CYBER SECURITY DA1

Name: Sreaya.V (21BIT0098)

A1+TA1 Slot
Cyber Forensics Workshop DAY 1(12th April,2024)

# The Kaspersky Cyberthreat Real-Time Map offers a live visual representation

of global cyber threats, providing users with real-time insights into malware
infections, phishing attempts, and other online risks. Its interactive interface allows
for dynamic exploration, making it a valuable educational tool for understanding
the evolving landscape of cybersecurity threats. Continuously updated, it serves as
a live feed of the digital battleground, emphasizing the importance of robust
cybersecurity measures.
https://cybermap.kaspersky.com/
# CVE Details is a go-to resource for comprehensive information on cybersecurity
vulnerabilities and exposures (CVEs). It provides details on severity, affected
products, and available patches, aiding in proactive cybersecurity measures.
https://www.cvedetails.com
# Cyber Forensics Procedure:
In parallel with the technological advancements, Mr. Bose outlined the essential
steps involved in cyber forensics investigations. Attendees were guided through the
intricate process of identification, search & seizure, acquisition, authentication,
analysis, presentation of the report, and preservation. Each step was meticulously
explained, emphasizing the importance of adherence to best practices and forensic
standards to ensure the integrity and admissibility of digital evidence in legal
proceedings.

The essential steps involved in cyber forensics investigations:

1. Identification: Identifying and documenting the scope of the
investigation, including the nature of the cyber incident and the systems
or devices involved. (in “Scene of Crime”)

2. Search & Seizure: Securing and preserving the digital evidence in a

forensically sound manner to prevent tampering or alteration. (in “Scene
of Crime”)

3. Acquisition: Collecting digital evidence using forensic tools and

techniques, ensuring the integrity and authenticity of the data. (in “Forensics
lab”)
 4. Authentication: Verifying the validity and reliability of the collected
evidence through documentation and chain of custody procedures. (in
“Forensics lab”)
5. Analysis: Examining the digital evidence to uncover relevant information
and establish a timeline of events, employing forensic analysis techniques
and specialized tools. (in “Forensics lab”)

6. Presentation of the Report: Documenting the findings and analysis in a

comprehensive report suitable for legal proceedings, ensuring clarity and
accuracy in presenting the evidence. (in “Forensics lab”)

7. Preservation: Safeguarding the integrity of the digital evidence throughout

the investigation and legal proceedings, adhering to best practices in data
preservation and storage. (in “Forensics lab”)

# CYBER CHECK 6.0

SEIZE:
FTK Imager :
FTK Imager is a forensic imaging and analysis software tool developed by AccessData. It
is widely used in the field of digital forensics to create forensic images of digital media
such as hard drives, USB drives, memory cards, and other storage devices. The tool
allows forensic investigators to acquire data from these devices in a forensically sound
manner, preserving the integrity of the evidence.
FTK Imager offers various features, including:
Forensic Imaging: It can create forensic images (also known as disk images or bit-by-bit
copies) of storage devices, including live systems and RAM.
Image Mounting: FTK Imager allows investigators to mount forensic images as a logical
drive or physical device, enabling them to access and analyze the data without altering
the original evidence.
File Viewing: Users can view files within forensic images and analyze their contents
without altering timestamps or metadata.
Hashing: The tool can calculate cryptographic hash values (such as MD5, SHA-1, SHA-
256) of files and disk images, which are used for verification and integrity checking.
Keyword Search: FTK Imager includes a search functionality that allows users to search
for specific keywords or patterns within disk images.
Metadata Extraction: It can extract metadata information from files, such as file
creation date, last modified date, and file type.
Demonstration Screenshots :
Forensic Imaging –USB :
Image Mounting :
File Viewing :

THANK YOU