NATIONAL FORENSIC SCIENCES UNIVERSITY, GANDHINAGAR

SCHOOL OF LAW FORENSIC JUSTICE AND POLICY STUDIES

INTERNSHIP REPORT

For the period of Internship from January 03RD to 31ST, 2024

At Cyber Defence Center (CDC), Gandhinagar, Gujarat

For the Academic Session 2023-24

Submitted to:

Internship Assistance Cell

SLFJPS, NFSU

Submitted by:

Soumya Sharma
Enrolment No. - 012301000030002009
LL.M- Cyber Law and Cyber Forensic Investigation & Semester –I
 PREFACE & DECLARATION

This report is an outcome of the 04 weeks of Internship of the School of Law, Forensic
Justice and Policy Studies, National Forensic Sciences University for the student of 01ST
semester of the programme of LL.M –Cyber law and Cyber Crime Investigation. The
main constituents are the report on fieldwork carried out during the internship, the research
on related issues/cases/matter and the weekly report of my work. I have tried my best to do
justice with my activities and put it in black and white with the same effort as I did during the
internship.

I solemnly affirm that the work presented in my internship report is true to the best of my
knowledge. I am fully aware that any inconsistencies or inaccuracies that may be discovered
in this report are entirely my responsibility.

Date: 01-02-2024

Name: Soumya Sharma

Signature of Student:
 ABOUT THE ORGANIZATION

I. Brief about the organization:

Over the past years, computer technology has forced everyone to change the way they do
things. Even criminals have adapted to the information age. The threats of cyber-attacks are
increasingly apparent to individuals and organizations across the globe. From hacking to
phishing, scamming to grooming, and botnets to cyber-terrorism, the variety and ingenuity of
exploits appear to expand constantly.

The unprecedented incidence of crimes in the information and communication systems, made
a compulsion to fill up the vacuum created due to the dearth of experts. This could be
overcome by creating experts in the field of Cyber Security and Digital Forensics. Chances of
getting victimized accidentally are more common in the current era. To sensitize the people
and to protect oneself from landing in such a scenario, there is a need of specialized academic
programs which will ultimately culminate in the expertise. This academia imparts overall
security measures required for the protection through various misadventures with the
electronic systems. It would also provide a comprehensive solution for preventive care and
also for the post-traumatic measures to be taken. It also addresses system vulnerabilities and
the preventative measures that may counter cyber-attacks, including steps to repair systems
weaknesses, prevent repeat occurrences, and collecting and examining digital evidence using
a variety of digital and mobile forensics tools and technology.

The aim of the School of Cyber Security and Digital Forensics is to provide learners with
essential expert technical knowledge, competence, and research skills of the most important
technical concepts of cybersecurity and how they are applied in emerging areas such as
device security and forensics.
II. Organisational structure:

The Centre of Excellence - Cyber Security, previously known as Cyber Defense Centre of
NFSU is the first-ever ISO/IEC 27001 Certified Laboratory in India with the United
Kingdom Accreditation Service (UKAS) Accreditation. The Centre has been notified as the
“Examiner of Electronic Evidences” under 79(a) section of IT Act 2000 by Ministry of
Ministry of Electronics and Information Technology (MeitY) with reference to gadget
notification no:3390 dated August 8, 2023.

The CoE - Cyber Security is a unique setup where cutting-edge tools and technologies are
integrated on a single platform to provide teaching, training, consultancy and research
facilities. In addition to Information Communication Technology (ICT), two important Cyber
verticals - Operational Technology (OT) and Internet of Things (IoT) are recently integrated
on the existing platform. With this future-proof unique setup, training, research and
consultancy activities have significantly taken the upward trend and the entire Cybersecurity
Infrastructure at the CoE - Cyber Security has been brought under the single roof of Centre of
Excellence in Cyber Security.

At CoE - Cyber Security, while students of higher education are given practical hands-on
training, it also offers a wide range of special training to government officers, police and
cyber security experts from more than 70 countries. Besides the coveted certification for the
CoE - Cyber Security, faculty members have been trained and certified as ISO / IEC 17025
who are providing advanced Cyber-Forensic investigation support to some of the most
prestigious organizations in India and abroad.

The vision of NFSU, CoE - Cyber Security is to expose scholars to all postures of Cyber
Security that is, Offensive, Defensive, and Active Defence in a simulated Lab environment
and train future Cyber Security Leaders who can contribute effectively towards the Cyber
security capacity building of India. In this direction the University is focusing on four main
areas, that is, advanced Lab work for students, Research & Development, Training and
Consultancy services in the niche areas of Cyber Security.

With the involvement of faculty and scholars, the CoE - Cyber Security has translated some
cutting-edge research work into functional products. Cyber Kiosk and Mobile OT Audit kits
 are some of the popular products that have been developed under the theme of “Atma Nirbhar
Bharat” with an ultimate objective of securing national ICT and Industry Infrastructure with
indigenously developed Cyber-Forensic tools.

Digital migration is inevitable and so is the increase in Cyber-attack surface from traditional
Corporate environment to Industrial Control System (ICS). This entails full- proof Cyber
security framework for Critical National Infrastructure and sensitive ICT assets. A complete
test bed with 360-degree view on ICT and OT Infrastructure has been built to secure the
sensitive and critical CNIs.

Services Offered -

Cyber Security as-a-Service

 Penetration Testing
 Network Vulnerability Assessment
 Infrastructure and System Hardening
 Cyber Security Governance and Compliance
 End-Point Security
SCADA/OT Security as-a-Service
 Security Audit and Assessment
 Industrial Malware Detection and Analysis
 Intelligent Security Operation Center
Secure Software Engineering
 Application Security Software Development Life-Cycle Assurance
 Application Security Review and Threat Modeling
 Secure Coding Configuration Review & Application Security Testing
 Application Security Risk Assessment
SOC as-a-Service
 Real Time Security Monitoring
 End-Point Protection Solution
 Cyber Threat Identification & Alerting Services
 Patch Management
 Vulnerability Management
 Cyber Emergency Response Services
 Malware Detection & Analysis
 Compliance Monitoring
Digital Forensics as-a-Service
 Forensic Data Collection
 Computer Forensics
 Mobile Forensics
 Network Forensics
 Live Forensics
 Malware Detection and Analysis
Training and Capacity Building
Research & Development

III. Department(s) interned in: Cyber Defence Center (CDC) – Lab

IV. Information regarding Connections:

Mr. Darsh Patel - Senior Scientific Officer

Mr. Ranjit Karmahapatra - Junior Scientific Officers
Mr. Pruthvirajsinh Parmar - Junior Scientific Officers
Mr. Rudrasinh Rajput - Scientific Assistant

V. Any other relevant information: N/A

 WORKSHEET: WEEK 01

Sr. Date Details of Work

No
.
01
03.01.24, 1. Introduction to Vulnerability Assessment and Penetration Testing (VAPT):
04.01.24, Vulnerability Assessment and Penetration Testing (VAPT) stand at the forefront o
05.01.24, cybersecurity, playing a pivotal role in identifying and mitigating potential security risk
08.01.24 within an organization's infrastructure. VAPT is a comprehensive approach that combine
both vulnerability assessment and penetration testing, ensuring a holistic evaluation of th
system's resilience against potential threats.

2. Phases of Penetration Testing:

A penetration tester engages in a structured series of phases to comprehensively evaluat

a system's security posture. These phases include reconnaissance, where information i
gathered; scanning, to identify vulnerabilities; exploitation, to simulate an attack; post
exploitation, to assess the impact; and reporting, summarizing the findings an
recommending remediation measures.

3. Differentiating Security Processes:

To establish clarity in the realm of cybersecurity, it is essential to differentiate betwee

key security processes. Penetration Testing, Security Audit, Vulnerability Assessmen
and Penetration Testing each serve distinct roles and objectives. Understanding thes
differences is crucial for organizations to implement a well-rounded security strategy.

4.Types of Security Testing:

Each type focuses on unique aspects of an organization's infrastructure to ensur

comprehensive security coverage.

5. Penetration Testing Methodologies:

Commonly adopted methodologies in penetration testing include industry standards. Th

frameworks guide penetration testers in conducting thorough assessments, followin
structured processes to identify vulnerabilities and potential exploits.
 6. Optimal Timing for Testing:

Determining the ideal timing for vulnerability assessments and penetration tests is critica
Proactive testing throughout the software development life cycle ensures that potentia
vulnerabilities are identified and addressed early on, minimizing the risk of exploitatio
during production.

7. Dynamic Application Security Testing (DAST) and Static Application Security Testin
(SAST): Dynamic Application Security Testing (DAST) and Static Application Securit
Testing (SAST) are integral components of security testing.

8. Phases of Scanning Process: The scanning process involves meticulous phases

including information gathering, vulnerability scanning, thorough analysis, an
comprehensive reporting. Each phase is crucial in uncovering potential weaknesses an
providing actionable insights for enhancing security measures.

9. Life Cycle of VAPT: This comprehensive life cycle ensures a systematic and thoroug
evaluation of an organization's security posture.

10. Vulnerability Assessment and Penetration Testing Techniques: These techniques pla
a vital role in identifying vulnerabilities and potential points of compromise within a
organization's infrastructure.

11. Hacker's Attack Vectors: Exploring the diverse sources of attack vectors used b
malicious hackers provides valuable insights into potential threats. Social engineering
phishing attacks, and the exploitation of software vulnerabilities are among the commo
tactics employed by hackers, underscoring the importance of robust security measures.

WORKSHEET: WEEK 02

Signature & Seal of the Supervisor Signature of the Student

 Sr. Date Details of Work
No.
02.
09.01.24, 1. Website Architecture in Organizations:
10.01.24, Concept: The website architecture adopted by organizations encompasses the
11.01.24, structure, components, and design principles governing the organization's web
12.01.24, presence.
15.01.24 Components: Includes components such as the user interface, server-side scripting,
database management, and security protocols. These components work
collaboratively to deliver a seamless and secure online experience.

2. Organizational Architecture:

Concept: Organizational architecture refers to the overall structure and design of an

organization, encompassing its processes, technology, and human resources.

Components: Comprises organizational structure, business processes, technology

infrastructure, and human resources. Effective organizational architecture ensures
alignment with strategic goals.

3. Role of CIA and TRAID in Digital and Physical Sphere:

CIA (Confidentiality, Integrity, Availability): In both digital and physical realms, CIA
ensures the protection of sensitive information, maintenance of data accuracy, and
accessibility as needed.

TRAID (Threat, Vulnerability, Risk, Asset, Impact, and Design): In risk management,
TRAID aids in identifying threats, vulnerabilities, assessing risks, protecting assets,
evaluating potential impacts, and designing effective risk mitigation strategies.

4. Difference between Vulnerability, Threat, and Risk:

Vulnerability: Weaknesses in a system that can be exploited.

Threat: Potential danger that may exploit vulnerabilities.

Risk: The likelihood of a threat exploiting a vulnerability, leading to potential harm.

 5. Software Development Life Cycle (SDLC):

A structured approach to software development, comprising phases such as planning,

design, development, testing, deployment, and maintenance.

6. Secure Development Life Cycle (SDLC):

Integrates security measures into each phase of the software development life cycle,
ensuring that security is prioritized from the initial design to the final deployment.

7. Tools Required to Set Up Lap in a Laptop:

Software like Kali Linux, VMware were used to run VAPT test.

8. Risk Management Matrix:

Concept: A tool used for risk assessment and management, involving the
identification of risks, their likelihood, impact, and appropriate mitigation strategies.

Components: Involves defining risk categories, assigning probabilities, determining

impact severity, and establishing risk management strategies.

Signature & Seal of the Supervisor Signature of the Student

WORKSHEET: WEEK 03
Sr. No. Date Details of Work
03. 17.01.24,
18.01.24, 1. Common Vulnerability Score System (CVSS) in Cybersecurity:
19.01.24,
Concept: CVSS is a standardized system for assessing and scoring vulnerabilities
22.01.24,
in computer systems. It provides a quantitative measure to evaluate the severity of
23.01.24 security vulnerabilities.

2. Physical and Software Structure of Corporate Infrastructure Architecture:

Physical Structure: Encompasses hardware components such as servers, routers,

and data centers.

Software Structure: Includes operating systems, applications, databases, and

network protocols forming the digital foundation.

3. Damn Vulnerability Linux, Vulnerability Linux Server, Kali Linux:

Damn Vulnerability Linux: A deliberately vulnerable Linux distribution for

educational and training purposes.

Vulnerability Linux Server: Refers to a Linux server intentionally configured with

vulnerabilities for educational use.

Kali Linux: A Linux distribution designed for penetration testing and ethical
hacking.

4. Layers Involved in Forming the IT Infrastructure:

Encompasses physical layer (hardware), data link layer (network switches),

network layer (routers), transport layer (TCP/UDP), session layer, presentation
layer, and application layer.

5. n-map Command and Command Line Interface:

n-map Command: A network scanning tool used to discover hosts and services on
a computer network.

Command Line Interface: A text-based interface enabling users to interact with a

 computer program through commands.

6. Study on OSI Model and ISO 27001:

OSI Model: A conceptual framework defining the functions of a

telecommunications or computing system, organized into seven layers.

ISO 27001: An international standard providing a systematic approach to

managing sensitive information and ensuring information security.

7. Components Defining Each Layer of OSI Model:

Physical Layer: Cables, connectors, and network interface cards.

Data Link Layer: Switches and network bridges.

Network Layer: Routers.

Transport Layer: Gateways and firewalls.

Session Layer: Dialog control and synchronization.

Presentation Layer: Data translation, encryption, and compression.

Application Layer: End-user services and network processes.

8. Practical Pen-test on Kali Linux:

Performed practical penetration testing: Involved actively assessing the security of

a system or network using Kali Linux tools and methodologies

Signature & Seal of the Supervisor Signature of the Student

WORKSHEET: WEEK 04
 Sr. Date Details of Work
No.
04 24.01.24,
1. CBI Organization Structure, Roles, and Responsibilities:
28.01.24 to
Organization Structure: Central Bureau of Investigation (CBI) operates under the
31.01.24
administrative control of the Department of Personnel and Training in the Ministry of
Personnel, Public Grievances, and Pensions.

Roles and Responsibilities: Encompass investigating and combating corruption,

economic offenses, special crimes, and other high-profile cases. It functions as the
national investigative agency of India.

2. Concept of Disk Cloning and Disk Imaging:

Disk Cloning: The process of creating an identical copy of an entire hard drive or a
partition, duplicating its structure and content.

Disk Imaging: Creating a compressed or uncompressed file containing the entire

contents and structure of a storage device, facilitating backup and forensic analysis.

3. Concept of Hard Device Interface Since 1990’s Until Today:

Hard device interfaces have undergone significant advancements in terms of speed,

efficiency, and compatibility.

4. HPA and DCO Roles in Forensic Examination:

HPA (Host Protected Area): A reserved space on a hard drive not normally visible to
the operating system, used for storing system utilities.

DCO (Device Configuration Overlay): Similar to HPA, DCO allows a portion of the
hard drive to be hidden, potentially containing evidence or malicious activities.

5. Tools Used – Wright Blocker, VAPT, Forensic Falcon-NEO:

Wright Blocker: A digital forensics tool used for write-blocking, ensuring data
integrity during forensic investigations.

VAPT (Vulnerability Assessment and Penetration Testing): A comprehensive

 approach to identifying and mitigating security vulnerabilities in a system.

Forensic Falcon-NEO: A forensic imaging tool designed for capturing and analysing
digital evidence in a forensically sound manner.

6. Concepts Related to Mobile Forensic:

Tests Conducted: Involves extracting, analysing, and preserving digital evidence from
mobile devices using specialized tools.

Types of Acquisitions: Logical, physical, and file system acquisitions to retrieve

different levels of data from mobile devices.

Considerations: Maintaining chain of custody, avoiding contamination, and adhering

to legal protocols while conducting mobile forensic tests.

7. Oxygen Forensic Device Extradition:

Tool Used for Examination: Oxygen Forensic Device Extradition is a forensic

software tool used to extract and analyse data from mobile devices, supporting
various platforms.

8. Comparative Study on India and Germany in Data Privacy Laws and Forensic
Investigation:

Research Work: Conducted a comparative study on the data privacy laws and forensic
investigation practices in India and Germany, exploring similarities, differences, and
legal frameworks.

Signature & Seal of the Supervisor Signature of the Student

 LEARNING OUTCOMES

1. Understanding the significance of Vulnerability Assessment and Penetration Testing in

cybersecurity. Recognizing the phases involved in penetration testing, from reconnaissance to
reporting.

2. Differentiating between key security processes: Penetration Testing, Security Audit,

Vulnerability Assessment.

3. Grasping the concept of website architecture and its components in organizational settings.

4. Understanding the components of organizational architecture, including structure,

processes, technology, and human resources.

5. Familiarity with the Common Vulnerability Score System and its role in assessing and
scoring vulnerabilities.

6. Knowledge of the organization structure and responsibilities of the Central Bureau of

Investigation (CBI).

7. Understanding concepts of disk cloning and imaging in the context of forensic analysis.

8. Practical Work Experience:

-Awareness of tools used in digital forensics, such as Wright Blocker, VAPT, and Forensic
Falcon-NEO.

- Exploring intentionally vulnerable Linux distributions like Damn Vulnerability Linux and
tools like Kali Linux for penetration testing.

- Working with the Oxygen Forensic Device Extradition tool and its application in mobile
device examinations.

9. Comparative study skills, specifically in analyzing data privacy laws and forensic
investigation practices in India and Germany.

These learning outcomes collectively provide a foundational understanding of cybersecurity,

penetration testing, website architecture, organizational and infrastructure security, digital
forensics, and international perspectives on data privacy and forensic investigation.