Shantilal Shah Engineering

college

Cyber Forensics
and
Privacy tools
Group Information
Name: - Chhatbar Deep Bharatbhai
En.no : -190430116013

Name: -Gajjar Dhruv Saileshbhai

En.no : -190430116027

Name: -Agravat Dhaval Ashokkumar

En.no : -190430116001
What actually cyber
forensic is?
 Computer forensics is the application of investigation and analysis
technique to gather and preserve evidence from a particular
computing device.
 Cyber forensics which is sometimes referred as computer forensic
science essentially is data recovery with legal compliance
guidelines to make the information admissible in legal
proceedings.
 Digital forensics starts with collection of information in way that
maintains its integrity
 Investigators then analyse the data or system to determine if it was
changed how it was changed and who made the changes
 And also cyber forensics is not always used for crime related
problems
 It uses in data recovery processes as well.
 Relation between cyber
security and cyber forensics
 common: - both focus on the protection of digital assets and
intelligence.
 Difference: -cybersecurity is about prevention, while computer
forensics is about response. Or, in other words: the cybersecurity
team works to implement and maintain a robust information
security system, with the intention of defending an organization
from cyber attacks.
the cyber forensics team works to identify the hack, understand the
source, and recover compromised data. 
 Types of Cyber Forensic….

Web
Network forensics Data
forensics forensics

System Proactive
forensics forensics

Digital E-mail
forensics forensics

Cyber Enterpris
Computer
forensics forensic e
forensics
s
 Cyber forensics investigation
process.
Documentatio
Identification Preservation Analysis Presentation
n

3.Analysis 5.Presentation
1.Identification  Identify tool and  Process of
 to identify the purpose of
technique to use summarization
investigation
 Process data and
 Identify the resource
 Interpret analysis explanation of
required
result. conclusion is
done with the
help of gather
2.Preservation 4.Documentation facts
 Data is isolate secure and  Documentation of
preserve crime screen along
with photographs,
sketching and crime
scene mapping
Disk Imaging
 It is defined as the process and tools used In copying
a physical storage device for conducting
investigations and gathering evidence

 This copy does not just include files which are

visible to the operating system but every bit of data,
every sector partition files folders master boot
records, deleted files and un-allocated spaces the
image is an identical copy of all the drive structures
and contents.

 Tool used for this is EnCase Forensics

Tools used for cyber
forensics
• Disk analysis: Autopsy/the Sleuth Kit

• Image creation: FTK imager

• Memory forensics: volatility

• Windows registry analysis: Registry recon

• Mobile forensics: Cellebrite UFED

• Network analysis: Wireshark

• Linux distributions: CAINE

The Sleuth Kit
 provides code libraries and tools for analyzing disk
images
such as those created with the dd command.

 Sleuth Kit provides several single-purpose

command-line tools for
manipulating disk images and files.

 Sleuth Kit’s file analysis tools focus on finding and

extracting data from a diskimage. Different
commands work on filenames, inodes, and blocks.
Autopsy
 Autopsy is a graphical interface to the
command line digital investigation analysis
tools in The Sleuth Kit. Together, they can
analyze Windows and UNIX disks and file
systems (NTFS, FAT, UFS1/2, Ext2/3).

  As Autopsy is HTML-based, you can

connect to the Autopsy server from any
platform using an HTML browser.
Privacy
Tools
What does privacy mean

 it depends on who you ask. Broadly speaking, privacy

is the right to be let alone, or freedom from
interference or intrusion. Information privacy is the
right to have some control over how your personal
information is collected and used.
Increasing anonymity and
Privacy
 When you surf on internet you will get oceans of
data but how you use that data very important
 We have to be aware about exchanging information
about oneself on internet
 Small piece of information about you will be a key
for hackers to threaten you in future.
 In this world one should have to be very careful
about their privacy
 Using private browsers
the browser could be used to visit porn sites without becoming infected with their
notoriously immense number of tracking cookies, nor having the list of sites visited
appear in the browser’s history. The following table explains how to access this mode
for each of several popular browsers.
Browser Private Browsing Term and Indicator Keyboard Shortcut

Incognito Window
Chrome Indicated by a spy caricature
(fedora, sunglasses, and overcoat) ctrl-shift-n
in the upper-left corner.
InPrivate Browsing
Internet Explorer 10 Indicated by a blue “InPrivate” label to ctrl-shift-p
the left of the address bar.
Private Window
Indicated by a purple menu (as opposed
Mozilla Firefox to the default orange) and a masquerade ctrl-shift-p
mask in the tab.
Private Window (or a Private Tab)
Opera Indicated by an icon in the tab. ctrl-shift-n
Private Browsing
Safari Indicated by a “PRIVATE” label on the
left of the address bar.
Ghostery
 Browsers provide some means to control when to accept cookies,
download images, or block pop-up windows, but they do not do so to a
degree that greatly improves privacy.

addresses this shortcoming by monitoring page content
and cookies for indicators of advertising, tracking, and more.

It’s a browser extension that blocks cookies, links, and images based on
privacy-enhancing policies.
 Ghostery supports all major browsers. Its protection works consistently across
each
of them
The Onion Router(TOR)
 The Tor Project provides a distributed, layered approach to achieving anonymity for
its users.
 It strives not only to prevent an end point (such as a web server) from being able to
reliably track a user by their IP address, but also to prevent each node between the
client and server from being able to monitor the user’s traffic—even if that node is
another participant in the distributed Tor network.
 Tor routes TCP traffic from a client through a random path of relays, or nodes, up to
a penultimate exit relay that routes the client’s traffic to its intended destination.
 Each relay encrypts the client’s message before passing it on
to another relay, which in turn encrypts the message. This layering of encryption
around the original message gives Tor its “onion” metaphor .
 this method of encryption is important to
prevent rogue or malicious nodes from copying the original message. It should be
impossible for someone to tap a circuit and be able to determine who is using the
circuit and what traffic they are sending.
GnuPG
 Encryption protects the confidentiality of data. The GnuPG project
provides tools that implement encryption and cryptographic
signatures to protect messages (like e-mail) or files.
 Encryption prevents others from viewing the plaintext version of a
message.
 A cryptographic signature prevents someone from tampering with
the message (which is possible in spite of encryption) and provides
strong guarantees about the identity of the message’s sender (i.e.,
signing inhibits an attacker from spoofing messages)
What are cookies
 Cookies are text files with small pieces of data — like a username and
password — that are used to identify your computer as you use a
computer network. Specific cookies known as HTTP cookies are used to
identify specific users and improve your web browsing experience.

 Data stored in a cookie is created by the server upon your connection.

This data is labeled with an ID unique to you and your computer.

 When the cookie is exchanged between your computer and the network
server, the server reads the ID and knows what information to
specifically serve to you.
Why cookies can be
dangerous
Since the data in cookies doesn't change, cookies themselves aren't harmful.
They can't infect computers with viruses or other malware. However, some
cyberattacks can hijack cookies and enable access to your browsing
sessions.
The danger lies in their ability to track individuals' browsing histories. To
explain, let’s discuss what cookies to watch out for.
First-Party vs. Third-Party Cookies
Some cookies may pack more of a threat than others depending on where
they come from.
First-party cookies are directly created by the website you are using. These
are generally safer, as long as you are browsing reputable websites or
ones that have not been compromised.
Third-party cookies are more troubling. They are generated by websites
that are different from the web pages users are currently surfing, usually
because they're linked to ads on that page.
Any Questions?
