How Delhi’s cyber-forensics lab helps crack ‘blind cases’

by admin
How Delhi’s cyber-forensics lab helps crack ‘blind cases’
How Delhi’s cyber-forensics lab helps crack ‘blind cases’


New Delhi: A t-shirt he wore in his WhatsApp profile picture helped lead to the undoing of a murder suspect in Delhi. In another case, a man who allegedly blackmailed married women using explicit photographs of them was arrested even though he had deleted the evidence from his many electronic devices.

These are just some of the “blind cases” that highly trained personnel at the National Cyber Forensics Lab (NCFL), attached to the Special Cell of the Delhi Police, helped crack this year. In some such cases, where there may be no smoking gun or bloody trail to follow, invisible clues linger in the internet ether or in traces left in hardware.

Senior Delhi Police officers told ThePrint that this is the first investigating forensic lab in India that specialises in cybercrime or evidence.

“We have blind cases of murder, blackmail for extortion, and other cybercrimes, etc, where data (key to the case) has already been deleted. In such cases, the devices are sent to NCFL to ensure timely action and evidence,” a senior police officer said.

Fast data detection and retrieval from damaged or erased devices has become increasingly important, especially with cybercrimes witnessing a dramatic increase, said K.P.S. Malhotra, Deputy Commissioner of Police (DCP) at the Intelligence Fusion & Strategic Operations (IFSO) wing of the Special Cell, under which the NCFL operates.

“The data derived from the lab, and then analysed, helps build a stronger case. Earlier, there were limited resources when it came to video enhancement, audio detection, and reviving dead devices to get deleted data,” DCP Malhotra added.

Investigations by the cyber-forensics lab have been described by police as crucial to solving two cases in recent months — a murder at Daryaganj in May, and an alleged honeytrap-and-blackmail operation found to be targeting married women earlier in the year.

Also Read: Delhi Police arrest student, 3 others for cheating pilgrims of Rs 50L with ‘fake’ chopper tickets

A ‘love affair’, a murder, and a t-shirt

On the sweltering night of 17 May, a 47-year-old man stopped outside a school in Daryaganj to relieve himself. Seconds later, one of two men riding a white motorcycle gunned him down at close range and disappeared into the dark.

Investigations are learnt to have revealed later that the victim’s wife was unhappy with him, reportedly because he spent too much time drinking and flying kites.

She is believed to have eventually found a new love interest on Facebook and was keen to marry him, but first she wanted her husband dead. She and her lover then allegedly hired another man to do the job for a few lakhs of rupees.

Where the cyber-forensics lab came in was establishing a clear link between the victim, the shooter, and the other two accused.

When the NCFL combed through the phones of the husband and wife, they realised that his phone was wiped clean. “The call logs and other data were deleted from the man’s phone,” a senior officer at the forensic lab said. “But we recovered the data from the phone… this was done in two days.”

Among the data recovered from the husband’s phone was a screenshot of a WhatsApp profile. This image showed a man who was wearing the same t-shirt as one of the two bike-borne men.

It is unclear why the victim’s phone had a screenshot of the assailant’s WhatsApp profile, but the recovered image helped the police cement their case. The wife, her lover, and the suspected hired killer have all been arrested.

Photos of 1,000 women, Rs 50 lakh extortion spoils

In 2020, a married woman came to Delhi with a man who said he loved her, hoping to settle down and start afresh. But instead, she claimed, he locked her up, beat her, and sexually assaulted her.

One day, she managed to leave the house on the pretext of buying milk and approached the authorities.

She also filed a petition in court, alleging that the man had not only abused her but had also put up nude pictures of her on multiple adult websites. The IFSO unit lodged a complaint on the directions of the court.

The investigating team first sent letters to get the content removed from the websites and started tracking the IP address from which it was uploaded. But definitive evidence was not readily available.

“Upon reaching the location [of the accused], the police team recovered four laptops, and 17 mobile phones — data from which was already deleted, and so they were sent to the NCFL lab,” a senior police officer said.

When the lab retrieved the data from these devices, it suggested the man was a repeat offender.

“Obscene images of more than 1,000 women were found in the devices,” the senior officer at the forensic lab said.

“The accused would honey-trap married women and then blackmail them. He extorted over Rs 50 lakh from multiple women,” the officer added. “The recovery and analysis of the data by the forensic team helped collect evidence against the accused. A chargesheet in the case has been filed.”

Tackling damaged phones, malware, WhatsApp chats

With a range of high-tech equipment, the NCFL excavates forensic evidence from mobiles, networks, and computers at speed. It also uses audio and video enhancement tools where necessary.

The NCFL was also instrumental in identifying the code scripts and suspects in the high-profile Sulli Deals and Bulli Bai cases, where photos and personal details of Muslim women were uploaded for an ‘auction’.

“We have the best malware detection tools like FireEye and Sandbox. We can detect everything — how the malware is spreading, what it is tracking — by putting it in an isolated environment,” the lab officer said.

Officers in the lab said that in case a phone is damaged, they usually replace the broken part, fix it or use another design to retrieve the data using various tools.

If the data has been deleted and the phone isn’t damaged, it takes seven to eight hours to get all the data back, including WhatsApp chats.

As far as laptops are concerned, MacBooks still continue to take a longer time in terms of getting deleted data back, officers said, adding that hard disks and other laptops usually take around 48-72 hours. However, it becomes a major challenge if the data is overwritten, they added.

While the cyber-forensics lab has existed since 2008, it was named the National Cyber Forensics Lab and accredited at the national level in 2018.

In November last year, the Cyber Prevention Awareness Unit (CyPAD) of the Delhi Police was renamed as the Intelligence Fusion and Strategic Operations unit. This was done to tackle the spike in cyber-crimes. The NCFL was attached to the IFSO unit of the Special Cell in 2019.

At present, there are 25 staff members at the NCFL. Most have a BTech or Master’s in Computer Applications degree at least, and some have been trained in Russia and the US. Workshops are regularly held to polish the skills of the lab’s staff.

“We have some experts on contractual basis, apart from police personnel,” the senior lab officer who was quoted earlier said.

In addition to the police, the NCFL also assists the Central Bureau of Investigation (CBI) and Enforcement Directorate (ED), mostly in cybercrime cases.

(Edited by Asavari Singh)

Also Read: How ‘Chinese app scams’ have been targeting lakhs of Indians, looting crores since WFH took off




Source link

You may also like