At the cutting edge of cyber forensics

A far cry from the ‘dark ages’ of cyber investigation when the most that could be done was trace email IDs, Delhi Police now has the ability to enhance video quality, retrieve data from damaged phones and more

Updated - March 14, 2021 04:30 am IST

Published - March 14, 2021 12:39 am IST - NEW DELHI

At India's first hi-tech forensic lab, Cyber Protection Awareness and Detection Centre (CyPAD), National Cyber Forensic Lab at Dwarka, in New Delhi.

At India's first hi-tech forensic lab, Cyber Protection Awareness and Detection Centre (CyPAD), National Cyber Forensic Lab at Dwarka, in New Delhi.

When Inspector Vijay Gahlawat joined the Delhi Police cyber cell in 2008, it comprised a small office in Malviya Nagar with two workstations and a team of around eight officers.

Thirteen years later, the force’s cyber unit is running full throttle from its very own National Cyber Forensic Laboratory (NCFL) and catering to technical investigation requirements of cases from across the country.

Mr. Gahlawat, now sitting in his swanky office at the Cyber Prevention Awareness Detection (CyPAD) Centre at the NCFL office in Dwarka, recalled how he was once the only officer available to do all the analysis.

“At that time, there was less capability and little requirement. The only things needed were tracing email IDs, IP addresses and analysing call detail records. The CDR analysis meant asking service providers for details and then analysing it manually,” he recalled.

Increase in workstations

A major change came in 2011-12, when the number of workstations increased to around seven, and the office shifted to Mandir Marg, said Mr. Gahlawat.

In 2015, Deputy Commissioner of Police (Cyber Cell) Anyesh Roy joined the unit. Six years ago, there was no dedicated institutional mechanism to attend to cybercrimes or even a dedicated platform to report them. It was still under the Economic Offences Wing of the Delhi police, Mr. Roy said, adding: “Special units like Crime Branch and Special Cell had their own cyber cells but they only concentrated on their own needs. This cyber cell was taking care of headquarter-level requirements.”

In 2019, CyPAD was inaugurated and was brought directly under the Special Cell while the Economic Offences Wing remained a separate unit.

Change in platforms

Mr. Roy, however, said the nature of complaints has mostly remained the same and only the platforms have changed. The two broad categories include: online harassment and online fraud. “In the last couple of years, the numbers of cases have increased under both heads, proportionally,” he said.

Talking to The Hindu about how technology has grown over the years and is used in investigation, Mr. Roy explained that there are two aspects in a cybercrime investigation: digital footprint and money trail.

The digital footprint, essentially involves investigating the platform used: the victim’s device and the suspect’s device.

“When it comes to platforms like Facebook, Google, Twitter, Instagram, we have to ask them for information. The difficulty for any law enforcement agency is that most of these platforms are foreign-based private entities and it’s a challenge to get information, but since 2018, the government at the highest level is following up with these platforms to ensure that they respond to these agencies,” he said.

Talking about major changes, Mr. Roy said the institutional mechanism to investigate and report cybercrime has now been firmly established. Over the years, every district of the Capital has set up a separate cyber cell, apart from the CyPAD unit which constantly interacts with the district cyber cells. “There’s structure and manpower now. In 2015, we were only 53 officers and now we are over 450 officials, including CyPAD and district cyber cells,” he said.

Mr. Roy said the online portal where complaints are lodged is tracked on an hourly basis and there is a dedicated team for it.

It was only from 2018 that newest technologies have been actively acquired for the purpose of investigation. Listing a few, Mr. Roy said that memory forensics has advanced multifold in the last three years as Delhi Police can now extract deleted information from a device by using advanced version of tools.

The police are currently using Encase, Forensic Tool Kit (FTK), Universal Forensic Extraction Device (UFED) among other tools that are able to copy, analyse, and extract deleted information from most devices.

Citing an example, Mr. Gahlawat shared how the unit had been given a burnt and a damaged phone from a spot where a man was found murdered.

“After deleted data from those phones were extracted, it turned out that the wife had killed the man,” he said.

Phone data extraction

With the current technology available with the police, data from over 40,000 types pf phone can be extracted, he said.

Earlier, there was no way to extract deleted information, Mr. Roy said. “The FTK existed in 2008 as well but in a very primitive form,” Mr. Gahlawat said.

Another technology the department is proud of is malware and spyware-detection tools such as FireEye, which enables them to detect if a system is being attacked for spying.

“Previously, we did not have any technology to detect an infected or hacked system. This particular technology enables us to analyse the type of attack and where the information is being sent,” Mr. Roy said.

Since 2020, a technology that is widely being used during investigations is video and photograph enhancement.

It has proved to be a boon in probes related to last year’s communal riots. Currently, the force is using programmes called Amped Five and Kanescence for the purpose.

Solving cases

Giving an example, Mr. Gahlawat said that while investigating a kidnapping case, they managed to enhance a video grab from grainy CCTV footage to ascertain the number plate of a motorbike. “This helped the police trace the accused and rescue the child,” he said.

At present, the Delhi police have 10 dedicated labs, including memory forensics, mobile forensics, cloud forensics, network forensics, crypto forensics, malware forensics, image and video enhancement, damaged device labs for mobile and laptops, and audio forensics where not only officials from the Information Technology cadre are working but also domain experts have been hired from outside the force.

While the city police have come a long way from the “dark ages”, they still face some challenges, including retrieving encrypted data from locked devices and issue of privacy, which “enables service providers to wash their hands off when information is asked for”.

Another major challenge is the increased use of Virtual Private Network, which makes it tough to track online activities.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.