CYBER CRIME AND CYBER FORENSIC

LECTURES

Dr. Sarvesh Kumar Shahi, Assistant Professor - II,

School of Law, KIIT Deemed to be University,
Bhubaneswar, Odisha
•CONCEPT OF CYBER
SPACE
 Meaning of CYBER SPACE

• The term “cyber” has been used to describe almost anything

that is connected with networks and computers.
• In common parlance, ‘cyberspace’ is the environment in which
communication over computer networks occurs.
• Ottis, R. & Lorents offer the following definition: “cyberspace is
a time-dependent set of interconnected information systems
and the human users that interact with these systems.
• Norbert Wiener (the father of cybernetics -The science of
control of communication in the machine) and William Gibson.
• William Gibson, who used the word for the first time .
• The term cyber has evolved from the work of Norbert Wiener, who
defined the term cybernetics in the title of his book as “control and
communication in the animal and the machine” (Wiener 1948). The idea
that humans can interface with machines and that the resulting system
can provide an alternative environment for interaction provides a
foundation for the concept of cyberspace.
• "Cyberspace" is a term coined by William Gibson in his fantasy novel
Neuromancer to describe the "world" of computers, and the society that
gathers around them (Gibson, W. 1986). Gibson's fantasy of a world of
connected computers has moved into a present reality in the form of the
Internet. In cyberspace people "exist" in the ether- you meet them
electronically, in a disembodied, faceless form.
• The Oxford English Dictionary defines “cyber space” as the space of virtual
reality; the notional environment within which electronic communication
• According to the UK Cyber Security Strategy, 2011, cyberspace is an
interactive domain made up of digital networks that is used to store, modify
and communicate information.
• Although several definitions of cyberspace can be found both in scientific
literature and in official governmental sources, there is no fully agreed official
• definition yet. According to F. D. Kramer there are different definitions of the
term cyberspace (FD Kramer, S., et al.,., 2009).The most recent draft
definition is the following: Cyberspace is a global and dynamic domain
(subject to constant change) characterized by the combined use of electrons
and electromagnetic spectrum, whose purpose is to create, store, modify,
exchange, share and extract, use, eliminate information and disrupt physical
resources.
 Cyberspace includes:

• Physical infrastructures and telecommunications devices

that allow for the connection of technological and
communication system networks, understood in the broadest
sense (SCADA devices, smart phones/tablets, computers,
servers, etc.);
• Supervisory Control and Data Acquisition (SCADA) systems
are used for controlling, monitoring, and analyzing industrial
devices and processes. The system consists of both software
and hardware components and enables remote and on-site
gathering of data from the industrial equipment.
• Computer systems and the related software that guarantee the
domain's basic operational functioning and connectivity;
• Networks between computer systems;
• Networks of networks [networks of networks are called Internet ] that
connect computer systems (the distinction between networks and
networks of networks is mainly organizational);
• The access nodes of users and intermediaries routing nodes;
• Constituent data (or resident data). - Data residency refers to the
physical or geographic location of an organization's data or information.
• Cyberspace should not be confused with ‘internet’. While the
internet is the interconnection between millions of computers
located around the world, each of them independently managed by
persons who have chosen to adhere to common communications
protocols.
• the term ‘cyberspace’ is often used simply to refer to objects and
identities that exist largely within the computing network itself, so
that a web site, for example, might be metaphorically said to ‘exist
in cyberspace’. According to this interpretation, events taking place
on the internet are not therefore happening in the countries where
the participants or the servers are physically located, but ‘in
cyberspace’.
 A"four"layer"model to understand the character of
cyberspace
• From the top down, the important layers are:
• • The people who participate in the cyber-experience—who communicate,
work with information, make decisions and carry out plans, and who
themselves transform the nature of cyberspace by working with its
component services and capabilities.
• • The information that is stored, transmitted, and transformed in cyberspace.
• • The logical building blocks that make up the services and support the
platform nature of cyberspace.
• • The physical foundations that support the logical elements.
 The"physical"layer -
• The physical layer of cyberspace is the foundation of cyberspace—the
physical devices out of which it is built.
• Cyberspace is a space of interconnected computing devices, so its
foundations are PCs and servers, supercomputers and grids, sensors and
transducers, and the Internet and other sorts of networks and
communications channels.
• Communications may occur over wires or fibers, via radio transmission, or by
the physical transport of the computing and storage devices from place to
place.
• The physical layer is perhaps the easiest to grasp; since it is tangible, its
physicality gives it a grounded sense of location.
• Physical devices such as routers or data centers exist in a place and thus sit
within a jurisdiction.
 The"logical"layer -
• the nature of cyberspace—its strengths and its limitations, derive more from the
decisions made at the logical level than the physical level. The Internet, for
example, provides a set of capabilities that are intentionally divorced to a great
extent from the details of the technology that underpins it.
• The decisions that shape the Internet arise at the higher layer—the logical layer
where the platform nature of the Internet is defined and created. So that layer is
going to be central to many of the considerations that arise when we analyze
cyberspace, as will the layers that deal with information and with people.
• The design of the Internet leads to a cyberspace that is build out of components
that provide services, and these services are designed so that they can be
composed and combined to form more complex services. Low level services
include program execution environments, mechanisms for data transport, and
standards for data formats. Out of this are build applications, such as a word
processor, a database or the Web. By combining these, more complex services
emerge.
• Cyberspace, at the logical level, is thus a series of
platforms, on each of which new capabilities are
constructed, which in turn become a platform for the next
innovation.
• Cyberspace is very plastic, and it can be described as
recursive; platforms upon platforms upon platforms.
 The"information"layer
• As noted above, there are many aspects to cyberspace, including the technology-
mediated interconnection of people. But clearly the creation, capture, storage and
processing of information is central to the experience. Information in cyberspace
takes many forms—it is the music and videos we share, the stored records of
businesses, and all of the pages in the world wide web. It is online books and
photographs. It is information about information (meta-data). It is information
created and retrieved as we search for other information (as is returned by
Google).
• The character of information in cyberspace (or “on the net”) has changed greatly.
• Data lived in card decks, on tapes, and later on disks. Initially, data was normally
thought of as static, stored and retrieved as needed. Books are static products of
authors, images are static
 The"top"layer—people

• People are not just the passive users of cyberspace, they

define and shape its character by the ways they choose to
use it.
• The people and their character, which may vary from
region to region, is an important part of the character of
cyberspace.
• If people contribute to Wikipedia, then Wikipedia exists. If
people tweet, then Twitter exists.
• Cyberspace can be divided into a multi-layer model comprised of:
• 1. Physical foundations: such as land and submarine cables, and satellites that pro-vide
communication pathways, along with routers that direct information to its destination.
• 2. Logical building blocks: including software such as smartphone apps, operating
systems, or web browsers, which allow the physical foundations to function and
communicate.
• 3. Information: that transits cyberspace, such as social media posts, texts, financial
transfers or video downloads. Before and after transit, this information is often stored on
(and modified by) computers and mobile devices, or public or private cloud storage
services.
• 4. People: that manipulate information, communicate, and design the physical and logical
components of cyberspace.
• Collectively these tangible and intangible layers comprise cyberspace, which we are
increasingly dependent on for essential components of daily life.
 Cyber space and International Law
• Even though governments are increasingly taking control over
their national cyberspaces, and even though the principle of
territoriality provides that a state has jurisdiction over servers
and nodes within its recognized borders,5 communication
between servers and computers is routed in international webs
mostly operated by private networks, which are not controlled
by any one government, 6 and many virtual national assets are
stored in servers abroad.
• The territorial principle (also territoriality principle) is a principle of public
international law which enables a sovereign state to exercise exclusive
jurisdiction over individuals and other legal persons within its territory. It
includes both the right to prosecute individuals for criminal offences committed
within its borders, as well as the right to arrest and apprehend individuals
within its territory.[1]
• Its corollary bars states from exercising jurisdiction within the territory of other
states without their express consent, unless such an exercise can be based
on other principles of jurisdiction, such as the principle of nationality, the
passive personality principle, the protective principle, and possibly, the
principle of universal jurisdiction.
• Business offers, opinions and fraudulent messages sent from one country and
stored in a server in another country may effect events in a third country.
• Perhaps most importantly, national assets in cyberspace – public and private can
more or less easily be surveyed, affected or even controlled through cyber
operations from foreign states, and in particular from a few very technologically
advanced ones. This has led some observers to suggest that the Internet is beyond
the sovereignty of governments,7 or even a new dimension, not subject to the same
regulation as other spheres of human activities.8
• Nevertheless, the Internet and other computer networks have physical locations,
under the jurisdiction of one or more states, and the actors have nationality,
regardless of whether they are individuals or corporations.9
• In addition, cyberspace has been securitized, and states seek to protect their critical
cyber infrastructure from criminal actors and political enemies. It is therefore only
logical that states have asserted jurisdiction over computer networks, in an
increasingly assertive way.10
• international law as it currently exists, applies to computer networks.11 This, too, is a
position generally taken by states,12 as confirmed in a report from a broadly representative
group of governmental experts, which concluded i.a. the following in a UN report in June
2013:UN General Assembly, ‘Group of Governmental Experts on Developments in the Field
of Information and Telecommunications in the Context of International Security,’ A/68/98,
June 24, 2013.
• ‘19. International law, and in particular the Charter of the United Nations, is applicable …
• 20. State sovereignty and international norms and principles that flow from sovereignty apply
to State conduct of ICT-related activities, and to their jurisdiction over ICT infrastructure
within their territory.
• 21. State efforts to address the security of ICTs must go hand-in-hand with respect for
human rights and fundamental freedoms set forth in the Universal Declaration of Human
Rights and other international instruments.
• 23. States must meet their international obligations regarding internationally wrongful acts
attributable to them. States must not use proxies to commit internationally wrongful acts.
States should seek to ensure that their territories are not used by non-State actors for
unlawful use of ICTs.”
• With the exception of the Budapest Convention against
Cybercrime, and possibly some provisions in the ITU
Convention14 (drafted long before Internet), there is no
international convention on the topic.15
• The aforementioned UN report – written by a group of experts -- is
the closest thing we have to an authoritative intergovernmental
opinion.
• There are very few instances of opinio juris, very little, if any,
confirmed state practice, and no judgments or reports from
international adjudicative or monitoring bodies. As mentioned,
there is not even very much doctrine;
the starting point must be that states exercise sovereignty over their
respective cyberspaces, 17 mutatis mutandis. However, states may have
many reasons to take measures also in foreign cyberspace. Some of
these reasons are legitimate as such, 18 like investigations of and
responses to terrorism and other crimes. Others may be more dubious,
like intelligence or sabotage.
e Council of Europe’s Convention on Cybercrime.
M, Tallinn Manual on the International Law Applicable to Cyber Warfare
(OUP 2013).
• First of all, some acts in foreign cyberspace might amount to the use of
force under Article 2(4) of the UN Charter, as is now a growing
consensus among international lawyers.20 There have been no known,
clear examples of cyber intrusions that might amount to the use of
force.
• The Stuxnet virus, launched in 2010 against Iran -- allegedly by US
and/or Israel – is the most interesting example, so far. According to
reports, it caused malfunction in or destroyed around 1000 centrifuges
in the Iranian nuclear program.21
• If this could be attributed to a government, it would appear to constitute
an act of force.
• [i]nterference with a state’s economic sphere, air space,
maritime space, or territorial space, even if not prohibited
by Article 2(4) of the UN Charter is prohibited under the
general principle of nonintervention.25
 cyber espionage.
Espionage, or secret intelligence, is to obtain information ‘covertly—that is,
without the consent of the State that controls the information.’
• 53 To collect information is – in and of itself – not illegal under international
law. According to one dictionary, espionage ‘can involve the analysis of
diplomatic reports, publications, statistics, and broadcasts, as well as spying,
a clandestine activity carried out by an individual or individuals working under
secret identity to gather classified information on behalf of another entity or
nation.’
• 54 Many of these activities, which are now to a large extent carried out over
the Internet, are legal, and do not need the consent of the target government.
• , espionage may also involve unauthorized intrusion into servers that contain private
and secret data. In May in 2012, it was recorded that the spyware Flame had
infected 1000 computers, with the majority of targets in Iran. Flame can ‘record
audio, screenshots, keyboard activity and network traffic... This data, along with
locally stored documents, is sent on to one of several command and control servers
that are scattered around the world.’
• espionage is not regulated byinternational law and the view that it is illegal, the latter
view most forcefully argued by Quincy Wright.56 In particular lately, some writers –
notably quite a few American commentators – have argued that espionage is legal
under international law (in spite of being prohibited by domestic law),57
• 7 and that there is therefore no obstacle to committing espionage over the
Internet.58 Those who make that argument essentially say that espionage is not
prohibited and/or that there is a universal custom to engage in espionage.59
• In Cyber crimes, one should see what the state of mind of hacker
was and that the hacker knew that the access was unauthorised.
• Thus, a “Particular Computer” needs not to be intended by the
hacker, it is enough if the unauthorised access was to “any
computer”.
• Awareness on the part of the hacker becomes easier to prove
where he is an outsider and has no authority toaccess. But where
hacker is already has limited authority as ion the case of the
employee of a company, it becomes difficult establish that he
exceeded his limits and was even aware of the fact that he is
exceeding it.
• Actus Reus in cybercrimes has become a challenge as
the entire act is committed in intangible surroundings. The
perpetrator may leave some footmarks in the machine
itself though it becomes a herculean task for the law
enforcement machinery to prove it in the courts, as it is
required to be in physical form or atleast in such a form
where it becomes admissible in evidence.14
•
• CATEGORIES OF CYBER CRIMES
 Classification of Cybercrime

• Against Individuals: These include e-mail spoofing, spamming,

cyber defamation, cyber harassment, and cyberstalking
• Against Property: These include credit card frauds, internet time
theft, and intellectual property crimes.
• Against Organizations: Unauthorized access, denial Of service,
computer contamination or virus attack, e-mail
• bombing, salami attack, logic bomb, trojan horse, and data diddling.
• Against Society: These include Forgery, Cyber Terrorism, Web
Jacking.
 COMPUTER AS A TOOL

• Financial crimes
• • Sale of illegal articles
• • Pornography
• • Online gambling
• • Intellectual property crime
• • E-mail spoofing
• • Forgery
• • Cyber defamation
• • Cyber stalking
• • Counterfeiting
 COMPUTER AS A TARGET
• • Unauthorized access
• • Theft of information
• • E-mail bombing
• • Data diddling
• • Viruses, Logic bombs, Trojan attacks
• • Internet time thefts
• • Theft and physical damage of
• computer system
• • Denial of Service Attacks/
• DDoS
 TYPES OF CYBER CRIMES IN INDIA
• Hacking is basically gaining unauthorized access to your system profit,
protest, information gathering, or to evaluate system weaknesses. The
provisions for hacking are given in IT Act, 2000 under section 43-A and
66 and section 379 & 406 of Indian Penal Code. The punishment for
hacking is 3 years or shall be imposed with fine up to 5 lakhs.
• Denial of Service
• It brings down the server (any server). It is known as the flooding
machine with requests in an attempt to overload systems. It also uses
bots for tasks. The provisions are given under section 43(f) of IT Act with
imprisonment up to 3 years or with fine up to 5 lakh rupees.
• Virus Dissemination
• It involves direct or search unauthorized access to system by introducing malicious
programs known as viruses, worms etc. Virus needs host while worms are standalone.
• Provisions are provided under the IT Act, 2000 under sections 43-C, 66 and section 268 of
the Indian Penal Code.
• Credit Card Fraud
• Card fraud begins either with the theft of the physical card or with the comprise of data
associated with the account. Provisions of such fraud are given under Section 66 C and 66
D of IT ACT, 2000 and section 468 & 471 of Indian Penal Code, 1860.
• Phishing
• A malicious individual or group who scam users. They do so by sending e-mails or creating
web pages that are designed to collect an individual’s online bank credit card, or other login
information. The provisions to prosecute any person for phishing are given under section 66
C, 66 D and 74 of the IT Act with imprisonment up to 3 years or with fine up to 1 lakh
rupees.
• Cyber Stalking
• It can be defined as the use of electronic communications
to harass or frighten someone, for
• example by sending threatening emails. The provisions
are given under IT Act, 2008 under
• section 72 and section 354 C (voyeurism) of the Indian
Penal Code. Also, section 67 provides
• imprisonment up to 3 years with fine.
• Email spoofing: This technique is a forgery of an email header. This means
that the message appears to have received from someone or somewhere
other than the genuine or actual source. These tactics are usually usedin
spam campaigns or in phishing, because people are probably going to open
an electronic mail or an email when they think that the email has been sent by
a legitimate source [8].
• Spamming: Email spam which is otherwise called as junk email. It is
unsought mass message sent through email. The uses of spam have become
popular in the mid 1990s and it is a problem faced by most email users now a
days. Recipient’s email addresses are obtained by spam bots, which are
automated programs that crawls the internet in search of email addresses.
The spammers use spam bots to create email distribution lists. With the
expectation of receiving a few number of respond a spammer typically sends
an email to millions of email addresses.
• Cyber defamation: Cyber defamation means the harm that is brought on the reputation of
an individual in the eyes of other individual through the cyber space [9]. The purpose of
making defamatory statement is to bring down the reputation of the individual.
• IRC Crime (Internet Relay Chat): IRC servers allow the people around the world to come
together under a single platform which is sometime called as rooms and they chat to each
other.
• Cyber Criminals basically uses it for meeting. Hacker uses it for discussing their
techniques. Paedophiles use it to allure small children.
• A few reasons behind IRC Crime:
• Chat to win ones confidence and later starts to harass sexually, and then blackmail people
for ransom, and if the victim denied paying the amount, criminal starts threatening to upload
victim’s nude photographs or video on the internet.
• A few are paedophiles, they harass children for their own benefits.
• A few uses IRC by offering fake jobs and sometime fake lottery and earns money [10].
• Phishing: In this type of crimes or fraud the attackers tries to gain
information such as login information or account’s information by
masquerading as a reputable individual or entity in various
communication channels or in email.
• Some other cyber crimes against individuals includesNet extortion,
Hacking, Indecent exposure, Trafficking, Distribution, Posting, Credit
Card, Malicious code etc.
• The potential harm of such a malefaction to an individual person can
scarcely be bigger.
• b) Cyber Crime against property: These types of crimes includes
vandalism of computers, Intellectual (Copyright, patented,
trademark etc) Property Crimes,Online threatening etc.
Intellectual property crime includes:
• Software piracy: It can be describes as the copying of software
unauthorizedly.
• Copyright infringement: It can be described as the
infringements of an individual or organization's copyright. In
simple term it can also be describes as the using of copyright
materials unauthorizedly such as music, software, text etc.
• Trademark infringement: It can be described as the using of a
service mark or trademark unauthorizedly
• c) Cyber Crime against organization: Cyber Crimes against
organization are as follows:
• Unauthorized changing or deleting of data.
• Reading or copying of confidential information unauthorizedly, but
the data are neither being change nor deleted.
• DOS attack: In this attack, the attacker floods the servers, systems
or networks with traffic in order to overwhelm the victim resources and
make it infeasible or difficult for the users to use them [11].
• Email bombing: It is a type of Net Abuse, where huge numbers of
emails are sent to an email address in order to overflow or flood the
mailbox with mails or to flood the server where the email address is.
• Salami attack: The other name of Salami attack is Salami
slicing. In this attack, the attackers use an online
database in order to seize the customer’s information like
bank details, credit card details etc. Attacker deduces very
little amounts from every account over a period of time. In
this attack, no complaint is file and the hackers remain
free from detection as the clients remain unaware of the
slicing.
• Some other cyber crimes against organization
includesLogical bomb, Torjan horse, Data diddling etc.
• d) Cyber Crime against society: Cyber Crime against society includes:
• Forgery: Forgery means making of false document, signature,
currency, revenue stamp etc.
• Web jacking: The term Web jacking has been derived from hi
jacking. In this offence the attacker creates a fake website and when
the victim opens the link a new page appears with the message and
they need to click another link. If the victim clicks the link that looks
real he will redirected to a fake page. These types of attacks are done
to get entrance or to get access and controls the site of another. The
attacker may also change the information of the victim’s webpage.
•Meaning of Forensic Science
• The term 'forensic' is obtained from the Latin word
'Forensis' which means "court of justice".
• So we can say, forensic science is a branch of science
that deals with the , recognition, identification, and
evaluation of physical evidence by the use of natural
science for criminal justice.
• Forensic science, also known as criminalistics,[1] is the
application of science principles and methods to support legal
decision-making in matters of criminal and civil law.
• During criminal investigation in particular, it is governed by the
legal standards of admissible evidence and criminal
procedure.
• It is a broad field utilizing numerous practices such as the
analysis of DNA, fingerprints, bloodstain patterns, firearms,
ballistics, toxicology, and fire debris [collection of evidence
from fire scene] analysis.
 History
• The history of the term forensic originates from Roman times.
• In 44 BCE, Brutus and Cassius led a group of Roman senators [who works in govt.]; they
violently plunged their blades into Julius Caesar[ a Roman general and statesman.].
• Antistius, who was a Roman physician at that time performed an autopsy and found out
that there were 23 wounds that are stab wounds; out of the 23 wounds, none of them
caused death, except the second wound in the breast.
• This was the first record in history where a pathologist gives his opinion as an expert.
• This crime and the autopsy report that took place more than 2000 years ago is still
important and used by many historians, criminologist, and doctors to seek knowledge
about the evolution of forensic science and medical discovery;
• this was the first homicidal investigation that occurred.
• Antistius delivered his opinion in an open court before the forum, which gives rise to the
term “forensic” meaning “before the forum” in Latin .4
• Moreover, the religious rite of mummification marks the birth of
forensic science.
• Even as early as 3000 BC, ancient Egyptians removed,
analyzed, and preserved the internal organs of deceased
leaders for sacred ceremonies.
• This is the first autopsy, which is still an important part of
forensic research today.
• After death, the body reaches a stage called decomposition by a
process called autolysis;
• in this process, the organic substances are broken down into
simpler organic matter.
• In order to prevent a body from decomposing, it is necessary to
deprive the tissues of moisture and oxygen.
• This can be done by the procedures of mummification. This
particular practice had started in ancient Egypt 3500 BCE.
Mummification was a ritual practice done by the ancient Egyptians
believing that there is life after death, and the preserved body is
required to live in their next world. This preserved body is called
mummy
• Those civilizations provided a significant contribution to
the field of forensic under medicine. This can be
considered as an example of autopsy in history or the
procedure that led to the development of autopsy to
determine the cause of death.5
• Ancient Greece, the origin of modern logic, medicine, and pharmacology,
should come as no surprise as the first major actor in forensic science.
The Ancient Greeks were able to establish the cause of a murder in a
basic way by examining toxins and their effects on the body, maybe the
first instance of recognized forensic science.
• Notable Greek autopsists were Erasistratus and Herophilus of
Chalcedon, who lived in 3rd century BC Alexandria, but in general,
autopsies were rare in ancient Greece.6
• The basis of the present judicial system was developed by the Ancient
Romans, who contributed to forensic science.
• Quintilian, a Roman orator, used forensics in court as early as the first
century.
• In an instructional judicial case authored by the Roman jurist
Quintilian or one of his students in the early 2nd century AD,
"The Wall of Handprints," and it features a blind son who is
accused of killing his father in his sleep to obtain his
inheritance. The blind man allegedly grabbed his sword from
his chamber, strolled across the house in the dark of night, into
his father and stepmother's bedroom, and killed his father once,
instantly killing him and not waking up his stepmother, who
discovered her husband dead in bed when she awakened.
From the parents' room to the blind son's room, a trail of bloody
handprints led back.
• Quintilian's
• proposed defense is that the stepmother did it because she was furious
that she would lose out on the father's riches if his blind son got it, so
she framed the blind man with his own father's blood:
• “It was the stepmother, yes, the stepmother who set this up with her
sure sight; it was she, with her right hand, who brought that poor blood
there and made the imprint of [her] hand [on the wall] intermittently!
• The wall bears the imprints of one palm, has them at intervals, with a
certain empty space in the middle, and everywhere the palm-print is
intact; a blind man, on the other hand, would have dragged his hands
[along the wall].”7
• Quintilian goes on to describe how the stepmother's grip on the
sword's hilt prevented her palm from getting blood on it, and how
the handprints along the wall - with an empty space in the middle -
suggest the person who killed the father was also the one who
made the prints. This is an example of a bloodstain pattern
interpretation that could be presented in court today.
• In general, the Romans appear to have been reasonably good in
bloodstain pattern analysis and reconstruction, despite their lack
of modern understanding of the properties and classification of
blood
• For centuries after the fall of the Roman Empire, court
justice was dormant. Forensic science got increasingly
abstract as a result of it.
• Pathology, on the other hand, was employed by the
ancient Chinese to solve crimes, contributing to the
development of forensic science at the time.
• They cleansed and studied the bodies of the deceased,
and they were even able to distinguish between accidents
and murders.
• By the thirteenth century, the first literature to determine cause of death
was written by Song Ci in China, and the literature work was named as
Xi Yuan Li (Asen 2017). This book is widely known as Collected Cases
of Injustice Rectified or Washing Away of Wrongs (Asen 2017).
• This book was written based on the real incidents and experiences that
are linked to his scientific knowledge to avoid injustice in the future.
Most of the topics covered are based on scientific knowledge, and few
of them are post‐mortem examination, emergency treatment, causes of
death, different kinds of death, procedures of receiving the victims after
hanging, etc.
• This book is considered as the handbook of coroners. - [judicial
officers].
 Development of Forensic Science
• In general, we can take the 16th-19th centuries as the most developed
period of forensic science. But it is more understandable and
appropriate to touch on specific parts of forensic science to explore this
period.
• Firstly, medical practitioners were the first to collect information on the
cause and manner of death in 16th century Europe.
• Ambroise Paré, a French army surgeon, examined the effects of violent
death on internal organs in great detail.
• In addition, Fortunato Fidelis and Paolo Zacchia, two Italian surgeons,
created the groundwork for contemporary pathology. They were able to
do so by studying the changes in the body's structure as a result of
sickness.
• The relevance of forensic science increased with the advent of the 17th century, owing
to other scientific advancements.
• The achievements in the following specific areas are even more remarkable:
• A. Fingerprit Analysis
• Francis Galton and Edward Henry were the ones who put Herschel's fingerprinting
techniques into practice in criminal investigations.
• Sir Francis Galton pioneered the first fingerprint classification
method.[Fingerprints are classified into five categories: arch, tented arch, left loop, right
loop and whorl. The algorithm extracts singular points (cores and deltas) in a fingerprint
image and performs classification based on the number and locations of the detected
singular points.]
• After that, the direction, flow, pattern, and other characteristics in fingerprints were
employed by Sir Edward Henry, the commissioner of the Metropolitan Police of London,
to build a system.
 Herschel's fingerprinting techniques

• William James Herschel continued to experiment with

hand-prints, soon realising that only fingers needed to be
used. He collected prints from friends and family, and
came to the conclusion that a person's fingerprints do not
change over time.
• There is a notable example of forensic science in the
18th and 19th centuries.
• A person called John Toms was found guilty in Lancaster
of murdering Edward Culshaw with a handgun. The
precise matching of a handgun was a vital element that
turned the case around.
• This was discovered beside Culshaw's body, along with a
torn newspaper found in Toms' pocket.
• B. Forensic Ballistics
• ballistics refers to the science of the travel of a projectile in
flight.
• The flight path of a bullet includes:
• internal travel down the barrel,
• external path through the air, and
• terminal path through a target. The wounding potential of
projectiles is a complex matter.
• The analysis of evidence from firearms that may have
been used in a crime is known as forensic ballistics.
When a gun fires a bullet, microscopic markings are left
on the bullet and cartridge casing.
• These marks have the appearance of ballistic fingerprints.
If forensic examiners find bullets at a crime scene, they
can test-fire a suspect's gun and compare the marks on
the crime scene bullet to the marks on the test-fired bullet.
• Henry Goddard of Scotland Yard was the first to use
physical analysis to link a bullet to a murder weapon in
1835.
• C. Forensic Toxicology
• Toxicology; is the study of the toxic effect of chemicals or xenobiotic on living
organisms, particularly the humans, or animals. Toxicology involves studying
the symptoms, mechanisms, detection and treatments of poisoning of a
living body.9
• In clinical toxicology, the end user is a physician using the findings to treat
and care for an intoxicated or poisoned patient,
• while in forensic toxicology, the end user can be a physician, a non-medical
professional such as a lawyer, an employee, or police officer using the
results to interpret a cause of death, employment eligibility, or compliance
with workforce laws and terms.
• Hence, based on such situation the toxicologist may be a Physician,
pharmacist, scientist, laboratory specialist or technician.10
• Carl Wilhelm Scheele, a Swedish chemist, invented the
first chemical test for detecting arsenic in bodies in 1773.
• In 1806 a German chemist, Valentin Ross, expanded on
his findings in order to identify poison in stomach walls.
• stomach walls consist of a mucosa, submucosa,
muscularis externa, subserosa and serosa/adventitia.
• The first application of this forensic science technique was
by Scottish chemist James Marsh in 1836. At the time,
this test had been effectively employed in a murder case.
• The Modern History of Forensic Science
• The development of newer forensic procedures for evaluating evidence exploded in the
early twentieth century. As a result, law enforcement authorities realized the need for
specialized forensic investigator teams to gather and analyze evidence.
• Edmond Locard, popularly known as the "Sherlock Holmes of France," was a 19th-century
forensic scientist. He is considered as one of the three founders of forensic science and
had a pivotal influence in the global development of criminalistics (along with Joseph Bell
and Archibald Reiss).
• Locard's Exchange Theory, a basic principle he developed, is crucial for today's law
enforcement.
• The exchange principle was established by Dr. Edmond Locard, director of the world's first
forensic lab (1910, Lyon, France), who stated that, when a person comes into contact with
an object or another person, a cross-transfer of physical material can occur.
• EXAMPLE - saliva, sperm, sweat, and urine, hair, blood, etc.
• Sherlock Holmes is a fictional detective created by British author Arthur Conan Doyle
 Locard's Exchange Theory

• 'Locard's Exchange Principle' in forensic science holds

that the perpetrator of a crime will bring something to the
crime scene and will leave with something from it;
• Locard's Exchange Principle states that with contact
between two items, there will be an exchange of
microscopic material.
• Karl Landsteiner was awarded the Nobel Prize for his work on blood
groups over a century later, in 1930. He was the first to divide human
blood into different categories. The study of blood later provided
important leads during criminal investigations.
• At the same time, when American physician Calvin Goddard invented
the comparative microscope in the 1920s, bullet examination became
more exact. This aided in the identification of a critical link between
bullets and the shell casings [Shell casing means the part of handgun
ammunition that contains the primer and propel- lent powder to
discharge the projectile]from which they were discharged.
• Later, in the 1970s, scientists at the Aerospace Corporation in
California devised a scanning electron microscope method for
detecting gunshot residue.
 EVOLUTION
• scientific methods in one way or the other seem to have been followed in the
investigation of crime. Its detailed reference is found in Kautilya's
Arthashastra, which was written about 2300 years ago.
• Mr. KM Kata, a frequent contributor to Nature, stated that the Chinese
records proved the use of fingerprints in an ancient kingdom of southern
India.

• The Indians knew for long that the handprints, known as the Tarija, were
inimitable (unique). The use of fingerprints as signatures by illiterate people
in India, introduced centuries ago, was considered by some people as
ceremonial only, till it was scientifically proved that identification from
fingerprints was infallible (Flawless, Perfect).
• Mathieu Orfila (1787 – 1853) considered to be the father of forensic
toxicology
• • Alphonse Bertillion (18953 – 1914) devised first system of personal
identification
• • Francis Galton (1822 – 1911) development of fingerprinting and
classification
• • Leone Lattes (1887 – 1954) discovered blood grouping
• • Calvin Goddard ( 1891 – 1955) ballistics comparisons
• • Albert O. Osborn (1858 – 1946) document examination
• • Walter C. McCrone (1916 – 2002) analytical technology
• • Hans Gross (1847 – 1915) application of scientific disciplines
• • Edmond Locard (1877 - 1966) Locard’s Exchange Principle
 Relevance of Forensic Science in Indian Legal System

• Forensic science is where science meets the law.

• It has a great significance in the criminal as well as civil matters.
• Forensic evidence is the physical evidence found at the crime
scene.
• For the impetus of fair judgment, the shreds of evidence found on
the place of crime play a paramount role.
• They are considered as the secondary evidence, the documents
being the primary evidence.
• The primary evidence amalgamated with secondary evidence are
presented in the court of law, which helps the court to understand
the facts and deliver the judgment.
• Forensic science includes the use of physical and natural
sciences for the investigation of civil or criminal cases. It is used
for multivariate purposes such as inspecting criminal cases(rape,
murder, and drug tracking) and civil cases (wilfully destructing the
natural environment).
• The forensic investigation methods and evidence are approved
by the governing bodies of different countries such as Colorado,
the United States of America, Canada, and Australia. For
example, the Automated Fingerprint Identification System (AFIS)
is used by the Federal Bureau of Investigation (FBI), the US to
investigate criminal cases by using advanced technologies.
• The evidence and proofs that are gathered, examined, and produced by
using Forensic techniques are more readily acceptable by the Courts of Law.
Forensic evidence is gained from the experts and holds more authenticity
and credibility to be used as evidence in criminal cases.
• While considering the role of forensic evidence in the criminal justice
delivery system in India, it is governed by Indian Forensic Organization
(IFO) which carries out criminal forensic investigations in the country.
However, the investigations that are performed by the forensic science
methods are condemned by the Supreme Court as under Articles 20(3) of
the Indian Constitution
• the use of forensic investigations gets restricted in India as many
complications are associated with the acceptance of forensic evidence.
The current provides relevant information related to the criminal justice
system and the concept of criminalistics/forensic science.
• The study also provides relevant information related to the role and
impact of forensic evidence and legal provisions supporting the criminal
investigation.
 Criminal Justice System
• the criminal justice system is defined as a set of processes or
regulations that safeguard the interests of the social communities
and individuals. It is framed by the governing body of India and
authorized institutions to organize the legal structure.
• The administrative part of the criminal justice system in India is
handled by the police, court, prosecution, and prisons. They form
the pillars of the criminal justice system and perform different
activities such as prevention, detection, trial, adjudication, and
punishment of lawbreakers in society.The Courts form an integral
part of the criminal justice system that decides the culpability of
the offender.
 Conceptual quality required
police play an eminent role in investigating the crime and procuring evidence
against the offender. Thus, due to the effective investigation and maintenance
of law and order by the criminal justice system, there is the provision of a
secure and peaceful society.
Under the Indian Evidence Act (IEA) 1872, evidence has been classified into
different parts such as Oral Evidence in which the oral statements of the
individuals who have witnessed the crime either by seeing or hearing is
accepted under Section 60 of IEA 1872.
Documentary Evidence is another proof that is provided to the Court for
investigation purposes under Section 3 of IEA 1872.
Primary evidence is the highest graded evidence under Section 62 of IEA in
which the evidence provides vital facts about the incident/event through
documented proofs.
• Secondary Evidence is considered to be inferior evidence under Section 63 of IEA.
• It is produced in the Court when there is no primary evidence.
• Real Evidence is the physical (object or material) evidence that is produced in the
Court by inspecting the physical object at the crime scene.
• Hearsay evidence is the weakest evidence in which the witness has not personally
seen or heard the crime and came to know about it from a third party.
• Judicial Evidence is the evidence that is received by the Court in the form of
confession made by the offender. Non Judicial Evidence is the evidence in which the
confession is made by the offender outside the court in front of any person. Direct
evidence is the evidence directly provided by the witness who has seen the course
of crime in the form of documents or illustrations about the incident. Circumstantial
Evidence or Indirect evidence provides evidence to the current case through
relational facts. Thus, with the help of different evidence, the Court decides the
culpability of the offender and summons punishments as per the severity of the
offense.
 Concept of Criminalistics/Forensic Science

• application of scientific methods in criminal laws. It

includes applying knowledge and technology in legal
matters.
• Forensic Science includes using advanced technology
such as DNA profiling, computer science, and engineering
for the criminal investigation process by the police.
• the application of forensic science in a criminal
investigation in the Indian criminal justice system is limited
and underestimated.
• Forensic science was primarily used by Sir William
Herschel in the form of fingerprinting to identify the
suspects of the crime.
• The fingerprint evidence was firstly accepted by the
Court ofArgentina in the 1890 era and then by English
Court in the year 1902
• Forensic science and criminalistics laboratories generally provide the
scientific examination of physical evidence collected from scenes of
crimes, victims, and suspects.
• With the advancement of new technologies, the concept of forensic
science is also changing. It includes modern techniques of
investigations such as liquid chromatography, 3D printing, DNA
evaluations, and mass spectrometry for the précised inspection of the
facts from the crime spot police acquired physical evidence.
• There are different branches of forensic science such as Odontology,
Biology, Anthropology, Toxicology, and Pathology.
• mass spectrometry - analytical tool useful for measuring the
mass-to-charge ratio (m/z) of one or more molecules present in a
sample. These measurements can often be used to calculate the
exact molecular weight of the sample components as well.
• liquid chromatography - Chromatography is used to separate
proteins, nucleic acids, or small molecules in complex mixtures.
Liquid chromatography (LC) separates molecules in a liquid
mobile phase using a solid stationary phase. Liquid
chromatography can be used for analytical or preparative
applications.
• Odontology, it includes using scientific methods to identify the body of
the victim when it is left in an unrecognizable position. The
identification of the victim is executed by examining the teeth,
mouth, or body alignment.

• Forensic Biology includes DNA profiling in which the identification of the

suspect is done through hair, blood, semen, or any other body part.
Fingerprint analysis is also used to identify the suspect.
• Anthropology includes inspecting the cause, and time of death
of the victim. It also helps in identifying victims when left in an
unrecognizable position and determines the age, gender, and
ancestry of the skeleton.

• Toxicology includes inspecting the victim and majorly used for

investigating accidents, sexual violence, and poisoning cases.
• Pathology includes examining the body of the victim after
death to know the exact reason of death. Thus, it can be
said that forensic science is an extremely useful
investigational disciple that helps in inspecting the cases
by identifying the offenders/victims, and techniques used
for doing crime.
• forensic science is included in the Indian Evidence Act, 1872, and regarded as
expert evidence. An expert is an individual who has extensive learning about a
subject and the learning can be used to give expert judgment concerning the
criminal case.
• in the case of Pantangi Balaram Venkata Ganesh v. State of Andhra Pradesh,
thedeceased was fired and killed at gunshot by accused and the co-accused. The
witness recognized that the accused was wearing a pink shirt at the time of the
attack and confirmed that the attacker was injured when the firing took place. Upon
investigation, the police had recovered the pink shirt which was completely stained
with blood patches. The police took it as a piece of evidence and sent it to the
forensic lab for DNA testing to identify the culprit. The DNA test results that were
acquired by the police along with the other evidence concluded the accused to
be guilty.Thus, it can be said that forensic investigations play a major role in
supporting investigative activities by identifying the suspect and providing
evidence for a crime.
• the use of forensic science has increased in the Indian
criminal justice system as an increasing number of judges
are considering them as authentic evidence.
• forensic evidence was accredited and accepted in the
case of Ramchandra Reddy and Ors. v.The state of
Maharashtra when evidence was produced in the form of
Brain, fingerprinting, lie detector test,and narco analysis.
• the Court held a special hearing in which SIT was allowed
to perform scientific tests upon the main accused Abdul
Karim Telgi on the charges of fake stamp paper scam.
However, the authenticity of the forensic evidence was
questioned on account of violation of Article 20(3) of the
Indian Constitution which protects the offender against
forcible testimony.
• State of Bombay v. KathiKaluOghad&
• Others increased the acceptance of forensic evidence in the Indian criminal
justice system. in the case of The State of Bombay v. KathiKaluOghad&
Others, the forensic evidence was collected by examining the thumb
impression, specimen signature, blood, hair, semen of the suspect. The
suspect objected on account of violation of Article 20(3) of the Indian
Constitution which protects the offender against forcible testimony.
• But the court provided that the suspect has no legal rights to object DNA
investigations and must cooperate with the investigative process. Thus, it
can be said that forensic investigation and evidence play a major role in
inspecting cases and resolving them with high accuracy.
• in the case of Dinesh Dalmia v State, the judgment provided by Madras
High Court included that the forensic evidence that has been produced
in the form of nacro analysis could not be testified. On the other hand,
in the case of Selvi &Ors v. State of Karnataka & Anr, the judgment
provided by the Supreme Court questioned the authenticity of the
scientific evidence that was used for the investigation of the case. The
Supreme Court provided that the scientific evidence that is provided in
the form of the test and polygraph evaluation was indecisive and
unconvincing.
• The different forensic investigative methods such as the
narco test, P-300 test, and polygraph evaluation provide
evidence for crime and suspect.