A forensic report released in a police petition unveiled that the card, carrying the visuals of the lady actor’s assault in 2017, was very last accessed in July 2021 when it was at the trial court of Judge Honey M Varghese.
5 days ago, when a new forensic report came out as aspect of a petition that the Kerala police filed in the actor assault scenario, there ended up astonishing revelations. It reported that the memory card, that contains visuals of the assault on the actor in February 2017, was accessed thrice whilst it was meant to be in the safe custody of courts. The last time it was accessed — in July 2021 — it was at the Ernakulam Additional Special Sessions Court docket of Judge Honey M Varghese, exactly where the trial of the scenario is likely on. Now, it would seem there are much more lacking specifics to be anxious about, in accordance to international cyber safety specialist Sangameswaran Manikkyam Iyer.
“The dilemma is that there is no serial range for the memory card pointed out anyplace in the report. This is a problem mainly because, with no it, we cannot be guaranteed if this is the first memory card which was collected as proof in 2017, or if it was swapped with an additional,” Sangameswaran tells TNM.
Each individual memory card maker will have a serial quantity, making use of which law enforcement agencies throughout the world track specifics this kind of as who bought the machine from wherever, the year of the manufacture etc. The memory card in this scenario is made up of eight video documents, recognised as individuals similar to the sexual assault of a distinguished woman actor in a moving auto in Kochi 5 years in the past. The situation obtained more focus when yet another well-liked actor, Dileep, was alleged to be the mastermind of the assault. In the several years considering that the assault, the system made up of the visuals of the assault has been moved to numerous courts and is presently at Choose Honey’s trial court.
“It could be significant, this lack of a serial selection. 8 online video files have been uncovered as similar to the incident. Let’s say there have been other documents in the memory card, which could or could not be related to the criminal offense. If people information are modified or deleted, the hash worth of the memory card could improve, even if the hash value of the unique data files do not. An additional possibility is that the unique memory card was swapped with one more 1 that contains the exact same 8 documents, with some of the other files eliminated or improved,” Sangameswaran claims.
The hash worth he mentions is a string of alphanumeric figures, exclusive for a product and used to recognize it. The forensic report has stated that the hash value of the memory card — referred to as volume hash — has changed, although that of the 8 particular person data files has not. This implies that the eight data files have not been modified or changed, but some change has occurred to the memory card. This has brought worry, in particular with the forensic report mentioning that the past entry of the card was designed applying a cell cell phone, indicating the presence of messaging apps this kind of as WhatsApp and Telegram, and the social media app Instagram. It poses really serious issues as to whether any information of the card was copied and sent applying these applications to yet another machine.
How did the hash benefit transform?
“In the forensic report, there is a crystal clear mention of this memory card staying inserted on a cellular mobile phone, the make of which is in the report. It was functioning on an Android functioning procedure and there is seize of unique apps such as WhatsApp and Telegram set up in the cellular gadget. The Android operating technique will mount the memory card (inserted) as section of the technique, and consider to compose method facts onto the memory card. That is how the messaging applications’ info has been penned as a program file on to the card, which in switch modified the quantity hash value,” Sangameswaran explains.
This usually means that the hash price of the memory card changed for the reason that the mobile machine it was inserted on extra system data on the card. Any adjust on the card would transform its hash value.
Had been the online video files copied?
But at this stage, there is no way to know if exfiltration has transpired — which means, if the written content of the memory card was copied to an additional system. “Further in-depth assessment making use of innovative and specialised forensic applications may perhaps be expected to locate out what transpired. The files could be copied above distinctive channels – despatched as a concept or email attachment, copied to the android cellular phone (in which the card was inserted) and then to one more memory card, performed on the machine and the display screen captured by the similar product or a different. We can’t say unless we analyze the mobile phone in which the card was used and perform a thorough analysis.”
The report has pointed out details of the cellular phone – a Vivo, working with the support supplier Jijo. It is also not obvious if any other purposes (than Whatsapp, Telegram or Instagram) had been applied on the mobile phone at the time the memory card was inserted in it. All the apps managing on the cell phone will need not publish system data files onto the memory card, as some of them require unique permissions.
Hash price of unique documents
Sangameswaran also makes another critical observation. In the several tables of the forensic report, the last entry day of the eight specific information keep on being unchanged from the past time the card was uncovered to be accessed — December 13, 2018. This was the last access date that an previously forensic report experienced talked about, revealing that the video clips ended up accessed when it was in the Principal and Classes Court docket of Ernakulam, just before it attained Choose Honey’s court. The initial previous entry day was February 18, 2017, a day following the crime transpired.
Even in the new forensic report, the past accessibility of these person documents is outlined as December 2018, and not July 2021. But it needn’t imply that in July 2021, only the memory card was accessed and the documents had been untouched, Sangameswaran suggests. “File houses — which involves the final entry date — are not a trustworthy resource and can be simply tampered with, without having modifying the material of the file. So the hash benefit also will not modify. This is a single of the prospects,” he says. He has based mostly all his analyses only on the forensic report that came as element of the law enforcement petition, he clarifies.
Study: Dileep case: Was the memory card tampered with? A cyber protection pro describes