Cyber Forensics & Investigation

An Introduction

Dr. Aju D
Vellore Institute of Technology, Vellore
 Course Objectives
To present the students with a comprehensive understanding of
digital forensic principles and the collection, preservation and
analysis of digital evidence.

To enlighten the importance of forensic principles and procedures,

legal considerations, digital evidence controls and the
documentation of forensic analysis.

To develop an understanding of the different applications and

methods for conducting network and digital forensic acquisition and
analysis.
 Course Outcomes
Explain the responsibilities and liabilities of a computer forensic
investigator.

Plan and prepare for an incident requiring computer forensic skills.

Seize a computer from a crime scene without damaging it or risking it

becoming inadmissible in the court of law.

Identify potential sources of electronic evidence.

Understand the importance of maintaining the integrity of digital

evidence.

Demonstrate the ability to perform basic forensic data acquisition

and analysis using computer and network based applications and
utilities.

Demonstrate the ability to accurately document forensic procedures

and results.
 Syllabus
Module 1: Understanding Cyber Forensics and Legal Aspects -
Forensics Fundamentals; Computer Forensics and Law Enforcement
– Indian Cyber Forensics – Forensics Services, Professional Forensic
Methodology – Types of Forensic Technology, Forensics System and
Services: Forensics on – Internet usage – Intrusion – Firewall and
Storage Area Network; Occurrence of Cyber – Crimes – Cyber
Detectives – Fighting Cyber Crimes – Forensic Process.

Module 2: Computer Forensics – Data backup and recovery – Test

Disk Suite, Data recovery solution, Hiding and recovering hidden
data, Evidence collection and data seizure.

Module 3: Digital Forensics and Preservation: Digital repositories –

Evidence collection – Data preservation approaches – Meta data and
historic records – Legal aspects.
 Syllabus
Module 4: Forensic Data Analysis: Basic steps of forensic analysis in
Windows and Linux – Forensic scenario – Email analysis – File signature
analysis - Hash analysis – Forensic examination of log files.

Module 5: Mobile device security and forensics: Introduction to mobile

forensics – Android Device – Analysis – Android malware – iOS forensic
analysis – SIM Forensic analysis – Case study.

Module 6: Cloud forensics: Working with the cloud vendor, obtaining

evidence, reviewing logs and APIs

Module 7: Current computer forensic tools: Overview of different

software packages – Encase – Autopsy – Magnet – Wireshark – Mobile
forensic tools – SQLite, Case study report preparation: A real forensic case
study – processing a complete forensic case – Preparing forensic report.

Module 8: Contemporary Issues: To be handled by experts from industry.

 Evaluation Procedure

CAT-1, CAT-2

DA-1, DA-2, DA-3 (optional)

Quiz

TEE

Research Article (Comparative Analysis / Survey / Implementation)

Statistics
Statistics
Statistics
Statistics
Statistics
Statistics
Statistics
An Overview of Computer Forensics
Computer / Digital forensics
The application of computer science and investigative
procedures for a legal purpose
involving the analysis of digital evidence after proper search
authority, chain of custody, validation with mathematics, use of
validated tools, reporting, and possible expert presentation.

In October 2012, an ISO standard for digital forensics was

ratified.
 An Overview of Computer Forensics

The Federal Rules of Evidence (FRE) was created to

ensure consistency in federal proceedings
Signed into law in 1973
Many states’ rules map to the FRE

FBI Computer Analysis and Response Team (CART) was

formed in 1984 to handle cases involving digital evidence

By late 1990s, CART teamed up with Department of

Defense Computer Forensics Laboratory (DCFL)
 Constitution of India

Constitution
of
India
 Indian Laws

Law Types

Criminal Law

Civil Law

Common Law

Statutory Law
 Cyber Law (IT Law) in India

Cyber Law also called IT Law is the law regarding Information-

technology including computers and internet.

It is related to legal informatics and supervises the digital

circulation of information, software, information security and e-
commerce.
 Importance of Cyber Law

It covers all transaction over internet.

It keeps eyes on all activities over internet.

It touches every action and every reaction in cyberspace.

 Importance of Cyber Law

Areas of Cyber Law

Fraud
Copyright
Defamation
Harassment and Stalking
Freedom of Speech
Trade Secrets
Contracts and Employment Law
Computer Forensics and Other Related
Disciplines
Forensics investigators often work as part of a team, known
as the investigations triad.

The Investigations Triad

Computer Forensics and Other Related
Disciplines
Vulnerability/threat assessment and risk management
Tests and verifies the integrity of stand-alone workstations
and network servers.

Network intrusion detection and incident response

Detects intruder attacks by using automated tools and
monitoring network firewall logs.

Digital investigations
Manages investigations and conducts forensics analysis of
systems suspected of containing evidence.
 Who are Intruders ?


Masquerader: An individual who is unauthorized to use the
computer and who penetrates a system’s access controls
to exploit a legitimate user’s account.


Misfeasor: A legitimate user who access data, programs or
resources for which such access is not authorized.


Clandestine User: A individual who seizes supervisory
control of the system and uses this control to avoid
auditing or access control.
 Examples of Intrusion

Performing a remote root compromise of an email
server.

Guessing and cracking passwords.

Copying a database containing credit card numbers.

Viewing sensitive data, including payroll records and
medical information without authorization.

Running a packet sniffer on a workstation to capture
usernames and passwords.
 Examples of Intrusion
Using a anonymous FTP server to distributed software
and music files.

Dialling into an unsecured modem and gaining internal

network access.

Posing as an executive, calling the help desk, resetting

the executive’s email password.

Using and unattended logged-in workstation without

permission.
 An Overview of a Computer Crime

Computers can contain information that helps law

enforcement determine:
Chain of events leading to a crime
Evidence that can lead to a conviction

Law enforcement officers should follow proper procedure

when acquiring the evidence
Digital evidence can be easily altered by an overeager
investigator

A potential challenge: information on hard disks might be

password protected so forensics tools may be need to be
used in your investigation
 Computer Crime ?

Computer crime is an act performed by a knowledgeable

computer user, sometimes referred to as a hacker that illegally

browses or steals a company’s or individual’s private

information.
 Examples of Computer Crimes
Child Pornography  Harvesting
Copyright Violation  Human Trafficking
Cyber Terrorism  Identity Theft
Cyber bullying  Illegal Sales
Denial of Service  Intellectual Property Theft

Espionage  IPR Violation

Fraud
 Phishing
 Salami Slicing
Software Piracy
 Scam
Cracking
 Slander
Cyber Squatting
 Typo Squatting
Creating Malwares  Unauthorized Access
Spamming  Wiretapping
Spoofing
 Examples of Computer Crimes
Child Pornography

A study by UNICEF found that 1 out of 3 girls and 1 out of 5 boys
were likely to be sexually assaulted before they reach the age of 18,
and in a startling revelation, also found that 90% of these children
know their offenders.


According to market figures from the National Center for Sexual
Abuse (NCSA), child pornography is one of the fastest growing
online businesses and India is among its biggest consumers and
contributors.


Consumption of child pornography content in India has spiked by 95
per cent amid lockdown, according to a recent report by an NGO
India Child Protection Fund (ICPF).


In India, a pornographic video is captured every 40 seconds, about
38 percent of which are linked to child sexual abuse.


 Examples of Computer Crimes
Child Pornography

• I.P.C 375 – Rape (1860)

• I.P.C 354 – Outraging the Modesty of a Woman (1860)
• I.P.C 377 – Unnatural Offences (1860)

• The Protection of Children from Sexual Offenses (POCSO) Act (2012)

• The Information Technology Bill – Section 67, 67B
 Examples of Computer Crimes
Child Pornography

Copyright Violation
 Examples of Computer Crimes
Child Pornography

Copyright Violation
• Copyright Act 1958
• Patents Act 1970
• Trademark Act 2003
• Designs Act 2000
 Examples of Computer Crimes
Child Pornography

Copyright Violation

Cracking

Cyber Terrorism

Cyber bullying

Cyber Squatting

Creating Malwares

Denial of Service Attack

Espionage  The Official Secret Act (1923)

 Examples of Computer Crimes
Child Pornography

Copyright Violation

Cracking

Cyber Terrorism

Cyber bullying

Cyber Squatting

Creating Malwares

Denial of Service Attack

Espionage

Fraud

Software Piracy
aka: Th3Dir3ctorY
Spamming

Spoofing
“we are in your emails and computer
systems, watching and recording your every
move, we have your names and addresses,
we are in your emails and social media
accounts, we are extracting confidential data
and passing on your personal information to
the soldiers of the khilafah, who soon with
the permission of Allah will strike at your
necks in your own lands!”
 Examples of Computer Crimes
Child Pornography

Copyright Violation

Cracking

Cyber Terrorism

Cyber bullying

Cyber Squatting

Creating Malwares

Denial of Service Attack

Espionage

Fraud

Software Piracy
Information Technology Act (S/66F) - 2009
Spamming

Spoofing
 Examples of Computer Crimes
Child Pornography

Copyright Violation

Cracking

Cyber Terrorism

Cyber bullying
 Examples of Computer Crimes
Child Pornography

Copyright Violation

Cracking

Cyber Terrorism

Cyber bullying

Cyber Squatting

Creating Malwares

Denial of Service Attack

 Information Technology Act (66-f) 2000
 Examples of Computer Crimes
Espionage

 The Official Secret Act (1923)

 Examples of Computer Crimes
Child Pornography

Copyright Violation

Cracking

Cyber Terrorism

Cyber bullying

Cyber Squatting

Creating Malwares

Denial of Service Attack

Espionage

Fraud

Software Piracy

Spamming

Spoofing
 Examples of Computer Crimes
Child Pornography

Copyright Violation

Cracking

Cyber Terrorism

Cyber bullying

Cyber Squatting

Creating Malwares

Denial of Service Attack

Espionage

Fraud

Software Piracy

Spamming

Spoofing
 Software Piracy Types
Software piracy is the illegal copying, distribution, or use of
software.

Softlifting: Borrowing and installing a copy of a software

application from a colleague.

Client-server overuse: Installing more copies of the software than

you have licenses for.

Hard-disk loading: Installing and selling unauthorized copies of

software on refurbished or new computers.

Counterfeiting: Duplicating and selling copyrighted programs.

Online piracy: Typically involves downloading illegal software

from peer-to-peer network.
 Examples of Computer Crimes
Child Pornography  Harvesting
Copyright Violation  Human Trafficking
Cyber Terrorism  Identity Theft
Cyber bullying  Illegal Sales
Denial of Service  Intellectual Property Theft

Espionage  IPR Violation

Fraud
 Phishing
 Salami Slicing
Software Piracy
 Scam
Cracking
 Slander
Cyber Squatting
 Typo Squatting
Creating Malwares  Unauthorized Access
Spamming  Wiretapping
Spoofing