U1 - U2 NOTES CCIDF
U1 - U2 NOTES CCIDF
U1 - U2 NOTES CCIDF
UNIT I
Introduction and Overview of Cyber crime
Cybercrime is criminal activity that either targets or uses a computer, a computer network or a
networked device.
Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money.
Cybercrime is carried out by individuals or organizations.
Some cybercriminals are organized, use advanced techniques and are highly technically skilled. Others
are novice hackers.
Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political
or personal.
Cybercrime that targets computers often involves viruses and other types of malware.
Cybercriminals may infect computers with viruses and malware to damage devices or stop them working.
They may also use malware to delete or steal data.
Cybercrime that stops users using a machine or network, or prevents a business providing a software service
to its customers, is called a Denial-of-Service (DoS) attack.
Cybercrime that uses computers to commit other crimes may involve using computers or networks to spread
malware, illegal information or illegal images.
Sometimes cybercriminals conduct both categories of cybercrime at once. They may target computers with
viruses first. Then, use them to spread malware to other machines or throughout a network.
Cybercriminals may also carry out what is known as a Distributed-Denial-of-Service (DDos) attack. This is
similar to a DoS attack but cybercriminals use numerous compromised computers to carry it out.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:37 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
Cybercrimes against persons - Cybercrimes committed against persons include various crimes like
transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The
trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent
exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime
to humanity can hardly be amplified.
Cybercrimes against property - The second category of Cyber-crimes is that of Cybercrimes against all
forms of property. These crimes include computer vandalism (destruction of others' property), transmission
of harmful programmes.
Cybercrimes against government - The third category of Cyber-crimes relate to Cybercrimes against
Government. Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown
that the medium of Cyberspace is being used by individuals and groups to threaten the international
governments as also to terrorize the citizens of a country. This crime manifests itself into terrorism when an
individual "cracks" into a government or military maintained website.
Types of cybercrime
Here are some specific examples of the different types of cybercrime:
Email and internet fraud - Email fraud (or email scam) is intentional deception for either personal
gain or to damage another individual by means of email. Internet fraud is the use of Internet services
or software with Internet access to defraud victims or to otherwise take advantage of them.
Identity fraud (where personal information is stolen and used) - is the use by one person of another
person's personal information, without authorization, to commit a crime or to deceive or defraud that
other person or a third person.
Theft of financial or card payment data - The purpose may be to obtain goods or services, or to
make payment to another account which is controlled by a criminal.
Theft and sale of corporate data - Data theft is the act of stealing information stored on corporate
databases, devices, and servers. This form of corporate theft is a significant risk for businesses of all
sizes and can originate both inside and outside an organization.
Cyberextortion (demanding money to prevent a threatened attack) - Cyberextortion is a crime
involving an attack or threat of an attack coupled with a demand for money or some other response in
return for stopping or remediating the attack.
Cyberextortion attacks start with a hacker gaining access to an organization's systems and seeking
points of weakness or targets of value. While ransomware attacks can be automated through malware
spread by email, infected websites or ad networks, these attacks tend to spread indiscriminately, and
they may result in only a small percentage of victims paying the extortionists. More targeted attacks
can produce less collateral damage while providing more lucrative targets for the extortion attempt.
Ransomware attacks (a type of cyberextortion) - Ransomware is a type of malicious
software (malware) that threatens to publish or blocks access to data or a computer system, usually by
encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand
comes with a deadline. If the victim doesn’t pay in time, the data is gone forever.
Cryptojacking (where hackers mine cryptocurrency using resources they do not own) -
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers
do this by either getting the victim to click on a malicious link in an email that loads cryptomining
code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes
once loaded in the victim’s browser.
Cyberespionage (where hackers access government or company data) - Cyber espionage is a form
of cyber attack that steals classified, sensitive data or intellectual property to gain an advantage over a
competitive company or government entity.
Drug Trafficking
Drug traffickers generally use encrypted messaging tools to build communications with drug mules. There
have been several instances of dark web site, such as the site ‘Silk Road’ was a notorious online marketplace
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:41 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
UNIT II
Unauthorized access to computers
Unauthorized computer access, popularly referred to as hacking, describes a criminal action whereby someone
uses a computer to knowingly gain access to data in a system without permission to access that data.
Computer Intrusion
Computer intrusions occur when someone tries to gain access to any part of your computer system. Computer
intruders or hackers typically use automated computer programs when they try to compromise a computer’s
security. There are several ways an intruder can try to gain access to your computer. They can:
1. Access your computer to view, change, or delete information on your computer.
2. Crash or slow down your computer.
3. Access your private data by examining the files on your system.
4. Use your computer to access other computers on the Internet.
Ways a virus can affect your computer system. The ways are mentioned below −
By downloading files from the Internet.
During the removable of media or drives.
Through pen drive.
Through e-mail attachments.
Through unpatched software & services.
Through unprotected or poor administrator passwords.
Impact of Virus
Let us now see the impact of virus on your computer system −
Disrupts the normal functionality of respective computer system.
Disrupts system network use.
Modifies configuration setting of the system.
Destructs data.
Disrupts computer network resources.
Destructs of confidential data.
Malicious Code - is the kind of harmful computer code or web script designed to create system vulnerabilities
leading to back doors, security breaches, information and data theft, and other potential damages to files and
computing systems. It's a type of threat that may not be blocked by antivirus software on its own. Malware
specifically refers to malicious software, but malicious code includes website scripts that can exploit
vulnerabilities in order to upload malware.
It is an auto-executable application that can activate itself and take on various forms, including Java Applets,
ActiveX controls, pushed content, plug-ins, scripting languages or other programming languages that are
designed to enhance Web pages and email.
The code gives a cybercriminal unauthorized remote access to the attacked system — called an application
back door — which then exposes sensitive company data. By unleashing it, cybercriminals can even wipe out
a computer's data or install spyware
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:42 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain
access. Hackers are usually skilled computer programmers with knowledge of computer security.
Hackers are classified according to the intent of their actions. The following list classifies types of hackers
according to their intent:
Ethical Hacker (White hat): A security hacker who gains access to systems with a view to fix the
identified weaknesses. They may also perform penetration Testing and vulnerability assessments.
Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain.
The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts
etc.
Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer
systems without authority with a view to identify weaknesses and reveal them to the system owner.
Script kiddies: A non-skilled person who gains access to computer systems using already made tools.
Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is
usually done by hijacking websites and leaving the message on the hijacked website.
Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.
Cracking
Cracking is a technique used to breach computer software or an entire computer security system, and
with malicious intent.
Cracking is when someone performs a security hack for criminal or malicious reasons, and the
person is called a “cracker.” Just like a bank robber cracks a safe by skilfully manipulating its lock, a
cracker breaks into a computer system, program, or account with the aid of their technical wizardry.
it’s always with the aim of doing something naughty when you’re there: stealing data, impersonating
someone, or even just using paid software for free.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:43 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
Loader: A loader’s job is to block the software’s protection measures as the software starts up.
Some loaders bypass copy protections, while others are popular with gamers who enjoy
cheating in online multiplayer games.
Network cracking - is when someone breaks through the security of a LAN, or “local area network.”
Cracking a wired network requires a direct connection, but cracking a wireless network is much more
convenient, because the cracker just needs to be close to the wireless signal. A common example of a
wireless LAN is the Wi-Fi system in your home.
Software Piracy
Software piracy is the act of stealing software that is legally protected. This stealing includes copying,
distributing, modifying or selling the software.
Copyright laws were originally put into place so that the people who develop software (programmers, writers,
graphic artists, etc.) would get the proper credit and compensation for their work. When software piracy
occurs, compensation is stolen from these copyright holders.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:43 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
software for all employees to use. This becomes a type of software piracy if the license doesn’t entitle
you to use it multiple times.
Hard disk loading - is a type of commercial software piracy in which someone buys a legal version
of the software and then reproduces, copies or installs it onto computer hard disks. The person then
sells the product. This often happens at PC resale shops and buyers aren’t always aware that the
additional software they are buying is illegal.
Counterfeiting - occurs when software programs are illegally duplicated and sold with the appearance
of authenticity. Counterfeit software is usually sold at a discounted price in comparison to the
legitimate software.
Online Piracy - also known as Internet piracy, is when illegal software is sold, shared or acquired by
means of the Internet. This is usually done through a peer-to-peer (P2P) file-sharing system, which is
usually found in the form of online auction sites and blogs.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:44 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
Mail Bombs
An email bomb is an attack against an email inbox or server designed to overwhelm an inbox or inhibit the
server’s normal function, rendering it unresponsive, preventing email communications, degrading network
performance, or causing downtime. The intensity of an email bomb can range from an inconvenience to a
complete denial of service. Typically, these attacks persist for hours or until the targeted inbox or server
implements a mitigation tactic to filter or block the attacking traffic. Such attacks can be carried out
intentionally or unintentionally by a single actor, group of actors, or a botnet.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:44 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
Exploitation
An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by
security researchers as a proof-of-concept threat or by malicious actors for use in their operations. When used,
exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the
network.
In some cases, an exploit can be used as part of a multi-component attack. Instead of using a malicious file,
the exploit may instead drop another malware, which can include backdoor Trojans and spyware that can steal
user information from the infected systems.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:45 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
Obscenity in Internet
Obscenity refers to a narrow category of pornography that violates contemporary community standards and
has no serious literary, artistic, political or scientific value. For adults at least, most pornography — material
of a sexual nature that arouses many readers and viewers — receives constitutional protection. However, two
types of pornography receive no First Amendment protection: obscenity and child pornography. Sometimes,
material is classified as “harmful to minors” (or obscene as to minors), even though adults can have access to
the same material.
Password Cracking
Password cracking techniques are used to recover passwords from the data that have stored in or
transmitted by computer systems.
Attackers use password-cracking techniques to gain unauthorized access to the vulnerable system.
Most of the password cracking techniques are successful due to weak or easily guessable passwords.
Password cracking may use to recover the forgot password of any user to help him/her to recover the
password.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:49 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
UNIT IV
Digital Forensics
Digital Forensics is defined as the process of preservation, identification, extraction, and
documentation of computer evidence which can be used by the court of law.
It is a science of finding evidence from digital media like a computer, mobile phone, server, or network.
It provides the forensic team with the best techniques and tools to solve complicated digital-related
cases.
Digital Forensics helps the forensic team to analyses, inspect, identifies, and preserve the digital
evidence residing on various types of electronic devices.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:50 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
It is difficult to pinpoint when computer forensics history began. Most experts agree that the field of computer
forensics began to evolve more than 30 years ago. The field began in the United States, in large part, when
law enforcement and military investigators started seeing criminals get technical. Government personnel
charged with protecting important, confidential, and certainly secret information conducted forensic
examinations in response to potential security breaches to not only investigate the particular breach, but to
learn how to prevent future potential breaches. Ultimately, the fields of information security, which focuses
on protecting information and assets, and computer forensics, which focuses on the response to hi-tech
offenses, started to intertwine.
Over the next decades, and up to today, the field has exploded. Law enforcement and the military continue to
have a large presence in the information security and computer forensic field at the local, state, and federal
level. Private organizations and corporations have followed suit – employing internal information security and
computer forensic professionals or contracting such professionals or firms on an as-needed basis.
Significantly, the private legal industry has more recently seen the need for computer forensic examinations
in civil legal disputes, causing an explosion in the e-discovery field.
The computer forensic field continues to grow on a daily basis. More and more large forensic firms, boutique
firms, and private investigators are gaining knowledge and experience in the field. Software companies
continue to produce newer and more robust forensic software programs. And law enforcement and the military
continue to identify and train more and more of their personnel in the response to crimes involving technology.
Two methods are widely adopted in acquiring data from a digital device.
1. Software Methods
2. Hardware Methods
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:50 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
Both the methods are interdependent and a clear-cut classification is not possible. The following discusses the
software forensic and the different hardware forensics techniques in use and the theory underlying it.
Software forensics is the science of analysing software source code or binary code to determine whether
intellectual property infringement or theft occurred. It is the centrepiece of lawsuits, trials, and settlements
when companies are in dispute over issues involving software patents, copyrights, and trade secrets. Software
forensics tools can compare code to determine correlation, a measure that can be used to guide a software
forensics expert.
Hardware Forensics
Rule of forensics - The golden rule of forensics states that we cannot work on the suspect device. It
should be copied and any analysis should be done on the copy of the original one. The data should be
copied at the earliest. There should not be any tampering of the suspect device. Hence design of any
forensic tool should take into consideration these factors.
A Drive Lock Scenario - An important requirement in forensics is a drive lock. This device should
lock the suspect drive as to avoid any contamination of data. Software locking is possible by blocking
any write operations. This requires a PC or a laptop running the software to be carried along with the
investigator every time. An improper functioning of the software can cause difficulty in acquiring.
Hardware methods that substitute the software techniques will be compact and easy to use. The device
will be powered from the source or from the suspect machine itself. The hardware into the development
should have all possible connectors available.
Hard Disk Scenario - Acquihiring a hard disk using software methods depend on a software running
on a PC. The computation speed of the device depends on the processing capability of the processor.
The acquiring of an 80 GB hard disk takes roughly 4 hours. The processing capacity of processors has
increased with shrinkage in sizes. This can be taken into advantage for the design of speedy acquisition
devices. A portable unit would be a better ease to the investigator. So, development of an embedded
acquisition device will be an advantage in time and cost for the investigator.
Sim Card scenario - GSM Mobile phones use Sim Cards as an important agent in connecting to the
network. Details on the network and connections can be obtained from the Sim Card. There need to be
device to read out the details in the Sim Card. This requires a combination of hardware and software.
Sim Card details should be also copied and replicated further for analysis.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:50 Cyber Security - UNIT I Introduction and Overview of Cyber crime Cybercrime is criminal activity - Studocu
Techniques – The aims of the forensic process are to preserve the evidence; then to use the forensic tools look
at the acquired data for things that may have been deleted, hidden or unusual.
Different techniques or methods for this kind of forensic work can be used at different stages of the
investigative process.
Preserving the evidence: Making an image (an exact copy) of the original data with the use of a 'write
blocker' - write blocker prevents any program or device making changes to the original data. Typical
tools include Forensic Toolkit (FTK), Encase, SIFT, Coroner's toolkit, Sleuth Kit
Using the method of Forensic Duplication by recovering deleted files: Getting back files which might
have been to deleted to hide evidence. Typical tools FTK, Encase, SIFT, Coroner's toolkit, Sleuth Kit
Removing Files: Most files on devices are harmless with known file types and names. One technique
is to filter out or remove these files to leave only those worthy of investigation. The method used here
is to compare md5 hashes of files to a list of known md5 hashes of known files. If they match, they
can be removed. FTK or Encase are popular tools.
File signature verification. Works similar to raw above. A comparison is made between the header
and footer information of suspect files with those of known files. Matching files can be safely removed.
Sleuth Kit, Encase or a written Perl script.
String searching and looking for file fragments: Using the search command to look for keywords or
known text. FTK, Encase
Web activity reconstruction: Getting back web browsing history, accepted cookies and temporary
internet files that where the user has been removing opportunities for deniability. Encase, FTK,
Browser logs
Email activity reconstruction: Using the method of converting email repositories to readable text
FTK, Parabens Network Mail Examiner
Registry activity reconstruction: Discovering any deleted programmes or recent activity by looking
at Windows system and application log files. FTK, RegEdit
Live forensics: Using the method of analysing volatile processes; those files that are loaded in and out
of memory. Windows Forensic Toolchest, COFEE
Recovering hidden files: Actively looking for hidden files or hidden data (stenography) and
attempting to gain access through the methods of Decryption and Cryptanalysis. Steg Break, Steg
detect, Password Cracking and Frequency analysis.
https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1