The Basics Of Internet Protocol (IP) Address System

An Internet Protocol (IP) Address is an important aspect of not only the World Wide Web (WWW)/Internet but is also required for conducting a successful Cyber Forensics Analysis. So it is important to have a basic knowledge about IP Address. In this Article I would try to cover the most significant aspects of IP Address and a detailed and technical analysis is beyond the scope of this Article.

Every Computer that communicates on the Internet is allotted a unique IP Address. Through this unique IP Address the “Identity” of the Individual may be established. However, there are exceptions to this case. For instance using of a Proxy Server may not reveal the true IP Address of the Individual. Similarly, IP Address Spoofing may not provide the correct details of the Computer that has been used to send the communication. 

There are two Standards for IP addresses i.e. IP Version 4 (IPv4) and IP Version 6 (IPv6). Presently, most Computers are using IPv4 but soon the same would be migrated to IPv6 as IPv4 is no more able to cope up with the growing demands of IP Addresses.

An IP Address can be either Static or Dynamic. Generally, a Static IP Address is one that your Administrator/ISPs allots and configures by editing your Computer's Network Settings. It produces a single and constant identifiable IP Address that can be easily attributable to the Computer using the same.

A Dynamic IP Address is assigned by the Dynamic Host Configuration Protocol (DHCP), a service running on the Network. DHCP typically runs on Network Hardware such as Routers or dedicated DHCP Servers. A Computer using Dynamic IP Address is allotted a new IP Address for each “New Session” during its “Lease Period”.

A single IP Address may further be shared by different Computers using a “Router”. If you use a Router to share an Internet connection, the Router gets the IP Address issued directly from the ISP. Then, it creates and manages a Subnet for all the Computers connected to that Router. The Router would get the External IP Address and the Computers connected to the Router would get Internal IP Addresses to further “Identify” each Individual Computer.

The most common locations for finding IP Addresses are Log Files, in the Received Header fields of an E-Mail, Tcpdump Traces, etc. In some circumstances only a Host Name must have been recorded, but this can simply be translated into an IP Address.

IP Addresses are the “First Step” in the Cyber Forensics Investigations. However, IP Tracking must be done with great caution and with good application of mind. A casual IP tracking exercise may not only provide wrong results but can also implicate an innocent person.  I would cover these issues in more detail in my subsequent articles.

Cyber Forensics And Indian Approach

Cyber Forensics is an area that has not aroused much interest among the Governmental corridors of India. Even the Parliament of India and Indian Judiciary are not very enthusiastic about this much needed Science and Art.

Before I proceed further, it is pertinent to explain the concepts like “Cyber” or “Cyberspace” and “Cyber Forensics” as per my own understanding and with my own personal definitions.

In my opinion the word “Cyber” or “Cyberspace” signifies a “Combination of Information and Communication Technologies (ICT) that includes both Hardware and Software.

Similarly, according to me the word “Cyber Forensics” means “A Scientific and Forensics analysis of “Cyberspace” that includes ICT Components, Hardware and Software in such a manner that the end result is “Presentable and Admissible” in a Court of Law”.

Another concept that I would like to discuss pertains to Electronic Discovery (E-Discovery). According to me there is a difference between Cyber Forensics and E-Discovery. I believe that Cyber Forensics is a “Wider Concept” than E-Discovery. To put it on other words, Cyber Forensics includes E-Discovery but not Vice Versa.

For instance, a properly conducted Cyber Forensics Exercise is “Relevant and “Admissible” for all purposes including Litigation purposes. But E-Discovery may not be “Relevant” and “Admissible” while deciding a Criminal Litigation.

Now coming back to the Indian position, Cyber Forensics has not found favour with the Executive, Judiciary, Legislature and the Administrative Branches of India. We have no dedicated Cyber Forensics Laws in India. Even the Information Technology Act 2000 (IT Act 2000), which is the Cyber Law of India, is not covering Cyber Forensics. A going reference of Cyber Forensics may be found in the IT Act 2000 but that is nothing more than a reference with no actual “Utility” as on date.

This “Poor Condition” of Cyber Forensics in India is attributable to many factors. Firstly, we have no Legal Enablement of ICT Systems in India. Concepts like E-Courts, Online Dispute Resolution (ODR), etc are still missing in India. Secondly, the ICT Policies and Strategies of India are “Defective” and they do not cater the requirements of Cyber Law, Cyber Security, Cyber Forensics, etc. Thirdly, the Parliament of India is not “Comfortable” with ICT related issues. If Parliament is itself not aware of the Techno Legal Concepts like Cyber Law, Cyber Security, Cyber Forensics, etc not much development can take place.

I personally believe that Cyber Law of India should be repealed and a more comprehensive Cyber Law must be enacted. Similarly we need “Dedicated Laws” for Cyber Security and Cyber Forensics in India.

In my subsequent posts, I would try to cover every possible aspect of Cyber Forensics that is applicable to India and World Wide. Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that this Blog would prove useful to all Stakeholders.