Professional Documents
Culture Documents
1702373293494cyber Security Notes
1702373293494cyber Security Notes
This pdf is only designed for B.Tech students of all Engineering Colleges affiliated
with Dr APJ Abdul Kalam Technical University.
This pdf provides help in the exam time for a quick revision in sorting the time.
Compiled by
e
Sanjeev Yadav
ir
es
D
Edu Desire
u
Follow me
2 Edu Desire
DETAILED SYLLABUS
Unit Topic
e
Mobile and Wireless Computing Era, Security Challenges Posed by Mobile
Devices, Registry Settings for Mobile Devices, Authentication Service
ir
2
Security, Attacks on Mobile/Cell Phones, Mobile Devices: Security
Implications for organisations, Organisational Measures for Handling
Mobile, Organisational Security Policies and Measures in Mobile
Computing Era.
es
TOOLS AND METHODS USED IN CYBERCRIME: Introduction,
Proxy Servers and Anonymizers, Phishing, Password Cracking, Keyloggers
D
and Spywares, Virus and Worms, Trojan-horses and Backdoors,
3
Steganography, DoS and DDoS At-tacks, SQL Injection, Buffer Overflow,
Attacks on Wireless Networks. Phishing and Identity Theft: Introduction to
Phishing, Identity Theft (ID Theft).
u
3 Edu Desire
Unit-1
Introduction to Cyber Crime
Definition: Cybercrime means doing bad things using computers and the
internet. It's like breaking the rules in the digital world. Imagine someone
stealing information or causing trouble online—that's cybercrime.
e
the 1990s, when computers were becoming popular globally, people
needed a word for these new digital crimes. So, they created "cybercrime"
ir
to describe illegal activities happening in the digital space.
es
When we say "cybercrime," we're talking about crimes that happen
online. It's like a catch-all term for rule-breaking in the digital world.
From hacking to online fraud, it covers a lot of different ways people can
D
break the law using computers and the internet.
It's the guardian that ensures only the right people can access and use
your digital secrets.
Ed
Key Aspects:
1. Confidentiality: Keeping your secrets safe.
2. Integrity: Making sure your information is accurate and not
tampered with.
4 Edu Desire
3. Availability: Ensuring you can access your information when you
need it.
e
the digital world.
ir
Example: Think of cybercriminals as the troublemakers in the digital
neighbourhood. They use their tech skills for not-so-nice things, like the
bullies of the internet.
es
Classifications of Cyber Crimes:
D
u
Ed
5 Edu Desire
5. Cyberbullying: Using the internet to hurt or bother others.
More Details:
1. No Borders: Cybercrimes don't follow country lines. They can
happen anywhere, and bad actors from different countries might
even work together.
e
place. People worldwide face similar digital troubles, and everyone
ir
needs to be careful online.
common challenge. Survival Mantra for the Netizens means having a set
of rules or practices to stay safe in this digital age.
Survival Mantra:
6 Edu Desire
1. Be Cyber-Aware: Stay alert and aware of potential online threats.
e
2. Use Strong Passwords: Create and regularly update strong, unique
passwords.
ir
3. Keep Software Updated: Ensure your computer and apps have the
latest security updates.
es
4. Be Sceptical of Emails: Don't trust every email; be cautious,
especially with links or attachments.
5. Use Trusted Websites: Stick to reputable websites to minimise
D
risks.
6. Secure Personal Information: Be cautious about sharing sensitive
info online.
7. Install Antivirus Software: Have reliable antivirus software to
u
Cyber Offences are like digital crimes, and understanding how criminals
plan their attacks is crucial. It involves the strategies and methods they
use to carry out illegal activities in the digital space.
7 Edu Desire
Planning Strategies:
1. Identifying Weak Points: Criminals look for vulnerabilities in
computer systems or networks.
2. Exploiting Vulnerabilities: They use weaknesses to gain
e
unauthorised access or control.
3. Social Engineering: Tricking individuals into divulging sensitive
ir
information.
4. Malware Deployment: Spreading malicious software to
compromise systems.
es
5. Planning Attack Routes: Deciding the best way to execute their
digital mischief.
D
Example: Think of Cyber Offences like planning a heist. Criminals study
the target (identifying weak points), find ways to break in (exploiting
vulnerabilities), use deception (social engineering), deploy tools for the
u
job (malware), and plan their entry and exit routes (planning attack
routes). Understanding these steps helps in building stronger digital
Ed
defences.
8 Edu Desire
Techniques Used:
e
1. Phishing: Sending fake emails or messages to trick individuals into
revealing sensitive information.
ir
2. Pretexting: Creating a made-up scenario to obtain personal
information.
es
3. Impersonation: Posing as someone trustworthy to gain access to
information or systems.
4. Quizzes and Surveys: Using seemingly harmless quizzes or surveys
D
to gather information.
harmless.
9 Edu Desire
Characteristics:
e
1. Unwanted Attention: Receiving excessive, unsolicited online
communication.
ir
2. Monitoring: Being observed without consent, often through social
media or other online platforms.
es
3. Harassment: Repeated and intrusive behaviour causing emotional
distress.
4. Threats: Expressing harmful intentions or making individuals feel
D
unsafe.
That's Cyber Stalking. It's like an online shadow that won't go away,
causing discomfort and potentially putting your digital well-being at
Ed
risk. Always report such behaviour and take steps to protect your online
privacy.
Features:
1. Computer Access: Provides computers with internet connectivity
for public use.
10 Edu Desire
2. Internet Browsing: Users can surf the web, check emails, and
engage in online activities.
3. Gaming: Some cybercafes offer gaming setups for multiplayer or
individual gaming sessions.
Common Uses:
1. Study and Work: Students or professionals without personal
computers may use cybercafes for assignments or work.
2. Socialising: People may gather to play games, socialise, or
collaborate on projects.
e
Example: Imagine a place with rows of computers, people typing away,
ir
and the hum of online activity—that's a Cybercafe. It's like a digital
community hub where individuals come together to explore the online
world, whether for work, study, or leisure.
es
Cybercrimes: Cybercrimes are like digital offences, where people use
computers and the internet to break the law or cause harm. These actions
D
can range from stealing personal information to disrupting digital
systems.
u
Ed
Common Types:
1. Hacking: Unauthorised access to computer systems or networks.
2. Phishing: Tricking individuals into revealing sensitive information
through fake emails or messages.
3. Identity Theft: Pretending to be someone else online to steal
personal information.
11 Edu Desire
4. Malware Attacks: Spreading harmful software to compromise
computer systems.
5. Online Fraud: Deceiving individuals to gain money or sensitive
information.
Impact:
1. Financial Loss: Individuals or businesses may lose money.
2. Privacy Invasion: Personal information may be exposed.
3. Disruption: Digital systems may be interrupted or damaged.
Prevention:
e
1. Use Strong Passwords: Create complex and unique passwords.
ir
2. Install Antivirus Software: Protect devices from malicious
software.
3. Be Cautious Online: Avoid clicking on suspicious links or sharing
es
sensitive information.
12 Edu Desire
3. Coordination: Bots work together to perform tasks, like spreading
malware, stealing information, or launching cyberattacks.
Attack Vector: An Attack Vector is like finding a secret entry point. It's
e
the method or path that cybercriminals use to gain unauthorised access
to computer systems or networks.
ir
es
D
u
13 Edu Desire
Unit-2
Cyber Crime
Mobile and wireless devices are like digital companions that don't need
a physical connection to work. They include smartphones, tablets, and
other gadgets that communicate wirelessly, allowing users to stay
connected and access information on the go.
Features:
1. Portability: These devices are small and easy to carry, allowing
e
users to stay connected wherever they go.
ir
2. Wireless Connectivity: They use technologies like Wi-Fi,
Bluetooth, and mobile networks to connect to the internet and
other devices.
es
3. Multifunctionality: Beyond calls and messages, they serve as
cameras, GPS devices, entertainment hubs, and more.
D
Common Examples:
1. Smartphones: Devices with touchscreens, internet access, and a
variety of apps.
u
Importance:
1. Communication: Keeping people connected through calls,
messages, and social media.
2. Information Access: Providing instant access to the internet for
information, news, and entertainment.
3. Productivity: Enabling work and productivity on the go through
various apps and functionalities.
14 Edu Desire
Example: Think of your smartphone as a pocket-sized computer. It's not
just for making calls; it's your camera, map, music player, and more.
Mobile and wireless devices have become essential in our daily lives,
offering convenience and connectivity beyond what traditional devices
can provide.
e
Key Factors:
ir
1. Technological Advancements: Continuous improvements in
technology make devices more affordable and accessible.
es
2. Increased Connectivity: The rise of high-speed internet and
wireless networks enables seamless communication.
3. Versatility: Mobile devices offer a variety of functions, from
D
communication to entertainment and productivity.
4. Consumer Demand: People increasingly rely on mobile and
wireless devices for convenience and on-the-go access.
u
Impact:
Ed
Challenges:
1. Security Concerns: With more devices in use, there's an increased
risk of cybersecurity threats and privacy issues.
2. Digital Divide: Disparities in access to mobile technology can
create inequalities in information and opportunities.
15 Edu Desire
3. Dependency: Over Reliance on mobile devices may impact
face-to-face interactions and physical activities.
Trends in Mobility:
1. 5G Revolution: The 5G Revolution is like the superhero of internet
speed. It's the fifth generation of mobile networks, bringing faster speeds
and more reliable connections to mobile and wireless devices.
Impact:
● High-Speed Connectivity: Faster internet speeds for quicker
downloads and smoother streaming.
e
● IoT Advancements: Enables better connections for the Internet of
ir
Things (IoT) devices.
Impact:
● Biometric Authentication: Fingerprint and facial recognition for
enhanced device security.
● Mobile Device Management (MDM): Tools for businesses to secure
and manage mobile devices.
16 Edu Desire
4. Edge Computing: Edge Computing is like having a mini-brain in your
device. Instead of relying solely on a centralised server, computations
happen closer to the source of data.
Impact:
● Reduced Latency: Faster response times for applications and
services.
● Improved Privacy: Processing sensitive data locally without
sending it to a central server.
e
(AR) and Virtual Reality (VR) are like digital realms overlaying or
immersing into the real world, enhancing user experiences.
Impact:
ir
es
● Enhanced User Engagement: AR adds digital elements to the real
world, while VR creates immersive environments.
● Applications in Various Industries: From gaming to healthcare
D
and education.
become a trend.
Impact:
● Flexibility: Allows professionals to work from different locations.
● Virtual Meetings: Increased reliance on mobile devices for virtual
collaboration.
Impact:
17 Edu Desire
Green Technologies: Focus on eco-friendly materials and
energy-efficient designs.
Reduced E-Waste: Efforts to extend the lifespan of devices and promote
recycling.
Credit Card Frauds in Mobile: Credit Card Frauds in Mobile are like
digital heists targeting your financial information on mobile devices. It
involves unauthorised access to credit card details, leading to financial
losses and potential identity theft.
Common Techniques:
e
1. Phishing: Fraudsters use fake messages or emails to trick users
into revealing credit card information.
ir
2. Mobile Malware: Malicious software on mobile devices can
capture credit card details.
es
3. Fake Apps: Fraudulent mobile applications mimic legitimate ones
to steal credit card information.
4. Unsecured Wi-Fi: Conducting transactions on unsecured Wi-Fi
D
networks makes it easier for hackers to intercept data.
Preventive Measures:
u
1. Use Trusted Apps: Only download apps from official app stores to
avoid fake applications.
Ed
Impact:
1. Financial Loss: Unauthorised transactions can lead to direct
monetary losses.
2. Identity Theft: Stolen credit card information may be used for
identity theft.
18 Edu Desire
3. Credit Score Impact: Fraudulent activities can negatively impact
credit scores.
Example: Imagine receiving a message that looks like it's from your
bank, asking for your credit card details to resolve an issue. If you
provide this information, you've fallen victim to Credit Card Frauds in
Mobile. It's crucial to stay vigilant, verify messages, and adopt secure
practices to protect your financial information on mobile devices.
e
connections to a world where computing devices communicate and
connect wirelessly.
Key Elements:
ir
es
1. Wireless Networks: Use of technologies like Wi-Fi, Bluetooth, and
cellular networks for device connectivity.
2. Mobile Devices: Proliferation of smartphones, tablets, and
D
wearables, untethered from physical connections.
3. Cloud Computing: Storing and accessing data and applications
over the internet instead of on local devices.
u
Characteristics:
Ed
Technological Enablers:
1. 5G Technology: High-speed, low-latency wireless networks
supporting advanced applications.
2. IoT Integration: Interconnected devices, from smart homes to
industrial sensors, communicating wirelessly.
19 Edu Desire
3. Edge Computing: Processing data closer to the source, reducing
reliance on centralised servers.
Impact on Society:
1. Digital Transformation: Changing the way businesses operate,
communicate, and deliver services.
2. Remote Work Revolution: Allowing individuals to work from
anywhere, transforming traditional workspaces.
3. Smart Living: Integration of wireless technologies in homes,
making them smart and connected.
e
Challenges and Considerations:
ir
1. Security Concerns: The need for robust cybersecurity measures to
protect wireless communications.
2. Digital Inclusion: Ensuring equal access to wireless technologies
es
to bridge the digital divide.
3. Privacy Issues: Balancing the convenience of wireless computing
with individual privacy considerations.
D
Example: Imagine a world where you can seamlessly connect to the
internet, work, and communicate without any physical constraints.
u
That's the essence of the Wireless Computing Era, where the airwaves
carry the pulse of our digital lives, shaping the way we live, work, and
Ed
connect.
20 Edu Desire
1. Lost or Stolen Devices:
e
Challenge: Mobile devices are small and portable, making them easy
targets for theft or misplacement. If not secured, sensitive information
ir
can be accessed. es
Mitigation:
● Strong Passwords or Biometrics: Protect devices with secure
authentication methods.
D
● Remote Wipe: Enable features to remotely erase data in case of
loss.
u
2. Malicious Apps:
Challenge: Fake or malicious apps can compromise security by accessing
Ed
Mitigation:
● Official App Stores: Download apps only from trusted sources like
Google Play or the Apple App Store.
● App Permissions: Review and limit app permissions to the
essentials.
3. Phishing Attacks:
Challenge: Mobile users may fall victim to phishing attempts through
fraudulent emails, messages, or websites seeking personal information.
21 Edu Desire
Mitigation:
● User Education: Train users to identify and avoid phishing
attempts.
● Security Software: Use mobile security apps to detect and block
phishing threats.
e
Mitigation:
ir
● Use VPNs: Employ Virtual Private Networks for secure data
transmission.
● Avoid Public Wi-Fi for Sensitive Transactions: Refrain from
es
conducting financial or sensitive transactions on unsecured
networks.
D
5. Outdated Software:
Challenge: Failure to update operating systems and apps leaves devices
vulnerable to known exploits and security flaws.
u
Mitigation:
Ed
6. Jailbreaking or Rooting:
Challenge: Jailbreaking (iOS) or rooting (Android) devices to remove
restrictions can expose them to malicious software and compromise
security.
Mitigation:
22 Edu Desire
● Avoid Jailbreaking or Rooting: Discourage users from bypassing
device security features.
● Mobile Device Management (MDM): Implement MDM solutions to
monitor and control device configurations.
7. Lack of Encryption:
Challenge: Unencrypted data transmission and storage can lead to
unauthorised access and data breaches.
Mitigation:
● Enable Encryption: Encrypt both data at rest and during
e
transmission.
ir
● Secure Communication Channels: Use secure protocols for data
transfer. es
8. BYOD (Bring Your Own Device) Risks:
Challenge: Employees using personal devices for work may introduce
security risks if these devices are not adequately secured.
D
Mitigation:
● BYOD Policies: Implement and enforce clear BYOD security
u
policies.
● Containerization: Use containerization solutions to segregate work
Ed
9. Social Engineering:
Challenge: Cybercriminals may exploit human psychology to manipulate
users into revealing sensitive information.
Mitigation:
● User Education: Train users to recognize and resist social
engineering tactics.
● Multi-Factor Authentication: Implement additional
authentication layers for added security.
23 Edu Desire
10. Insufficient User Awareness:
Challenge: Lack of awareness among users about mobile security best
practices can lead to risky behaviours.
Mitigation:
● Training Programs: Conduct regular security awareness training
for users.
● Communication: Keep users informed about emerging threats and
best practices.
e
ir
Registry Settings for Mobile Devices: Mobile devices, especially those
running iOS and Android, typically do not have a registry like Windows
operating systems. However, they do have settings and configurations
es
that can be managed to enhance security and control device behaviour.
Here are some important settings and configurations for mobile devices:
D
iOS (iPhone and iPad):
1. Device Passcode:
u
2. Biometric Authentication:
● Purpose: Enhances device security with fingerprint or face
recognition.
● Configuration: - Settings > Face ID & Passcode (or Touch ID &
Passcode)
3. Find My iPhone:
● Purpose: Allows tracking and remote wiping of a lost or stolen
device.
24 Edu Desire
● Configuration: - Settings > [Your Name] > Find My > Find My
iPhone
4. App Permissions:
● Purpose: Control which apps have access to sensitive data.
● Configuration: - Settings > Privacy > [App Name]
5. Automatic Updates:
● Purpose: Ensures the device is running the latest security patches.
● Configuration: - Settings > General > Software Update
e
Android:
1. Screen Lock:
ir
es
● Purpose: Provides an initial layer of security.
● Configuration: - Settings > Security > Screen lock
D
2. Biometric Authentication:
● Purpose: Enhances device security with fingerprint or facial
recognition.
u
3. Find My Device:
● Purpose: Allows tracking and remote wiping of a lost or stolen
device.
● Configuration: - Settings > Security > Find My Device
4. App Permissions:
● Purpose: Control which apps have access to sensitive data.
● Configuration: - Settings > Apps & Notifications > [App Name] >
Permissions
25 Edu Desire
● Purpose: Scans apps for malware and provides additional security.
● Configuration: - Settings > Google > Security > Play Protect
6. Automatic Updates:
Purpose: Ensures the device is running the latest security patches.
Configuration: - Settings > System > Software Update
Note:
● For enterprise environments, Mobile Device Management (MDM)
solutions can be used to enforce security policies and remotely
manage devices.
e
● Always keep the device's operating system and apps up to date to
ir
patch security vulnerabilities.
● Regularly educate users about mobile security best practices to
minimise risks.
es
These settings may vary slightly based on the device model and
operating system version. It's crucial to stay updated on the latest
D
security features and recommendations provided by the device
manufacturers.
u
protected. Here are key considerations and measures for enhancing the
security of authentication services:
26 Edu Desire
Purpose: Adds an extra layer of security by requiring users to provide
multiple forms of identification.
Implementation:
● Combine something the user knows (password) with something
they have (token, mobile device, fingerprint).
e
Implementation:
ir
● Enforce password complexity (length, special characters).
● Regularly prompt users to update passwords.
● Discourage password reuse.
es
3. Encryption:
D
Purpose: Protects sensitive data transmitted between users and
authentication servers.
Implementation:
u
4. Session Management:
Purpose: Prevents unauthorised access during an active session.
Implementation:
● Implement session timeout policies.
● Use secure session tokens.
● Provide users the ability to log out remotely.
27 Edu Desire
Purpose: Mitigates the risk of attackers attempting to guess passwords.
Implementation:
● Implement account lockout policies after a certain number of failed
login attempts.
● Use CAPTCHA or similar mechanisms to deter automated attacks.
e
Implementation:
● Hash and salt passwords using strong cryptographic algorithms.
ir
● Regularly audit and update credential storage mechanisms.
es
7. User Authentication Logs:
Purpose: Monitors and logs authentication events for analysis and
auditing.
D
Implementation:
● Keep detailed logs of authentication attempts, including successful
u
Implementation:
● Implement real-time monitoring for unusual login patterns.
● Set up alerts for multiple failed login attempts or other suspicious
activities.
9. API Security:
28 Edu Desire
Purpose: Ensures that authentication APIs are secure and not vulnerable
to attacks.
Implementation:
● Use secure API authentication methods (e.g., OAuth).
● Regularly test and update API security measures.
e
Implementation:
ir
● Conduct regular security audits and penetration testing.
● Address identified vulnerabilities promptly.
es
11. User Education:
Purpose: Empowers users to make informed security decisions and
D
recognize phishing attempts.
Implementation:
u
Implementation:
● Stay informed about and compliant with regulations such as GDPR,
HIPAA, or others applicable to your region or industry.
29 Edu Desire
from unauthorised access and misuse. It's crucial to adopt a holistic
approach and stay proactive in addressing emerging security threats.
e
ir
es
1. Malware and Mobile Viruses: Malicious software designed to infect
mobile devices and compromise their functionality.
D
How to Protect:
● Install reputable antivirus and anti-malware apps.
u
How to Protect:
● Be cautious of unsolicited emails, messages, or calls asking for
personal information.
● Verify the legitimacy of websites before entering credentials.
30 Edu Desire
How to Protect:
● Use secure Wi-Fi connections or VPNs.
● Be cautious when connecting to public Wi-Fi networks.
How to Protect:
● Regularly backup important data.
e
● Avoid clicking on suspicious links or downloading unknown
attachments.
ir
5. SIM Card Swapping: Unauthorised individuals attempt to take control
of a user's phone number by swapping the SIM card.
es
How to Protect:
D
● Set up a PIN or password for SIM card changes.
● Contact your mobile carrier immediately if you experience
unexpected loss of service.
u
How to Protect:
● Turn off Bluetooth when not in use.
● Set devices to non-discoverable mode in public places.
How to Protect:
● Regularly review installed apps and permissions.
31 Edu Desire
● Use security software that scans for spyware.
How to Protect:
● Use secure, encrypted Wi-Fi connections.
● Avoid transmitting sensitive information on public networks.
e
security.
ir
How to Protect:
● Be sceptical of unsolicited communication asking for sensitive
es
information.
● Educate yourself and others about common social engineering
tactics.
D
10. App Permissions Abuse: Malicious apps exploiting excessive
permissions to access and misuse personal data.
u
How to Protect:
Ed
How to Protect:
● Avoid using public charging stations.
● Use only trusted charging cables and adapters.
32 Edu Desire
12. Browsing and Downloading Risks: Visiting malicious websites or
downloading apps from untrusted sources.
How to Protect:
● Use secure and updated browsers.
● Download apps only from official app stores.
e
secure mobile environment.
ir
Security Implications for Organisations:
es
Security is a crucial aspect of any organisation, as it protects sensitive
information, systems, and reputation from harm. However,
organisations face various security threats that can lead to serious
D
consequences.
u
Ed
33 Edu Desire
3. Phishing Attacks: Deceptive attempts to trick users into
revealing sensitive information like passwords or credit card
details.
e
measures to reduce security risks:
ir
1. Strong Security Policies: Establish clear guidelines for IT usage
and incident response procedures.
es
2. Robust Authentication: Enforce strong passwords and
multi-factor authentication (MFA) for secure account access.
D
3. Cybersecurity Awareness Training: Educate employees on
identifying cyber threats and best practices.
to address vulnerabilities.
Ed
34 Edu Desire
● However, the increasing reliance on mobile devices also
introduces new security challenges and potential distractions.
● To effectively manage mobile devices within the organisation, a
comprehensive set of measures is essential.
e
● Device enrollment and provisioning: Streamline device setup
and ensure consistent configurations.
● Application
ir
management: Deploy, update, and restrict
es
applications based on organisational needs.
35 Edu Desire
● App installation: Establish guidelines for installing and using
applications.
e
malware, phishing attacks, and malicious websites.
ir
Key features of MTD include:
● Threat detection and prevention: Block malicious
es
applications, websites, and phishing attempts.
36 Edu Desire
● Zero Trust Network Access (ZTNA): Continuously authenticate
and verify user identities before granting access to network
resources.
e
● Secure app installation and usage
ir
● Reporting suspicious activity
37 Edu Desire
1. Mobile Device Management (MDM) Solutions: MDM software
e
provides centralised control over mobile devices, enabling IT
administrators to manage and secure devices effectively. Key features
ir
of MDM include:
● Device enrollment and provisioning: Streamline device setup
and ensure consistent configurations.
es
● Application management: Deploy, update, and restrict
applications based on organisational needs.
● Remote access and control: Remotely wipe or lock devices in
D
case of loss or theft.
● Security enforcement: Enforce password policies, data
encryption, and other security measures.
u
38 Edu Desire
3. Mobile Threat Defense (MTD) Solutions: MTD software provides
real-time protection against mobile threats, such as malware, phishing
attacks, and malicious websites. Key features of MTD include:
● Threat detection and prevention: Block malicious
applications, websites, and phishing attempts.
● Vulnerability assessment: Identify and remediate
vulnerabilities in mobile devices and applications.
● Threat intelligence: Leverage real-time threat intelligence to
stay ahead of emerging threats.
● Data loss prevention (DLP): Prevent sensitive data from leaving
e
the organization through mobile devices.
ir
4. Secure Mobile Network Connectivity: Organizations should
implement secure network access methods for mobile devices, such
as:
es
● Virtual Private Networks (VPNs): Encrypt data transmission
over public Wi-Fi networks.
D
● Mobile Device Management (MDM) integrated VPNs: Integrate
VPN capabilities into MDM solutions for centralized control.
● Zero Trust Network Access (ZTNA): Continuously authenticate
and verify user identities before granting access to network
u
resources.
Ed
39 Edu Desire
● Provide adequate data plans and Wi-Fi access
● Optimise applications for mobile usage
● Encourage breaks and digital detox
● Promote mobile-friendly work practices
e
Unit-3
ir
TOOLS AND METHODS USED IN CYBERCRIME
es
Introduction: Cybercrime involves the use of digital tools and
techniques to conduct illicit activities with the intent to exploit,
compromise, or gain unauthorised access to computer systems,
D
networks, and sensitive information. In this section, we explore various
tools and methods employed by cybercriminals, starting with the use of
proxy servers and anonymizers.
u
device and the internet. It forwards requests from the user to the
destination server and returns the server's responses back to the user,
thereby masking the user's IP address.
Cybercrime Applications:
1. Anonymity: Cybercriminals use proxy servers to hide their
identity and location during attacks.
2. Bypassing Restrictions: Proxies can be used to bypass
geo-restrictions and access content blocked in certain regions.
3. Network Security Evasion: Proxies can be leveraged to evade
network security measures.
40 Edu Desire
Web-based Proxies: Web-based proxies operate through a website and
allow users to access the internet indirectly. Users enter the desired URL
on the proxy website, and the proxy fetches the content.
Cybercrime Applications:
1. Accessing Blocked Content: Web-based proxies enable users to
access restricted websites anonymously.
2. Bypassing Filters: Cybercriminals use web proxies to bypass
content filters and network restrictions.
3. Concealing Online Activity: Individuals may use web proxies to
conceal their online activities.
e
ir
VPN Services: Virtual Private Networks (VPNs) create a secure,
encrypted connection over the internet, masking the user's IP address
and encrypting data traffic.
es
Cybercrime Applications:
1. Anonymous Browsing: VPNs provide anonymity by masking the
D
user's IP address.
2. Secure Communication: Cybercriminals use VPNs to encrypt
communication and evade detection.
u
Cybercrime Applications:
1. Anonymous Communication: TOR provides a level of anonymity
by routing traffic through multiple nodes.
2. Access to the Dark Web: Cybercriminals use TOR to access
websites on the Dark Web, which may host illicit activities.
3. Evasion of Tracking: TOR helps users evade tracking and
surveillance.
41 Edu Desire
SSH Tunnels: Secure Shell (SSH) tunnels create a secure, encrypted
connection between a local and a remote machine, often used for secure
data transfer.
Cybercrime Applications:
1. Data Exfiltration: Cybercriminals may use SSH tunnels for
unauthorised data transfer.
2. Command and Control: Malicious actors use SSH for remote
command and control of compromised systems.
3. Network Evasion: SSH tunnels can bypass network security
e
measures.
ir
Phishing: It is a cybercrime technique where attackers use deceptive
tactics to trick individuals into divulging sensitive information, such as
es
usernames, passwords, and financial details. It often involves the use of
fraudulent emails, messages, or websites that mimic trustworthy entities
to exploit human psychology.
D
Types of Phishing
u
Phishing Techniques:
42 Edu Desire
1. Email Spoofing: Attackers forge the sender's email address to make an
email appear as if it's from a legitimate source.
e
ir
5. Man-in-the-Middle (MitM) Attacks: Phishers intercept and alter
communication between two parties, gaining unauthorised access to
sensitive data.
es
Indicators of Phishing:
D
1. Unsolicited Emails: Be cautious of unexpected emails, especially
those urging immediate action.
u
2. Mismatched URLs: Hover over links to reveal the actual URL. Phishers
often use URLs that resemble legitimate sites.
Ed
Countermeasures:
43 Edu Desire
1. Security Awareness Training: Educate users about phishing
techniques and how to recognize phishing attempts.
e
especially in emails or messages.
ir
5. Regular Updates and Patches: Keep software, browsers, and security
systems up to date to mitigate vulnerabilities.
es
Password Cracking: It is a cyber attack technique where unauthorised
D
individuals attempt to gain access to user accounts or systems by
decrypting or bypassing passwords. This activity is often performed
using various methods and tools to exploit weaknesses in password
u
security.
Ed
44 Edu Desire
3. Rainbow Table Attacks: Attackers use precomputed tables (rainbow
tables) of hashed passwords to quickly crack password hashes.
● Countermeasure: Use salting and strong, unique hashing
algorithms to protect password hashes.
e
ir
5. Keylogging: Malicious software records keystrokes to capture
usernames and passwords as users type.
● Countermeasure: Use updated antivirus software, employ
es
intrusion detection systems, and educate users about the risks of
downloading unknown software.
D
6. Phishing: Attackers trick individuals into revealing their passwords
through deceptive emails or fake websites.
● Countermeasure: Educate users about phishing risks and
u
Countermeasures:
45 Edu Desire
4. Account Lockout Policies: Set account lockout policies to prevent
brute force attacks by locking an account after a certain number of
failed login attempts.
e
ir
7. Monitoring and Detection: Implement intrusion detection
systems to monitor and detect unusual login patterns or activities.
es
Password cracking is a constant threat, and organisations must adopt a
multi-layered approach to safeguard against various methods used by
attackers. Combining strong technical measures with user education and
D
awareness is essential to maintaining robust password security.
u
46 Edu Desire
3. Countermeasures:
● Use updated antivirus software to detect and remove keyloggers.
● Employ intrusion detection systems to identify unusual behaviour.
● Regularly update and patch software to address vulnerabilities.
e
websites, email attachments, or bundled with seemingly harmless
ir
downloads.
spyware threats.
● Exercise caution when downloading software or clicking on links,
Ed
Differences:
Scope:
● Keyloggers specifically focus on capturing keyboard input,
including keystrokes and passwords.
● Spyware has a broader scope, encompassing various activities like
data tracking, information theft, and monitoring.
Delivery:
47 Edu Desire
● Keyloggers can be delivered through malware, phishing, or
compromised software installations.
● Spyware can be delivered through malicious websites, email
attachments, or bundled with seemingly harmless downloads.
Intent:
● Keyloggers primarily aim to capture keyboard inputs for
unauthorised access.
● Spyware has a more varied intent, ranging from data collection to
monitoring user behaviour.
e
Detection:
ir
● Detection of both keyloggers and spyware requires robust antivirus
and anti-spyware tools, regular updates, and user awareness.
es
Countermeasures:
48 Edu Desire
Viruses: A computer virus is a type of malicious software that attaches
itself to legitimate programs or files and spreads when those programs or
files are executed. Viruses can replicate and modify other programs,
causing damage to the infected system.
e
corrupting or deleting files, or a stealthy payload, aiming to remain
undetected while compromising system integrity.
ir
3. Detection: Antivirus software is commonly used to detect and
es
remove viruses by scanning files for known virus signatures.
D
Worms: A computer worm is a standalone, self-replicating program that
spreads independently across a network or through the internet. Worms
do not need to attach themselves to other programs and can initiate their
own replication.
u
49 Edu Desire
Difference between Worms and Virus :
e
is to eat the system resources. is to modify the information.
It consumes system resources
ir
such as memory and
bandwidth and makes the
system slow in speed to such
es
an extent that it stops
responding.
Protection firewall.
Comes from Worms generally come from Viruses generally come from
the downloaded files or the shared or downloaded
through a network files.
connection.
50 Edu Desire
● Automatic opening and ● Hampering computer
running of programs performance by
● Sending of emails slowing down it
without your ● After booting, starting
knowledge of unknown programs.
● Affected the ● Passwords get changed
performance of web without your
browser knowledge
● Error messages
concerning to system
and operating system
e
system and system in software
updated state ● Never open email
ir
● Avoid clicking on links attachments
from untrusted or ● Avoid usage of pirated
unknown websites software
● Avoid opening emails ● Keep your operating
es
from unknown sources system updated
● Use antivirus software ● Keep your browser
and a firewall updated as old versions
○ are vulnerable to
D
linking to malicious
websites
○
u
51 Edu Desire
Countermeasures:
e
worms and isolate infected areas.
ir
5. User Education: Educate users about safe online practices,
avoiding suspicious emails, and not downloading files from
es
untrusted sources.
Trojan Horses:
D
1. Definition: A Trojan horse, or Trojan, is a type of malicious
software disguised as legitimate or desirable software. Unlike
viruses or worms, Trojans do not replicate themselves but rely on
u
52 Edu Desire
5. Examples: Common examples include Zeus, SpyEye, and Emotet.
Backdoors:
1. Definition: A backdoor is a hidden or undocumented access point
in a computer system, allowing unauthorised individuals to gain
remote access and control. Backdoors are often created by
attackers or by software developers for troubleshooting purposes.
e
various means, including exploiting software vulnerabilities, using
ir
Trojan horses, or by insiders with access to the system.
Replication:
53 Edu Desire
● Trojans do not replicate themselves; their spread relies on user
interaction. Backdoors do not spread independently but can be
installed by attackers.
Purpose:
● Trojans often have specific malicious payloads, such as data theft
or malware installation. Backdoors are primarily designed for
unauthorised access and control.
Visibility:
● Trojans may display visible malicious activities. Backdoors aim to
e
remain hidden to maintain unauthorised access over time.
ir
Detection Focus:
● Detecting Trojans often involves identifying malicious behaviours
es
or signatures. Detecting backdoors requires monitoring for unusual
network or system activities.
D
Countermeasures:
1. Security Software: Use updated antivirus and anti-malware tools
to detect and remove Trojans.
u
54 Edu Desire
Steganography: It is the practice of concealing one piece of information
within another in such a way that the hidden message is difficult to
detect. Unlike cryptography, which focuses on making the content of a
communication unreadable, steganography aims to hide the existence of
the communication.
Techniques:
1. Image Steganography:
● Embedding data within images by subtly altering pixel values. This
e
can be achieved through the least significant bit (LSB) method,
where the least significant bits of pixel values are replaced with
ir
hidden data. es
2. Audio Steganography:
● Concealing information within audio files by modifying certain
components, such as the amplitude or frequency. This can be done
D
without significantly altering the perceived quality of the audio.
3. Text Steganography:
u
4. Video Steganography:
● Embedding data within video files, often by modifying specific
frames or components of the video stream. Similar to image
steganography, this can involve altering pixel values.
5. File Steganography:
● Hiding data within seemingly innocuous files, such as documents
or executable files, by manipulating certain aspects without
affecting the overall functionality.
55 Edu Desire
Applications:
2. Digital Watermarking:
● Embedding imperceptible marks within media files for copyright
protection or ownership attribution.
3. Covert Communication:
e
● Steganography enables covert communication in situations where
ir
overt communication might raise suspicion.
4. Concealing Malware:
es
● Malicious actors may use steganography to hide malware within
seemingly harmless files, evading detection by security software.
D
Detection:
1. Statistical Analysis:
u
2. Signature-based Detection:
● Searching for known steganographic signatures or patterns within
files.
3. Visual Inspection:
● Examining files for irregularities or artefacts that may indicate the
presence of hidden data.
56 Edu Desire
● Employing steganalysis tools designed to detect steganographic
content within various types of files.
Countermeasures:
1. Regular Audits:
● Conducting regular audits of files and network traffic to detect
anomalies.
2. Traffic Monitoring:
● Monitoring network traffic for unusual patterns or unexpected data
e
transmissions.
ir
3. Content Inspection:
● Inspecting files and media content for signs of manipulation or
es
irregularities.
D
4. Use of Steganalysis Tools:
● Employing specialised steganalysis tools to actively search for and
detect steganographic content.
u
5. User Education:
● Educating users about the risks associated with steganography and
Ed
1. Definition:
● A DoS attack aims to disrupt or temporarily disable the services of
a host or network, making them unavailable to users. The attack
overwhelms the target system with a flood of traffic or by
exploiting vulnerabilities, causing legitimate users to be unable to
access the services.
57 Edu Desire
2. Methods:
● Flooding Attacks: Overwhelm the target with a high volume of
traffic, such as ICMP flood (Ping flood) or SYN flood attacks.
● Exploiting Vulnerabilities: Exploit weaknesses in software or
protocols to crash or disable the target system.
3. Impact:
● Service Disruption: Denies access to legitimate users, rendering
services temporarily or permanently unavailable.
● Resource Exhaustion: Consumes bandwidth, CPU, memory, or
e
other resources, affecting the overall system performance.
ir
4. Detection and Mitigation:
● Traffic Monitoring: Use network monitoring tools to detect
es
unusual patterns or spikes in traffic.
● Firewalls and Intrusion Prevention Systems (IPS): Employ
firewalls and IPS to filter and block malicious traffic.
D
● Load Balancers: Distribute incoming traffic to prevent
overwhelming a single server.
u
1. Definition:
● A DDoS attack involves multiple compromised computers, known
as botnets, working together to flood a target system with a
massive volume of traffic. The distributed nature makes DDoS
attacks more challenging to mitigate compared to traditional DoS
attacks.
2. Methods:
● Botnets: Coordinated efforts of multiple compromised devices
(computers, IoT devices) to generate traffic.
58 Edu Desire
● Amplification: Exploiting services that can generate a large
response to a small request, magnifying the impact.
3. Impact:
● Service Overwhelm: Overwhelms the target's resources, making it
inaccessible to legitimate users.
● Network Congestion: Floods the target's network, affecting its
ability to respond to legitimate requests.
e
to identify unusual patterns.
ir
● Rate Limiting: Implement rate limiting to restrict the number of
requests from a single source.
● Content Delivery Networks (CDNs): Distribute content across
es
multiple servers to absorb and mitigate DDoS traffic.
59 Edu Desire
In DOS Attack only a single device In DDoS attacks,The volumeBots
is used with DOS Attack tools. are used to attack at the same
time.
Volume of traffic in the Dos attack DDoS attacks allow the attacker to
is less as compared to DDos. send massive volumes of traffic to
the victim network.
e
3. Teardrop Attack 3. Application Layer Attacks
4. Flooding Attack 4. Protocol Attack.
Detection Challenges:
ir
es
1. DoS Attack: Easier to detect as it involves a limited number of
sources.
2. DDoS Attack: More challenging to detect due to the distributed
D
and diverse sources.
Countermeasures:
u
1. DoS Attack:
Ed
2. DDoS Attack:
● Content Delivery Networks (CDNs): Distribute content across
multiple servers to absorb and mitigate traffic.
● Anycast DNS: Distribute DNS resolution requests across multiple
servers.
60 Edu Desire
● Traffic Scrubbing Services: Use specialised services to filter and
remove malicious traffic.
Both DoS and DDoS attacks can have severe consequences on the
availability and performance of online services. Implementing a
combination of preventive measures, detection mechanisms, and
mitigation strategies is crucial for safeguarding against these types of
attacks.
e
parameters of a web application's database query. This can lead to
unauthorised access, manipulation, or retrieval of sensitive data from the
ir
database.
Methods:
es
1. Classic SQL Injection: Injecting malicious SQL statements into
D
user-input fields, exploiting the lack of proper input validation and
sanitization.
Impact:
61 Edu Desire
2. Data Manipulation: Malicious users can modify or delete data within
the database, leading to data integrity issues.
e
ir
2. Parameterized Statements: Use parameterized statements or
prepared statements in SQL queries to separate SQL code from user
input.
es
3. Least Privilege Principle: Restrict database user privileges to the
minimum necessary for the application to function, reducing the impact
D
of a potential breach.
62 Edu Desire
overflow can lead to memory corruption, program crashes, and potential
security vulnerabilities.
Causes:
1. Insufficient Input Validation: Lack of proper validation on user inputs
allows for the introduction of excessive data.
e
3. Stack-based and Heap-based Overflows: Stack overflows may
ir
overwrite return addresses, while heap overflows can affect dynamically
allocated memory. es
Implications:
1. Code Execution: Successful attacks can lead to the execution of
arbitrary code, compromising system integrity.
D
2. Denial of Service (DoS): Buffer overflows may crash programs,
causing service disruptions.
u
might be exposed.
3. Safe Functions: Prefer safer functions like s̀trncpỳ over riskier ones
like s̀trcpỳ in C.
63 Edu Desire
4. Randomization Techniques: Employ address space randomization to
make it harder for attackers to predict memory layouts.
e
Attacks on Wireless Networks
ir
1. Wireless Eavesdropping:
● Unauthorised interception of wireless communication to capture
es
sensitive information.
● Use encryption protocols like WPA3 for Wi-Fi networks to secure
data in transit.
D
2. Man-in-the-Middle (MitM) Attacks:
● Intercepting and altering communication between two parties
u
like HTTPS.
3. Wireless Jamming:
● Deliberate interference with wireless signals, disrupting
communication and causing denial of service.
● Monitor network for unusual interference and use signal-jamming
detection tools.
64 Edu Desire
● Disable automatic connection to open networks and use secure,
well-configured Wi-Fi networks.
e
Wi-Fi network.
ir
● Disable WPS if not needed or use a strong, unique PIN.
8. Password Cracking:
u
65 Edu Desire
● Disable unnecessary Bluetooth services and use secure pairing
methods.
e
● Employ intrusion detection and prevention systems to detect and
ir
block suspicious packets.
2. Financial Fraud:
● Stolen identity information is often used to commit financial fraud,
such as opening fraudulent bank accounts, obtaining credit cards,
or making unauthorised purchases.
3. Criminal Activities:
66 Edu Desire
● Identity theft can be associated with various criminal activities,
including tax fraud, money laundering, or even involvement in
more serious crimes using a false identity.
e
information, making it harder to detect fraudulent activities.
ir
Common Scenarios: es
1. Financial Identity Theft:
● Unauthorised access to financial accounts, credit card fraud, or the
creation of false bank accounts.
D
2. Criminal Identity Theft:
● Committing crimes using someone else's identity, leaving the
u
67 Edu Desire
Prevention and Protection:
2. Credit Monitoring:
● Use credit monitoring services to detect unusual activities or new
accounts opened under your name.
e
3. Secure Personal Information:
ir
● Safeguard personal documents, Social Security cards, and other
sensitive information in a secure and locked location.
es
4. Shred Documents:
● Shred documents containing personal information before
D
disposing of them to prevent dumpster diving.
5. Strong Passwords:
● Use strong, unique passwords for online accounts and enable
u
6. Be Sceptical of Requests:
● Verify the legitimacy of requests for personal information,
especially through unsolicited emails, phone calls, or messages.
7. Update Software:
● Keep software, operating systems, and security applications
up-to-date to protect against vulnerabilities.
68 Edu Desire
● Be vigilant about potential data breaches and take necessary
actions, such as changing passwords, if your information may have
been compromised.
Recovery:
1. Report to Authorities:
● Report the identity theft to law enforcement agencies and file a
report with the Federal Trade Commission (FTC).
2. Credit Freeze:
e
● Consider placing a credit freeze to restrict access to your credit
ir
reports, preventing new accounts from being opened.
Unit-4
UNDERSTANDING COMPUTER FORENSICS
69 Edu Desire
Types of Computer Forensics:
1. Disk Forensics: It deals with extracting raw data from the primary
or secondary storage of the device by searching active, modified, or
deleted files.
2. Network Forensics: It is a sub-branch of Computer Forensics that
involves monitoring and analysing the computer network traffic.
3. Database Forensics: It deals with the study and examination of
databases and their related metadata.
4. Malware Forensics: It deals with the identification of suspicious
code and studying viruses, worms, etc.
5. Email Forensics: It deals with emails and their recovery and
e
analysis, including deleted emails, calendars, and contacts.
6. Memory Forensics: Deals with collecting data from system
ir
memory (system registers, cache, RAM) in raw form and then
analysing it for further investigation.
es
7. Mobile Phone Forensics: It mainly deals with the examination and
analysis of phones and smartphones and helps to retrieve contacts,
call logs, incoming, and outgoing SMS, etc., and other data present
in it.
D
Characteristics:
1. Identification: Identifying what evidence is present, where it is
u
70 Edu Desire
Application:
● Intellectual Property theft
● Industrial espionage
● Employment disputes
● Fraud investigations
● Misuse of the Internet and email in the workplace
● Forgeries related matters
● Bankruptcy investigations
● Issues concerned the regulatory compliance
e
Advantages of Computer Forensics :
ir
● To produce evidence in the court, which can lead to the
punishment of the culprit.
es
● It helps the companies gather important information on their
computer systems or networks potentially being compromised.
● Efficiently tracks down cyber criminals from anywhere in the
D
world.
● Helps to protect the organisation’s money and valuable time.
● Allows to extract, process, and interpret the factual evidence, so
it proves the cybercriminal action’s in the court.
u
Ed
71 Edu Desire
Digital Forensic Science:
● Digital Forensics is a branch of forensic science which includes the
identification, collection, analysis and reporting of any valuable
digital information in the digital devices related to computer
crimes, as a part of the investigation.
● In simple words, Digital Forensics is the process of identifying,
preserving, analysing and presenting digital evidence.
● The first computer crimes were recognized in the 1978 Florida
computers act and after this, the field of digital forensics grew
pretty fast in the late 1980-90’s.
e
● It includes the area of analysis like storage media, hardware,
operating system, network and applications.
ir
It consists of 5 steps at high level:
es
1. Identification of evidence: It includes identifying evidence
related to the digital crime in storage media, hardware, operating
system, network and/or applications. It is the most important and
D
basic step.
2. Collection: It includes preserving the digital evidence identified in
the first step so that they don't degrade to vanish with time.
Preserving the digital evidence is very important and crucial.
u
72 Edu Desire
● Media forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
audio, video and image evidence during the investigation process.
● Cyber forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
digital evidence during the investigation of a cyber crime.
● Mobile forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
digital evidence during the investigation of a crime committed
through a mobile device like mobile phones, GPS device, tablet,
laptop.
● Software forensics: It is the branch of digital forensics which
e
includes identification, collection, analysis and presentation of
digital evidence during the investigation of a crime related to
ir
softwares only. es
The Need for Computer Forensics:
D
1. Rising Cyber Crime Rates: With the increasing prevalence of
cybercrimes, including hacking, data breaches, and online fraud,
u
73 Edu Desire
4. Corporate Security: In the corporate world, computer forensics is
essential for responding to incidents such as data breaches, insider
threats, and intellectual property theft, helping organisations
maintain a secure digital environment.
e
regulations requires organisations to conduct thorough
investigations using computer forensics when dealing with digital
ir
incidents or potential data breaches.
es
7. Recovery of Lost or Deleted Data: Computer forensics helps in the
recovery of lost or deleted data, which can be critical in both
criminal investigations and corporate settings.
D
8. Prevention and Deterrence: The knowledge that computer
forensics can uncover and trace digital activities serves as a
deterrent, discouraging potential cybercriminals and contributing
u
74 Edu Desire
among law enforcement agencies and cybersecurity professionals
to combat digital threats.
e
online activities.
ir
14.Continuous Technological Advancements: The ever-evolving
landscape of technology and cyber threats necessitates ongoing
es
advancements in computer forensics tools and techniques to stay
ahead of sophisticated cybercriminal tactics.
D
Cyber Forensics: Cyber forensics is a process of extracting data as proof
for a crime (that involves electronic devices) while following proper
investigation rules to nab the culprit by presenting the evidence to the
u
documentation to find out who did the crime digitally. Cyber forensics
can do the following:
● It can recover deleted files, chat logs, emails, etc
● It can also get deleted SMS, Phone calls.
● It can get recorded audio of phone conversations.
● It can determine which user used which system and for how
much time.
● It can identify which user ran which program.
1. Investigation Scope:
75 Edu Desire
● Cyber forensics covers a broad range of digital incidents, including
hacking, data breaches, malware attacks, cyber espionage, online
fraud, and other criminal activities conducted in the digital realm.
2. Key Objectives:
● The primary objectives of cyber forensics include identifying and
analysing digital evidence, reconstructing digital timelines, and
providing accurate and admissible findings for legal proceedings.
e
mitigate threats and preserve digital evidence.
ir
● Criminal Investigations: Examination of digital evidence to
identify and prosecute individuals involved in cybercrimes.
● Corporate Investigations: Investigation of data breaches, insider
es
threats, and other digital incidents within corporate environments.
76 Edu Desire
legal proceedings. Preservation involves protecting the evidence from
tampering or alteration.
e
legal admissibility.
ir
5. Admissibility in Court: Digital evidence must meet legal standards for
admissibility, including relevance, authenticity, and reliability. Cyber
es
forensic experts play a key role in ensuring that digital evidence is
presented in a manner acceptable to the court.
D
6. Legal Challenges:
Legal challenges related to digital evidence include issues of privacy,
authentication, and the interpretation of complex technical information.
Cyber forensic experts must navigate these challenges to uphold the
u
77 Edu Desire
● Data collection: In this process data is identified and collected for
investigation.
● Examination: In the second step the collected data is examined
carefully.
● Analysis: In this process, different tools and techniques are used
and the collected evidence is analysed to reach some conclusion.
● Reporting: In this final step all the documentation, reports are
compiled so that they can be submitted in court.
e
ir
es
Forensic Analysis of E-Mail:
D
● Email forensics involves the systematic examination and analysis
of email data to gather evidence for investigative or legal purposes.
● It plays a crucial role in cybercrime investigations, corporate
incidents, and legal proceedings.
u
Ed
78 Edu Desire
● Chain of Custody: Document and maintain a secure chain of
custody to track the handling of email evidence.
e
clues, threats, or indications of malicious activity.
ir
4. Authentication and Verification:
● Email Source Verification: Verify the authenticity of emails by
examining the
es source, SPF/DKIM signatures, and sender
information.
● Sender Authentication: Validate the identity of the sender
D
through forensic analysis to prevent email spoofing.
79 Edu Desire
8. Legal Admissibility: Ensure that the methods used in email forensics
adhere to legal standards, making the evidence admissible in court.
e
● Email Spoofing: Identifying and mitigating the impact of email
ir
spoofing, where malicious actors manipulate email headers.
● Privacy Concerns: Balancing the need for investigation with
privacy considerations, especially in corporate or legal contexts.
es
11. Prevention and Best Practices:
● Email Security Measures: Implement robust email security
D
measures, including encryption, spam filters, and user awareness
training.
● Logging and Monitoring: Maintain comprehensive email logs and
u
Here are the key stages of the digital forensics life cycle:
80 Edu Desire
1. Identification of evidence: It includes identifying evidence
related to the digital crime in storage media, hardware, operating
system, network and/or applications. It is the most important and
basic step.
2. Collection: It includes preserving the digital evidence identified in
the first step so that they don't degrade to vanish with time.
Preserving the digital evidence is very important and crucial.
3. Analysis: It includes analysing the collected digital evidence of the
committed computer crime in order to trace the criminal and
possible path used to breach into the system.
e
4. Documentation: It includes the proper documentation of the
whole digital investigation, digital evidence, loopholes of the
ir
attacked system etc. so that the case can be studied and analysed
in future also and can be presented in the court in a proper format.
5. Presentation: It includes the presentation of all the digital
es
evidence and documentation in the court in order to prove the
digital crime committed and identify the criminal.
D
81 Edu Desire
collection to its presentation in court. It provides a clear record of who
had custody of the evidence, when, and under what circumstances.
2. Importance:
1. Preserving Integrity: Ensures that digital evidence remains
unchanged and authentic.
2. Legal Admissibility: Demonstrates that the evidence has not been
tampered with or altered.
3. Credibility: Enhances the credibility of the evidence and the
investigators involved.
4. Ethical Standards: Upholds ethical standards in handling and
e
presenting evidence in legal proceedings.
ir
3. Key Components:
1. Documentation: Detailed records should be maintained at each
es
stage of evidence handling.
2. Physical Security: Measures to physically secure the evidence,
such as locked storage facilities.
D
3. Access Control: Limiting access to authorised personnel to prevent
unauthorised tampering.
4. Seals and Signatures: The use of seals, signatures, or digital
u
82 Edu Desire
● Transfer: Any transfer of custody must be documented and involve
proper verification.
● Analysis: If analysis is required, document when, where, and by
whom it occurred.
● Court Presentation: Prepare the evidence for court presentation,
maintaining the chain of custody documentation.
Network Forensics:
● Network forensics is a subcategory of digital forensics that
essentially deals with the examination of the network and its traffic
e
going across a network that is suspected to be involved in
malicious activities, and its investigation for example a network
ir
that is spreading malware for stealing credentials or for the
purpose analysing the cyber-attacks.
es
● As the internet grew cybercrimes also grew along with it and so did
the significance of network forensics, with the development and
acceptance of network-based services such as the World Wide Web,
D
e-mails, and others.
● With the help of network forensics, the entire data can be retrieved
including messages, file transfers, e-mails, and, web browsing
history, and reconstructed to expose the original transaction.
u
83 Edu Desire
● Observation: In this process, all the visible data is tracked along
with the metadata.
● Investigation: In this process, a final conclusion is drawn from the
collected shreds of evidence.
● Documentation: In this process, all the shreds of evidence,
reports, conclusions are documented and presented in court.
e
● Address Spoofing.
ir
es
D
u
Ed
Advantages:
● Network forensics helps in identifying security threats and
vulnerabilities.
● It analyses and monitors network performance demands.
● Network forensics helps in reducing downtime.
● Network resources can be used in a better way by reporting and
better planning.
● It helps in a detailed network search for any trace of evidence
left on the network.
Disadvantage:
84 Edu Desire
● The only disadvantage of network forensics is that It is difficult
to implement.
e
● Study special areas on the drive
ir
● Investigate the settings and any data from programs on the system
● Consider the system from various perspectives
es
● Create detailed report containing an assessment of the data and
information collected
D
Things to be avoided during forensics investigation:
● Changing date/timestamps of the files
● Overwriting unallocated space
u
● Engagement contract
● Non-Disclosure Agreement (NDA)
85 Edu Desire
General steps in solving a computer forensics case are:
● Prepare for the forensic examination
● Talk to key people about the case and what you are looking for
● Start assembling tools to collect the data and identify the target
media
● Collect the data from the target media
● Use a write blocking tool while performing imaging of the disk
● Check emails records too while collecting evidence
● Examine the collected evidence on the image that is created
● Analyse the evidence
e
● Report your finding to your client
ir
es
● Security and privacy threats in the digital landscape are diverse
and evolving.
● Understanding these threats is crucial for individuals,
D
organisations, and policymakers to implement effective measures
for protection.
Here are some key security and privacy threats:
u
systems.
● Threat Impact: Data theft, system damage, unauthorised access,
and financial losses.
● Examples: Viruses, Trojans, ransomware, spyware.
86 Edu Desire
● Threat Impact: Compromised personal information, financial
losses, reputational damage.
● Examples: Hacking incidents, insider threats, accidental data leaks.
e
● Threat Impact: Unauthorised access, device manipulation, data
ir
exposure.
● Examples: Insecure smart devices, lack of encryption in IoT
communication.
es
6. Insider Threats: Threats originating from individuals within an
organisation with access to sensitive information.
D
● Threat Impact: Data breaches, intellectual property theft, sabotage.
● Examples: Malicious employees, negligent behaviour, unintentional
mistakes.
u
release.
● Threat Impact: Data loss, financial losses, operational disruptions.
● Examples: WannaCry, NotPetya, Ryuk.
87 Edu Desire
● Threat Impact: Deepfake creation, AI-powered cyberattacks.
● Examples: AI-driven phishing, adversarial attacks on machine
learning models.
e
● Examples: Insecure APIs, misconfigured cloud settings.
ir
12. Lack of Encryption: Failure to secure data with encryption, making it
vulnerable to unauthorised access.
es
● Threat Impact: Data exposure, privacy violations.
● Examples: Unencrypted communication channels, unsecured
D
storage.
88 Edu Desire
2. Volatility of Digital Evidence: Ephemeral nature of digital
evidence, easily altered or destroyed.
e
privacy considerations.
ir
6. Large Volumes of Data: Coping with the exponential growth of
data for collection, analysis, and storage.
es
7. Digital Forensics Standardization: Lack of standardised
procedures and methodologies.
D
8. Rapid Technological Advancements: Keeping up with the
constant evolution of technology.
u
digital evidence.
Unit-5
89 Edu Desire
INTRODUCTION TO SECURITY POLICIES AND CYBER LAWS
e
Need for an Information Security Policy: In the ever-expanding digital
landscape, an Information Security Policy is not just a document; it's a
ir
crucial shield for organisations.
es
Here's why it's indispensable:
1. Asset Protection:
D
● Why: Safeguards digital and physical assets like data, systems, and
networks.
● Impact: Prevents unauthorised access, data breaches, and
u
2. Risk Management:
● Why: Identifies and minimises potential risks and vulnerabilities.
● Impact: Mitigates the impact of cyber threats, ensuring business
continuity.
3. Regulatory Compliance:
● Why: Ensures adherence to legal requirements and industry
standards.
● Impact: Avoids legal consequences, fines, and damage to
reputation.
90 Edu Desire
4. Data Integrity:
● Why: Guarantees the accuracy and reliability of information.
● Impact: Prevents data manipulation, corruption, or unauthorised
alterations.
5. User Guidelines:
● Why: Provides clear instructions on acceptable use of resources.
● Impact: Helps employees understand their responsibilities,
reducing human-related risks.
6. Incident Response:
e
● Why: Outlines procedures for handling security incidents.
ir
● Impact: Enables swift and effective response, minimising potential
damage.
es
7. Customer Trust:
● Why: Demonstrates a commitment to protecting customer
D
information.
● Impact: Builds trust, enhancing the organisation's reputation.
8. Competitive Advantage:
u
market.
● Impact: Attracts partners and customers who prioritise secure
business practices.
9. Technology Adoption:
● Why: Facilitates the secure adoption of new technologies.
● Impact: Allows organisations to leverage innovations without
compromising security.
91 Edu Desire
● Impact: Creates a security-conscious culture, reducing the
likelihood of insider threats.
e
● Impact: Ensures a secure ecosystem, even when collaborating with
ir
external entities.
es
Introduction to Indian Cyber Law:
Cyber Law also called IT Law is the law regarding
Information-technology including computers and the internet. It is
D
related to legal informatics and supervises the digital circulation of
information, software, information security, and e-commerce.
u
92 Edu Desire
fraud. Laws are made to prevent identity theft, credit card theft,
and other financial crimes that happen online. A person who
commits identity theft may face confederate or state criminal
charges. They might also encounter a civil action brought by a
victim. Cyber lawyers work to both defend and prosecute against
allegations of fraud using the internet.
2. Copyright:
The internet has made copyright violations easier. In the early days
of online communication, copyright violations were too easy. Both
companies and individuals need lawyers to bring an action to
impose copyright protections. Copyright violation is an area of
e
cyber law that protects the rights of individuals and companies to
ir
profit from their creative works.
3. Defamation:
es
Several personnel use the internet to speak their mind. When
people use the internet to say things that are not true, it can cross
the line into defamation. Defamation laws are civil laws that save
D
individuals from fake public statements that can harm a business
or someone’s reputation. When people use the internet to make
statements that violate civil laws, that is called Defamation law.
u
5. Freedom of Speech:
Freedom of speech is an important area of cyber law. Even though
cyber laws forbid certain behaviours online, freedom of speech
laws also allows people to speak their minds. Cyber lawyers must
advise their clients on the limits of free speech including laws that
prohibit obscenity. Cyber lawyers may also defend their clients
93 Edu Desire
when there is a debate about whether their actions consist of
permissible free speech.
6. Trade Secrets:
Companies doing business online often depend on cyber laws to
protect their trade secrets. For example, Google and other online
search engines spend lots of time developing the algorithms that
produce search results. They also spend a great deal of time
developing other features like maps, intelligent assistance, and
flight search services to name a few. Cyber laws help these
companies to take legal action as necessary to protect their trade
secrets.
e
ir
7. Contracts and Employment Law:
Every time you click a button that says you agree to the terms and
conditions of using a website, you have used cyber law. There are
es
terms and conditions for every website that are somehow related to
privacy concerns.
D
Advantages of Cyber Law:
● Organisations are now able to carry out e-commerce using the legal
infrastructure provided by the Act.
u
● Digital signatures have been given legal validity and sanction in the
Act.
Ed
● It has opened the doors for the entry of corporate companies for
issuing Digital Signatures Certificates in the business of being
Certifying Authorities.
● It allows the Government to issue notifications on the web thus
heralding e-governance.
● It gives authority to the companies or organisations to file any
form, application, or any other document with any office,
authority, body, or agency owned or controlled by the suitable
Government in e-form using such e-form as may be prescribed by
the suitable Government.
● The IT Act also addresses the important issues of security, which
are so critical to the success of electronic transactions.
94 Edu Desire
● Cyber Law provides both hardware and software security.
Objective and Scope of the Digital Personal Data Protection Act 2023:
The Digital Personal Data Protection Act, 2023 (DPDP Act) aims to
regulate the processing of personal data.
e
● Increase data sovereignty
ir
The act's scope includes:
es
● Online and offline data processing
● Cross-border data transfer
● Rights and duties for individuals and data fiduciaries
D
● Establishing the Data Protection Board of India
The DPDP Act was passed by the Rajya Sabha on August 9, 2023. The
u
95 Edu Desire
2. Trademarks: Trademarks protect words, symbols, or designs that
identify and distinguish the source of goods or services. A
trademark gives the owner the exclusive right to use the mark on
their goods or services, and to prevent others from using a
confusingly similar mark.
3. Copyrights: Copyrights protect original works of authorship, such
as books, music, movies, and software. A copyright gives the owner
the exclusive right to reproduce, distribute, perform, display, and
create derivative works from the copyrighted work.
4. Trade secrets: Trade secrets are confidential information that
gives a business a competitive advantage. A trade secret can be
anything from a customer list to a manufacturing process.
e
ir
IP issues can arise in a variety of contexts, including:
1. Infringement: Infringement occurs when someone uses an IP
without the permission of the owner. Infringement can be direct
es
(e.g., copying a copyrighted work) or indirect (e.g., using a
trademark to confuse consumers).
2. Misappropriation: Misappropriation occurs when someone takes
D
advantage of an IP without the owner's permission, but does not
technically infringe the IP. For example, misappropriation can
occur when someone uses an IP to trade on the goodwill of the
u
owner.
3. Licensing: Licensing is an agreement between an IP owner and
Ed
another party that allows the other party to use the IP in exchange
for a fee. Licences can be exclusive or non-exclusive, and can be
limited to certain fields of use or geographic areas.
4. Enforcement: Enforcement is the process of taking legal action to
protect an IP from infringement or misappropriation. Enforcement
can be a complex and expensive process, and there is no guarantee
that it will be successful.
96 Edu Desire
2. Registering their IP: Businesses should register their trademarks
and copyrights with the appropriate government agencies. Patents
can also be registered, but registration is not required to obtain
patent protection.
3. Keeping their IP confidential: Businesses should keep their trade
secrets confidential by taking steps to prevent unauthorised
disclosure.
4. Monitoring for infringement: Businesses should monitor the
market for unauthorised use of their IP.
5. Taking action against infringement: Businesses should take
action against infringement, such as sending cease-and-desist
e
letters or filing lawsuits.
ir
Protecting IP is an important part of business success. By taking
steps to protect their IP, businesses can:
es
● Minimise the risk of infringement and misappropriation
● Maximise the value of their IP assets
● Gain a competitive advantage
D
● Protect their reputation
● Avoid costly lawsuits
u
it's for creations of the mind. In India, we have laws to protect these
creations, just like we protect physical property.
The main IP laws in India are like rulebooks for different types of
creations:
1. Patents Act, 1970: This rulebook protects new and useful
inventions, like a new type of medicine or a special machine.
97 Edu Desire
3. Trade Marks Act, 1999: This rulebook protects special symbols
or words that businesses use to identify their products, like a
company logo or brand name.
e
ir
6. Semiconductor Integrated Circuit Layout-Designs Act, 2000:
This rulebook protects the specific arrangement of electronic
components on a computer chip.
es
IP Enforcement in India: Imagine a special court called the
Intellectual Property Appellate Board (IPAB) as the IP police. They
D
handle appeals from the Patent Office, Trade Marks Registry, and
Copyright Office, making sure IP rights are protected.
u
Regular courts also play a role in IP disputes, like the High Courts and
Supreme Court, granting injunctions and other remedies to protect IP
Ed
rights.
98 Edu Desire
Seeking legal advice from an experienced IP attorney is crucial for
foreign investors to navigate IP protection in India.
Patent:
● A patent is a legal right that gives the inventor the exclusive
right to make, use, sell, and import an invention for a limited
period of time.
● In exchange for this exclusive right, the inventor must disclose
the invention to the public in a detailed patent application.
e
There are three main types of patents:
ir
● Utility patents: Utility patents protect inventions that are new,
useful, and non-obvious. This means that the invention must be
something that has not been invented before, that it must be
es
useful in some way, and that it must not be simply an obvious
variation of something that already exists.
D
● Design patents: Design patents protect the ornamental design
of manufactured products. This means that the patent protects
the way the product looks, but not its function.
u
99 Edu Desire
3. Examination: The patent application will be examined by a
patent examiner to see if it meets the requirements for a patent.
e
● Increase the value of the invention.
● Make it easier to attract investors.
ir
● Help to establish the inventor as an expert in their field.
es
Copyright: Copyright is a legal right that gives the owner the
exclusive right to reproduce, distribute, perform, display, and create
D
derivative works from a work of authorship for a limited period of
time.
u
e
Copyright Registration
ir
Copyright registration is not required to obtain copyright protection,
but it is highly recommended. Registration provides several benefits,
including:
es
● A presumption of validity: If a work is registered, the copyright
owner is presumed to be the owner of the copyright.
D
● A right to statutory damages: If a copyright is registered and
an infringer is found liable, the copyright owner may be able to
recover statutory damages, which are a set amount of money
u
Trademarks:
A trademark is a legal right that gives the trademark owner the
exclusive right to use a word, symbol, or design to identify and
distinguish the source of goods or services. Trademarks are granted to
businesses in order to protect their brands from unauthorised use or
exploitation.
Trademark Registration
● Trademarks are not registered by default.
● In order to obtain trademark registration, a business must file a
trademark application with the appropriate government agency.
● The trademark application must include the trademark, the
e
goods or services that the trademark is used for, and the name
and address of the trademark owner.
ir
There are several benefits to trademark registration:
es
1. National registration: A registered trademark is protected
throughout the country.
D
2. Presumption of validity: A registered trademark is presumed to
be valid, which can make it easier for the trademark owner to
win a lawsuit against an infringer.
u
e
ir
es
D
Edu Desire
Computer And Technology
u
Thank You!
Follow me