Professional Documents
Culture Documents
Internship Report 1
Internship Report 1
INTERNSHIP REPORT
Submitted to:
Submitted by:
Soumya Sharma
Enrolment No. - 012301000030002009
LL.M- Cyber Law and Cyber Forensic Investigation & Semester –I
PREFACE & DECLARATION
This report is an outcome of the 04 weeks of Internship of the School of Law, Forensic
Justice and Policy Studies, National Forensic Sciences University for the student of 01ST
semester of the programme of LL.M –Cyber law and Cyber Crime Investigation. The
main constituents are the report on fieldwork carried out during the internship, the research
on related issues/cases/matter and the weekly report of my work. I have tried my best to do
justice with my activities and put it in black and white with the same effort as I did during the
internship.
I solemnly affirm that the work presented in my internship report is true to the best of my
knowledge. I am fully aware that any inconsistencies or inaccuracies that may be discovered
in this report are entirely my responsibility.
Date: 01-02-2024
Signature of Student:
ABOUT THE ORGANIZATION
Over the past years, computer technology has forced everyone to change the way they do
things. Even criminals have adapted to the information age. The threats of cyber-attacks are
increasingly apparent to individuals and organizations across the globe. From hacking to
phishing, scamming to grooming, and botnets to cyber-terrorism, the variety and ingenuity of
exploits appear to expand constantly.
The unprecedented incidence of crimes in the information and communication systems, made
a compulsion to fill up the vacuum created due to the dearth of experts. This could be
overcome by creating experts in the field of Cyber Security and Digital Forensics. Chances of
getting victimized accidentally are more common in the current era. To sensitize the people
and to protect oneself from landing in such a scenario, there is a need of specialized academic
programs which will ultimately culminate in the expertise. This academia imparts overall
security measures required for the protection through various misadventures with the
electronic systems. It would also provide a comprehensive solution for preventive care and
also for the post-traumatic measures to be taken. It also addresses system vulnerabilities and
the preventative measures that may counter cyber-attacks, including steps to repair systems
weaknesses, prevent repeat occurrences, and collecting and examining digital evidence using
a variety of digital and mobile forensics tools and technology.
The aim of the School of Cyber Security and Digital Forensics is to provide learners with
essential expert technical knowledge, competence, and research skills of the most important
technical concepts of cybersecurity and how they are applied in emerging areas such as
device security and forensics.
II. Organisational structure:
The Centre of Excellence - Cyber Security, previously known as Cyber Defense Centre of
NFSU is the first-ever ISO/IEC 27001 Certified Laboratory in India with the United
Kingdom Accreditation Service (UKAS) Accreditation. The Centre has been notified as the
“Examiner of Electronic Evidences” under 79(a) section of IT Act 2000 by Ministry of
Ministry of Electronics and Information Technology (MeitY) with reference to gadget
notification no:3390 dated August 8, 2023.
The CoE - Cyber Security is a unique setup where cutting-edge tools and technologies are
integrated on a single platform to provide teaching, training, consultancy and research
facilities. In addition to Information Communication Technology (ICT), two important Cyber
verticals - Operational Technology (OT) and Internet of Things (IoT) are recently integrated
on the existing platform. With this future-proof unique setup, training, research and
consultancy activities have significantly taken the upward trend and the entire Cybersecurity
Infrastructure at the CoE - Cyber Security has been brought under the single roof of Centre of
Excellence in Cyber Security.
At CoE - Cyber Security, while students of higher education are given practical hands-on
training, it also offers a wide range of special training to government officers, police and
cyber security experts from more than 70 countries. Besides the coveted certification for the
CoE - Cyber Security, faculty members have been trained and certified as ISO / IEC 17025
who are providing advanced Cyber-Forensic investigation support to some of the most
prestigious organizations in India and abroad.
The vision of NFSU, CoE - Cyber Security is to expose scholars to all postures of Cyber
Security that is, Offensive, Defensive, and Active Defence in a simulated Lab environment
and train future Cyber Security Leaders who can contribute effectively towards the Cyber
security capacity building of India. In this direction the University is focusing on four main
areas, that is, advanced Lab work for students, Research & Development, Training and
Consultancy services in the niche areas of Cyber Security.
With the involvement of faculty and scholars, the CoE - Cyber Security has translated some
cutting-edge research work into functional products. Cyber Kiosk and Mobile OT Audit kits
are some of the popular products that have been developed under the theme of “Atma Nirbhar
Bharat” with an ultimate objective of securing national ICT and Industry Infrastructure with
indigenously developed Cyber-Forensic tools.
Digital migration is inevitable and so is the increase in Cyber-attack surface from traditional
Corporate environment to Industrial Control System (ICS). This entails full- proof Cyber
security framework for Critical National Infrastructure and sensitive ICT assets. A complete
test bed with 360-degree view on ICT and OT Infrastructure has been built to secure the
sensitive and critical CNIs.
Services Offered -
Determining the ideal timing for vulnerability assessments and penetration tests is critica
Proactive testing throughout the software development life cycle ensures that potentia
vulnerabilities are identified and addressed early on, minimizing the risk of exploitatio
during production.
7. Dynamic Application Security Testing (DAST) and Static Application Security Testin
(SAST): Dynamic Application Security Testing (DAST) and Static Application Securit
Testing (SAST) are integral components of security testing.
9. Life Cycle of VAPT: This comprehensive life cycle ensures a systematic and thoroug
evaluation of an organization's security posture.
10. Vulnerability Assessment and Penetration Testing Techniques: These techniques pla
a vital role in identifying vulnerabilities and potential points of compromise within a
organization's infrastructure.
11. Hacker's Attack Vectors: Exploring the diverse sources of attack vectors used b
malicious hackers provides valuable insights into potential threats. Social engineering
phishing attacks, and the exploitation of software vulnerabilities are among the commo
tactics employed by hackers, underscoring the importance of robust security measures.
WORKSHEET: WEEK 02
2. Organizational Architecture:
CIA (Confidentiality, Integrity, Availability): In both digital and physical realms, CIA
ensures the protection of sensitive information, maintenance of data accuracy, and
accessibility as needed.
TRAID (Threat, Vulnerability, Risk, Asset, Impact, and Design): In risk management,
TRAID aids in identifying threats, vulnerabilities, assessing risks, protecting assets,
evaluating potential impacts, and designing effective risk mitigation strategies.
Integrates security measures into each phase of the software development life cycle,
ensuring that security is prioritized from the initial design to the final deployment.
Software like Kali Linux, VMware were used to run VAPT test.
Concept: A tool used for risk assessment and management, involving the
identification of risks, their likelihood, impact, and appropriate mitigation strategies.
WORKSHEET: WEEK 03
Sr. No. Date Details of Work
03. 17.01.24,
18.01.24, 1. Common Vulnerability Score System (CVSS) in Cybersecurity:
19.01.24,
Concept: CVSS is a standardized system for assessing and scoring vulnerabilities
22.01.24,
in computer systems. It provides a quantitative measure to evaluate the severity of
23.01.24 security vulnerabilities.
Kali Linux: A Linux distribution designed for penetration testing and ethical
hacking.
n-map Command: A network scanning tool used to discover hosts and services on
a computer network.
WORKSHEET: WEEK 04
Sr. Date Details of Work
No.
04 24.01.24,
1. CBI Organization Structure, Roles, and Responsibilities:
28.01.24 to
Organization Structure: Central Bureau of Investigation (CBI) operates under the
31.01.24
administrative control of the Department of Personnel and Training in the Ministry of
Personnel, Public Grievances, and Pensions.
Disk Cloning: The process of creating an identical copy of an entire hard drive or a
partition, duplicating its structure and content.
HPA (Host Protected Area): A reserved space on a hard drive not normally visible to
the operating system, used for storing system utilities.
DCO (Device Configuration Overlay): Similar to HPA, DCO allows a portion of the
hard drive to be hidden, potentially containing evidence or malicious activities.
Wright Blocker: A digital forensics tool used for write-blocking, ensuring data
integrity during forensic investigations.
Forensic Falcon-NEO: A forensic imaging tool designed for capturing and analysing
digital evidence in a forensically sound manner.
Tests Conducted: Involves extracting, analysing, and preserving digital evidence from
mobile devices using specialized tools.
8. Comparative Study on India and Germany in Data Privacy Laws and Forensic
Investigation:
Research Work: Conducted a comparative study on the data privacy laws and forensic
investigation practices in India and Germany, exploring similarities, differences, and
legal frameworks.
3. Grasping the concept of website architecture and its components in organizational settings.
5. Familiarity with the Common Vulnerability Score System and its role in assessing and
scoring vulnerabilities.
7. Understanding concepts of disk cloning and imaging in the context of forensic analysis.
-Awareness of tools used in digital forensics, such as Wright Blocker, VAPT, and Forensic
Falcon-NEO.
- Exploring intentionally vulnerable Linux distributions like Damn Vulnerability Linux and
tools like Kali Linux for penetration testing.
- Working with the Oxygen Forensic Device Extradition tool and its application in mobile
device examinations.
9. Comparative study skills, specifically in analyzing data privacy laws and forensic
investigation practices in India and Germany.