FORENSIC YARDFORENSIC YARDFORENSIC YARDCyber & Forensic Updates

India's  Forensic MagazineA one stop Marketplace for

Forensic and Cyber Security

Jobs and Research

UNIVERSITY BILL2020 W W W . F O R E N S I C Y A R D . C O M

EDITORIALHello & Welcome!!

It is with great honour that we present to you the First E-magazine of FORENSIC YARD.

The purpose this magazine serves is to provide relevant research information in the

field of Forensic Science and Cyber Security. This magazine includes topics of

recent advancements in the industry.

Forensic Yard Digital Magazine have also initiated a research article gig for our

students and working professionals. Students are requested to apply for the

programme through our website form and submit their articles to our Hr Manager.

Selection will be based on pure merit and the authenticity of the work.

Apart from this, information on vacancies and jobs will be provided in the Career

section of the Magazine.

In the coming time, we promise to work much harder and to make it even more useful

for the students of Forensic Science & Cyber Security.

We promise to understand the requirements and demands of our readers and look

forward to their suggestions and changes in our magazine.

In the Magazine, you’ll find the news of some trending topics and a few research work.

We would also like to congratulate and thank to contributors who helped and worked

hard with us creating this E-magazine to make it successful.

Forensic Yard is working on giving best knowledge and guidance to our readers.

With best wishes and regards.Yours sincerely

Dear Readers,

FORENSIC YARD

W W W . F O R E N S I C Y A R D . C O M

CONTRIBUTORS

Shijin is Pursuing M.Sc. Forensic Science from Delhi

University. Ambitious, Data driven individual with excellent

grasp of python and search engine optimization.

Enthusiastic about applying the knowledge of various

programming languages to the field of forensic science.

Experienced in designing and developing sites from

concept to roll out, worked with Ecloto Designs as an

Intern and Assistant Web Developer.

Damini is a final year student and is currently pursuing

B.Sc (H) Forensic Science from Sgt University, Gurugram-

Haryana and is an aspiring writer who believes to twist the

aspects of content writing with the use of creativity and

imagination.She has also worked as 'Trainee Intern' in

CFSL , ( Junga ) which is located in Himachal Pradesh.

MR. SHIJIN S. MATHEW

MS. DAMINI SHAW

W W W . F O R E N S I C Y A R D . C O M

CONTRIBUTORS

Experienced Ethical Hacker with a demonstrated history of

working in the security and investigations industry. Skilled in

Anti-phishing, python, Java, Ethical Hacking, and Malware

Analysis. Strong forensics professional with a Bachelor's

degree focused in Cyber/Computer Forensics from

Galgotias University.

MR. MUKUL SHARMA

W W W . F O R E N S I C Y A R D . C O M

Vimal K B is Currently pursuing M.Sc. Forensic Science from

CTM-IRTE Faridabad. He has Completed B.Sc.(H) - Forensic

Science from Galgotias University, Greater Noida.

Worked as an Intern in Kerala Police Academy, Thrissur

under Forensic Science Department.

MR. VIMAL K. B.

The apex vigilance body said a major shareof complaints against public servants arevague, unverifiable and made to harass.

It was found that about 25 corruptioninvestigations in CBI are pending beyondfive years. Overall, total 1,239 investigationsand enquiries were pending in CBI tillDecember last year.

The Central Vigilance Commission (CVC) hasclaimed that the Central Bureau ofInvestigation (CBI) has been slow ininvestigating certain cases due to severalreasons including work overload, delay inobtaining reply to the Letter Rogatories(LRs) sent to various countries seekinginformation, government departments notsupplying relevant records & sanction to theagency, delay in obtaining forensic reportsfrom laboratories, among other reasons.

Other reasons cited by the apex vigilancebody for CBI investigations getting stuck foryears are shortage of manpower, time takenin scrutiny of voluminous records ineconomic offences, bank fraud cases andsignificant time spent by officers in locatingand examining witnesses living in distantplaces. According to CVC’s annual report,which was released on Sunday, investigationwas pending in 744 CBI cases for more thana year at the end of December 2019 out ofwhich 678 were related to Prevention ofCorruption (PC) Act.It was found that about 25 corruptioninvestigations in CBI are pending beyondfive years. Overall, total 1,239 investigationsand enquiries were pending in CBI tillDecember last year. The data reveals thatthe CBI registered total 608 FIRs and 102preliminary enquiries (PEs) in 2019.

‘OVER 700 CBI INVESTIGATIONSPENDING FOR MORE THAN A YEAR’

CENTRAL VIGILANCE COMMISSION

SOURCE: HINDUSTANTIMES

I S R A E L T O H E L P U . P . S E T - U PF O R E N S I C S C I E N C E V A R S I T Y

“An MoU will be signed for technical assistance with Israel & GujaratForensic University,”

In order to check the rise in cyber crime,

Uttar Pradesh will establish a world-class

forensic science university in Lucknow.

With a campus spread over 35 acres, the

Forensic Science University will come up

at Piparsand village in Sarojini Nagar area

of the state capital. “An MoU will be

signed for technical assistance with

Israel and Gujarat Forensic University,”

Additional CS (home) Awanish Awasthi

said, adding a provision of Rs 20 crore

has already been made for setting it up.

It will also have agreements done with

other countries while students from the

sub -continent will also be allowed to

study at the university. Additional

Director General of police, technical

services, will be be the nodal head for the

establishment of the university.

The university will help prepare a pool

of forensic experts who will be used by

the police department as well as other

public sector organisations. The posts of

vice-chancellor, registrar and finance

officer have been created. There will be

10 departments in the university, the

additional chief secretary added. In all,

496 posts, including 14 professors, 12

associate professors and 42 assistant

professors, are proposed, he said.

Source : times of India

identified and legal action will be taken,"said Prashant Kumar, a senior UP policeofficer. Experts point out that samples werecollected days after the incident & spermswould not be present. The woman died of"injury to the cervical spine by indirect blunttrauma," according to the autopsy reportaccessed from the Delhi hospital where the20-year-old died on Tuesday. It mentionsthat there was an attempt to strangle herwith her dupatta but clarifies that was notwhat caused her death. The woman hadbeen assaulted by four upper caste menfrom her village on September 14. She wasfound by her family in the fields, naked,bleeding, with multiple fractures and a gashin her tongue. The police claimed her tonguewas cut because she bit it while herattackers were trying to strangle her.

She gave a formal statement onSeptember 22. The autopsy reportdated September 29 refers to "rape andstrangulation" in her medical historyand says she had suffered from cervicalspinal injury. The report's "finaldiagnosis" lists "alleged post-strangulation with cervical spine injurywith sepsis with cardiopulmonaryarrest". She was given CPR, the reportsaid, & "despite all resuscitative efforts",declared dead at 8.55 am on Tuesday.

No Rape In Hathras Case,Senior UP Cop Claims,Citing Forensic Report

Source: ndtv

Hathras case: The autopsy reportreferred to "rape and strangulation" in

her medical history and said she hadsuffered from cervical spinal injury.

Hathras: The young woman from UttarPradesh's Hathras, who died days afterbeing gang raped and tortured, wasstrangled, brutalised and suffered cervicalspine injury, her autopsy report has said.The "final diagnosis" does not mention rapebut the report refers to tears in her privateparts.

The Uttar Pradesh police, however, claimedon Thursday that a forensic report of herviscera had proved that she was not rapedor gang raped. "The post-mortem reportsays the victim died due to her neck injury.FSL (Forensic Science Laboratory) reporthasn't found sperm in samples, making itclear that some people twisted the matter tostir caste-based tension. Such people will be

"A UK man who threatened topublicly release stolen confidentialinformation unless the victimsagreed to fulfill his digital extortiondemands has finally pleaded guiltyon Monday at U.S. federal districtcourt in St. Louis, Missouri. NathanFrancis Wyatt , 39, who is a keymember of the infamousinternational hacking group 'TheDark Overlord,' has beensentenced to five years in prisonand ordered to pay $1,467,048 inrestitution to his victims. Wyatt,who was extradited to the UnitedStates late last year after beingheld for over two years in theUnited Kingdom, has pleadedguilty to conspiring to commitaggravated identity theft andcomputer fraud. U.K. police firstarrested Wyatt in September 2016during an investigation into thehacking of an iCloud accountbelonging to Pippa Middleton, theyounger sister of the British royal

family member Duchess ofCambridge, and stealing 3,000images of her. Though he wasreleased in that case withoutcharge due to lack of evidence,Wyatt was again arrested inSeptember 2017 over hackingcompanies, credit card frauds, andblackmailing schemes to extortmoney from the victims. Accordingto court documents, Wyatt hasattacked multiple healthcareproviders and accounting firms inMissouri, Illinois, and Georgiastates as a member of The DarkOverlord since February 2016, butthe court documents do not namethe companies. The Dark Overlord(TDO) is infamous for remotelyaccessing the computer networksof victim companies in the UnitedStates and then stealing sensitivedata, like patient medical recordsand personal identifyinginformation. "The Dark Overlordhas victimized innumerable

employers in the United States,many of them repeatedly," said U.SAttorney Jeff Jensen. "I amgrateful to the victims who cameforward despite ransom threatsand to the prosecutors and agentswho were the first to catch andpunish a member of The DarkOverlord in the United States."The Dark Overload has previouslybeen attributed to several hackingevents, including leaking tenunreleased episodes of the 5thseason of ' Orange Is The NewBlack' series from Netflix andhacking Gorilla Glue , Little RedDoor cancer service agency,among others.

BRITISH HACKERSENTENCED TO

5 YEARS FORBLACKMAILINGU.S. COMPANIES

With no private biddersinterested in setting up acyber forensic lab-cum-training centre, the stategovernment has invitedbidders again — for the thirdtime in two years. With apoor track record of solvingcybercrimes, Goa police ismaking yet another attemptto get the proposed projectoff the ground. Last year, twotenders were floated by thestate government, but theydidn’t receive any bids.Later, the state governmentdecided to set up the labthrough a public sectorundertaking (PSU). A seniorofficer said that since thepolice were not getting whatthey wanted from the PSU,

they decided to float a freshtender to set up the lab. Thelast date for submission ofthe tender document isSeptember 29, and they willbe open the next day. Theofficer said that if they fail toattract bidders, thesubmission date would beextended. Currently, thecrime branch has a small labset up under corporate socialresponsibility (CSR). Analarming 80% of all cybercrimes reported in the statehave remained unsolved dueto lack of infrastructure andcyber experts. The lab isexpected to be set up underthe cybercrime preventionagainst women and children(CCPWC) scheme, and may

go a long way in helping Goapolice solve the many pendingcases by identifying or locating theaccused. The Centre hasapproved Rs 1.4 crore for Goapolice to set up the cyber lab.Investigations into cybercrimes,including financial crimes, requirecomputer skills, mainly for on-siteimaging and on-site analysis andtracking of leads. However, thelack of skilled manpower is a majorproblem. In December 2013, thestate government had grantedpermission to set up a cybercrimecell in the state, and to recruittechnical persons for the same. Ayear later, the same wasoperational.

Source : times of India

No takers:Governmentinvitesbidders to setup cyberForensic Labfor Third Time

A hacking group known for its attacks in the Middle East,at least since 2017, has recently been foundimpersonating legitimate messaging apps such asTelegram and Threema to infect Android devices with anew, previously undocumented malware. "Compared tothe versions documented in 2017, Android/SpyC23.Ahas extended spying functionality, including readingnotifications from messaging apps, call recording andscreen recording, and new stealth features, such asdismissing notifications from built-in Android securityapps," cybersecurity firm ESET said in a Wednesdayanalysis. First detailed by Qihoo 360 in 2017 under themoniker Two-tailed Scorpion (aka APT-C-23 or DesertScorpion), the mobile malware has been deemed"surveillance ware" for its abilities to spy on the devicesof targeted individuals, exfiltrating call logs, contacts,location, messages, photos, and other sensitivedocuments in the process. In 2018, Symantecdiscovered a newer variant of the campaign thatemployed a malicious media player as a lure to grab

information from the device and trick victims intoinstalling additional malware. Then earlier thisyear, Check Point Research detailed fresh signsof APT-C-23 activity when Hamas operatorsposed as young teenage girls on Facebook,Instagram, and Telegram to lure Israeli soldiersinto installing malware-infected apps on theirphones. The latest version of the spywaredetailed by ESET expands on these features,including the ability to collect information fromsocial media and messaging apps via screenrecording and screenshots, and even captureincoming and outgoing calls in WhatsApp andread the text of notifications from social media

apps, including WhatsApp, Viber, Facebook,Skype, and Messenger. The infection beginswhen a victim visits a fake Android app storecalled "DigitalApps," and downloads apps such asTelegram, Threema, and weMessage, suggestingthat the group's motivation behind impersonatingmessaging apps is to "justify the variouspermissions requested by the malware."Apps downloaded from fraudulent third-party appstores has been a conduit for Android malware inrecent years. It's always essential to stick toofficial sources to limit risk, and scrutinizepermissions requested by apps before installingthem on the device.

Beware: New AndroidSpyware Found Posingas Telegram andThreema Apps

source : thehackernews

Filters in Wireshark -

It can isolate and show all the different

components that are present in a packet and

filter out , just the keywords that we want to

analyze or something that we are sure is a

threat to the network. As I said, filters can be

applied in every part of the packets including

“strings” or even the network protocols like –

FTP,TCP etc. This accomplishes : to capture

packets selected from the network and also

to find interested packets.

state of the network whether it is built in such a

way that an attack is possible or not . The second

aspect is to diagnose a network in case of attack.

This data analysis could be easily done if there

was any tool for capturing both the incoming and

outgoing data and Wireshark is such a tool which

helps to capture and observe the incoming and

outgoing data. Another such tool is tcpdump but

it runs on command line interface hence

Wireshark is preferred more which is based on

graphical interface and is open source i.e. – free

of cost.

But even if the incoming data

and outgoing data is recorded and observed it is

very difficult to identify and pin point each and

every communications between servers and then

in turn identifying the threats and malicious

attacks becomes a tedious job like finding a

needle in haystack .Therefore Wireshark comes

with certain features which would help to further

narrow down the process and make it easier to

protect the network from attacks.

WIRESHARK FEATURES-

Introduction

Everything nowadays is connected to many things

through different modes and the internet remains

the primary mode of connection, and when

something is connected to the internet or any

network for that matter there is always a mutual

exchange of data. You can send anything to anyone

over the internet for example – email, picture, text,

etc. Even though these data is accessed as a whole

at both the source and the destination but this

data is not sent across the internet as a whole ,

these are sent separately as different characters

or as small packages known as packets , these

packets when received at the destination is

reassembled in the form of your originally intended

message and because there would an exchange of

large number of packets via the network there

would a resulting traffic and this is known as

network traffic. This network traffic analysis would

give us a number of information like - the

destination and source of communication, amount

of data transferred , location of the destination

server, any ongoing attacks on the server, and

much more that is why a continuous monitoring of

the network becomes important . If a big institution

is connected with each other through a network

then again the analysis becomes important for the

above mentioned reasons and to gain certain other

information like where a major chunk of data is

utilized and why this helps the network engineers

to clean up the network. The another reason for

analyzing data packets can be understood in two

aspects , the first aspect is that we can know the

Mr. Shijin S Mathew

WWW.FORENSICYARD.COM

Live capture and offline analysis –Wireshark allows you to capture and recordthe inflow and outflow of data live i.e. – asthe exchange of data is going on betweennetworks and then allows you to analyze thatdata at any point of time in the future.Runs on multiple platforms – It can run onany OS platform like – Windows , Linux andMacOS .Read or write from different capture files –it can read and write files that were evencaptured by other software's like tcpdump ,cisco secure , pcp, etc. The data can berecorded from Ethernet, ATM, Bluetooth,USB, etc.Decryption – the encrypted data frominternet protocols like HTTP, FTP, etc can bedecrypted using Wireshark.

Wireshark can be used to identify whoinitiated the attack, as we know that inforensic how important it is to identify aculprit or an accused to get the investigationstarted.Wireshark can be used to know how exactlythe attack has been implemented on asystem.

Wireshark in Network forensics : Application

To understand how Wireshark is used forforensic purposes we need to know how it isapplied to the network and what all information isaccessed through wireshark. Wireshark cancapture data through two modes, the first modeis the promiscuous mode via which the packetsare captured through the network which thedevice is assigned. Second mode is possiblethrough Linux operating systems which iswireless interface captures maximum datapossible.

The types of information that can be gatheredthrough Wireshark are :-

Live capture and offline analysis –Wireshark allows you to capture and recordthe inflow and outflow of data live i.e. – asthe exchange of data is going on betweennetworks and then allows you to analyze thatdata at any point of time in the future.Runs on multiple platforms – It can run onany OS platform like – Windows , Linux andMacOS .Read or write from different capture files –it can read and write files that were evencaptured by other software's like tcpdump ,cisco secure , pcp, etc. The data can berecorded from Ethernet, ATM, Bluetooth,USB, etc.Decryption – the encrypted data frominternet protocols like HTTP, FTP, etc can bedecrypted using Wireshark.

Wireshark can be used to identify whoinitiated the attack, as we know that inforensic how important it is to identify aculprit or an accused to get the investigationstarted.Wireshark can be used to know how exactlythe attack has been implemented on asystem.

Wireshark in Network forensics : Application

To understand how Wireshark is used forforensic purposes we need to know how it isapplied to the network and what all information isaccessed through wireshark. Wireshark cancapture data through two modes, the first modeis the promiscuous mode via which the packetsare captured through the network which thedevice is assigned. Second mode is possiblethrough Linux operating systems which iswireless interface captures maximum datapossible.

The types of information that can be gatheredthrough Wireshark are :-

Wireshark can be used to identify what allinformation or Data has been compromisedfrom a device or network.It is helpful in finding out if the attacker has leftanything in the system like a Trojan horse or abotware which can be used later tocompromise the system.It also tracks the amount of the data collectedand what all has been analyzed and should beanalyzed. In short, it determines whether thereis enough data to analyze the network.

Covert / Hidden network channels –sometimes the attacker may be able toestablish hidden networks through a systemand make it complex to be visible easilyhence known as hidden network. Thesetypes of network connections can be used tojeopardise a network and obtain valuableinformation from the network, or evendownload something malicious.Malicious Downloads – they are alsoknown as Drive by downloads and anattacker can sometimes illegally downloadsome files into the system. They can happenin two ways i.e – with or without theauthorisation of the admin. The authorisationmay be given without knowing theconsequences. The objective behind most ofthese drive by downloads is information theftin some way. They are the prominent way ofattack and there are preventive measuresagainst such codes at system level but anetwork analyst should know and identifysuch threats.ICMP attacks - The internet control messageprotocol (ICMP) its listed as a core protocolfor ip suite and command line operations arefrequently seen because of its importance innetwork utilities such as diagnostics andcontrol. Hackers can be seen using this in

List of attacks on the network – Identified viawireshark

1.

2.

3.

Wireshark can be used to identify what allinformation or Data has been compromisedfrom a device or network.It is helpful in finding out if the attacker has leftanything in the system like a Trojan horse or abotware which can be used later tocompromise the system.It also tracks the amount of the data collectedand what all has been analyzed and should beanalyzed. In short, it determines whether thereis enough data to analyze the network.

Covert / Hidden network channels –sometimes the attacker may be able toestablish hidden networks through a systemand make it complex to be visible easilyhence known as hidden network. Thesetypes of network connections can be used tojeopardise a network and obtain valuableinformation from the network, or evendownload something malicious.Malicious Downloads – they are alsoknown as Drive by downloads and anattacker can sometimes illegally downloadsome files into the system. They can happenin two ways i.e – with or without theauthorisation of the admin. The authorisationmay be given without knowing theconsequences. The objective behind most ofthese drive by downloads is information theftin some way. They are the prominent way ofattack and there are preventive measuresagainst such codes at system level but anetwork analyst should know and identifysuch threats.ICMP attacks - The internet control messageprotocol (ICMP) its listed as a core protocolfor ip suite and command line operations arefrequently seen because of its importance innetwork utilities such as diagnostics andcontrol. Hackers can be seen using this in

List of attacks on the network – Identified viawireshark

1.

2.

3.

IOT (internet of things ) network trafficanalysis Internet of Things refers to billions ofsmall devices like cameras, lights, Television,etc which are connected to each other overthe internet, and i said whenever a network orconnection is established there would bemutual exchange of Data and this data isexchanged in form of packets. Wiresharkhelps to collect these packets. Attackers mayuse it to obtain the personal information bothsensitive and non sensitive and run these datain machine learning systems to get somedata. IoT usually communicates with cloudservers more and encryption is based on TLSprotocol, etc. Attackers are found to be usingWireshark to collect data packets andidentifying individual devices in a network.They run tests to do so from their own device.Hence , A forensic Network analyst must beable to identify these tests and ARP spoofinggoing on through the network, if identified it iseasy to identify the attacker and pinpoint theirdevice. Intercepting security Wifi images throughWireshark – most of these cameras etcconnected to the internet may not followsecure protocol and maybe using HTTPprotocol which can be easily decrypted andimages could be captured. Even the ipaddress and location of the destination couldbe find where these image files are being sentto.

Recent advancements

1.

2.

Wireshark is free and a very powerful tool andespecially in network forensics it provides datasingle headedly and in home networks anddevices even though antivirus is installed they arebased on signatures that are found before ,attacks are becoming more personal andtherefore traffic analysis prove to be better inidentifying threats, but is of use to networktechnicians than normal people because networktechnicians find out easily if anything is not normalwith the network.

numerous ways and exploiting it even though it is one way message sending, its limitation is that it doesn’t require an authorization.

4. DDos (distributed denial of service) attacks– in these types of attacks the hacker denies theresources on one system or whole network.Attackers may be able to prevent you fromaccessing emails, documents, bank accounts.etcThey find various ways to execute this.BitTorrent driven DDos is an example.

5. Port scanning – Attackers use it to findsusceptible devices and it is known as portscanning because attackers scan different portsand find open doors through which they caneasily enter. Most of these scans cause halfopen TCP connections.

Introduction

The ongoing drug probeinvestigation by NCB ( NarcoticsControl Bureau ) is one of themost substantial issues whichhas shaken the entire nationfrom the scratch. Across theages, drugs is considered as anillegal substance which isprohibited to be consumed in ourcountry which further states it tobe a criminal offence.An individual can intake differenttypes of drugs andsimultaneously the determinationof drugs is the most importantaspect for the purpose ofpresenting solid evidence duringthe investigation purposes to thegovernment officials. As per themedical terms, blood and bonemarrow are the core specimenswhich are used for the purposeof testing and research work.The ultimate result following thewhole list of norms andprototypes finally drives themedical or forensic toxicologyexperts to the final conclusion.This discussion is supposed tobe in a bit detailed manner as a

lot of experts have concluded

this fact after several

investigations and results that

bones and bone marrow contains

a large amount of drug traces as

compared to the other parts or

other skeletal remains of the

body.

Let's get started!

Physiological Characteristic of

Bone Marrow

The study regarding the anatomy

of the bones and the bone

marrow is the basic step to

further focus on the drug testing

phenomenon. According to the

medical terms a bone marrow is

classified as a delicate tissue

which is found in the inner crates

of the bones and are responsible

for creating distinct types of

types of blood cells, i.e. , red

blood cells, white blood cells and

platelets for the process of

proper blood circulation in the

human bodies.

The red blood cell is accounted

for carrying oxygen from the

lungs to the other parts of the

body whereas the white blood

cells isolate foreign pathogens

entering into the body alongside

with platelets responsible for the

purpose of blood clotting. All

these cells are the core elements

available in the bone marrow.

Now we know that there are two

types of bone marrow which are

known as red bone marrow and

yellow bone marrow which are

expertise in performing in their

own set of important functions.

As said earlier the red blood cells

facilitate the flow of blood so red

bone marrow aids them along with

white blood cells and the

platelets. Moreover, on the other

end, the yellow bone marrow is

well-known for supporting the

wide range of blood vessels and

fat cells.

Ms. Damini Shaw

WWW.FORENSICYARD.COM

Physiological Characteristic ofBones

Bones are considered as one ofthe most strenuous forms ofvascularized tissue whichundergo under constant changedue to sudden and inappropriatechanging weather conditions butstill play a major role inhomeostasis phenomenon. Theporous system which constitutesthe bones are known ashydroxyapatite and areaccumulated with a largeamount of minerals herebyknown as mineral constituents.

How the location of the bonesand the bone marrow help out

for the determination ofdrug testing?

The contact of drugs with thebones and the bone marrows issolely based on the anatomicalarea of the bones correlatingwith the flow of blood within thebody. In most of the cases,drugs are effortlessly accessiblefrom the most essential bones ofthe body such as femur bones,ribs, vertebrae etc becausethese are strong specimenbones which remain in existencefor a longer period of time.

Method of Analysis

If the bone is collected in theform of liquid then in such casesit's diluted with water or bufferalong with the macerated

mixture which further allows the

examiners to extract the drugs

along with the remaining dilute

substances. It may be difficult to

extract the drug traces from

bone during certain cases as

bone is made up of a high amount

of fat. This can be solved by

treating the extracts of the dried

solvents along with the hexane or

ethanol in the ratio of 7:2 along

with little amount of water in the

solution. Proceeding towards the

end the hexane layer gets

removed and eventually drugs

can be extracted from the

remaining fraction of the ethanol.

Recent Advancements

As per the recent analysis ascompared to the old times nowdifferent types of drugs such asamphetamines, morphine andhuge volume of benzodiazepineshave been found to be detectedin the bones and the bonemarrow. Although still there aresome heroin metabolites such as6-acetyl morphine which are notdetected during the drugdetection cases. Well, thestudies also state that the drugs

remain within the bones and bone

marrow for a longer period of time

as compared to the parts of the

body.

Final Words

Well earlier during the

investigation cases bones and

bone marrow were not counted

as the major specimens for the

investigation purposes but now

due to the advancement in

educational research, these have

gathered a huge amount of

attention stating them to be the

most vital specimen for tracing

the drugs in the human bodies.

It's also contended that the

proper liberation of the drugs

either to the bones or the bone

marrow is an unwanted and

strident lethargic distribution

through the pathway of the blood

circulation in the body of the

living organisms. These drugs are

highly destructive and

considerably target the

individuals who are suffering from

bone-related diseases such as

osteoporosis, rheumatoid

arthritis at a fast rate which leads

to harmful consequences in

future.

WWW.FORENS ICYARD .COM

All the information and reference for the construction anddeployment of HMEs is widely available to the public bydifferent sources.Different methods of explosives attacks and their assemblyare described in detail in the Al-Qaida’s and Jihads trainingmanuals.Several book and research publishers publish books andarticles that shows how to build using improvised materialsand commercial products.Military field manuals have also been used as a source ofinformation and can be purchased at the doorstep throughonline.All information regarding the construction of HMBs are alsoeasily found on the internet and are readily available toanyone with an internet access.

Homemade Explosives Information Sources

Homemade Bombs

Homemade bombs(HMBs) are atype of unconventional explosivethat can be deployed anywherein a variety of ways and cancause death, injury and propertydamage. The bomb consists of avariety of components whichinclude an initiator, switch, maincharge, power source and acontainer. To increase theamount of casualties of theexplosion, the bomb makers willinclude additional materials suchas nails, glass, metal fragments.Other material may also containother elements such ashazardous materials. Thehomemade bomb can bedetonated by a variety ofmethods depending on theintended target and the place ofdeployment.

Explosives Used inHomemade Bombs

Commonly availablematerials are mainly used inHMBs such as fertilizers,gunpowder and hydrogenperoxide. The bomb shouldcontain a fuel and an oxidizer, which provides theoxygen needed to sustainthe reaction. ANFO, amixture of ammonium nitrate,which acts as the oxidizer,and the fuel oil is a commonexample for these types of

explosives. Many of thesubstances for making anexplosive are simple,requiring very little technicalknowledge or specializedequipment. Instructions onhow to make them areprovided online and inwritten resources.Sometimes the recipes forhomemade explosives areoften inaccurate anddangerous to follow andsome explosive materialsare created often highlyunstable.

Mr. VIMAL K. B.

WWW.FORENSICYARD.COM

Unusual packages or containers with electronic components,such as cellular phone, antenna, circuit board, wires andother items attached or exposed.Any devices that contain quantities of fireworks, blackpowder, fuses, match heads, incendiary materials,smokeless powder and other unusual materials areconsidered suspicious.Containers like pipes with wire circuits, pressure cookers etc.in public places should be considered as unusual devices.Materials attached to an item such as bolt, nails, pin, glass,marble pieces, and so on that could be used for shrapnel.Use of portable X-ray tools to examine suspiciousbaggage/packages to determine the presence of anyexplosive materials.DRDO and IIS recently developed a new bomb detectionapparatus called Raider-X. 20 homemade bomb explosivesfrom up to 20 meters away can be easily detected. Raider-Xdata library can be updated to accommodate the new detailsof different explosives in pure and in their contaminated form.

Identification of Homemade Bombs Explosives Used inHomemade Bombs

Commonly available materialsare mainly used in HMBs suchas fertilizers, gunpowder andhydrogen peroxide. The bombshould contain a fuel and an oxidizer, which provides theoxygen needed to sustain thereaction.

ANFO, a mixture of ammoniumnitrate, which acts as theoxidizer, and the fuel oil is acommon example for thesetypes of explosives. Many of thesubstances for making anexplosive are simple, requiringvery little technical knowledge orspecialized equipment.

Instructions on how to makethem are provided online and inwritten resources. Sometimesthe recipes for homemadeexplosives are often inaccurateand dangerous to follow andsome explosive materials arecreated often highly unstable.

Forensic analysis of homemade explosives materials is critical for determining the origin ofexplosive and precursors & formulation procedures. Extra care should be taken during collection, preservation & analysis of the pre/post explosivematerials. A database (with specified confidence levels) of mass, thermal, infrared spectral signature &isotopic composition & ratios of correlated pre- identified homemade explosives precursors.Gas chromatography is frequently used for the identification of organic explosive components inthe bomb. The technique has high sensitivity and selectivity towards organic constituents in theresidue. The detectors used are combined with GC are thermal energy analyzer (TEA),electron capture detection (ECD), mass spectrometry (MS) & tandem mass spectrometry(MS/MS).

Forensic Analysis of Homemade Bombs Explosives

High performance liquid chromatography(HPLC) is used for the detection of organiccompounds that are non-volatile in nature. Itis often used as the instrument for analysis ofexplosives as it is amenable for the analysiscompound that has low volatility, highsensitivity to heat and high molecular weight.Ultra- HPLC has recently been widely usedamong the researchers because of itseffectiveness for compound separation & it’ssensitivity.Capillary electrophoresis (CE) is used for theanalysis of inorganic compounds in theresidue. In CE, targeted analytes elute fromone end of the capillary under the influence ofelectric field and analytes are separatedaccording to their ionic mobility & this methodis successfully used to determine 3 cations(Ca2+, Fe2+,Fe3+) & 4 anions (Cl-, NO32-,SO42-, SCN-) simultaneously under 7minutes at pH 4.7. Post blast explosiveresidues of black powder and ammoniumnitrate-fuel oil (ANFO) can also besuccessfully analyzed through this technique.X-ray powder diffraction (XRD) and X-rayfluorescence are non- destructive techniques.It is used for the composition analysis ofcrystalline material in the explosive. Both ofthe techniques are different butcomplementary to each other whereby XRDused to analyze the phases or compounds init meanwhile XRF is utilized for the analysisof the elemental composition of crystallinematerial.

Boston Marathon bombing- Homemadebomb attacks happened in Boston duringthe annual Boston Marathon on April 15,2013. Two homemade pressure cookerbombs detonated 14 seconds and 210yards (190m) apart at 2:49 pm near thefinish line of the marathon run. This blastkilled 3 people and injured several hundredothers, including 17 who lost Limbs..

Examples of Terrorist Homemade BombsAttacks

Madrid Train Attacks- 10 explosionsrocked through 4 commuter trains duringrush hour on March 11, 2004, in Madrid,Spain. Goma 2 ECO explosives werestuffed in bags with metal fragments, cellphones with timers which are used to initiatethe explosive device. This attack wascarried out by violent Islamic extremists,killed 191 people and injured (1800+)

Oklahoma City Bombing- On the morningof April 19, 1995, a truck bomb exploded infront of the Federal Building in Oklahomacity. Ammonium nitrate and nitromethaneare used in the explosion which were putinto the back of the truck and left to explode.

Introduction

Digital Forensics is on the vergeof revolutionary changes whichmight change the way we look atthis industry. One of the crucialchanges is Automation. With therise of Artificial Intelligence andMachine learning, investigatorsare now able to flag contents inan investigation instantly.Investigators nowadays areusing different algorithms andautomation tools to evaluate themassive amount of data whichotherwise take much longer timeto process.

But the real question thatarises is whether the task ofDigital Forensics Investigatorcan be automated concerningthe importance of the job?

Artificial Intelligence algorithmshelps to identify and flag certainelements and data insideimages, videos by observingcommon traits in location, timeand then gives investigator anestimated data about time andlocation of the next crime.

These technologies have been

much helpful in maintaining the

workload in Forensics labs. The

cases are increasing rapidly from

the last decade.

Digital crimes have been

increasing with a faster rate

today and the shortage of the

workforce in labs in a matter of

concern. Thus these automated

tools heps in prioritizing each

case as mainitaing the

overwhelming caseload and

prioritizing each case if next to

impossible.

Despite of the case an

investigator is working on, there

are tasks that have to be

performed again and again.

Automation isn't necessary for

most tasks but clicking again and

again on "Next" button in a script

can be menial task for an

investigator who is working on

cases of counterterrorism etc.

Multiple automated tools can be

implemented on each case to suit

the needs of the investigator.

This allows the time being utilized

on much more important task

such as tracking the suspect's

device, gaining access to the

suspect's system and analyzing

the automated reports.

Once the automation task are

finished, its the responsibility

of the expert to analysis the

data. These tools might be

helpful in organizing data and

evaluating elements by

algorithms but the output data

is still an estimate and an

expert eyes are still required.

The requirement of an expert

will never go away and its

arguably even more important

now more than ever because at

the end, data is just data until

Forensic analysis is

implemented.

The key thing is that its not the

Forensic examination or testing

that should be automated but

menial task such as the

tedious button clicks.

Moreover this would help in

clearing the backlog cases

efficiently and thereby

improving speed and accuracy

of the case.

Mr. Mukul Sharma

WWW.FORENSICYARD.COM

VACANCY 

FORENSICS CERTIFICATION WILL BE AN ADDED ADVANTAGE CHFI, GCFA, GCIH OR GCFE *

VACANCY Company : Adroit Valuation Services Pvt Ltd

Position : Forensic (Data) AnalystVacancy: 02

Application mode: Online www.adroitvaluation.com/career.php

Location: Noida & Mumbai, INDIALast Date of Online Application: 10-10-2020

Company : Ernst & YoungPosition : Consulting -Technology Risk(Senior)

Vacancy: UndefinedApplication mode: Online

Apply on eygbl.referrals.selectminds.comLocation: Thiruvananthapuram, Kerala, INDIA

Last Date of Online Application: 15-10-2020

Company : Css CorpPosition : Network security - TAC

Vacancy: UndefinedApplication mode: Online

www.csscorp.com/company/careersLocation: INDIA, PHILIPPINES

Last Date of Online Application: 15-10-2020

Organization : LNJN National Inst. of Criminology and Forensic Sci.

Post : Consultant (PG Diploma in Investigation ofCyber Crimes & Law and PG Diploma in

Victimology & Victim Assistance)Application mode: Online; Location: New Delhi

nicfs.gov.in/wp-content/uploads/2020/09/Last Date of Online Application: 09-10-2020

Company : SISA Information SecurityPosition : Associate Consultant – Forensic *

Vacancy: 01Application mode: Online sisainfosec.com/careers/

Location: Bangalore, KA, INDIALast Date of Online Application: 10-10-2020

Company : KennametalPosition : Cyber Forensics Analyst *

Vacancy: UndefinedApplication mode: Online

jobs.kennametal.com/job/Bangalore-Analyst-ITLocation: Bengaluru(Whitefield), INDIA

Last Date of Online Application: Undefined

Company : CapgeminiPosition : FORENSIC ANALYST *

Vacancy: UndefinedApplication mode: Online

www.capgemini.com/in-en/jobs/Location: Mumbai , INDIA

Last Date of Online Application: 20-10-2020

Organization : FTI Consulting, Inc.Post : Senior Consultant| Forensic Technology

Vacancy: UndefinedApplication mode: Online

fticonsult.referrals.selectminds.com/fticareersLocation: Mumbai, INDIA

Last Date of Online Application: Undefined

WWW.FORENS ICYARD .COM

**Following Clickable links

Can only be accessed via Adobe

FORENSIC YARDMAGAZINEMAGAZINE