In May, 48-year-old Moinuddin Qureshi was shot dead by two unidentified assailants outside his shop near Moti Mahal restaurant in Daryaganj. Police initially had no leads — CCTV footage was blurred and the suspects couldn’t be identified, while nothing came up when his wife Zeeba and other family members were questioned.
The Cyber Cell then sent the couple’s phones to the National Cyber Forensics Lab (NCFL) for analysis, which retrieved deleted data — including a screenshot of a WhatsApp ID in which a man’s photo and number were visible — in two-three days.
“Though blurred, CCTV footage showed two men at the crime scene. One of them was wearing a t-shirt which matched the one worn by the man in the deleted photo. We traced the mobile number in the photo and identified him as Shoaib (29),” said an officer. Police said Shoaib claimed that he and Zeeba planned to get married and they decided to kill Moinuddin with the help of a “contract killer”, Vinit Goswami. The three have since been arrested.
Best of Express Premium
This was one of the many cases that the Cyber Forensics Lab helped solve this year using data extraction, dump data analysis and other techniques. The NCFL is a specialised lab which was started in 2019 and has helped the Enforcement Directorate, Central Bureau of Investigation and other agencies in collecting crucial data from damaged devices.
DCP (Cyber Cell) KPS Malhotra and the NCFL team of 25 officers have worked on high-profile cases where deleted data acts as key evidence. More than 5,000 devices have been seized and analysed by the team so far, even if they are damaged, burnt or submerged in water.
An ACP-level officer told The Indian Express that the team can recover deleted or hidden data from phones in 7-8 hours and from laptops in 48-72 hours, which is considered highly efficient when compared to other cyber labs in India. “Our teams have in-house tools and use software such as UFED 4PC, Axiom, Encase, Blacklight, etc. Our focus is to first look into deleted documents, photos and call logs which are easy to recover if the space isn’t overwritten. There’ve been cases where we have recovered photos and chats that were deleted 1-2 years ago,” said the officer.
🚨 Limited Time Offer | Express Premium with ad-lite for just Rs 2/ day 👉🏽 Click here to subscribe 🚨
In the GitHub case, where an app was created to post photos of Muslim women alongside disparaging comments, the team collected important evidence from the devices of the main accused Aumkareshwar Thakur.
“We recovered the code script of the app from Thakur’s Macbook, which showed he was allegedly involved with uploading and sharing lewd remarks on photos of the women. He had deleted many files but our team was successful in recovering data related to social media groups and chats,” said an officer.
In February, the team was assigned another case where a 33-year-old market research analyst, Mohit Sharma, was accused of sexually harassing a woman and a minor girl, but police couldn’t find evidence against him. The Cyber Cell later said they had recovered 4,000 deleted private photos from his laptop and arrested him.
A woman had filed a complaint in September 2020 alleging she was approached by Sharma who posed as a Russian magazine editor. DCP Malhotra said, “The accused induced the woman to share her photos for the magazine. The accused later blackmailed the woman and her relative, a minor. He also created a fake Instagram account and posted her photos.”
The case was transferred to the Cyber Cell last year. The team traced the IP address of the device to Sharma’s residence in Noida. However, he claimed his device was hacked and he reported the same to local police.
“There was no visible data related to the case in the said devices. However, we ran a forensic analysis to extract deleted data. Thousands of obscene images of women, including the images relevant in the case, were found on Sharma’s laptop,” said DCP Malhotra.