Cyber Crime Investigation

By Sunny Vaghela sunny@techdefence.com

Session Flow • Information Gathering- Definition • Initial Info gathering of websites. • Info Gathering using search engine , blogs & forums. • Info gathering using job, matrimonial websites. • Investigating Emails • Ahmedabad Serial Blasts Terror Mail Case Study • Investigating Phishing Frauds • Investigating “Carding” Cases • Investigating Data Theft Cases

Why Information Gathering? • Information Gathering criminal. can reveal online footprints of

• Information Gathering can help investigator to profile criminals

Information Gathering of websites • Whois Information •Owner of website. •Email id used to register domain. •Domain registrar. • Domain name server information. • Releted websites.

Whois Whois is query to database to get following information. 1.Owner of website. 2.Email id used to register domain. 3.Domain registrar. 4. Domain name server information. 5. Releted websites.

Reverse IP Mapping • Reverse IP will give number of websites hosted on same server. •If one website is vulnerable on the server then hacker can easily root the server. • Domainbyip.com

Trace Route • Trace Route

Info. Gathering using Search Engine • Search engines are efficient mediums to get specific results according to your requirements. •Google & yahoo search engine gives best results out of all.

Info. Gathering using Search Engine

• This type of search engines retrieves results from different search engine & make relation or connections between those results.

Info. Gathering using Search Engine • Maltego is an open source intelligence and forensics application. • It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. • Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them.

Maltego •

Maltego •

Information gathering •Almost 80% internet users use blogs/forums for knowledge sharing purpose. •Information gathering from specific blog will also helpful in investigations. • Information gathering from Social Networking websites can also reveal personal info about suspect. • Many websites stored email id lists for newsletters. these email ids can also be retrieved using email spiders.

Savitabhabhi.com Cyber Pornography Case Demo

Investigating Emails • Every Email has header information. • Analyzing Full header of an email can reveal.. • IP address of sender, • Intermediate mail servers, • Message ID of an email, • Destination mail server information

Email Investigation Demo

Ahmedabad Serial Bomb Blasts Terror Mails

• Four emails have been sent before the ahmedabad-delhi blasts. • Modus Operandi was same in all the emails. • Unsecured Wi-Fi routers of innocent people have been misused.

Ahmedabad Serial Blasts Terror Mail Case Demo

Phishing Frauds • In the cyber-world phishing is a form of illegal act whereby
fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or instantaneous communication.

Modus Operandi
• Fraudsters make spoof websites. • Fraudsters then send an email stating that they are upgrading servers & need password for verification. • When victim click on the link, he/she will be redirected to some other website. • Money has been transferred from victim’s account to fraudster’s account.

Modus Operandi

Investigation Steps
• Investigator should trace Email using Headers. • As it is going to be Spoof Mail in every case, Investigator should gather information about hosting server from which it is originated. • Contacting Hosting Server with Message ID & Headers for Real IP Address. • Asking for Domain names registered within specific time duration during which this incident reported. • Credit Card or Paypal account or any other online payment account which was used for transaction.

Investigation Steps
• Bank Statement with online banking A/C Access log which gives IP address of the culprit. • Beneficiary Bank account statement. • Beneficiary Bank account Access Log.

Phishing

Phishing Case Study

Data Theft
• Most of the corporate stores their sensitive business information like client databases, email lists, invoices transaction receipts in their computer systems or dedicated servers. • These information is targeted by employees, rivals & criminals.

Modus Operandi
• Most of the times, the criminal is an employee of company, he would usually have direct or indirect access to data. he would steal the data, hide it or either sell it to business rivals. • If criminal is not an employee of company, he would use social engineering techniques to hack into victim’s account/servers to steal source code/data. he would then contact potential buyers to sell the information. • Sometimes people hire professional hackers to get target company’s sensitive information

Investigation Methodologies
• Investigator should ask victim about reasonable suspicion about person. • Investigator should question suspect with conventional investigation techniques. • Investigator should analyse server/computer’s application, security logs. • If IDS( Intrusion Detection System) is installed in company then investigator should find out IP addresses from LOG of IDS.

Investigation Methodologies
• Investigator should seize all the storage media, pen drives, ipods, and memory cards during raid at place of offence. • Investigator should analyse storage media using forensics tools.

Data Theft Case Study
• Florida(USA) based Firm has registered crime stating that Ahmedabad based BPO had theft database from their server & illegally selling to company’s clients & competitors . • They also claimed that IT company owner had taken this step in response to cancellation of business contract of development & maintenance of the company’s one of the portals. • Investigation revealed that he sold data to more than 20 clients in US

Data Theft Case Demo

Common reason found

Rationalization

Incentive

Opportunity

Rationalization
• Employee justifies fraud using some common reasons. • “they owe me, I earned it”. • “I need more than what they do”. • “its only fair, the whole system is corrupted”. • “god will forgive me”. • Hardest to control such rationalization among them

Incentive
• Incentive or pressure can be real or imagined. • Due to addiction like alcohols & illegal drugs. • Financial Debts. • Family Problems. • Solution – EAP – Employee assistance plan

Opportunity
• Perception is biggest drawback before committing crime. • Wrong Belief that nobody can catch them. • Solution: Employee background checks. Internal & External Audits. • 90% of trusted employee only commit crimes.

TechDefence
TechDefence Services • Cyber Crime Investigation • Cyber Forensics • Network Penetration Testing • Web Vulnerability Assessment & Penetration Testing TechDefence Solutions • Secure Web Development • Security Product Development TechDefence Global Presence • India Offices: Ahmedabad, V.V.Nagar, Nasik, Pune,Hyderabad • International Offices: Mauritius,Autralia

Clientele
Private Sector – VAPT • Computer Clinic - Mauritius • Multievents Ltd - Mauritius • Noble Ventures – USA • Future Group Govt Sector • Crime Branch, Ahmedabad • Crime Branch,Nashik • URICM, Gandhi Nagar

Clientele
Colleges – Training • More than 120 Colleges across india have participated in our Training. BFSI Sector – Training • 11 Urban Co-operative banks of Ahmedabad. Corporate – Training • YAHOO!,Google,K7 Antivirus, ZOHO, KPMG, HCL, TCS, Infosys, Delloitte ,ISACA,Temenos.

TCEH TechDefence Certified Ethical Hacker TechDefence Certified Cyber Security Expert
• A Certified Hands on Training Program on Ethical Hacking, Information Security , Cyber Crime Investigation & Forensics. • More than 30 Educational Institutes & 11 Banks across India have already undergone these training program. • Cyber Crime Branch, Crime Branch Ahmedabad has also undergone this program.

Contents
Ethical Hacking • Hacking & Hackers. • IP addresses. • Information gathering • Scanning • Virus, Worms, Trojans & Backdoors • Mobile Hacking – SMS & Call forging • Email, Password, Website Hacking • Sniffers & IDS • Firewalls • Wireless hacking

Contents
Website Hacking & Security • Vulnerability Assessment & Penetration Testing • SQL Injection Attacks • Cross Site Scripting Attacks • Local File Inclusion Attacks • Remote File Inclusion Attacks • Penetration testing methodologies • Reverse Engineering

Contents
Mobile & Wireless Hacking • Mobile Hacking & Security • SMS Forging & Countermeasures • Call Forging & Countermeasures • Wireless Hacking & Security

Contents
Cyber Crime Investigation • Types of Cyber Crimes • Investigation Methodologies • Email Tracing • Ahmedabad Blast Terror Email Case Study • Mumbai Blast Case Study • Espionage Crimes • Data Theft • Phishing Crimes • Credit Card Frauds • Digital Signature Crimes

Course Duration & Benefits
Course Duration • 1-2 Months. • Course Material & 10 Cds. Course Benefits •Live Demonstration of Hacking Techniques & tools • Live Investigation Demonstration of Cases Solved by Sunny Vaghela. • Hands on Practice Sessions. • Personal Interaction with Sunny Vaghela. • 100% Placement Assistance.

Internship Benefits
TechDefence in association with Innoventa Technologies Offering Internships/Projects to last year degree/diploma students Projects to offer • HIDS (Host based Intrusion Detection System). • Cyber Café Monitoring System. • File Encrypter. • Online VAPT Scanner. • Online Multi Antivirus Scanner.

TechDefence Partners Benefits
Internship Benefits For Students. Career Opportunities • Ethical Hacker . • Cyber Crime Investigator . • Cyber Forensics Investigator . • Web Developer . • Network Security Administrator . • IT Security Consultant . • Web Security Auditor . • ISS Auditor . • Quality Tester • Penetration Tester

Contents

• For Registration you can contact Mobile : +91- 9898493002 , +91 9428014564 Website: www.techdefence.com www.sunnyvaghela.com

Thank You sunny@sunnyvaghela.com

Sign up to vote on this title
UsefulNot useful