From Engineering Student to Cyber Investigator: My 12-Day Journey at the Amroha Police Cyber Security Internship Program (APCSIP-2026)
How OSINT, malware sandboxes, UPI fraud trails, dark web recon, and 45+ mentors and co-interns turned a government internship into the most intense classroom of my engineering life
By Gautam Kumar Maurya
"I arrived in Amroha as a complete outsider. I left it as part of a 45-person network of investigators, officers, and analysts who'll probably be in my life for years."
In May 2026, I submitted an application for something called APCSIP-2026 — the Amroha Police Cyber Security Internship Program. I expected a certificate course. Maybe a few lectures on cybersecurity basics.
What I actually walked into was 12 days that took me from filling out tower-dump cell ID maps, to sandboxing Android malware, to tracing UPI fraud trails with bank nodal officers, to standing inside a confidential briefing I still can't talk about in detail, to receiving a Best Content Creator Award from DSP Anjali Kataria Ma'am on the final day.
This is the full story — exactly how it happened, day by day, tool by tool.
Why I Applied
I'm a B.Tech student with a strong pull toward Data Science and Cyber Security. Like most students in this space, my learning so far had come from courses, YouTube, and lab simulations. Useful — but disconnected from how cybercrime is actually investigated on the ground.
APCSIP-2026 promised something different: direct exposure to a real Cyber Crime Cell, real case logic, and real officers who deal with fraud, malware, and digital evidence every single day. I had to try.
Phase 1: The Selection Journey
Application Submission — May 2026
I applied with my academic background and a short note on my interest in digital forensics and threat tracking. Then came the part every applicant dreads: waiting.
Shortlisted for Screening — 21–22 May 2026
The shortlist dropped, along with test instructions sent to registered emails. My name was on it. One gate down, one to go.
The Online Screening Test — 24 May 2026, 6:00–6:30 PM
Thirty minutes. 50 MCQs — 40 on computer applications, IT fundamentals, and basic cybersecurity, plus 10 on general awareness. No negative marking, but also no room to relax.
Offer Letter — Early June 2026
The selection email arrived with the official offer letter, code of conduct undertakings, legal rules, and reporting guidelines from Amroha Police. This wasn't a casual internship — it came with the weight of an actual law-enforcement program attached to it.
Onboarding — June 2026
Document verification, policy undertakings, registration guidelines — all completed before I even set foot in Amroha.
Arrival at Amroha — 10 June 2026
I travelled to Amroha and arrived at Shri Venkateshwara University, set up accommodation, and prepared for what the program called a "12-day intensive training regimen." It would turn out to be 13 days of life, if you count how long it actually took to process everything that happened.
DAY 00 — Welcome: Registration & Orientation
The first day was about structure, not content. I completed onboarding documentation, collected the official welcome kit — badge, offer letter, program materials — and verified my credentials with the student coordinators.
In the afternoon, the program orientation laid out attendance parameters, evaluation criteria, and a code of conduct that made one thing clear immediately: this program ran on discipline, not vibes.
Takeaway: Day 0 set the baseline — successful state-level collaborations begin with operational discipline, not just enthusiasm.
DAY 01 — Cell Briefing: Inside the Cybercrime Ecosystem
The official inauguration ceremony brought together law enforcement and cybersecurity officials for expert talks on why this program — and cybersecurity itself — matters right now.
In the afternoon, we went deep into the cybercrime threat ecosystem: modern attack vectors targeting everyday people, and — more importantly — how local Cyber Crime Cells coordinate with national systems like the NCCRP (National Cyber Crime Reporting Portal) incident logs.
Takeaway: A cyber investigator's real job is mapping the full security loop — from human awareness, to system hardening, to case coordination with state agencies.
DAY 02 — Recon & OSINT: Reading People and the Internet
This was the day cybersecurity stopped being abstract for me.
Session 1 — Cyber Psychology: We studied how scammers, hacktivists, and even terror networks weaponize human emotion online — and the five motivations behind almost every attack: financial gain, revenge, recognition, power, and ideology.
Session 2 — Open Source Intelligence (OSINT): Hands-on, passive data-gathering using Maltego (link analysis), Shodan (IoT search), Google Dorking, Canary Tokens, DeHashed, and FotoForensics.
Then came the moment that actually unsettled me a little: I ran a self-audit on my own digital footprint and found leaked data points from past breaches I didn't even know I'd been part of.
Takeaway: Vulnerability almost always lives in human trust and residual digital footprints — and you can query open registers for intelligence without ever exposing your own investigation.
DAY 03 — Telecom Sorting: Law, Research, and AI
Sessions 1 & 2 — Cyber Laws & Research: A full walkthrough of India's digital legal frameworks under the IT Act, paired with the technical research backbone every case file needs — problem statements, literature reviews, data collection pipelines, sampling layouts, and formal reporting standards.
Sessions 3 & 4 — Career Guide & AI: A career advisory panel on certifications and professional roadmaps, followed by a sharper conversation: how Machine Learning, Deep Learning, and Generative AI are now active tools in threat pattern recognition and predictive cybersecurity.
Takeaway: Building a real case file means combining legal frameworks, structured research methodology, and predictive technology — none of the three works alone.
DAY 04 — Triangulation: Malware and the Forensics Pipeline
Session 1 — Android Malware Analysis: Studying how Android malware is packaged, how it maps to Command & Control (C2) servers, and running static/dynamic binary auditing inside safe, sandboxed environments.
Session 2 — Digital Forensics: The full forensics pipeline — evidence collection, bit-stream imaging, preservation guidelines, and hash verification standards (MD5/SHA-256) that keep proof legally valid.
This was the day I understood, viscerally, that chain of custody isn't bureaucracy — it's the difference between evidence and noise.
Takeaway: Metadata signatures trace threat agents back to their source, but only if data integrity is protected at every single step.
DAY 05 — IP Analysis: SOC, Threat Intel & Bug Bounty
Session 1 — Security Operations Center (SOC): SIEM and EDR architecture, event correlation, and reading log records using Wazuh, Elastic, Wireshark, and NXLog. We also pulled IP reputation checks via VirusTotal, Hybrid Analysis, and IBM X-Force.
Session 2 — Bug Bounty & Ethical Hacking: Subdomain enumeration, API endpoint testing, and business logic flaw-hunting — alongside the ethics of responsible disclosure, severity scoring, and platforms like HackerOne, Bugcrowd, and Intigriti.
Takeaway: Network security isn't a one-time fix. Continuous monitoring and crowdsourced bug bounty programs work together to keep hardening the same endpoints, every single day.
DAY 06 — Mobile Forensics: Compliance & Industry Reality
Session 1 — "Swipe, Secure, Comply": The DPDP Act, RBI and SEBI CSCRF guidelines, the SWIFT Customer Security Program, and incident reporting rules. We also dug into fraud prevention — mule account network detection, SBOM/CBOM, and supply chain security risk.
Session 2 — Industry Experience: Guest speakers shared first-hand career guidance and how to keep skills current in a field that changes every six months.
Takeaway: Compliance frameworks and early cyber-resilience planning are what stand between an organization and a supply chain attack — not just good intentions.
DAY 07 — Vulnerabilities: Blockchain and Real Police Cases
Session 1 — Blockchain & Crypto: Blockchain structure, public/private key cryptography, consensus algorithms, smart contracts, and Web3 security gaps — including private key leaks, smart contract bugs, 51% attacks, and DNS hijacking.
Session 2 — Real Investigations: This was the session that stayed with me longest. Serving police officers walked us through actual cybercrime investigations — digital evidence collection, legal workflows under Section 91 of the CrPC, and live case studies tracing transaction nodes across public ledgers.
Takeaway: Blockchain security lives or dies on cryptographic key protection — and investigators trace transaction nodes across public ledgers the same patient way detectives trace footprints.
DAY 08 — Financial Fraud: UPI, Privacy Law, and a Confidential Session
Session 1 — Data Privacy Law & AI: We studied K.S. Puttaswamy vs. Union of India — the landmark ruling that established privacy as a fundamental right in India — alongside the ethics of responsible AI usage and user data protection.
Session 2 — Confidential Session: I genuinely can't go into the details of this one. It was a closed briefing on professional responsibility, discretion, and trust — how cybersecurity professionals handle sensitive threat intelligence without compromising it. What I can say: it changed how seriously I take confidentiality in this field.
Takeaway: Integrity and confidentiality aren't soft skills in cybersecurity — they're the actual basis of professional investigation work.
DAY 09 — Social Media: Offensive Security & the Dark Web
Session 1 — Offensive Security: Passive and active reconnaissance, system enumeration, directory brute-forcing, and network scanning — plus auditing web security configurations like cross-origin setups and subdomain exposure.
Session 2 — Dark Web & Investigation: The architecture of Tor, the real difference between the clear web, deep web, and dark web, and how onion routing works. We mapped digital footprints across onion nodes using cyber kill chain models.
Takeaway: To defend a system, you first have to think like the person attacking it — mapping subdomains and open ports is half of mitigating exposure.
DAY 10 — Dark Web: Malware Forensics and the Best Content Creator Recognition
Session 1 — Malware Analysis: Working inside isolated VMs (FlareVM, REMnux), parsing network traffic, and tracing trojans, rootkits, and ransomware execution using Process Hacker, Wireshark, TCPView, and PEStudio.
Session 2 — Mobile Forensics: Logical, physical, and filesystem dump extraction, plus advanced methods like JTAG and hardware chip-off for locked or damaged devices.
And then, in the middle of all that technical density, came a moment I genuinely didn't see coming: I was recognized as the Best Content Creator among all internship participants.
I'd been documenting the journey since Day 1 — daily LinkedIn logs, breaking down dense sessions into something people outside the room could actually follow. I didn't do it for recognition. Turns out, it got noticed anyway.
Takeaway: Forensic integrity has to survive even the hardest extraction methods — and sometimes, the work you do quietly in the background is the work that gets seen first.
DAY 11 — Case Simulation: Chain of Custody, Hygiene & Yoga Day
Session 1 — Mobile Forensics: A deeper pass on acquisition standards and strict chain-of-custody protocols — because evidence that isn't preserved correctly might as well not exist in court.
Session 2 — Hygiene & Ethics: Cyber hygiene fundamentals — strong password practices, MFA setup, digital safety loops — followed by something unexpected: group exercises for International Yoga Day, focused on mental clarity and discipline.
It sounds like an odd pairing — forensic chain of custody and yoga, in the same day — but it landed perfectly. High-pressure forensic work needs a calm mind as much as it needs the right tools.
Takeaway: Technical execution means nothing without ethical responsibility behind it — and mental discipline is what keeps decision-making sharp under pressure.
DAY 12 — Review Panel: Presentation, Certification, and DSP Anjali Kataria Ma'am
Day 12 began with the weight every internship's final day carries.
Morning — Evaluation & Presentations: I presented my weekly findings and technical reports to the Cyber Crime Cell valedictory board, then sat in on a discussion about secure software design pipelines and open database setups with senior officers — a reminder that this program respected us enough to include us in real operational conversations, not just lecture us.
Afternoon — Valedictory & Distribution: I received my official internship certificate, recognizing the successful completion of APCSIP-2026.
And then came the moment I'll remember longest: meeting DSP Anjali Kataria Ma'am, who personally presented the Best Content Creator Award along with a commemorative cyber mug — a small, specific gesture that somehow made the whole program feel personal rather than procedural.
We closed with final networking, peer group discussions, and a group photograph with mentors and coordinators — the same faces from Day 0, now impossible to call strangers.
Takeaway: I walked out with strong, hands-on capability in OSINT recon, malware analysis, and location-mapping frameworks — but the certificate was never really the point.
Honors & Recognition
- 🏆 Best Content Creator — #APCSIP2026, awarded by the Cyber Crime Cell, Amroha Police
- ☕ Commemorative Cyber Mug, presented personally by DSP Anjali Kataria Ma'am
- 📜 Certificate of Appreciation for outstanding contribution to APCSIP-2026
- 🎓 Official Internship Completion Certificate
The People Behind the Program
Twelve technical days are only half the story. The other half is the people who led them:
- Anjali Kataria — Deputy Superintendent of Police (DSP), Cyber Crime Cell, UP Police
- Bhanu Sharma — Program Coordinator, APCSIP-2026
- Vikash Kumar — Student Coordinator, Logistics
- Rakshit Tandon — Senior Cyber Security Consultant & National Advisor to law enforcement agencies
- Amit Dubey — Cyber Crime Investigator, National Cyber Security Expert & Author
- Saumay Srivastava — Threat Intelligence Researcher, OSINT & Dark Web Profiling Specialist
- Yugal Pathal — DFIR Specialist, Digital Forensics & Incident Response
- Nitin Pandey — Cyber Security Expert, Network Audits & Penetration Testing
- Kailash D Agrawal — Payment Security Consultant, Financial Cyber Fraud Analyst
- Pakhi Garg — Cyber Law & Legal Advisor, DPDP Act Specialist
- Yash Chavhan — Web3 & Blockchain Security Lead, Smart Contract Auditor
- Manoj Kushwaha — Student Coordinator, Technical Operations
Every single one of them turned a 12-day schedule into a genuinely operational learning environment.
A Journey of Growth: 13 Days in Amroha
This internship was never just a technical training program — it was a 13-day push completely outside my comfort zone. I arrived in Amroha, a city I'd never been to, knowing no one.
By the end, I'd interacted with more than 45 people — law enforcement leaders, senior state cyber cell officers, national-level industry advisors, student coordinators, and brilliant co-interns. Late-night forensic debugging sessions. Long arguments over how to map a UPI fraud trail. Conversations that started as technical debates and ended as friendships.
I didn't just leave with technical knowledge of mobile forensics, OSINT, and SOC tooling. I left with a professional network and a few lifelong friends — which, looking back, might be the actual return on investment of this entire program.
What I Actually Took Away
1. Evidence is worthless without process. Day 4 and Day 11 made it brutally clear: a perfect technical finding means nothing if chain of custody breaks anywhere along the way.
2. Cybercrime is a coordination problem, not just a technical one. From NCCRP logs on Day 1 to bank nodal communications on Day 8, almost every real case depended on multiple agencies talking to each other correctly.
3. The attacker's playbook is the defender's syllabus. Offensive security, malware sandboxing, and OSINT all taught me the same thing from different angles: you can't protect what you don't understand how to attack.
4. Confidentiality is a skill, not just a rule. The closed Day 8 session taught me more about professional discretion than any policy document ever could.
5. Documentation is its own form of expertise. The Best Content Creator Award didn't come from being the most technical person in the room — it came from being willing to translate twelve dense days into something other people could actually learn from.
Advice for Future APCSIP Applicants
- Apply even if you don't feel "ready." I wasn't fluent in OSINT or malware sandboxing before Day 0 — that's the entire point of the program.
- Treat the screening test like a real exam. 50 questions in 30 minutes rewards calm, practical thinking over last-minute cramming.
- Document everything from Day 0. You won't know which session will matter most until you're several days past it.
- Talk to everyone in the room. The co-intern next to you in the forensics lab might end up being one of your strongest professional connections.
- Take the confidential and ethics sessions seriously. They teach the part of cybersecurity that never makes it into a tutorial video.
Final Thoughts
I came to APCSIP-2026 expecting to learn a few tools.
I left having sandboxed live malware, traced UPI fraud trails with bank officers, mapped dark web architecture, sat through a confidential briefing I still hold carefully, and stood in front of DSP Anjali Kataria Ma'am to receive recognition for something I built almost as a side effect of just paying attention.
If twelve technical days taught me one thing that wasn't on any slide, it's this: cybersecurity is built by people who are willing to go deep into the unglamorous parts — chain of custody, compliance frameworks, confidentiality — and stay disciplined about them, every single time.
Thank you to the entire APCSIP-2026 team, to every mentor on that list, and to the 45+ people who turned a government cyber internship into one of the most important chapters of my engineering life so far.
If you're working toward a path in cybersecurity, digital forensics, or cybercrime investigation — let's connect. I'd genuinely love to hear your journey too.
Frequently Asked Questions
What is the Amroha Police Cyber Security Internship Program (APCSIP-2026)?
APCSIP-2026 is a 12-day field-based cybersecurity internship run in coordination with the Cyber Crime Cell of UP Police in Amroha, covering OSINT, digital forensics, malware analysis, SOC operations, financial fraud investigation, blockchain security, and dark web reconnaissance.
How does selection for APCSIP work?
Selection runs through an online application, a shortlisting round, and a timed 50-question online screening test (40 questions on computer applications/IT/cybersecurity, 10 on general awareness) completed in 30 minutes with no negative marking.
What topics does APCSIP-2026 cover?
Across 12 days, the program covers cyber psychology, OSINT (Maltego, Shodan, Google Dorking), cyber law, Android malware analysis, digital forensics, SOC operations (SIEM/EDR), bug bounty and ethical hacking, DPDP Act compliance, blockchain and Web3 security, UPI fraud investigation, dark web architecture, and mobile forensics including chip-off extraction.
Who leads the Amroha Police Cyber Security Internship Program?
The program is led by DSP Anjali Kataria of the UP Police Cyber Crime Cell, alongside a panel of national cybersecurity consultants, DFIR specialists, OSINT researchers, and legal advisors.
Is APCSIP useful for engineering students outside core cybersecurity branches?
Yes — the program is built around foundational investigative and digital literacy skills, making it relevant for Computer Science, Data Science, IT, and any engineering student interested in law-enforcement-adjacent technology careers.















Top comments (0)