation treaty between the two countries makes investigation difficult.

“The police often does faulty investigation or collect the evidence wrongly that creates loopholes. Private digital forensics without court prior permission also makes a very weak case. Secondly, digital evidence is volatile and storing digital evidence in courts is a challenge as it can become useless after 3-4 years”, said advocate Prashant Mali, President of Cyber Law Consulting.

Most significantly, the dearth of trained manpower and lack of awareness about digital evidences creates hurdles in the cybercrime investigations. “Lack of proper knowledge about collection of digital evidence is a major hindrance. Again, lack of training of LEA’s about 65B is very crucial and many times good investigation suffers on part of procedural lapses as mandated under section 65B. Use of the many freeware tools also hampers evidentiary value of the investigation”, said Advocate Mahendra Limaye, Cyber Legal Consultant.

Will EEE Speed Up Investigation?

Advocate Limaye believes that the collaboration between private and public agencies will serve the purpose of establishment of EEE in a much efficient way. “Electronic Evidence Examiner (EEE) will share the burden on existing set up and speed up the investigation procedure. But as per my knowledge government is looking only to those agencies which are from government sectors. Private players are again presently eliminated from this procedure. I firmly believe that we need a huge Private, Public Partnership in this movie”, Lima said.

The significance of Digital evidence in cybercrime investigation is immense. However, the potential of digital forensics is presently not appropriately understood by Law enforcement agencies. Goel said that EEE will independently verify the authenticity of the evidence and that will eliminate the loopholes in the process facilitating speedy and unbiased investigation.

“Due to the fragility and sensitivity of the electronic evidence, the police are currently requesting court for permission to send the electronic evidence to a forensic lab for expert opinion. The establishment of various EEE organizations would speed up the proceedings of the court as any of the legal entities can, not mandatory, approach these EEE directly at the investigation step, to verify the authenticity of the evidence and submit the evidence u/s 65B of Indian Evidence Act”, Goel said.  

Acknowledging the importance of digital forensics in cybercrime investigations, the government has taken a very crucial step to appoint EEE. However, it has taken almost 9 years for government to take a move after the IT Act was amended to mandate appointment of such examiners in 2008. The history says many crucial initiatives lies only on paper and does not reflect in actual implementation. Industry experts expect that considering the gravity of current cybercrime scenario in the country, the government should speed up the procedures and come up with viable mechanism for cybercrime investigations, which will encourage victims to report the crimes.