Diploma Engineering

Laboratory Manual

Cyber Security And Digital Forensic

(4361601)
[Information Technology, Semester-VI]
Enrolment No 226120316072
Name Vasava Hetal
Branch Information Technology
Academic Term 242
Institute Dr.S & S.S Gandhi Collage Of Engineering
& Technology.

Directorate of Technical Education Gandhinagar -

Gujarat
DTE’s Vision:
● To provide globally competitive technical education;
● Remove geographical imbalances and inconsistencies;
● Develop student friendly resources with a special focus on girls’ education and
support to weaker sections;
● Develop programs relevant to industry and create a vibrant pool of technical
professionals.
DTE’s Mission:

Institute’s Vision:

Institute’s Mission:

Department’s Vision:

Department’s Mission:
 Certificate

This is to certify that Mr/Ms.

Enrollment No. of 6th Semester of Diploma in
Information Technology of has
satisfactorily completed the term work in course Cyber Security And Digital
Forensic (4361601) for the academic year: Term: Odd/Even
prescribed in the GTU curriculum.

Place:
Date:

Signature of Course Faculty Head of the Department

 Preface
The primary aim of any laboratory/Practical/field work is enhancement of required skills as well as
creative ability amongst students to solve real time problems by developing relevant competencies
in psychomotor domain. Keeping in view, GTU has designed competency focused outcome-based
curriculum -2021 (COGC-2021) for Diploma engineering programmes. In this more time is allotted
to practical work than theory. It shows importance of enhancement of skills amongst students and it
pays attention to utilize every second of time allotted for practical amongst Students, Instructors
and Lecturers to achieve relevant outcomes by performing rather than writing practice in study
type. It is essential for effective implementation of competency focused outcome- based Green
curriculum-2021. Every practical has been keenly designed to serve as a tool to develop & enhance
relevant industry needed competency in each and every student. These psychomotor skills are very
difficult to develop through traditional chalk and board content delivery method in the classroom.
Accordingly, this lab manual has been designed to focus on the industry defined relevant outcomes,
rather than old practice of conducting practical to prove concept and theory.
By using this lab manual, students can read procedure one day in advance to actual performance
day of practical experiment which generates interest and also, they can have idea of judgement of
magnitude prior to performance. This in turn enhances predetermined outcomes amongst students.
Each and every Experiment /Practical in this manual begins by competency, industry relevant
skills, course outcomes as well as practical outcomes which serve as a key role for doing the
practical. The students will also have a clear idea of safety and necessary precautions to be taken
while performing experiment.
This manual also provides guidelines to lecturers to facilitate student-centered lab activities for
each practical/experiment by arranging and managing necessary resources in order that the students
follow the procedures with required safety and necessary precautions to achieve outcomes. It also
gives an idea that how students will be assessed by providing Rubrics.

Course specific para

Information technology is a modern phenomenon that has dramatically changed the daily
lives of individuals and businesses throughout the world. In today's digital age, mobile
computing has become an essential component of our daily lives. With a mobile computing, we
are capable of doing almost all task that we do by computer, using mobile devices. Therefore, the
knowledge about the various applications areas of mobile computing and networks including
practical skills acquired through the laboratory will help students when he/she will be working
with very dynamic and growing field of mobile computing.
Although we try our level best to design this lab manual, but always there are chances of
improvement. We welcome any suggestions for improvement.
Programme Outcomes (POs):
1. Basic and Discipline specific knowledge: Apply knowledge of basic mathematics, science
and engineering fundamentals and engineering specialization to solve the engineering
problems.

2. Problem analysis: Identify and analyse well-defined engineering problems using codified
standard methods.

3. Design/ development of solutions: Design solutions for engineering well-defined technical

problems and assist with the design of systems components or processes to meet specified
needs.

4. Engineering Tools, Experimentation and Testing: Apply modern engineering tools and
appropriate technique to conduct standard tests and measurements.

5. Engineering practices for society, sustainability and environment: Apply appropriate

technology in context of society, sustainability, environment and ethical practices.

6. Project Management: Use engineering management principles individually, as a team

member or a leader to manage projects and effectively communicate about well-defined
engineering activities.

7. Life-long learning: Ability to analyse individual needs and engage in updating in the
context of technological changes in field of engineering.
 Practical Outcome - Course Outcome matrix
Course Outcomes (COs):
CO1: Gain knowledge of information security, including Cryptography and hashing techniques.
CO2: Explain the different types of network and system security techniques and threats.
CO3: Understand the different types cybercrimes and Analyse cybercrime.
CO4: Implement ethical hacking methodologies using Kali Linux, including vulnerability analysis.
CO5: Explain how digital forensics methodologies use for investigate cybercrimes
S. Practical Outcome/Title of experiment CO1 CO2 CO3 CO4 CO5
No
1 a) Implement Private key Cryptography algorithm √ - - - -
DES in python.
(Install des package using pip)
b) Implement Message digest 5 and Secure Hash
Function using python.
2 Implement the RSA Public key Cryptography √ - - - -
algorithm in Python using RSA library.
3 Demonstrate intrusion detection system (ids) using - √ - - -
any tool.(snort or any other s/w)
4 Install Tor browser and perform proxy tunnelling. - √ - - -

5 Perform data hiding using Steganography tool - - √ - -

Openstego (use AES encryption algorithm).
6 Create malicious script for generating multiple - - √ - -
folders using python.
7 Prepare a case study report on 3 different types of - - √ - -
cyber-crimes. ( https://gujaratcybercrime.org)
(https://cybercrime.gov.in)

8 Study Open-source intelligence (OSINT) framework - - - √ -

and perform Information gathering using Username,
Email address , Domain name and IP address.
9 a) Installation and configuration of Kali Linux in - - - √ -
Virtual box/VMware.
b) Perform basic commands in Kali Linux.
10 Perform port scanning using NMAP. - - - √ -

11 a) Installation and configuration of Wireshark. - - - - √

b) Perform Password sniffing using Wireshark.
(Analyse GET/POST Request)
12 Perform Memory forensic using Memoryze tool. - - - - √
(https://fireeye.market/apps/211368)
13 Perform web Artifact analysis and registry analysis - - - - √
using Autopsy. (https://www.sleuthkit.org/autopsy/)
14 Create forensic images of entire local hard drives - - - - √
using FTK IMAGER tool.
(https://go.exterro.com/l/43312/2023-05-03/fc4b78)
Industry Relevant Skills
The following industry relevant skills are expected to be developed in the students by
performance of experiments of this course.

(2 or 3 skills)

Understand the basic concepts of hacking.

Explain the concepts and digital forensics
Apply knowledge to real-world situations while investigate cyber crime using digital forensics.
And ethical hacking

Guidelines to Course Faculty

1. Course faculty should demonstrate experiment with all necessary implementation strategies
described in curriculum.
2. Couse faculty should explain industrial relevance before starting of each experiment.
3. Course faculty should involve & give opportunity to all students for hands on experience.
4. Course faculty should ensure mentioned skills are developed in the students by asking.
5. Utilise 2 hrs of lab hours effectively and ensure completion of write up with quiz also.
6. Encourage peer to peer learning by doing same experiment through fast learners.

Instructions for Students

1. Organize the work in the group and make record of all observations.
2. Students shall develop maintenance skill as expected by industries.
3. Student shall attempt to develop related hand-on skills and build confidence.
4. Student shall develop the habits of evolving more ideas, innovations, skills etc.
5. Student shall refer technical magazines and data books.
6. Student should develop habit to submit the practical on date and time.
7. Student should well prepare while submitting write-up of exercise.
 Continuous Assessment Sheet
Enrolment No: 226120316072
Term: 242

Name: Vasava Hetal

Sr. Marks
Practical Outcome/Title of experiment Page Date Sign
No (25)
a) Implement Private key Cryptography
algorithm DES in python.
1 (Install des package using pip)
b) Implement Message digest 5 and Secure Hash
Function using python.
Implement the RSA Public key Cryptography
2
algorithm in Python using RSA library.
Demonstrate intrusion detection system (ids)
3
using any tool.(snort or any other s/w)
Install Tor browser and perform proxy
4
tunnelling.
Perform data hiding using Steganography tool
5
Openstego (use AES encryption algorithm).
Create malicious script for generating multiple
6
folders using python.
Prepare a case study report on 3 different types
7 of cyber-crimes. ( https://gujaratcybercrime.org)
(https://cybercrime.gov.in)
Study Open-source intelligence (OSINT)
framework and perform Information gathering
8
using Username, Email address , Domain name
and IP address.
a) Installation and configuration of Kali Linux in
9 Virtual box/VMware.
b) Perform basic commands in Kali Linux.
10 Perform port scanning using NMAP.
a) Installation and configuration of Wireshark.
11 b) Perform Password sniffing using Wireshark.
(Analyse GET/POST Request)
Perform Memory forensic using Memoryze tool.
12
(https://fireeye.market/apps/211368)
Perform web Artifact analysis and registry
13 analysis using Autopsy.
(https://www.sleuthkit.org/autopsy/)
Create forensic images of entire local hard drives
using FTK IMAGER tool.
14
(https://go.exterro.com/l/43312/2023-05-
03/fc4b78)
 Cyber Security and Digital Forensics (4361601)

Practical 1
Aim: a. Implement private key cryptography algorithm DES in python.
(Install DES package using PiP)
b. Implement Message digest 5 and Secure Hash Function using python.
A. Objective:
To apply the knowledge of private key cryptography to implement DES algorithm in
Python
To achieve data integrity by implementing MD5 and Hash function using Python

B. Expected Program Outcomes (POs)

PO1.PO2 PO3, PO4, PO7

C. Expected Skills to be developed based on competency:

1. Advanced encryption techniques

2. Implementation of Data integrity using hashing
D. Expected Course Outcomes (Cos)

CO1: Gain knowledge of information security, including Cryptography and hashing

techniques.

E. Practical Outcome (PRo)

Implement Private key Cryptography algorithm DES in python.

Implement Message digest 5 and Secure Hash Function using python.

F. Expected Affective domain Outcome (ADos)

Examine the symmetric key cryptography and hashing concept and their applications
G. Prerequisite Theory:

A block cipher is a method of encrypting data in blocks to produce ciphertext using a

cryptographic key and algorithm. The block cipher processes fixed-size blocks
simultaneously, as opposed to a stream cipher, which encrypts data one bit at a time. Most
modern block ciphers are designed to encrypt data in fixed-size blocks of either 64 or 128
bits. A block cipher uses a symmetric key and algorithm to encrypt and decrypt a block of
data. A block cipher requires an initialization vector (IV) that is added to the
input plaintext in order to increase the key space of the cipher and make it more difficult
to use brute force to break the key. The IV is derived from a random number generator,
which is combined with text in the first block and the key to ensure all subsequent blocks
result in ciphertext that does not match that of the first encryption block.
Steps of DES

226120316072 Page 1
 Cyber Security and Digital Forensics (4361601)

H. Resources/Equipment Required

Sr. No. Instrument/Equipment Specification Quantity

/Components/Trainer kit
1 Computer System Operating System: Windows 7 or later 1
(Desktop/Laptop) version, RAM:4 GB , HDD: 250 GB,
Anaconda Framework / Google colab

I. Safety and necessary Precautions followed

In the implementation of cryptographic algorithms like DES (Data Encryption Standard)

and hash functions such as MD5 (Message Digest 5) in Python, ensuring safety and
taking necessary precautions are crucial to protect sensitive data.
 Environment Setup Use Virtual Environment Setup.
 Use pip to install necessary packages securely.
 Use Established Libraries
 Secure Key Management

J. Procedure to be followed/Source code:

Step 1: Open Google Colab and Install DES using pip Command

Step 2: Import des and initialize key for encryption

226120316072 Page 2
 Cyber Security and Digital Forensics (4361601)

Step 3: Perform encryption using key and provide message for encryption and print
encrypted message.

Step 4: Perform decryption using decrypt function of des.

Step 5: Convert and print digest of plain text message into md5 using hashlib library

Step 6: Convert and print digest of plain text message into sha256 using hashlib library

226120316072 Page 3
 Cyber Security and Digital Forensics (4361601)

K. Observations and Calculations/Input-Output (CE & IT software subjects):

Observation: We can see that our message is encrypted in 64-bit cipher text using
des library and we can also get original plain text using decrypt function of des package

MD 5 / SHA 256 Output

Below we can see that MD5 gives 128-bit output digest and SHA256 gives 256 bits
output. Generally, the longer the output, the more secure the hash function, as it reduces
the chances of collisions

MD5

SHA256

L. Practical related Quiz.

1. What is the role of S-box in DES?

2. How permutation works in DES?

3. Differentiate DES, 2-DES and 3-DES.

4. How public key cryptography works?

226120316072 Page 4
 Cyber Security and Digital Forensics (4361601)

5. What is hashing algorithm? How it works?

6. What do you mean by an authentication? How to achieve using public key cryptography?

M. References / Suggestions (lab manual designer should give)

https://www.youtube.com/watch?v=j53iXhTSi_s
https://www.youtube.com/watch?v=r6GlzIWiMD0

N. Assessment-Rubrics

Sr Performance Indicators Weightage in Marks Obtained

No. % Marks
1 Analyse and identify suitable approach 25 0-5
for problem solving
2 Use of appropriate technology / software 25 0-5
/ tools
3 Demonstrate problems as per 20 0-5
instructions.
4 Interpret the result and conclusion 15 0-5

5 Prepare a report/presentation for given 15 0-5

problem
Total 100 25

Sign
Date: ……………

226120316072 Page 5
 Cyber Security and Digital Forensics (4361601)

Practical 11
Aim: a. Installation and configuration of Wireshark.
b. Perform Password sniffing using Wireshark. (Analyse GET/POST
Request)
A. Objective:
 To apply the knowledge of open-source components for monitoring, analyzing and
documenting the network traffic are present.
 To achieve data by network monitoring on almost all types of network standards (ethernet,
wlan, Bluetooth etc)
B. Expected Program Outcomes (POs)
PO1,PO2 PO3 PO4 and PO7
C. Expected Skills to be developed based on competency:

 Basic working principles of OSI & TCP/IP Layer Protocol stack.

 Fundamental knowledge of IPv4 and IPv6 address.
D. Expected Course Outcomes (Cos)

 CO5: Explain how digital forensics methodologies use for investigate cybercrimes.
E. Practical Outcome (PRo)

 Understand how protocols work and also help you debug applications or network issues.
 Understand how the complete control on packet capturing and What to capture and view.

F. Expected Affective domain Outcome (ADos)

knowledge of Wireshark and use it to further understand various concepts in computer

networks.
G. Prerequisite Theory:

OSI stands for Open Systems Interconnection. It is 7-layer architecture with each layer
having specific functionality to perform.
TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of
communication protocols used to interconnect network devices on the internet.

226120316072 Page 61
 Cyber Security and Digital Forensics (4361601)

H. Resources/Equipment Required

Instrument/Equipment
Sr. No Specification Quantity
/Components/Trainer kit
Computer System Operating System:
(Desktop/Laptop) Any Linux OS or Windows 7 or later version
1 1
RAM: 4 GB , HDD: 250 GB.
Active Internet connection.

I. Safety and necessary Precautions followed

1. Equipment handling and proper connection: Connect network devices, cables, and
connectors with care to prevent improper connection. Ensure proper grounding of devices
to prevent electrical issues.
2. Testing in a controlled environment: Perform the practical test in a controlled environment
that is separate from a live production network. This ensures that any changes or issues
encountered during testing do not impact critical network operations.
J. Procedure to be followed:
a. Installation and configuration of Wireshark.
Step 1: Visit the official Wireshark website using any web browser.
Step 2: Click on Download, a new webpage will open with different installers of Wireshark.
Step 3: Downloading of the executable file will start shortly.
Step 4: Now check for the executable file in downloads in your system and run it.
Step 5: It will prompt confirmation to make changes to your system. Click on Yes.
Step 6: Setup screen will appear, click on Next.
Step 7: The next screen will be of License Agreement, click on Noted.

Step 8: This screen is for choosing components, all components are already marked so don’t
change anything just click on the Next button.
Step 9: This screen is of choosing shortcuts like start menu or desktop icon along with file
extensions which can be intercepted by Wireshark, tick all boxes and click on Next button.

226120316072 Page 62
 Cyber Security and Digital Forensics (4361601)

Step 10: The next screen will be of installing location so choose the drive which will have
sufficient memory space for installation. It needed only a memory space of 223.4 MB.
Step 11: Next screen has an option to install Npcap which is used with Wireshark to capture
packets pcap means packet capture so the install option is already checked don’t change
anything and click the next button.

Step 12: Next screen is about USB network capturing so it is one’s choice to use it or not,
click on Install.
Step 13: After this installation process will start.

Step 14: This installation will prompt for Npcap installation as already checked so the
license agreement of Npcap will appear to click on the I Agree button.
Step 15: Next screen is about different installing options of npcap, don’t do anything click
on Install.

226120316072 Page 63
 Cyber Security and Digital Forensics (4361601)

Step 16: After this installation process will start which will take only a minute.
Step 17: After this installation process will complete click on the Next button.

Step 18: Click on Finish after the installation process is complete.

Step 19: After this installation process of Wireshark will complete click on the Next button.

Step 20: Click on Finish after the installation process of Wireshark is complete.
Wireshark is successfully installed on the system and an icon is created on the desktop as
shownbelow:

226120316072 Page 64
 Cyber Security and Digital Forensics (4361601)

b. Perform Password sniffing using Wireshark. (Analyse GET/POST Request)

Wireshark for Pentester: Password Sniffing
Capture HTTP Password
Step 1: First of all, open your Wireshark tool in your window or in Linux virtual machine
and start capturing the network.
Step 2: After starting the packet capturing we will go to the website and login the credential
on that website as you can see in the image.

Step 3: Now after completing the login credential we will go and capture the password in
Wireshark. for that we have to use some filter that helps to find the login credential
through the packet capturing.

Step 4: Wireshark has captured some packets but we specifically looking for HTTP
packets. so in the display filter bar we use some command to find all the captured
HTTP packets.

226120316072 Page 65
 Cyber Security and Digital Forensics (4361601)

Step 5: So there are some HTTP packets are captured but we specifically looking for form
data that the user submitted to the website. for that, we have a separate filter As we
know that there are main two methods used for submitting form data from web pages
like login forms to the server. the methods are- GET & POST

Step 6: So firstly for knowing the credential we use the first method and apply the filter for
the GET methods as you can see below.
http.request.method == "GET"
As you can see in the image there are two packets where the login page was requested
with a GET request as well, but there is no form data submitted with a GET request.

Step 7: Now after checking the GET method if we didn’t find the form data, then we will try

226120316072 Page 66
 Cyber Security and Digital Forensics (4361601)

the POST method for that we will apply the filter on Wireshark as you can see.
http.request.method == "POST"
As you can see we have a packet with form data click on the packet with user info and the
application URL encoded.
Click on the down- HTML form URL Encoded where the login credential is found. login
credential as it is the same that we filed on the website in step 2.
Form item: "uname" = "Tonystark_44"
Form item: "pass" = "tony@1234"

As you can see in the another example in below image the green bar where we apply the filter.

226120316072 Page 67
 Cyber Security and Digital Forensics (4361601)

K. Practical Proposed Suggested task.

 Monitoring HTTPS Packets over SSL or TLS
 Capture Telnet Password
 Capture FTP Password
 Capture SMTP Password
 Analyzing SNMP Community String
 Capture MSSQL Password
 Capture PostgreSQL Password

L. References / Suggestions (lab manual designer should give)

https://www.youtube.com/watch?v=Y-JNp_DDQ9w
https://www.youtube.com/watch?v=wVLcxqXwQPw
https://www.youtube.com/watch?v=bEXEEfbNADs

M. Assessment-Rubrics

Sr. Weightage in Obtained

Performance Indicators Marks
No. % Marks
1 Analyse and identify suitable approach for 25 0-5
problem solving

2 Use of appropriate technology / software / 25 0-5

tools

3 Demonstrate problems as per instructions. 20 0-5

4 Interpret the result and conclusion 15 0-5

5 Prepare a report/presentation for given 15 0-5

problem

Total 100 25

Sign
Date: ……………

226120316072 Page 68