U1 - U2 NOTES CCIDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 13

22/07/2024, 21:33 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

UNIT I
Introduction and Overview of Cyber crime
 Cybercrime is criminal activity that either targets or uses a computer, a computer network or a
networked device.
 Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money.
Cybercrime is carried out by individuals or organizations.
 Some cybercriminals are organized, use advanced techniques and are highly technically skilled. Others
are novice hackers.
 Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political
or personal.

Most cybercrime falls under two main categories:


 Criminal activity that targets
 Criminal activity that uses computers to commit other crimes.

Cybercrime that targets computers often involves viruses and other types of malware.
Cybercriminals may infect computers with viruses and malware to damage devices or stop them working.
They may also use malware to delete or steal data.
Cybercrime that stops users using a machine or network, or prevents a business providing a software service
to its customers, is called a Denial-of-Service (DoS) attack.
Cybercrime that uses computers to commit other crimes may involve using computers or networks to spread
malware, illegal information or illegal images.
Sometimes cybercriminals conduct both categories of cybercrime at once. They may target computers with
viruses first. Then, use them to spread malware to other machines or throughout a network.
Cybercriminals may also carry out what is known as a Distributed-Denial-of-Service (DDos) attack. This is
similar to a DoS attack but cybercriminals use numerous compromised computers to carry it out.

Nature and Scope of Cyber crime


Nature – Cyber crime is Transnational in nature. These crimes are committed without being physically present
at the crime location. These crimes are committed in the im-palpable world of computer networks.
To commit such crimes the only thing a person needs is a computer which is connected with the internet. With
the advent of lightening fast internet, the time needed for committing the cybercrime is decreasing.
The cyberspace, being a boundary-less world has become a playground of the perpetrators where they commit
crimes and remain conspicuously absent from the site of crime. It is an Open challenge to the law which
derives its lifeblood from physical proofs and evidence.
The cybercrime has spread to such proportion that a formal categorization of this crime is no more possible.
Every single day gives birth to a new kind of cybercrime making every single effort to stop it almost a futile
exercise.
Identification possess major challenge for cybercrime. One thing which is common it comes to identification
part in cybercrime is Anonymous identity. It is quite an easy task to create false identity and commit crime
over internet using that identity. Cybercrime being technology driven evolves continuously and ingeniously
making it difficult for cyber investigators in finding solution related to cyber law crimes. Crimes committed
over internet are very different in nature when compared to the physical world. In crimes relating to cyber
space there is nothing sort of physical foot prints, tangible traces or objects to track cyber criminals down.
Cybercrimes possess huge amount complications when it comes to investigation. There can be scenario where
crimes committed over internet involve two or more different places in completely different direction of the
world. This complicates the jurisdictional aspect of crimes relating to internet.

Scope – Cybercrime can be basically categorized into three parts:


 Cybercrimes against persons.
 Cybercrimes against property.
 Cybercrimes against government

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:37 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

Cybercrimes against persons - Cybercrimes committed against persons include various crimes like
transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The
trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent
exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime
to humanity can hardly be amplified.

Cybercrimes against property - The second category of Cyber-crimes is that of Cybercrimes against all
forms of property. These crimes include computer vandalism (destruction of others' property), transmission
of harmful programmes.

Cybercrimes against government - The third category of Cyber-crimes relate to Cybercrimes against
Government. Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown
that the medium of Cyberspace is being used by individuals and groups to threaten the international
governments as also to terrorize the citizens of a country. This crime manifests itself into terrorism when an
individual "cracks" into a government or military maintained website.

Types of cybercrime
Here are some specific examples of the different types of cybercrime:
 Email and internet fraud - Email fraud (or email scam) is intentional deception for either personal
gain or to damage another individual by means of email. Internet fraud is the use of Internet services
or software with Internet access to defraud victims or to otherwise take advantage of them.
 Identity fraud (where personal information is stolen and used) - is the use by one person of another
person's personal information, without authorization, to commit a crime or to deceive or defraud that
other person or a third person.
 Theft of financial or card payment data - The purpose may be to obtain goods or services, or to
make payment to another account which is controlled by a criminal.
 Theft and sale of corporate data - Data theft is the act of stealing information stored on corporate
databases, devices, and servers. This form of corporate theft is a significant risk for businesses of all
sizes and can originate both inside and outside an organization.
 Cyberextortion (demanding money to prevent a threatened attack) - Cyberextortion is a crime
involving an attack or threat of an attack coupled with a demand for money or some other response in
return for stopping or remediating the attack.
Cyberextortion attacks start with a hacker gaining access to an organization's systems and seeking
points of weakness or targets of value. While ransomware attacks can be automated through malware
spread by email, infected websites or ad networks, these attacks tend to spread indiscriminately, and
they may result in only a small percentage of victims paying the extortionists. More targeted attacks
can produce less collateral damage while providing more lucrative targets for the extortion attempt.
 Ransomware attacks (a type of cyberextortion) - Ransomware is a type of malicious
software (malware) that threatens to publish or blocks access to data or a computer system, usually by
encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand
comes with a deadline. If the victim doesn’t pay in time, the data is gone forever.
 Cryptojacking (where hackers mine cryptocurrency using resources they do not own) -
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers
do this by either getting the victim to click on a malicious link in an email that loads cryptomining
code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes
once loaded in the victim’s browser.
 Cyberespionage (where hackers access government or company data) - Cyber espionage is a form
of cyber attack that steals classified, sensitive data or intellectual property to gain an advantage over a
competitive company or government entity.

Drug Trafficking
Drug traffickers generally use encrypted messaging tools to build communications with drug mules. There
have been several instances of dark web site, such as the site ‘Silk Road’ was a notorious online marketplace

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:41 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

UNIT II
Unauthorized access to computers
Unauthorized computer access, popularly referred to as hacking, describes a criminal action whereby someone
uses a computer to knowingly gain access to data in a system without permission to access that data.

Computer Intrusion
Computer intrusions occur when someone tries to gain access to any part of your computer system. Computer
intruders or hackers typically use automated computer programs when they try to compromise a computer’s
security. There are several ways an intruder can try to gain access to your computer. They can:
1. Access your computer to view, change, or delete information on your computer.
2. Crash or slow down your computer.
3. Access your private data by examining the files on your system.
4. Use your computer to access other computers on the Internet.

Computer Viruses and Malicious codes


Viruses –
 A virus is a computer code or program, which is capable of affecting your computer data badly by
corrupting or destroying them.
 Computer virus has the tendency to make its duplicate copies at a swift pace, and also spread it across
every folder and damage the data of your computer system.
 A computer virus is actually a malicious software program or "malware" that, when infecting your
system, replicates itself by modifying other computer programs and inserting its own code.
 Infected computer programs may include data files, or even the "boot" sector of the hard drive.

Ways a virus can affect your computer system. The ways are mentioned below −
 By downloading files from the Internet.
 During the removable of media or drives.
 Through pen drive.
 Through e-mail attachments.
 Through unpatched software & services.
 Through unprotected or poor administrator passwords.

Impact of Virus
Let us now see the impact of virus on your computer system −
 Disrupts the normal functionality of respective computer system.
 Disrupts system network use.
 Modifies configuration setting of the system.
 Destructs data.
 Disrupts computer network resources.
 Destructs of confidential data.

Malicious Code - is the kind of harmful computer code or web script designed to create system vulnerabilities
leading to back doors, security breaches, information and data theft, and other potential damages to files and
computing systems. It's a type of threat that may not be blocked by antivirus software on its own. Malware
specifically refers to malicious software, but malicious code includes website scripts that can exploit
vulnerabilities in order to upload malware.
It is an auto-executable application that can activate itself and take on various forms, including Java Applets,
ActiveX controls, pushed content, plug-ins, scripting languages or other programming languages that are
designed to enhance Web pages and email.
The code gives a cybercriminal unauthorized remote access to the attacked system — called an application
back door — which then exposes sensitive company data. By unleashing it, cybercriminals can even wipe out
a computer's data or install spyware

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:42 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

nternet Hacking and Cracking


Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to
gain access to personal data or business data. An example of computer hacking can be: using a password
cracking algorithm to gain access to a computer system.
Computers have become mandatory to run a successful business. It is not enough to have isolated computers
systems; they need to be networked to facilitate communication with external businesses. This exposes them
to the outside world and hacking. System hacking means using computers to commit fraudulent acts such as
fraud, privacy invasion, stealing corporate/personal data, etc. Cybercrimes cost many organizations millions
of dollars every year. Businesses need to protect themselves against such attacks.

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain
access. Hackers are usually skilled computer programmers with knowledge of computer security.

Hackers are classified according to the intent of their actions. The following list classifies types of hackers
according to their intent:
 Ethical Hacker (White hat): A security hacker who gains access to systems with a view to fix the
identified weaknesses. They may also perform penetration Testing and vulnerability assessments.
 Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain.
The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts
etc.
 Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer
systems without authority with a view to identify weaknesses and reveal them to the system owner.
 Script kiddies: A non-skilled person who gains access to computer systems using already made tools.
 Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is
usually done by hijacking websites and leaving the message on the hijacked website.
 Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

Cracking
 Cracking is a technique used to breach computer software or an entire computer security system, and
with malicious intent.
 Cracking is when someone performs a security hack for criminal or malicious reasons, and the
person is called a “cracker.” Just like a bank robber cracks a safe by skilfully manipulating its lock, a
cracker breaks into a computer system, program, or account with the aid of their technical wizardry.
 it’s always with the aim of doing something naughty when you’re there: stealing data, impersonating
someone, or even just using paid software for free.

Some common types of cracking:


 Password cracking - is the act of obtaining a password from stored data. Most common password
cracking methods.
 Brute force cracking: The cracking algorithm outputs random strings of characters until it
gets a match.
 Dictionary cracking: It’s similar to brute-force cracking, but rather than using random
characters, dictionary cracking limits itself to actual words.
 Rainbow table cracking: A rainbow table uses precomputed hash values to figure out the
encryption used to hash a password.
 Software cracking - is when someone alters a piece of software to disable or entirely remove one or
more of its features. Most software cracking uses at least one of the following tools or techniques:
 Keygen: Short for “key generator,” a keygen is a program a cracker builds to generate valid
serial numbers for a software product.
 Patch: Patches are small bits of code that modify existing programs. Developers release
patches for software all the time. Crackers can make them too, and when they do, the patch’s
job is to alter the way the program works by removing the unwanted features.

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:43 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

Loader: A loader’s job is to block the software’s protection measures as the software starts up.
Some loaders bypass copy protections, while others are popular with gamers who enjoy
cheating in online multiplayer games.
 Network cracking - is when someone breaks through the security of a LAN, or “local area network.”
Cracking a wired network requires a direct connection, but cracking a wireless network is much more
convenient, because the cracker just needs to be close to the wireless signal. A common example of a
wireless LAN is the Wi-Fi system in your home.

Viruses and Worms


1. Worms: Worms is similar to virus but it does not modify the program. It replicate itself more and more to
cause slow down the computer system. Worms can be controlled by remote. The main objective of worms to
eat the system resources.
2. Virus: A virus is a malicious executable code attached to another executable file which can be harmless or
can modify or delete data. When the computer program runs attached with virus it perform some action such
as deleting a file from the computer system. Virus can’t be controlled by remote.

Difference between Worms and Virus :


S.No. WORMS VIRUS
A Worm is a form of malware that replicates A Virus is a malicious executable code attached
1. itself and can spread to different computers via to another executable file which can be harmless
Network. or can modify or delete data.
The main objective of worms to eat the system The main objective of virus is to modify the
2.
resources. information.
It doesn’t need a host to replicate from one
3. It require host is needed for spreading.
computer to another.
4. It is less harmful as compared. It is more harmful.
Worms can be detected and removed by the Antivirus software are used for protection against
5.
Antivirus and firewall. viruses.
6. Worms can be controlled by remote. Virus can’t be controlled by remote.
7. Worms are executed via weaknesses in system. Viruses are executed via executable files.
Morris Worm, Storm Worm and SQL Slammer Resident and Non -resident viruses are two types
8.
are some of the examples of worms. of Virus.
9. It does not needs human action to replicate. It needs human action to replicate.
10. Its spreading speed is faster. Its spreading speed is slower as compared.

Software Piracy
Software piracy is the act of stealing software that is legally protected. This stealing includes copying,
distributing, modifying or selling the software.
Copyright laws were originally put into place so that the people who develop software (programmers, writers,
graphic artists, etc.) would get the proper credit and compensation for their work. When software piracy
occurs, compensation is stolen from these copyright holders.

Types of Software Piracy


There are five main types of software piracy.
 Softlifting - is when someone purchases one version of the software and downloads it onto multiple
computers, even though the software license states it should only be downloaded once. This often
occurs in business or school environments and is usually done to save money. Softlifting is the most
common type of software piracy.
 Client-server overuse - is when too many people on a network use one main copy of the program at
the same time. This often happens when businesses are on a local area network and download the

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:43 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

software for all employees to use. This becomes a type of software piracy if the license doesn’t entitle
you to use it multiple times.
 Hard disk loading - is a type of commercial software piracy in which someone buys a legal version
of the software and then reproduces, copies or installs it onto computer hard disks. The person then
sells the product. This often happens at PC resale shops and buyers aren’t always aware that the
additional software they are buying is illegal.
 Counterfeiting - occurs when software programs are illegally duplicated and sold with the appearance
of authenticity. Counterfeit software is usually sold at a discounted price in comparison to the
legitimate software.
 Online Piracy - also known as Internet piracy, is when illegal software is sold, shared or acquired by
means of the Internet. This is usually done through a peer-to-peer (P2P) file-sharing system, which is
usually found in the form of online auction sites and blogs.

The Dangers of Software Piracy


Software piracy may have a cheaper price point, but there are many dangers that software pirates should be
aware of. Consequences of software piracy are:
 Increased chances that the software will malfunction or fail
 Forfeited access to support for the program such as training, upgrades, customer support and bug fixes
 No warranty and the software can’t be updated
 Increased risk of infecting your PC with malware, viruses or adware
 Slowed down PC
 Legal repercussions due to copyright infringement

Intellectual property Rights


Intellectual property rights are the legal rights that cover the privileges given to individuals who are the owners
and inventors of a work, and have created something with their intellectual creativity. Individuals related to
areas such as literature, music, invention, etc., can be granted such rights, which can then be used in the
business practices by them.
The creator/inventor gets exclusive rights against any misuse or use of work without his/her prior information.
However, the rights are granted for a limited period of time to maintain equilibrium.

Types of Intellectual Property Rights


Intellectual Property Rights can be further classified into the following categories −
 Copyright
 Patent
 Patent
 Trade Secrets, etc.

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:44 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

Advantages of Intellectual Property Rights


Intellectual property rights are advantageous in the following ways −
 Provides exclusive rights to the creators or inventors.
 Encourages individuals to distribute and share information and data instead of keeping it confidential.
 Provides legal defense and offers the creators the incentive of their work.
 Helps in social and financial development.

Intellectual Property in Cyber Space


 Every new invention in the field of technology experiences a variety of threats. Internet is one such
threat, which has captured the physical marketplace and have converted it into a virtual marketplace.
 To safeguard the business interest, it is vital to create an effective property management and protection
mechanism keeping in mind the considerable amount of business and commerce taking place in the
Cyber Space.
 Today it is critical for every business to develop an effective and collaborative IP management
mechanism and protection strategy. The ever-looming threats in the cybernetic world can thus be
monitored and confined.
 Various approaches and legislations have been designed by the law-makers to up the ante in delivering
a secure configuration against such cyber-threats. However, it is the duty of the intellectual property
right (IPR) owner to invalidate and reduce such mala fide acts of criminals by taking proactive
measures.

Mail Bombs
An email bomb is an attack against an email inbox or server designed to overwhelm an inbox or inhibit the
server’s normal function, rendering it unresponsive, preventing email communications, degrading network
performance, or causing downtime. The intensity of an email bomb can range from an inconvenience to a
complete denial of service. Typically, these attacks persist for hours or until the targeted inbox or server
implements a mitigation tactic to filter or block the attacking traffic. Such attacks can be carried out
intentionally or unintentionally by a single actor, group of actors, or a botnet.

There are five common email bomb techniques:


1. Mass mailing – intentionally or unintentionally sending large quantities of random email traffic to
targeted email addresses. This attack is often achieved using a botnet or malicious script, such as by
the automated filling out of online forms with the target email inserted as the requesting/return address.
2. List linking – signing targeted email addresses up for numerous email subscriptions, which indirectly
flood the email addresses with subscribed content. Many subscription services do not ask for
verification, but if they do these emails can be used as the attack emails. This type of attack is difficult
to prevent because the traffic originates from multiple legitimate sources.
3. ZIP bomb – sending very large compressed archive files to an email address, which when
decompressed, consume available server resources to damage performance.
4. Attachment – sending multiple emails with large attachments designed to overload the storage space
on a server and cause the server to stop responding.
5. Reply-all – responding “Reply All” to large dissemination lists instead of just to the original sender.
This inundates inboxes with a cascade of emails, which are compounded by automated replies, such
as out-of-office messages. These are often accidental in nature. This can also occur when a malicious
actor spoofs an email address and the automatic replies are directed toward the spoofed address.

Effects of Mail Bombs


Email bombs can create denial of service conditions that may impede election offices from conducting routine
or election day activities. For example, a successful email bomb may inhibit election offices from accessing
inboxes for citizen engagement, voter registration, or other services. The impact of such an attack is highly
likely to compound if occurring around polling or registration dates. Additionally, cyber actors sometimes use
email bomb attacks to mask other malicious activity, distract users, or prevent the regular flow of notifications
associated with critical or abnormal account activity

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:44 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

Exploitation
An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by
security researchers as a proof-of-concept threat or by malicious actors for use in their operations. When used,
exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the
network.
In some cases, an exploit can be used as part of a multi-component attack. Instead of using a malicious file,
the exploit may instead drop another malware, which can include backdoor Trojans and spyware that can steal
user information from the infected systems.

Common types of computer exploit


 Known exploits - When someone discovers a software vulnerability, they’ll often alert the software’s
developer, who can then fix the vulnerability immediately with a security patch. They may also spread
the word about the vulnerability on the internet to warn others. Either way, the developer will
(hopefully) be able to respond and repair the vulnerability before an exploit can take advantage of it.
 Zero-day exploits (unknown exploits) - Sometimes, exploits catch everyone by surprise. When a
hacker discovers a vulnerability and immediately creates an exploit for it, it’s called a zero-day exploit
— because the exploit attack happens on the same day the vulnerability is found. At that point, the
developer has known about the vulnerability for “zero days.”
 Hardware exploits - While software exploits get most of the media attention, they’re not the only
types of exploits out there. Sometimes, hackers can exploit flaws in the physical hardware (and its
firmware) in your device.

Stalking and Obscenity in Internet


Cyberstalking
 Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group,
or organization. It may include false accusations, defamation, slander and libel. It may also include
monitoring, identity theft, threats, vandalism, solicitation for sex, or gathering information that may
be used to threaten, embarrass or harass.
 Cyberstalking is often accompanied by real time or offline stalking. In many jurisdictions, such as
California, both are criminal offenses. Both are motivated by a desire to control, intimidate or influence
a victim. A stalker may be an online stranger or a person whom the target knows. They may be
anonymous and solicit involvement of other people online who do not even know the target.
 Cyberstalking is a criminal offense under various state anti-stalking, slander and harassment laws. A
conviction can result in a restraining order, probation, or criminal penalties against the assailant,
including jail.

Cyberstalking can take many forms, including:


1. harassment, embarrassment and humiliation of the victim
2. emptying bank accounts or other economic control such as ruining the victim's credit score
3. harassing family, friends and employers to isolate the victim
4. scare tactics to instil fear and more

Key factors in cyberstalking:


 False accusations
 Attempts to gather information about the victim
 Monitoring their target's online activities and attempting to trace their IP address in an effort to gather
more information about their victims.
 Encouraging others to harass the victim
 False victimization
 Attacks on data and equipment
 Arranging to meet
 The posting of defamatory or derogatory statements

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:45 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

Obscenity in Internet
Obscenity refers to a narrow category of pornography that violates contemporary community standards and
has no serious literary, artistic, political or scientific value. For adults at least, most pornography — material
of a sexual nature that arouses many readers and viewers — receives constitutional protection. However, two
types of pornography receive no First Amendment protection: obscenity and child pornography. Sometimes,
material is classified as “harmful to minors” (or obscene as to minors), even though adults can have access to
the same material.

Password Cracking
 Password cracking techniques are used to recover passwords from the data that have stored in or
transmitted by computer systems.
 Attackers use password-cracking techniques to gain unauthorized access to the vulnerable system.
 Most of the password cracking techniques are successful due to weak or easily guessable passwords.
 Password cracking may use to recover the forgot password of any user to help him/her to recover the
password.

Types of Password Attacks


 Non-Technical Attacks – The attacker need not possess the technical knowledge to crack the
password, hence known as a non-technical attack.
These types of attacks involve the following terms:
 Shoulder Surfing - is the technique that we need to do when we are in contact with that person,
Basically, we guess the password by seeing their hands moving or his/her shoulder movements.
 Social Engineering - is one of the best concepts in the non-technical attacks. Social
Engineering is to collect more and more information about the target to get or guess the
password by direct contact or indirectly.
 Dumpster Diving - In the dumpster diving technique we try to collect info about passwords
through the dump of that person’s office or from home. Sometimes it really works too good.
 Active Online Attack -
 Dictionary Attack - is loaded into the cracking application that runs against user accounts.
 Brute Forcing Attack - The program tries every combination of characters until the password
is broken.
 Rule-Based Attack - This attack is used when the attacker gets some information about the
password.
 Password Guessing - The attacker crates a list of all possible passwords from the information
collected through social engineering or any other way and tries them manually on the victim’s
machine to crack the passwords.
 Trojan/Spyware/Keylogger - The attacker installs Trojan/Spyware/Keylogger on the victim’s
machine to collect the victim’s user names and passwords. Trojan/Spyware/Keylogger runs in
the background and sends back all user credentials to the attacker.
 Hash Injection Attack - allows an attacker to inject a compromised hash into a local session
and use the hash to validate network resources. The attacker finds and extracts a logged on
domain admin account hash. The attacker uses the extracted hash to log on to the domain
controller.
 Passive Online Attacks -
 Wire Sniffing - Attackers run packet sniffer tools on the local area network (LAN) to access
and record the raw network traffic. The captured data may include sensitive information such
as passwords (FTP, login sessions, etc.) and emails. Sniffed credentials are used to gain
unauthorized access to the target system.
 Man-in-the-Middle and Replay Attack - Gain access to the communication channels: In a
MITM attack, the attacker acquires access to the communication channels between victim and
server to extract the information. Use Sniffer: In a replay attack, packets and authentication
tokens are captured using a sniffer. After the relevant into is extracted, the tokens are placed
back on the network to gain access

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:49 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

UNIT IV
Digital Forensics
 Digital Forensics is defined as the process of preservation, identification, extraction, and
documentation of computer evidence which can be used by the court of law.
 It is a science of finding evidence from digital media like a computer, mobile phone, server, or network.
 It provides the forensic team with the best techniques and tools to solve complicated digital-related
cases.
 Digital Forensics helps the forensic team to analyses, inspect, identifies, and preserve the digital
evidence residing on various types of electronic devices.

Types of Digital Forensics


The types of digital forensics are:
 Disk Forensics: It deals with extracting data from storage media by searching active, modified, or
deleted files.
 Network Forensics: It is a sub-branch of digital forensics. It is related to monitoring and analysis of
computer network traffic to collect important information and legal evidence.
 Wireless Forensics: It is a division of network forensics. The main aim of wireless forensics is to
offers the tools need to collect and analyze the data from wireless network traffic.
 Database Forensics: It is a branch of digital forensics relating to the study and examination of
databases and their related metadata.
 Malware Forensics: This branch deals with the identification of malicious code, to study their
payload, viruses, worms, etc.
 Email Forensics: Deals with recovery and analysis of emails, including deleted emails, calendars, and
contacts.
 Memory Forensics: It deals with collecting data from system memory (system registers, cache, RAM)
in raw form and then carving the data from Raw dump.
 Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile devices. It
helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio,
videos, etc.

Advantages of Digital forensics


Here, are pros/benefits of Digital forensics
 To ensure the integrity of the computer system.
 To produce evidence in the court, which can lead to the punishment of the culprit.
 It helps the companies to capture important information if their computer systems or networks are
compromised.
 Efficiently tracks down cybercriminals from anywhere in the world.
 Helps to protect the organization's money and valuable time.
 Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action's in
the court.

Disadvantages of Digital Forensics


Here, are major cos/ drawbacks of using Digital Forensic
 Digital evidence accepted into court. However, it is must be proved that there is no tampering
 Producing electronic records and storing them is an extremely costly affair
 Legal practitioners must have extensive computer knowledge
 Need to produce authentic and convincing evidence
 If the tool used for digital forensic is not according to specified standards, then in the court of law, the
evidence can be disapproved by justice.
 Lack of technical knowledge by the investigating officer might not offer the desired result

Example Uses of Digital Forensics


In recent time, commercial organizations have used digital forensics in following a type of cases

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:50 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

Intellectual Property theft


 Industrial espionage
 Employment disputes
 Fraud investigations
 Inappropriate use of the Internet and email in the workplace
 Forgeries related matters
 Bankruptcy investigations
 Issues concern with the regulatory compliance

Historical Background of Digital Forensics


Here, are important landmarks from the history of Digital Forensics:
 Hans Gross (1847 -1915): First use of scientific study to head criminal investigations
 FBI (1932): Set up a lab to offer forensics services to all field agents and other law authorities across
the USA.
 In 1978 the first computer crime was recognized in the Florida Computer Crime Act.
 Francis Galton (1982 - 1911): Conducted first recorded study of fingerprints
 In 1992, the term Computer Forensics was used in academic literature.
 1995 International Organization on Computer Evidence (IOCE) was formed.
 In 2000, the First FBI Regional Computer Forensic Laboratory established.
 In 2002, Scientific Working Group on Digital Evidence (SWGDE) published the first book about
digital forensic called "Best practices for Computer Forensics".
 In 2010, Simson Garfinkel identified issues facing digital investigations.

It is difficult to pinpoint when computer forensics history began. Most experts agree that the field of computer
forensics began to evolve more than 30 years ago. The field began in the United States, in large part, when
law enforcement and military investigators started seeing criminals get technical. Government personnel
charged with protecting important, confidential, and certainly secret information conducted forensic
examinations in response to potential security breaches to not only investigate the particular breach, but to
learn how to prevent future potential breaches. Ultimately, the fields of information security, which focuses
on protecting information and assets, and computer forensics, which focuses on the response to hi-tech
offenses, started to intertwine.
Over the next decades, and up to today, the field has exploded. Law enforcement and the military continue to
have a large presence in the information security and computer forensic field at the local, state, and federal
level. Private organizations and corporations have followed suit – employing internal information security and
computer forensic professionals or contracting such professionals or firms on an as-needed basis.
Significantly, the private legal industry has more recently seen the need for computer forensic examinations
in civil legal disputes, causing an explosion in the e-discovery field.
The computer forensic field continues to grow on a daily basis. More and more large forensic firms, boutique
firms, and private investigators are gaining knowledge and experience in the field. Software companies
continue to produce newer and more robust forensic software programs. And law enforcement and the military
continue to identify and train more and more of their personnel in the response to crimes involving technology.

Forensic Software and Hardware


Evidence is an important factor in any investigations. Forensics investigations rely on this method. The
evidence will prove vital for the success of investigation. Data or information should be communicated
accurately in an investigation. Computer forensics depends on evidence in the form of bits and bytes for a
case analysis. The bits and bytes reside on the storage medium of a digital device. Devices come in a variety
of formats as PCs, Servers, Mobile Phones, Sim Cards, Memory Cards, iPods, Routers and more to come.
Forensic experts always look on the data as a vital part in their analysis. In essence the data should be identified
and reproduced with zero percentage of error.

Two methods are widely adopted in acquiring data from a digital device.
1. Software Methods
2. Hardware Methods

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:50 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

Both the methods are interdependent and a clear-cut classification is not possible. The following discusses the
software forensic and the different hardware forensics techniques in use and the theory underlying it.

Software forensics is the science of analysing software source code or binary code to determine whether
intellectual property infringement or theft occurred. It is the centrepiece of lawsuits, trials, and settlements
when companies are in dispute over issues involving software patents, copyrights, and trade secrets. Software
forensics tools can compare code to determine correlation, a measure that can be used to guide a software
forensics expert.

Hardware Forensics
 Rule of forensics - The golden rule of forensics states that we cannot work on the suspect device. It
should be copied and any analysis should be done on the copy of the original one. The data should be
copied at the earliest. There should not be any tampering of the suspect device. Hence design of any
forensic tool should take into consideration these factors.

 A Drive Lock Scenario - An important requirement in forensics is a drive lock. This device should
lock the suspect drive as to avoid any contamination of data. Software locking is possible by blocking
any write operations. This requires a PC or a laptop running the software to be carried along with the
investigator every time. An improper functioning of the software can cause difficulty in acquiring.
Hardware methods that substitute the software techniques will be compact and easy to use. The device
will be powered from the source or from the suspect machine itself. The hardware into the development
should have all possible connectors available.

 Hard Disk Scenario - Acquihiring a hard disk using software methods depend on a software running
on a PC. The computation speed of the device depends on the processing capability of the processor.
The acquiring of an 80 GB hard disk takes roughly 4 hours. The processing capacity of processors has
increased with shrinkage in sizes. This can be taken into advantage for the design of speedy acquisition
devices. A portable unit would be a better ease to the investigator. So, development of an embedded
acquisition device will be an advantage in time and cost for the investigator.

 Sim Card scenario - GSM Mobile phones use Sim Cards as an important agent in connecting to the
network. Details on the network and connections can be obtained from the Sim Card. There need to be
device to read out the details in the Sim Card. This requires a combination of hardware and software.
Sim Card details should be also copied and replicated further for analysis.

Advantages of hardware tools in forensics


1. Embedded development is done which saves the space and time.
2. The products will be portable.
3. Speedy acquisition of digital datas can be done.

Need of Computer Forensic Science


Here are the essential objectives of using Computer forensics:
 It helps to recover, analyse, and preserve computer and related materials in such a manner that it helps
the investigation agency to present them as evidence in a court of law.
 It helps to postulate the motive behind the crime and identity of the main culprit.
 Designing procedures at a suspected crime scene which helps you to ensure that the digital evidence
obtained is not corrupted.
 Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to
extract the evidence and validate them.
 Helps you to identify the evidence quickly, and also allows you to estimate the potential impact of the
malicious activity on the victim
 Producing a computer forensic report which offers a complete report on the investigation process.
 Preserving the evidence by following the chain of custody

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1
22/07/2024, 21:50 Cyber Security - UNIT I Introduction and Overview of Cyber crime  Cybercrime is criminal activity - Studocu

Special tools and techniques


Tools – There are very many free and paid for digital forensic tools. Some of them are extensive collections
of utility programs that can help with various stages of the the forensic process. Examples include EnCase,
CAINE (Computer Aided Investigative Environment), X-Ways Forensics, SANS Investigative Forensics
Toolkit (SIFT), Computer Online Forensics Evidence Extractor (COFEE), The Coroner's Toolkit and many
more.
Although forensic tools vary according to the phase of the investigation for which they are being used, good
tools share some common features.
 Include an acquisition feature that allows the data to be gathered.
 Enables searching and filtering of files
 Can provide exact pathway locators to find the exact position of data.
 Full disk hashing to confirm the data hasn't changed
 Can reveal exact time and data stamps of when files were created, stored and last looked at.
 Can work with backup files and extract data

Techniques – The aims of the forensic process are to preserve the evidence; then to use the forensic tools look
at the acquired data for things that may have been deleted, hidden or unusual.
Different techniques or methods for this kind of forensic work can be used at different stages of the
investigative process.
 Preserving the evidence: Making an image (an exact copy) of the original data with the use of a 'write
blocker' - write blocker prevents any program or device making changes to the original data. Typical
tools include Forensic Toolkit (FTK), Encase, SIFT, Coroner's toolkit, Sleuth Kit
 Using the method of Forensic Duplication by recovering deleted files: Getting back files which might
have been to deleted to hide evidence. Typical tools FTK, Encase, SIFT, Coroner's toolkit, Sleuth Kit
 Removing Files: Most files on devices are harmless with known file types and names. One technique
is to filter out or remove these files to leave only those worthy of investigation. The method used here
is to compare md5 hashes of files to a list of known md5 hashes of known files. If they match, they
can be removed. FTK or Encase are popular tools.
 File signature verification. Works similar to raw above. A comparison is made between the header
and footer information of suspect files with those of known files. Matching files can be safely removed.
Sleuth Kit, Encase or a written Perl script.
 String searching and looking for file fragments: Using the search command to look for keywords or
known text. FTK, Encase
 Web activity reconstruction: Getting back web browsing history, accepted cookies and temporary
internet files that where the user has been removing opportunities for deniability. Encase, FTK,
Browser logs
 Email activity reconstruction: Using the method of converting email repositories to readable text
FTK, Parabens Network Mail Examiner
 Registry activity reconstruction: Discovering any deleted programmes or recent activity by looking
at Windows system and application log files. FTK, RegEdit
 Live forensics: Using the method of analysing volatile processes; those files that are loaded in and out
of memory. Windows Forensic Toolchest, COFEE
 Recovering hidden files: Actively looking for hidden files or hidden data (stenography) and
attempting to gain access through the methods of Decryption and Cryptanalysis. Steg Break, Steg
detect, Password Cracking and Frequency analysis.

Digital Forensic life cycle


Digital forensics entails the following steps:
 Identification
 Preservation
 Analysis
 Documentation
 Presentation

https://www.studocu.com/in/document/chhatrapati-shivaji-maharaj-university/bachelorss-in-computer-application/cyber-security/45594445?origin=… 1/1

You might also like