It should be commenced by eliciting all the right and relevant information which will give the investigation officer (IO) an idea about the full scope of the incident / crime. With a view to guide the investigation officers, a set of questions have been compiled which potentially can lead to holistic understanding of the large networks. While the pre-investigation assessment questionnaire gives the investigation officer a set of questions, each investigation officer needs to keep in mind that this list can further be expanded depending on the crime / crime scene situation.
Scene of Offence: Cyber Cafe
- Identify number of computer systems present in the cyber café.
- Identify number of computer systems connected to Internet.
- Obtain details about the network topology and architecture (client — Server).
- Obtain the CCTV/Web camera clippings, if any.
- Whether any user management software is used by the cyber café owner?
- Obtain the log register of Internet users for the relevant period.
- Check the formatting of storage devices policy adopted by the cyber café owner.
- Check the hardware replacements done by the cyber café owner.
- Check the policy regarding removal media usage on the cyber café systems.
Scene of Offence: Home
- Identify the type of connection (Wi-Fi/Ethernet).
- How many computer systems are used for Internet connection?
- Location of the system and details of persons with access to system(s).
- Obtain the details about the removable storage media (including external hard disk) used/owned by the user.
- Obtain details about the network topology and architecture (client — Server), if any.
- Obtain the details about other computer peripherals (printer/scanner/modem, etc.).
Scene of Offence: Corporate Environment
- Questionnaire for crime in which computers are used as instrument/means OR repository: This questionnaire helps the investigating officer to gather the basic information where crime is committed using the computer systems.
- Questionnaire for crime targeting computer systems: This questionnaire helps the investigation office to gather the relevant information where crime committed is targeted to destroy or affect the services, etc., of a computer system/server using the Internet or any other network.
Preservation Notice
A preservation notice needs to be sent to all affected parties to make sure that they do not delete any data that could be relevant to the case. It is ideal to issue this notice, which is necessary for preserving evidence. For model instructions to complainant and other parties.
The model preservation notice has been accomplished through a stipulation setting forth a similar procedural framework outlined by the Court in Simon Property Group vs. mySimon, Inc. 94 F.R.D. 639 (SD Ind. 2000) in USA, to ensure retention of all privileges while properly preserving and processing computer evidence as mandated by the court in Gates Rubber Co. vs. Bando Chemical Indus., Ltd. 167 F.R.D. 90, 112 (D.Col., 1996). The preservation instructions have been adapted from the above stipulation and, have been suitably amended and Section 91 CrPC can be invoked to issue such instructions. IOs are free to amend the notice to suit the local requirements and use the format.
