D Y Patil International University

School of Computer Science, Engineering, and Applications

Academic Year 2022-2023

Practical Assignment No. 6

Name : Pranil Choudhari

PRN :20220804036

Class: MCA-SEM II Subject: Cyber Security and Applications

Date 06 / 04 /2023

Experiment 6: Forensics

a. To demonstrate the use of SQL injection or cross-site scripting as a hacking tool.

b. Use any mobile forensic tool and demonstrate the evidence collection procedure and investigate

the various evidence on the mobile phone.

c. Considering email forensics, analyze the various useful elements of email header

d. Investigate the various types of system logs and network logs for successful network forensics.

Experiment – A

Aim: - To demonstrate the use of SQL injection or cross side scripting

as a hacking tool.

SQL Injection:
SQL Injection is a code injection technique, used to attack data
driven applications. It is method to attack web applications that have
a data repository. The attacker sends a specially crafted SQL
statement that is designed to cause a malicious action.

Procedure:
• Go to the site https://demo.testfire.net
• Type the username and password and click on Login.
 • Now sign out and use this statement “ ‘or 1=1-- ” as
username and type any random password.
• Then, you will be logged in.

Experiment – B

Aim: - Use any mobile forensic tool and demonstrate the evidence
collection procedure and investigate the various evidence on mobile
phone.

Mobile Forensics:
Mobile Forensics is a branch of Digital Forensics and it is about the
acquisition and the analysis of mobile devices to recover digital
evidence of investigative interest. Mobile Forensic tools help to
unlock and perform full data extraction from a phone, whether it is
an android or iphone device.
Examples: Mobiedit, cellebrite, ufed and dfs101.
 Experiment – C

Aim: - Considering email forensics, analyse the various useful

elements of email header.

Email:
Email is Electronic equivalent of a letter or a memo. All the email
communication on the internet is governed by rules and regulations
laid by SMTP and POP(Post Office Protocol).
• Each time an Email has to be sent the sender connects to a
local mail server and uses predefined SMTP commands to
create and send the email.
• The local server then uses the SMTP protocol to route the email
through several other interim mail servers, until it reaches its
destination.
• The SMTP protocol is used to send email while the POP
protocol is used to receive them.

Email Header:
• Open your email inbox.
• Click on any mail then, click on more options and click on Show
Original.
• You will be able to see Message ID, Created on, time taken for
mail to get delivered and Subject.
• Go to an email header analyser:
https://www.whatismyip.com/email-header-analyzer/
• Copy the content and paste the body and click analyze.
• After sometime you will get the source IP and hostname.
 Experiment – D

Aim: - Investigate the various types of system logs and network logs
for successful network forensics.

System Logs and Network Logs:

A log file is a computer generated data file that contains information
about usage patterns, activities and operations within an operating
system, application, server or another device.
Many websites and web pages keep logs of what users access, any
errors that occur, how people are viewing the page and more.
These logs help the owners of the web page keep track of usage
statistics and inform them if something needs to be fixed or updated
on the site.
 1) System logs

2) Access logs

Result: Thus, we have successfully explored website

vulnerabilities like sql injection and explored mobile forensic
tools and system andaccess logs.