A forensic report released in a police petition uncovered that the card, carrying the visuals of the girl actor’s assault in 2017, was very last accessed in July 2021 when it was at the demo courtroom of Judge Honey M Varghese.
5 times back, when a new forensic report came out as part of a petition that the Kerala police submitted in the actor assault scenario, there were being astonishing revelations. It claimed that the memory card, containing visuals of the assault on the actor in February 2017, was accessed thrice while it was meant to be in the protected custody of courts. The last time it was accessed — in July 2021 — it was at the Ernakulam Further Distinctive Classes Court of Judge Honey M Varghese, in which the trial of the situation is heading on. Now, it looks there are more missing particulars to be anxious about, in accordance to intercontinental cyber stability specialist Sangameswaran Manikkyam Iyer.
“The dilemma is that there is no serial variety for the memory card outlined everywhere in the report. This is a issue due to the fact, without the need of it, we just can’t be guaranteed if this is the original memory card which was collected as evidence in 2017, or if it was swapped with a further,” Sangameswaran tells TNM.
Every single memory card maker will have a serial variety, applying which legislation enforcement organizations across the world monitor details these kinds of as who procured the machine from the place, the year of the manufacture and so on. The memory card in this case consists of 8 online video information, recognised as these connected to the sexual assault of a distinguished female actor in a transferring automobile in Kochi 5 yrs back. The circumstance obtained even further interest when another well known actor, Dileep, was alleged to be the mastermind of the assault. In the several years because the assault, the machine that contains the visuals of the attack has been moved to a number of courts and is presently at Decide Honey’s trial court.
“It could be major, this absence of a serial variety. Eight video information have been found as connected to the incident. Let’s say there were being other documents in the memory card, which may or may well not be linked to the criminal offense. If all those documents are modified or deleted, the hash value of the memory card could transform, even if the hash benefit of the individual documents do not. Another likelihood is that the first memory card was swapped with an additional one containing the same eight information, with some of the other information eradicated or altered,” Sangameswaran says.
The hash worth he mentions is a string of alphanumeric figures, one of a kind for a product and applied to establish it. The forensic report has described that the hash value of the memory card — called quantity hash — has modified, although that of the eight person data files has not. This usually means that the 8 information have not been modified or replaced, but some change has occurred to the memory card. This has brought worry, primarily with the forensic report mentioning that the final accessibility of the card was created using a cellular telephone, indicating the presence of messaging apps these types of as WhatsApp and Telegram, and the social media application Instagram. It poses really serious concerns as to no matter if any material of the card was copied and sent employing these applications to a further system.
How did the hash price adjust?
“In the forensic report, there is a very clear point out of this memory card getting inserted on a cellular telephone, the make of which is in the report. It was running on an Android functioning technique and there is seize of specific purposes these types of as WhatsApp and Telegram installed in the cell gadget. The Android operating method will mount the memory card (inserted) as portion of the system, and test to generate technique info on to the memory card. That is how the messaging applications’ information has been penned as a program file on to the card, which in change altered the volume hash price,” Sangameswaran points out.
This indicates that the hash value of the memory card transformed for the reason that the cellular product it was inserted on additional procedure data on the card. Any transform on the card would transform its hash worth.
Had been the video information copied?
But at this phase, there is no way to know if exfiltration has took place — which means, if the content material of the memory card was copied to an additional unit. “Further in-depth assessment employing innovative and specialised forensic instruments might be necessary to find out what transpired. The data files could be copied around distinctive channels – sent as a information or e-mail attachment, copied to the android cellular phone (in which the card was inserted) and then to another memory card, performed on the machine and the monitor captured by the same machine or a different. We can not say unless we take a look at the mobile phone in which the card was utilized and carry out a thorough analysis.”
The report has outlined information of the telephone – a Vivo, making use of the assistance company Jijo. It is also not distinct if any other purposes (than Whatsapp, Telegram or Instagram) had been utilised on the mobile phone at the time the memory card was inserted in it. All the applications functioning on the cellular phone need to have not generate process data files on to the memory card, as some of them need to have unique permissions.
Hash benefit of unique files
Sangameswaran also would make a further critical observation. In the various tables of the forensic report, the very last obtain day of the 8 person files keep on being unchanged from the past time the card was found to be accessed — December 13, 2018. This was the past obtain date that an before forensic report had pointed out, revealing that the films have been accessed when it was in the Principal and Classes Court of Ernakulam, before it reached Decide Honey’s courtroom. The first very last access day was February 18, 2017, a working day just after the criminal offense took place.
Even in the new forensic report, the very last entry of these specific documents is mentioned as December 2018, and not July 2021. But it needn’t mean that in July 2021, only the memory card was accessed and the information were being untouched, Sangameswaran claims. “File houses — which incorporates the last obtain date — are not a responsible source and can be simply tampered with, devoid of modifying the written content of the file. So the hash value also will not change. This is one of the choices,” he says. He has primarily based all his analyses only on the forensic report that came as portion of the police petition, he clarifies.
Go through: Dileep case: Was the memory card tampered with? A cyber stability skilled points out