Internship Report Border
Internship Report Border
Submitted by
in
Information Technology
CERTIFICATE
the Industrial Internship report based on internship undergone at </Hacker 4 Help> for a
period of 18 weeks from 15-Jan-2024 to 17-May-2024 in partial fulfillment for the degree of
and Technology at The Charutar Vidya Mandal (CVM) University, Vallabh Vidyanagar
Internship report submitted in partial fulfillment for the degree of Bachelor of Engineering in
Information Technology, G H Patel College of Engineering and Technology, The Charutar Vidya
Mandal (CVM) University, Vallabh Vidyanagar, is a bonafide record of work carried out by me
at </Hacker 4 Help> under the supervision of Mr. Amish Patel and that no part of this report has
been directly copied from any students’ reports or taken from any other source, without providing
due reference.
Maulik Patel
Acknowledgement
The successful culmination of our internship at <Hacker 4 Help>, under the guidance
of Amish Patel, the CEO of the company, relies on the collaborative efforts and support
from various quarters. I extend my sincere gratitude to Amish Patel for his invaluable
insights, direction, motivation, unwavering cooperation, and insightful feedback during
the entirety of our internship project.
I hope that this internship report will provide all necessary information required to
readers to fulfil their aspiration. Man’s quest for knowledge never ends. Theory and
practices are essential and complimentary to each other. We/I would like to express my
sincere thanks to Dr. Nikhil Gondaliya (Head of Department) for wholehearted
support.
List of Figures
Figure 1 CSI Linux Tools ............................................................................................................... 15
Figure 2 CSI Case Management ..................................................................................................... 15
Figure 3 CSI Case Management Menu ........................................................................................... 16
Figure 4 CSI Linux API Management Tool ................................................................................... 16
Figure 5 Secure Comms menu ........................................................................................................ 17
Figure 6 Encryption menu .............................................................................................................. 17
Figure 7 VeraCrypt ......................................................................................................................... 18
Figure 8 Hydra GUI ........................................................................................................................ 18
Figure 9 John The Ripper ............................................................................................................... 19
Figure 10 Stegcracker ..................................................................................................................... 20
Figure 11 Dark Web Menu ............................................................................................................. 20
Figure 12 Dark Web Investigations ................................................................................................ 21
Figure 13 Tor Hidden Services ....................................................................................................... 21
Figure 14 Started service ................................................................................................................ 22
Figure 15 Bittorent .......................................................................................................................... 22
Figure 16 OXEN Wallet ................................................................................................................. 23
Figure 17 The Hades Project........................................................................................................... 24
Figure 18 LokiNet ........................................................................................................................... 24
Figure 19 Incident Report Menu ..................................................................................................... 25
Figure 20 AutoTimeLiner ............................................................................................................... 26
Figure 21 Volatility3 ....................................................................................................................... 27
Figure 22 Computer Forensics Menu ............................................................................................. 28
Figure 23 DDRescue-GUI .............................................................................................................. 29
Figure 24 RecoverDM .................................................................................................................... 29
Figure 25 Recuperabit - NTFS ........................................................................................................ 30
Figure 26 Forensic Registry Editor ................................................................................................. 31
Figure 27 Mobile Forensics Menu .................................................................................................. 32
Figure 28 iLEAPP ........................................................................................................................... 33
Figure 29 Android Free Forensic Toolkit ....................................................................................... 33
Figure 30 Vehicle Forensics Menu ................................................................................................. 34
Figure 31 Malware Analysis And Reverse Engineering Menu ...................................................... 36
Figure 32 BinWalk.......................................................................................................................... 37
Figure 33 EDB Debugger ............................................................................................................... 38
Figure 34 Radare2 ........................................................................................................................... 39
Figure 35 SIGINT Menu................................................................................................................. 40
Figure 36 FM Radi Tuner ............................................................................................................... 41
Figure 37 GQRX-SDR.................................................................................................................... 41
Figure 38 qFlipper .......................................................................................................................... 42
Figure 39 ProxyMark3 .................................................................................................................... 43
Figure 40 CHIRP ............................................................................................................................ 43
Figure 41 Artemis ........................................................................................................................... 44
Figure 42 Virtualization Menu........................................................................................................ 45
Figure 43 KVM-virt manager ......................................................................................................... 45
Figure 44 Threat Intelligence .......................................................................................................... 47
Figure 45 Kaspersky Cyber Map .................................................................................................... 48
Figure 46 Active Global Terrorist Organization Map .................................................................... 49
Figure 47 Crisis Watch ................................................................................................................... 50
Figure 48 Cyber War - OSINT Publication .................................................................................... 50
List of Abbreviations
Abstract
This internship report explores the intersection of digital forensics and the CSI Linux OS,
delving into its application in real-world scenarios. The report begins by framing the
significance of digital forensics in the cybersecurity landscape and justifying the selection
of CSI Linux OS. Throughout the internship, tasks encompassed hands-on utilization of CSI
Linux OS, collaboration within the digital forensics team, and the management of intricate
case studies. Challenges encountered, both technical and operational, are candidly addressed,
emphasizing adaptive problem-solving strategies. The report reflects on the acquired skills,
knowledge enhancement, and the broader impact on professional development. Detailed
examinations of the forensic tools employed, integrated tools within CSI Linux OS, and real-
world case studies provide practical insights. Recommendations for the enhancement of CSI
Linux OS, future directions in digital forensics, and reflections on personal growth and
experiences are presented. The report concludes with acknowledgments, an appendix of
supplementary materials, and a call to action for future engagement with the evolving field
of digital forensics.
1.1 BACKGROUND
Digital forensics or digital forensic science is a branch of cybersecurity focused on the
recovery and investigation of material found in digital devices and cybercrimes. Digital
forensics was originally used as a synonym for computer forensics but has expanded to cover
the investigation of all devices that store digital data.
As society increases its reliance on computer systems and cloud computing, digital forensics
becomes a crucial aspect of law enforcement agencies and businesses. Digital forensics is
concerned with the identification, preservation, examination, and analysis of digital evidence,
using scientifically accepted and validated processes, to be used in and outside of a court of
law.
In civil cases, digital forensic teams may help with electronic discovery (eDiscovery). A
common example is following unauthorized network intrusion. A forensics examiner will
attempt to understand the nature and extent of the attack, as well as try to identify the attacker.
1. Disk and data capture tools
2. File viewers
3. File analysis tools
4. Registry analysis tools
5. Internet analysis tools
6. Email analysis tools
7. Mobile devices analysis tools
8. Mac OS analysis tools
9. Network forensics tools
10. Database forensics tools
CSI Linux is a multi-purpose, open-source operating system for cyber investigators. It has
many capabilities for investigations, analysis, and response. Here are some reasons why
you might choose CSI Linux:
User-friendly
CSI Linux has a user-friendly interface that's suitable for both beginners and
experienced practitioners.
Free and open source
CSI Linux is free and open source.
Versatile
CSI Linux offers many capabilities, including data analysis, threat detection, online
investigations, social media, domain recon, dark web, digital forensics, incident
response, and malware analysis.
Ideal for training and real-time applications
CSI Linux has state-of-the-art capabilities and bleeding-edge functionality.
CSIL-COA certification
The CSIL-COA certification equips you to deliver actionable intelligence to
decision-makers, a critical skill in numerous fields.
Easy access
Users can log in using the default username and password, which are both “csi”.
CSI tools
CSI Linux includes CSI tools like online investigation tools, centralized evidence
captures, and cryptocurrency wallet lookup.
Services:
Penetration Testing
Data Recovery & Digital Forensics
Investigation of Cybercrime
CSI Linux is an open-source Linux distribution designed for digital forensics. It includes
a range of tools for different types of investigations, including:
Data analysis, Network analysis, Web analysis, Malware analysis, Mobile analysis, Threat
detection, Online investigations, social media, Domain recon, Dark web.
3.1.1 CSI Linux also has other features, including:
File recovery
Network sniffing
Memory analysis
Built-in steganography tools
CSI Linux also has an AI assistant called Navi that can help with complex tasks or
provide real-time support.
Pre-installed tools
CSI Linux comes pre-installed with many tools for online investigation, intrusion
detection, and prevention systems.
Custom tools
CSI Linux has a set of custom tools installed to help with case management and
evidence collection.
Regular updates
CSI Linux offers regular updates and expert support.
Virtual machine appliance
CSI Linux is available in a Virtual Machine Appliance, so you can isolate your
evidence to minimize cross-contamination.
Bootable disk image
CSI Linux is also available in a Bootable Triage disk image that can be restored
to an external/internal SSD/HDD/USB drive.
In essence, this chapter encapsulates the multifaceted nature of the internship activities,
from task assignment and tool utilization to collaboration, case management, and the
application of a diverse range of tools and techniques embedded in CSI Linux OS. The
synthesis of these elements reflects a holistic approach to digital forensics, grounded in
practical experiences and guided by the overarching goal of contributing to the evolving
field of cybersecurity investigations.
Digital forensics relies heavily on a suite of specialized tools designed to extract, analyze,
and interpret digital evidence. This chapter provides an extensive overview of the tools
employed during the internship, shedding light on their functionalities and contributions to
the investigative process. The chosen tools align with the nuanced demands of digital
forensics, each playing a crucial role in navigating the complex landscape of cyber
investigations.
empowerment of custom scripting with CSI Shell, this chapter unfolds a narrative of
practical engagement, skill development, and the collaborative utilization of a
comprehensive toolset embedded in CSI Linux OS.
Case management
“Start a Case” opens a case management tool it contains options for making new case including
details of victim and suspects. It shows tool options to investigate about case. Provide all features
to manage cases and save records. Also gives options to manage system management, route traffic
and crypto currencies.
API Management
This tool serves as a storage of APIs and integrate APIs to tools where it is needed.
5.4.3 Encryption
The Encryption menu within CSI Linux OS is a pivotal component designed to fortify
digital security through a range of encryption tools and techniques. This menu serves as a
command centre for investigators seeking to protect, analyse, and manage digital data
securely during forensic processes.
Encryption Tools:
Functionality: This sub-menu hosts a collection of versatile encryption tools, allowing
investigators to apply encryption algorithms to specific files, directories, or entire disks. It
facilitates the secure storage and transmission of sensitive data during digital forensic
activities.
Tools: GPG (GNU Privacy Guard), OpenSSL, and VeraCrypt are among the tools
accessible in this sub-menu, offering a diverse set of encryption capabilities.
Figure 7 VeraCrypt
Steganography:
Functionality: Steganography involves hiding information within seemingly innocuous
data. This sub-menu provides tools for detecting, analysing, and decoding steganographic
content, a technique often used to conceal data during digital forensic investigations.
Tools: Steghide and ExifTool are commonly found in this sub-menu, assisting investigators
in uncovering hidden information within files.
Figure 10 Stegcracker
The Encryption menu, with its array of specialized sub-menus, establishes CSI Linux OS
as a comprehensive platform for digital security in the realm of digital forensics. From
robust encryption tools to password cracking mechanisms and steganography detection,
these features empower investigators with the means to safeguard digital information,
assess password vulnerabilities, and unveil hidden data during forensic analyses.
Figure 15 BitTorrent
Tools: Tools for deep web crawling, sentiment analysis, and threat intelligence integration
are featured in this sub-menu.
Lokinet GUI:
Functionality: Offering GUI tools for navigating and analysing Lokinet traffic in the dark
web environment, this sub-menu enhances forensic examinations of anonymous network
communications and identifies potential security threats.
Tools: GUI-based tools for traffic profiling, threat detection, and traffic visualization are
provided in this sub-menu.
Figure 18 Lokinet
The Dark Web menu in CSI Linux OS empowers investigators with a diverse range of
specialized tools and functionalities, enabling them to navigate and investigate the dark web
effectively. From analysing hidden services to tracing cryptocurrency transactions and
navigating anonymous networks, these tools enhance the capabilities of digital forensic
professionals in addressing the challenges posed by the dark web environment.
Network Forensics:
Tool:
Network Miner:
Functionality: Network Miner is a powerful tool for network forensics, enabling the
analysis and extraction of network artifacts from packet captures and network traffic. It
facilitates the identification of network-based threats, malicious activities, and suspicious
communication patterns.
Rootkit Hunter:
Functionality: Rootkit Hunter is an anti-rootkit tool designed to detect and remove
rootkits, backdoors, and other malicious software that may compromise system integrity. It
assists in system analysis and malware mitigation efforts.
Memory Forensics:
Tools:
AutoTimeLiner:
Functionality: AutoTimeLiner is a memory forensics tool that automates the timeline
creation process from memory images. It generates chronological timelines of system
events, processes, and activities, aiding in forensic analysis and timeline reconstruction.
Figure 20 AutoTimeLiner
Volatility3:
Functionality: Volatility3 is a feature-rich memory forensics framework for analysing
volatile memory dumps. It provides capabilities for memory image analysis, process
examination, malware detection, and artifact extraction, enhancing memory forensics
investigations.
Figure 21 Volatility3
The Incident Report menu in CSI Linux OS integrates a diverse range of tools and sub-
menus essential for incident response, digital forensics, and security assessment tasks. From
network analysis and memory forensics to system monitoring, malware detection, and
SIEM functionalities, these tools equip security professionals with the necessary resources
to effectively manage and mitigate security incidents and threats.
Figure 23 DDRescue-GUI
RecoverDM:
Functionality: RecoverDM is a data recovery tool designed for imaging and recovering
data from damaged or faulty storage devices, supporting various file systems and disk
formats.
Figure 24 RecoverDM
File Recovery:
Tools:
Magic Rescue:
Functionality: Magic Rescue is a file recovery tool that scans storage media for deleted or
lost files, allowing for the recovery of files based on their file signatures and metadata.
Recuperabit - NTFS:
Functionality: Recuperabit - NTFS is a specialized file recovery tool for NTFS file
systems, enabling the recovery of deleted or damaged files from NTFS partitions.
File Analysis:
Tools:
Forensic Registry:
Functionality: Forensic Registry is a tool for analysing Windows registry hives, providing
insights into system configurations, user activities, and software installations.
without altering the original data. It supports various image formats and provides read-only
access for forensic examinations.
The Computer Forensics menu in CSI Linux OS consolidates a diverse range of tools and
functionalities essential for forensic imaging, data recovery, file analysis, and evidence
extraction tasks. From imaging storage devices to recovering deleted files and analysing
digital artifacts, these tools enable forensic investigators to conduct thorough examinations
and extract actionable insights from digital evidence.
Tools:
Android Logical Imager:
Functionality: Android Logical Imager is a tool designed for logical imaging of Android
devices, allowing forensic investigators to extract user data, apps, and system information
from Android devices for analysis and evidence preservation.
iOS Logical Imager:
Functionality: iOS Logical Imager facilitates logical imaging of iOS devices, enabling
investigators to extract user data, app data, and system information from iPhones and iPads,
aiding in forensic examinations and investigations.
iLEAPP:
Functionality: iLEAPP is a mobile forensic tool focused on iOS devices, providing
capabilities for data extraction, analysis, and reporting of iOS artifacts, including messages,
contacts, and media files.
Figure 28 iLEAPP
LEAPP:
Functionality: LEAPP (Linux Evidence Acquisition Forensic Tool) is a forensics tool
specifically designed for iOS devices, offering advanced data extraction, analysis, and
reporting functionalities for forensic investigations.
Android Free Forensic Toolkit:
Functionality: The Android Free Forensic Toolkit is a comprehensive suite of tools for
Android device forensics, including data extraction, analysis, recovery, and reporting
capabilities tailored for forensic examinations of Android devices.
The Mobile Forensics menu in CSI Linux OS consolidates a range of specialized tools and
functionalities essential for forensic investigations on Android and iOS mobile devices.
From logical imaging to data extraction, application analysis, and artifact examination,
these tools empower forensic investigators to uncover digital evidence, analyse mobile
device contents, and generate forensic reports for legal proceedings and security
assessments.
vLEAPP:
Functionality: vLEAPP (Vehicle Linux Evidence Acquisition Forensic Tool) is a
dedicated forensics tool for extracting and analysing data from vehicle systems, including
CAN bus data, GPS information, and onboard computer logs. It enables investigators to
gather digital evidence from vehicles for forensic analysis and incident reconstruction.
CanDump:
Functionality: CanDump is a command-line tool for capturing and logging Controller Area
Network (CAN) bus data, allowing forensic investigators to monitor and analyse vehicle
communication protocols, messages, and events for forensic examination and analysis.
CanSniffer:
Functionality: CanSniffer is a CAN bus analysis tool that provides real-time monitoring,
logging, and analysis of CAN bus traffic, enabling forensic investigators to identify and
analyse vehicle network activities, commands, and anomalies.
The Vehicle Forensics menu in CSI Linux OS equips forensic investigators with specialized
tools and capabilities for extracting, analysing, and reconstructing digital evidence from
vehicular systems, CAN bus networks, and drone activities. From CAN bus monitoring to
drone timeline analysis, these tools enable forensic examinations and investigations into
vehicular incidents, accidents, and digital forensic analysis of vehicle-related data.
BinWalk:
Functionality: BinWalk is a tool for analysing binary files, firmware, and executables to
identify embedded files, hidden data, and vulnerabilities within binary code, facilitating
malware analysis and forensic investigations.
Figure 32 BinWalk
JD GUI:
Functionality: JD GUI is a Java decompiler that allows reverse engineers to decompile and
analyse Java bytecode, aiding in the analysis of Java-based malware, applications, and
applets for vulnerabilities and malicious behaviour.
ImHex:
Functionality: ImHex is a hex editor and binary analysis tool that enables forensic
investigators and reverse engineers to inspect, modify, and analyse binary files, malware
payloads, and memory dumps, providing deep visibility into binary structures and data.
wxHexEditor:
Functionality: wxHexEditor is a feature-rich hex editor for viewing, editing, and analysing
binary files, disk images, and memory dumps, supporting forensic analysis, malware
analysis, and reverse engineering tasks with advanced hex editing capabilities.
RetDec:
Functionality: RetDec is a retargetable decompiler that converts machine code into a high-
level programming language, facilitating the analysis and understanding of compiled
binaries, malware samples, and reverse engineering tasks.
Figure 34 Radare2
The Malware Analysis and Reverse Engineering menu in CSI Linux OS integrates a range
of advanced tools and utilities essential for analysing, decompiling, debugging, and
understanding malicious software, enabling cybersecurity professionals and forensic
analysts to dissect malware, identify attack vectors, and develop effective mitigation
strategies against cyber threats.
Wireless-802.11:
Tools:
Aircrack-ng:
Functionality: Aircrack-ng is a suite of tools for wireless LAN (802.11) network security
analysis, including packet capturing, password cracking, and network monitoring
capabilities.
WifiPumpkin 3:
Functionality: WifiPumpkin 3 is a wireless security toolset that enables rogue access point
creation, captive portal attacks, and wireless network manipulation for penetration testing
and signal intelligence operations.
GQRX - SDR:
Functionality: GQRX is a versatile SDR receiver and spectrum analyser for exploring and
analysing radio frequency signals across various bands.
Figure 37 GQRX-SDR
Hardware Programming:
Tools:
qFlipper:
Functionality: qFlipper is a hardware programming tool for flashing firmware and
manipulating hardware devices, providing capabilities for hardware-based signal
interception and analysis.
Figure 38 qFlipper
Proxmark3:
Functionality: Proxmark3 is a versatile RFID (Radio-Frequency Identification) tool for
reading, cloning, and analysing RFID tags and signals, supporting RFID signal intelligence
and penetration testing.
Figure 39 ProxyMark3
CHIRP:
Functionality: CHIRP is a software tool for programming amateur radio transceivers,
facilitating radio frequency programming, modulation, and signal analysis for amateur
radio enthusiasts and signal intelligence operations.
Figure 40 CHIRP
Artemis Tool:
Functionality: The Artemis tool is a comprehensive signal intelligence suite that combines
various signal interception, analysis, and exploitation capabilities, offering advanced
features for signal manipulation, monitoring, and exploitation in SIGINT operations.
Figure 41 Artemis
The SIGINT menu in CSI Linux OS integrates a powerful arsenal of tools and capabilities
for signals intelligence operations, encompassing wireless network analysis, SDR spectrum
monitoring, hardware programming, and advanced signal interception and exploitation
techniques. These tools empower SIGINT professionals and security analysts to detect,
analyze, and respond to signals-based threats and vulnerabilities effectively.
KVM-Virt-manager:
Functionality: KVM (Kernel-based Virtual Machine) with Virt-manager is a robust
virtualization solution for Linux systems, providing full virtualization capabilities, VM
management, and performance optimization for hosting virtual machines (VMs) and cloud
environments.
VirtualBox:
Functionality: VirtualBox is a powerful open-source virtualization platform that supports
multiple guests operating systems, offering features such as VM snapshots, virtual
networking, and seamless integration for development and testing environments.
VMware Player:
Functionality: VMware Player is a user-friendly virtualization tool that enables the
creation and management of VMs for testing, development, and demonstration purposes,
providing a comprehensive virtualization environment with advanced features.
Docker:
Functionality: Docker is a containerization platform for deploying and managing
lightweight, portable containers for applications, services, and microservices, facilitating
rapid deployment, scalability, and resource efficiency in software development and
deployment pipelines.
Kubernetes:
Functionality: Kubernetes is a container orchestration platform that automates
deployment, scaling, and management of containerized applications and services, providing
a robust infrastructure for container-based deployments and microservices architectures.
LXD:
Functionality: LXD is a lightweight container hypervisor for managing system containers
and virtual machines, offering secure isolation, performance optimization, and resource
control for hosting multiple containers and VMs on a single host.
The Virtualization menu in CSI Linux OS empowers users with a range of virtualization
tools and platforms, including full virtualization, containerization, and container
orchestration solutions, enabling efficient resource utilization, application isolation, and
scalability for diverse computing environments and use cases.
Arbor Network:
Functionality: Arbor Network's cyber threat map provides real-time visibility into global
DDoS attacks, botnet activity, and cybersecurity threats, aiding in threat detection and
incident response.
Polaris Project:
Functionality: The Polaris Project provides data, research, and advocacy tools to combat
human trafficking, offering insights into trafficking trends, victim support, and policy
initiatives.
Crisis Watch:
Functionality: Crisis Watch monitors global conflicts, crises, and political violence,
providing situational awareness, risk assessments, and geopolitical analysis for security
professionals and decision-makers.
OpenCTI:
Functionality: OpenCTI is an open-source threat intelligence platform for collecting,
analysing, and sharing cyber threat intelligence, providing collaboration tools, data
visualization, and incident response capabilities.
MISP (Malware Information Sharing Platform):
Functionality: MISP is a threat intelligence platform for sharing, collaborating, and
analysing threat data, including indicators of compromise (IOCs), threat actor profiles, and
malware analysis, supporting cybersecurity operations and incident response.
The Threat Intelligence menu in CSI Linux OS equips users with a comprehensive range
of tools and resources for monitoring, analysing, and responding to cybersecurity threats,
human trafficking incidents, terrorism activities, and cyber warfare operations, enhancing
threat awareness, intelligence sharing, and security posture.
This presents a panoramic view of the digital forensics’ toolkit, underscoring the pivotal
role these tools play in the investigative process. From imaging to analysis and memory
forensics, each tool contributes to the comprehensive and meticulous examination of digital
evidence, ensuring the integrity and reliability of findings in the ever-evolving landscape
of cybersecurity investigations.
Conclusion:
In conclusion, this internship report highlights the practical value of CSI Linux OS in digital
forensics, showcasing its effectiveness in tasks such as disk and memory forensics, network
analysis, and custom scripting. Case studies illustrate successful outcomes, while insights
from challenges emphasize problem-solving skills. Recommendations signal a commitment
to improving digital forensics, and personal reflections stress the importance of experiential
learning and adaptability. Overall, the report contributes to the evolution of tools like CSI
Linux OS in the dynamic digital landscape, emphasizing the crucial role of practical
experiences in bridging theory and application.
References: