Cyber Security and Digital Forensics Lab Manual

(4361601)

Information Technology (Gujarat Technological University)

Scan to open on Studocu

Downloaded by Mittal Kachhela

Studocu is not sponsored or endorsed by any college or university

Downloaded by Mittal Kachhela

 Diploma Engineering
Laboratory Manual

Cyber Security And Digital Forensic

(4361601)
[Information Technology, Semester-VI]
Enrolment No
Name
Branch Information Technology
Academic Term 242
Institute Government Polytechnic Ahmedabad

Directorate of Technical Education Gandhinagar –

Gujarat

Downloaded by Mittal Kachhela

 DTE’s Vision:

● To provide globally competitive technical education;

● Remove geographical imbalances and inconsistencies;
● Develop student friendly resources with a special focus on girls’
educationand support to weaker sections;
● Develop programs relevant to industry and create a vibrant pool of
technical professionals.
DTE’s Mission:
• To provide a conducive learning environment to nurture learners.
• To act as a catalyst for achieving academic excellence by bringing stake holders on
same platform.
• To be committed towards continuous improvement and enrichment of learners by
a holistic approach to education so as to enable them to be successful individuals
and responsible citizens of India.

Institute’s Vision:
• To be a leading technical institute that provides transformative education to learners
for achieving competency as per the needs of industry and society, thus contributing
to nation building.

Institute’s Mission:

• To provide a conducive learning environment to nurture learners.

• To act as a catalyst for achieving academic excellence by bringing stake holders on
same platform.
• To be committed towards continuous improvement and enrichment of learners by
a holistic approach to education so as to enable them to be successful individuals
and responsible citizens of India.

Department’s Vision:

• To acquire quality Education, Research and Development in the field of Information

technology meeting the global standards and comply with the ever−growing
technology

Department’s Mission:

• The graduates of our department will be efficient in technical and ethical

responsibilities to become globally recognized by pursuing opportunities for higher
studies and real time problem solving.

Downloaded by Mittal Kachhela

 Certificate

This is to certify that Mr./Ms. Enrollment

No. of 6th Semester of Diploma in
Information Technology of Government Polytechnic
Ahmedabad(617) has satisfactorily completed the term
work in course Cyber Security And Digital Forensic
(4361601) for the academic year: 2024 242
Term:
prescribed in the GTU curriculum.

Place: Government Polytechnic Ahmedabad

Date: ………………….

Signature of Course Faculty Head of the Department

Downloaded by Mittal Kachhela

 Preface
The primary aim of any laboratory/Practical/field work is enhancement of required skills as well as
creative ability amongst students to solve real time problems by developing relevant competencies
in psychomotor domain. Keeping in view, GTU has designed competency focused outcome-based
curriculum -2021 (COGC-2021) for Diploma engineering programmes. In this more time is allotted
to practical work than theory. It shows importance of enhancement of skills amongst students and it
pays attention to utilize every second of time allotted for practical amongst Students, Instructors
and Lecturers to achieve relevant outcomes by performing rather than writing practice in study
type. It is essential for effective implementation of competency focused outcome- based Green
curriculum- 2021. Every practical has been keenly designed to serve as a tool to develop & enhance
relevant industry needed competency in each and every student. These psychomotor skills are very
difficult to develop through traditional chalk and board content delivery method in the classroom.
Accordingly, this lab manual has been designed to focus on the industry defined relevant outcomes,
rather than old practice of conducting practical to prove concept and theory.
By using this lab manual, students can read procedure one day in advance to actual performance
day of practical experiment which generates interest and also, they can have idea of judgement of
magnitude prior to performance. This in turn enhances predetermined outcomes amongst students.
Each and every Experiment /Practical in this manual begins by competency, industry relevant
skills, course outcomes as well as practical outcomes which serve as a key role for doing the
practical. The students will also have a clear idea of safety and necessary precautions to be taken
while performing experiment.
This manual also provides guidelines to lecturers to facilitate student-centered lab activities for
each practical/experiment by arranging and managing necessary resources in order that the students
follow the procedures with required safety and necessary precautions to achieve outcomes. It also
gives an idea that how students will be assessed by providing Rubrics.

Course specific para

Information technology is a modern phenomenon that has dramatically changed the daily
lives of individuals and businesses throughout the world. In today's digital age, mobile
computing has become an essential component of our daily lives. With a mobile computing, we
are capable of doing almost all task that we do by computer, using mobile devices. Therefore, the
knowledge about the various applications areas of mobile computing and networks including
practical skills acquired through the laboratory will help students when he/she will be working
with very dynamic and growing field of mobile computing.
Although we try our level best to design this lab manual, but always there are chances of
improvement. We welcome any suggestions for improvement.

Downloaded by Mittal Kachhela

Programme Outcomes (POs):
1. Basic and Discipline specific knowledge: Apply knowledge of basic mathematics, science
and engineering fundamentals and engineering specialization to solve the engineering
problems.

2. Problem analysis: Identify and analyse well-defined engineering problems using codified
standard methods.

3. Design/ development of solutions: Design solutions for engineering well-defined technical

problems and assist with the design of systems components or processes to meet specified
needs.

4. Engineering Tools, Experimentation and Testing: Apply modern engineering tools and
appropriate technique to conduct standard tests and measurements.

5. Engineering practices for society, sustainability and environment: Apply appropriate

technology in context of society, sustainability, environment and ethical practices.

6. Project Management: Use engineering management principles individually, as a team

member or a leader to manage projects and effectively communicate about well-defined
engineering activities.

7. Life-long learning: Ability to analyse individual needs and engage in updating in the
context of technological changes in field of engineering.

Downloaded by Mittal Kachhela

 Practical Outcome - Course Outcome matrix

Course Outcomes (COs):

CO1: Gain knowledge of information security, including Cryptography and hashing techniques. CO2:
Explain the different types of network and system security techniques and threats.
CO3: Understand the different types cybercrimes and Analyse cybercrime.
CO4: Implement ethical hacking methodologies using Kali Linux, including vulnerability analysis.
CO5: Explain how digital forensics methodologies use for investigate cybercrimes
S. Practical Outcome/Title of experiment CO1 CO2 CO3 CO4 CO5
No
1 a) Implement Private key Cryptography √ - - - -
algorithm DES in python.
(Install des package using pip)
b) Implement Message digest 5 and Secure
Hash Function using python.
2 Implement the RSA Public key Cryptography √ - - - -
algorithm in Python using RSA library.
3 Demonstrate intrusion detection system (ids) using any - √ - - -
tool.(snort or any other s/w)
4 Install Tor browser and perform proxy tunnelling. - √ - - -

5 Perform data hiding using Steganography tool Openstego - - √ - -

(use AES encryption algorithm).
6 Create malicious script for generating multiple - - √ - -
folders using python.
7 Prepare a case study report on 3 different types of - - √ - -
cyber-crimes. ( https://gujaratcybercrime.org)
(https://cybercrime.gov.in)

8 Study Open-source intelligence (OSINT) framework - - - √ -

and perform Information gathering using Username,
Email address , Domain name and IP address.
9 a) Installation and configuration of Kali Linux - - - √ -
in Virtual box/VMware.
b) Perform basic commands in Kali Linux.
10 Perform port scanning using NMAP. - - - √ -

11 a) Installation and configuration of Wireshark. - - - - √

b) Perform Password sniffing using Wireshark.
(Analyse GET/POST Request)
12 Perform Memory forensic using Memoryze tool. - - - - √
(https://fireeye.market/apps/211368)
13 Perform web Artifact analysis and registry analysis using - - - - √
Autopsy. (https://www.sleuthkit.org/autopsy/)
14 Create forensic images of entire local hard drives using - - - - √
FTK IMAGER tool.
(https://go.exterro.com/l/43312/2023-05-03/fc4b78)

Downloaded by Mittal Kachhela

Industry Relevant Skills

The following industry relevant skills are expected to be developed in the students by
performance of experiments of this course.

(2 or 3 skills)

Understand the basic concepts of hacking.

Explain the concepts and digital forensics

Apply knowledge to real−world situations while investigate cyber crime using digital
forensics. And ethical hacking

Guidelines to Course Faculty

1. Course faculty should demonstrate experiment with all necessary implementation strategies
described in curriculum.
2. Couse faculty should explain industrial relevance before starting of each experiment.
3. Course faculty should involve & give opportunity to all students for hands on experience.
4. Course faculty should ensure mentioned skills are developed in the students by asking.
5. Utilise 2 hrs of lab hours effectively and ensure completion of write up with quiz also.
6. Encourage peer to peer learning by doing same experiment through fast learners.

Instructions for Students

1. Organize the work in the group and make record of all observations.
2. Students shall develop maintenance skill as expected by industries.
3. Student shall attempt to develop related hand-on skills and build confidence.
4. Student shall develop the habits of evolving more ideas, innovations, skills etc.
5. Student shall refer technical magazines and data books.
6. Student should develop habit to submit the practical on date and time.
7. Student should well prepare while submitting write-up of exercise.

Downloaded by Mittal Kachhela

 Continuous Assessment Sheet
EnrolmentNo: Term: 242

Name:

Sr. No Marks
Practical Outcome/Title of experiment Page Date Sign
(25)
a) Implement Private key
Cryptography algorithm DES in
1 python.
(Install des package using pip)
b) Implement Message digest 5 and Secure
Hash Function using python.
Implement the RSA Public key Cryptography
2
algorithm in Python using RSA library.
Demonstrate intrusion detection system (ids)
3
using any tool.(snort or any other s/w)
Install Tor browser and perform proxy tunnelling.
4
Perform data hiding using Steganography tool
5
Openstego (use AES encryption algorithm).
Create malicious script for generating multiple folders
6
using python.
Prepare a case study report on 3 different types of
7 cyber-crimes. ( https://gujaratcybercrime.org)
(https://cybercrime.gov.in)
Study Open-source intelligence (OSINT) framework
and perform Information gathering
8
using Username, Email address , Domain name and
IP address.
a) Installation and configuration of Kali Linux
9 in Virtual box/VMware.
b) Perform basic commands in Kali Linux.
10 Perform port scanning using NMAP.
a) Installation and configuration of Wireshark.
11 b) Perform Password sniffing using Wireshark.
(Analyse GET/POST Request)
Perform Memory forensic using Memoryze tool.
12
(https://fireeye.market/apps/211368)
Perform web Artifact analysis and registry analysis
13 using Autopsy.
(https://www.sleuthkit.org/autopsy/)
Create forensic images of entire local hard drives
using FTK IMAGER tool.
14
(https://go.exterro.com/l/43312/2023-05-
03/fc4b78)

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

PRACTICAL – 1

AIM: a. Implement private key cryptography algorithm DES in python.

(Install DES package using PiP)

SOLUTION:
DES is a symmetric encryption algorithm that uses a 64−bit key (8 bytes) to
securely encrypt and decrypt data. DES is widely used in network security,
data protection, and cryptographic research, making it an excellent choice for
learning symmetric encryption in Python.

 Installing DES package using PIP

 Python Implementation

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

 Output :

AIM: b. Implement Message digest 5 and Secure Hash Function using

python. SOLUTION:

 Output

Downloaded by Mittal Kachhela

 Cyber Security and Digital
Forensics(4361601)

PRACTICAL – 2

AIM: Implement the RSA Public key Cryptography algorithm in Python using
RSA library.

SOLUTION:

 Output

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

PRACTICAL – 3

AIM: Demonstrate intrusion detection system (ids) using any tool.(snort or

any other s/w)

SOLUTION:

 Download and Install Snort from https://www.snort.org/downloads

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

 Install WinPcap or Npcap: Required to capture network traffic

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

 Set up Snort Configuration:

 Open the snort.conf file located at :
 C:\Snort\etc\snort.conf
 Define your internal network (HOME_NET):
 var HOME_NET 192.168.1.0/24
 Set the rule path:
 var RULE_PATH C:\Snort\rules

 Add Custom Rules:

 Open the local.rules file in:
 C:\Snort\rules\local.rules
 Add a simple rule to detect ICMP (ping):
 alert icmp any any −> $HOME_NET any (msg:"ICMP
Ping Detected"; sid:1000001; rev:1;)

 Run Snort
 Open Command Prompt as Administrator.
 Test the Snort configuration:

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

 Run Snort in ids mode

 sudo snort -c /etc/snort/snort.conf -i eth0

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

PRACTICAL – 4

AIM: Install Tor browser and perform proxy tunnelling.

SOLUTION:

 Download and Install Tor browser from https://www.torproject.org/

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

 Configure Your Browser (Other than Tor) for Proxy Tunneling

 We'll use the SOCKS5 Proxy provided by Tor Browser .

 For Chrome: Chrome doesn’t have a built-in proxy settings UI, but we
can launch it with the following command:
 google-chrome --proxy-server="socks5://185.220.101.1"

 Verify Proxy Tunneling

 Visit https://check.torproject.org.
 It will show a message like "Congratulations. This browser is
configured to use Tor." if everything is working correctly.

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

PRACTICAL – 5

AIM: Perform data hiding using Steganography tool Openstego (use AES
encryption algorithm).

SOLUTION:

 AES Encryption of Data

 Before embedding your secret data into an image, you need to
encrypt it using the AES algorithm.

 AES encryption is commonly done using a strong key. For this, you can
use various encryption tools or Python scripts.

 Output

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

 Hiding Data in an Image using Openstego

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

PRACTICAL – 6

AIM: Create malicious script for generating multiple folders using python.

SOLUTION:

 Output

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

PRACTICAL – 7

AIM: Prepare a case study report on 3 different types of cyber-crimes. (

https://gujaratcybercrime.org) (https://cybercrime.gov.in)

CASE STUDY:

Cybercrime encompasses illegal activities conducted through digital platforms, exploiting

technology to deceive, steal, or harm individuals and organizations. Below are three
prevalent types of cybercrimes, along with illustrative case studies:

1. Financial Fraud

Case Study: Recovery of ₹35 Lakh from Cyber Fraud

In September 2024, a 66-year-old man in Gujarat was targeted by a fraudster impersonating a

police officer. The scammer falsely claimed that the victim's phone and bank accounts were
linked to anti-national activities, threatening arrest unless a substantial sum was paid. The
victim was coerced into transferring ₹47.62 lakh. Upon realizing the deception, he contacted
the Gujarat Cyber Crime Cell. Through swift action, authorities identified and froze the
suspect's bank accounts, successfully recovering ₹35 lakh for the victim.

2. Online Shopping Fraud

Case Study: Fake Online Seller Scam

Fraudsters often exploit online marketplaces to deceive buyers. They create counterfeit
accounts on platforms like OLX, showcasing high-value items at attractive prices. After
gaining the buyer's trust, they request advance payments. Once the payment is made, the
goods are never delivered. Victims are left with financial losses and no recourse. Such scams
highlight the importance of verifying sellers and using secure payment methods when
shopping online.

3. Data Theft

Case Study: Malware Attack Leading to Data Breach

A company experienced a significant data breach when hackers infiltrated their network
using malware. The malware, which included viruses and trojans, was designed to operate
undetected, allowing the attackers to steal sensitive information such as customer data and
financial records. The breach resulted in substantial financial losses and reputational
damage. This incident underscores the critical need for robust cybersecurity measures,
including regular system updates, employee training, and advanced threat detection systems.

Downloaded by Mittal Kachhela

Cyber Security and Digital
Forensics(4361601)

Preventive Measures

To protect against these cybercrimes:

 Financial Fraud: Be cautious of unsolicited communications requesting personal

or financial information. Verify the identity of the requester through official
channels before sharing any details.
 Online Shopping Fraud: Use reputable platforms with secure payment options.
Check seller reviews and ratings, and avoid making advance payments for items
that seem unusually cheap.
 Data Theft: Implement strong, unique passwords for all accounts. Regularly update
software and antivirus programs to protect against malware. Educate employees
about phishing attacks and safe data handling practices.

Downloaded by Mittal Kachhela