Cyber Security

This pdf is only designed for B.Tech students of all Engineering Colleges affiliated
with Dr APJ Abdul Kalam Technical University.
This pdf provides help in the exam time for a quick revision in sorting the time.

Compiled by

e
Sanjeev Yadav

ir
es
D

Edu Desire
u

Computer & Technology

Ed

The More You Practice, The Better You Get.

Follow me

2 Edu Desire
 DETAILED SYLLABUS

Unit Topic

INTRODUCTION TO CYBER CRIME: Cybercrime- Definition and

Origins of the word Cybercrime and Information Security, Who are
Cybercriminals? Classifications of Cyber Crimes, A Global Perspective on
1 Cybercrimes, Cybercrime Era: Survival Mantra for the Netizens. Cyber
offences: How Criminals Plan the Attacks, Social Engineering, Cyber
stalking, Cybercafe and Cybercrimes, Botnets: The Fuel for Cybercrime,
Attack Vector.

CYBER CRIME: Mobile and Wireless Devices-Introduction, Proliferation

of Mobile and Wireless Devices, Trends in Mobility, Credit Card Frauds in

e
Mobile and Wireless Computing Era, Security Challenges Posed by Mobile
Devices, Registry Settings for Mobile Devices, Authentication Service

ir
2
Security, Attacks on Mobile/Cell Phones, Mobile Devices: Security
Implications for organisations, Organisational Measures for Handling
Mobile, Organisational Security Policies and Measures in Mobile
Computing Era.
es
TOOLS AND METHODS USED IN CYBERCRIME: Introduction,
Proxy Servers and Anonymizers, Phishing, Password Cracking, Keyloggers
D
and Spywares, Virus and Worms, Trojan-horses and Backdoors,
3
Steganography, DoS and DDoS At-tacks, SQL Injection, Buffer Overflow,
Attacks on Wireless Networks. Phishing and Identity Theft: Introduction to
Phishing, Identity Theft (ID Theft).
u

UNDERSTANDING COMPUTER FORENSICS: Introduction, Digital

Forensics Science, The Need for Computer Forensics, Cyber forensics and
Ed

Digital Evidence, Forensics Analysis of E-Mail, Digital Forensics Life Cycle,

4
Chain of Custody Concept, Network Forensics, Approaching a Computer
Forensics Investigation. Forensics and Social Networking Sites: The
Security/Privacy Threats, Challenges in Computer Forensics.

INTRODUCTION TO SECURITY POLICIES AND CYBER LAWS:

Need for An Information Security Policy, Introduction to Indian Cyber
5 Law, Objective and Scope of the Digital Personal Data Protection Act 2023,
Intellectual Property Issues, Overview of Intellectual Property Related
Legislation in India, Patent, Copyright, Trademarks.

3 Edu Desire
 Unit-1
Introduction to Cyber Crime

Definition: Cybercrime means doing bad things using computers and the
internet. It's like breaking the rules in the digital world. Imagine someone
stealing information or causing trouble online—that's cybercrime.

Origins of the Term: The word “cybercrime" comes from combining

"cyber" (related to computers) and "crime" (doing bad things). Back in

e
the 1990s, when computers were becoming popular globally, people
needed a word for these new digital crimes. So, they created "cybercrime"

ir
to describe illegal activities happening in the digital space.
es
When we say "cybercrime," we're talking about crimes that happen
online. It's like a catch-all term for rule-breaking in the digital world.
From hacking to online fraud, it covers a lot of different ways people can
D
break the law using computers and the internet.

Information Security: Information Security is like a digital

superhero—it protects your personal information from digital bad guys.
u

It's the guardian that ensures only the right people can access and use
your digital secrets.
Ed

Importance: Imagine it as the lock on your digital diary. Information

Security keeps your personal details safe from online mischief-makers.
Without it, your digital secrets could be like an open book for anyone to
read.

Key Aspects:
1. Confidentiality: Keeping your secrets safe.
2. Integrity: Making sure your information is accurate and not
tampered with.

4 Edu Desire
 3. Availability: Ensuring you can access your information when you
need it.

Who are Cybercriminals?

Cybercriminals are like digital bad guys. They're people who use
computers and the internet to do naughty stuff.
1. Anyone Can Be a Cybercriminal: It could be your neighbour,
someone across the world, or even someone you know. There's no
specific "look" for a cybercriminal.
2. Digital Rule-Breakers: They break the online rules by doing things
like stealing information, spreading viruses, or causing trouble in

e
the digital world.

ir
Example: Think of cybercriminals as the troublemakers in the digital
neighbourhood. They use their tech skills for not-so-nice things, like the
bullies of the internet.
es
Classifications of Cyber Crimes:
D
u
Ed

Classifications of Cybercrimes are like groups of online rule-breaking.

They help us understand the different ways people misbehave on the
internet.
1. Hacking: Sneaking into computers or networks without asking.
2. Phishing: Tricking people into sharing their secrets by pretending
to be a friend.
3. Identity Theft: Pretending to be someone else online to steal their
private information.
4. Online Fraud: Tricking people into giving money or private info by
lying.

5 Edu Desire
 5. Cyberbullying: Using the internet to hurt or bother others.

A Global Perspective on Cybercrimes is like looking at naughty actions

happening all around the world using computers and the internet.

More Details:
1. No Borders: Cybercrimes don't follow country lines. They can
happen anywhere, and bad actors from different countries might
even work together.

2. Digital Challenges Everywhere: It's not just a problem in one

e
place. People worldwide face similar digital troubles, and everyone

ir
needs to be careful online.

Example: Think of A Global Perspective on Cyber Crimes as looking at

es
a world map and seeing where digital mischief is happening. It's like a big
digital puzzle affecting everyone, no matter where they are.
D
Importance: Understanding A Global Perspective on Cyber Crimes
helps us realise that being cautious online is not just for one country—it's
a worldwide effort to stay safe in the digital space.
u

The Cybercrime Era is like living in a time where digital mischief is a

Ed

common challenge. Survival Mantra for the Netizens means having a set
of rules or practices to stay safe in this digital age.

Survival Mantra:

6 Edu Desire
 1. Be Cyber-Aware: Stay alert and aware of potential online threats.

e
2. Use Strong Passwords: Create and regularly update strong, unique
passwords.

ir
3. Keep Software Updated: Ensure your computer and apps have the
latest security updates.
es
4. Be Sceptical of Emails: Don't trust every email; be cautious,
especially with links or attachments.
5. Use Trusted Websites: Stick to reputable websites to minimise
D
risks.
6. Secure Personal Information: Be cautious about sharing sensitive
info online.
7. Install Antivirus Software: Have reliable antivirus software to
u

protect against digital threats.

Ed

Example: Living in the Cybercrime Era is like being in a digital jungle

where you need a Survival Mantra for Netizens. It's similar to having a
set of rules when exploring an unknown territory. Just as you'd wear a
helmet in a construction zone, in the cyber world, you follow these
mantras to keep yourself safe from digital dangers.

Cyber Offences: How Criminals Plan the Attacks:

Cyber Offences are like digital crimes, and understanding how criminals
plan their attacks is crucial. It involves the strategies and methods they
use to carry out illegal activities in the digital space.

7 Edu Desire
Planning Strategies:
1. Identifying Weak Points: Criminals look for vulnerabilities in
computer systems or networks.
2. Exploiting Vulnerabilities: They use weaknesses to gain

e
unauthorised access or control.
3. Social Engineering: Tricking individuals into divulging sensitive

ir
information.
4. Malware Deployment: Spreading malicious software to
compromise systems.
es
5. Planning Attack Routes: Deciding the best way to execute their
digital mischief.
D
Example: Think of Cyber Offences like planning a heist. Criminals study
the target (identifying weak points), find ways to break in (exploiting
vulnerabilities), use deception (social engineering), deploy tools for the
u

job (malware), and plan their entry and exit routes (planning attack
routes). Understanding these steps helps in building stronger digital
Ed

defences.

Social Engineering: Social Engineering is like a digital magic trick. It's

when cybercriminals use charm, manipulation, or deceit to trick people
into giving up their personal information or doing something they
shouldn't.

8 Edu Desire
Techniques Used:

e
1. Phishing: Sending fake emails or messages to trick individuals into
revealing sensitive information.

ir
2. Pretexting: Creating a made-up scenario to obtain personal
information.
es
3. Impersonation: Posing as someone trustworthy to gain access to
information or systems.
4. Quizzes and Surveys: Using seemingly harmless quizzes or surveys
D
to gather information.

Example: Imagine someone pretending to be a friend and asking for your

password. That's Social Engineering in action. It's like a digital con artist
u

using charm or deception to get people to share their secrets. Always be

cautious, and never share sensitive information online, even if it seems
Ed

harmless.

Cyber Stalking: Cyber Stalking is like someone following you online. It

involves persistent and unwanted attention, harassment, or monitoring
through digital means.

9 Edu Desire
Characteristics:

e
1. Unwanted Attention: Receiving excessive, unsolicited online
communication.

ir
2. Monitoring: Being observed without consent, often through social
media or other online platforms.
es
3. Harassment: Repeated and intrusive behaviour causing emotional
distress.
4. Threats: Expressing harmful intentions or making individuals feel
D
unsafe.

Example: Imagine someone constantly commenting on your social

media, sending numerous messages, or tracking your online activity.
u

That's Cyber Stalking. It's like an online shadow that won't go away,
causing discomfort and potentially putting your digital well-being at
Ed

risk. Always report such behaviour and take steps to protect your online
privacy.

Cybercafe: A Cybercafe is like a digital hangout spot where people can

use computers and the internet. It's a place where individuals, often
without personal computers, can access online services, play games, or
work on projects.

Features:
1. Computer Access: Provides computers with internet connectivity
for public use.

10 Edu Desire
 2. Internet Browsing: Users can surf the web, check emails, and
engage in online activities.
3. Gaming: Some cybercafes offer gaming setups for multiplayer or
individual gaming sessions.

Common Uses:
1. Study and Work: Students or professionals without personal
computers may use cybercafes for assignments or work.
2. Socialising: People may gather to play games, socialise, or
collaborate on projects.

e
Example: Imagine a place with rows of computers, people typing away,

ir
and the hum of online activity—that's a Cybercafe. It's like a digital
community hub where individuals come together to explore the online
world, whether for work, study, or leisure.
es
Cybercrimes: Cybercrimes are like digital offences, where people use
computers and the internet to break the law or cause harm. These actions
D
can range from stealing personal information to disrupting digital
systems.
u
Ed

Common Types:
1. Hacking: Unauthorised access to computer systems or networks.
2. Phishing: Tricking individuals into revealing sensitive information
through fake emails or messages.
3. Identity Theft: Pretending to be someone else online to steal
personal information.

11 Edu Desire
 4. Malware Attacks: Spreading harmful software to compromise
computer systems.
5. Online Fraud: Deceiving individuals to gain money or sensitive
information.

Impact:
1. Financial Loss: Individuals or businesses may lose money.
2. Privacy Invasion: Personal information may be exposed.
3. Disruption: Digital systems may be interrupted or damaged.

Prevention:

e
1. Use Strong Passwords: Create complex and unique passwords.

ir
2. Install Antivirus Software: Protect devices from malicious
software.
3. Be Cautious Online: Avoid clicking on suspicious links or sharing
es
sensitive information.

Example: Imagine someone stealing your online banking information or

D
spreading a virus to disrupt a website—that's a Cybercrime. It's like
digital rule-breaking that can have real-world consequences,
emphasising the need for cybersecurity measures and awareness.
u
Ed

Botnets are like digital zombie armies. They're networks of infected

computers controlled by a single entity, often a cybercriminal. These
infected computers, known as "bots," work together without their
owners' knowledge to perform malicious activities.

How Botnets Work:

1. Infection: Cybercriminals infect computers with malicious
software.
2. Control: Once infected, these computers become part of the
botnet, and the attacker can control them remotely.

12 Edu Desire
 3. Coordination: Bots work together to perform tasks, like spreading
malware, stealing information, or launching cyberattacks.

Fuel for Cybercrime:

1. Distributed Power: Botnets provide attackers with a distributed
and powerful network, making it harder to trace and stop their
activities.
2. Multipurpose Use: They can be used for various cybercrimes, from
launching massive DDoS attacks to sending spam emails.

Attack Vector: An Attack Vector is like finding a secret entry point. It's

e
the method or path that cybercriminals use to gain unauthorised access
to computer systems or networks.

ir
es
D
u

Types of Attack Vectors:

1. Malware: Infecting systems with malicious software.
Ed

2. Phishing: Tricking individuals into revealing sensitive information.

3. Drive-By Downloads: Installing malware when a user visits a
compromised website.
4. Zero-Day Exploits: Taking advantage of undiscovered
vulnerabilities in software.

Example: Imagine a cybercriminal controlling a group of infected

computers (a Botnet). It's like having a digital army of zombies ready to
follow commands—spreading viruses, stealing information, or disrupting
websites. The Attack Vector is how they sneak into digital systems, like
finding a hidden tunnel into a fortress. Understanding these concepts
helps in building stronger defences against cyber threats.

13 Edu Desire
 Unit-2
Cyber Crime

Mobile and wireless devices are like digital companions that don't need
a physical connection to work. They include smartphones, tablets, and
other gadgets that communicate wirelessly, allowing users to stay
connected and access information on the go.

Features:
1. Portability: These devices are small and easy to carry, allowing

e
users to stay connected wherever they go.

ir
2. Wireless Connectivity: They use technologies like Wi-Fi,
Bluetooth, and mobile networks to connect to the internet and
other devices.
es
3. Multifunctionality: Beyond calls and messages, they serve as
cameras, GPS devices, entertainment hubs, and more.
D
Common Examples:
1. Smartphones: Devices with touchscreens, internet access, and a
variety of apps.
u

2. Tablets: Larger than smartphones, often used for productivity and

entertainment.
Ed

3. Wearable Devices: Smartwatches and fitness trackers that connect

to smartphones.

Importance:
1. Communication: Keeping people connected through calls,
messages, and social media.
2. Information Access: Providing instant access to the internet for
information, news, and entertainment.
3. Productivity: Enabling work and productivity on the go through
various apps and functionalities.

14 Edu Desire
Example: Think of your smartphone as a pocket-sized computer. It's not
just for making calls; it's your camera, map, music player, and more.
Mobile and wireless devices have become essential in our daily lives,
offering convenience and connectivity beyond what traditional devices
can provide.

Proliferation of Mobile and Wireless Devices:

Proliferation of mobile and wireless devices is like the widespread
growth or spread of smartphones, tablets, and other wirelessly
connected gadgets. It reflects the increasing number of these devices in
our daily lives.

e
Key Factors:

ir
1. Technological Advancements: Continuous improvements in
technology make devices more affordable and accessible.
es
2. Increased Connectivity: The rise of high-speed internet and
wireless networks enables seamless communication.
3. Versatility: Mobile devices offer a variety of functions, from
D
communication to entertainment and productivity.
4. Consumer Demand: People increasingly rely on mobile and
wireless devices for convenience and on-the-go access.
u

Impact:
Ed

1. Global Connectivity: People worldwide can connect instantly,

transcending geographical boundaries.
2. Digital Transformation: The way we communicate, work, and
access information has undergone a significant shift.
3. Business and Innovation: The proliferation of devices has spurred
innovations in app development, services, and digital solutions.

Challenges:
1. Security Concerns: With more devices in use, there's an increased
risk of cybersecurity threats and privacy issues.
2. Digital Divide: Disparities in access to mobile technology can
create inequalities in information and opportunities.

15 Edu Desire
 3. Dependency: Over Reliance on mobile devices may impact
face-to-face interactions and physical activities.

Trends in Mobility:
1. 5G Revolution: The 5G Revolution is like the superhero of internet
speed. It's the fifth generation of mobile networks, bringing faster speeds
and more reliable connections to mobile and wireless devices.

Impact:
● High-Speed Connectivity: Faster internet speeds for quicker
downloads and smoother streaming.

e
● IoT Advancements: Enables better connections for the Internet of

ir
Things (IoT) devices.

2. Mobile App Ecosystem: The Mobile App Ecosystem is like a digital

es
marketplace. It encompasses the diverse range of applications available
for download on mobile devices.
D
Impact:
● Diverse Applications: Apps for communication, productivity,
entertainment, and more.
u

● App Integration: Seamless integration of apps for a smoother user

experience.
Ed

3. Mobile Security Measures: Mobile Security Measures are like digital

bodyguards for your devices. With the increasing use of mobile devices,
there's a growing focus on ensuring their security.

Impact:
● Biometric Authentication: Fingerprint and facial recognition for
enhanced device security.
● Mobile Device Management (MDM): Tools for businesses to secure
and manage mobile devices.

16 Edu Desire
4. Edge Computing: Edge Computing is like having a mini-brain in your
device. Instead of relying solely on a centralised server, computations
happen closer to the source of data.

Impact:
● Reduced Latency: Faster response times for applications and
services.
● Improved Privacy: Processing sensitive data locally without
sending it to a central server.

5. Augmented Reality (AR) and Virtual Reality (VR): Augmented Reality

e
(AR) and Virtual Reality (VR) are like digital realms overlaying or
immersing into the real world, enhancing user experiences.

Impact:

ir
es
● Enhanced User Engagement: AR adds digital elements to the real
world, while VR creates immersive environments.
● Applications in Various Industries: From gaming to healthcare
D
and education.

6. Remote Work and Collaboration: Remote Work and Collaboration are

u

like the new-age workspaces. With the advancement of mobile

technology, working from anywhere and collaborating seamlessly has
Ed

become a trend.

Impact:
● Flexibility: Allows professionals to work from different locations.
● Virtual Meetings: Increased reliance on mobile devices for virtual
collaboration.

7. Sustainable Mobility: Sustainable Mobility is like a green approach to

technology. It involves the development and use of mobile solutions that
minimise environmental impact.

Impact:

17 Edu Desire
Green Technologies: Focus on eco-friendly materials and
energy-efficient designs.
Reduced E-Waste: Efforts to extend the lifespan of devices and promote
recycling.

Credit Card Frauds in Mobile: Credit Card Frauds in Mobile are like
digital heists targeting your financial information on mobile devices. It
involves unauthorised access to credit card details, leading to financial
losses and potential identity theft.

Common Techniques:

e
1. Phishing: Fraudsters use fake messages or emails to trick users
into revealing credit card information.

ir
2. Mobile Malware: Malicious software on mobile devices can
capture credit card details.
es
3. Fake Apps: Fraudulent mobile applications mimic legitimate ones
to steal credit card information.
4. Unsecured Wi-Fi: Conducting transactions on unsecured Wi-Fi
D
networks makes it easier for hackers to intercept data.

Preventive Measures:
u

1. Use Trusted Apps: Only download apps from official app stores to
avoid fake applications.
Ed

2. Secure Wi-Fi: Avoid sensitive transactions on public Wi-Fi

networks; use secure connections.
3. Two-Factor Authentication: Enable additional layers of security
for mobile transactions.
4. Regular Monitoring: Keep a close eye on credit card statements for
any unauthorised transactions.

Impact:
1. Financial Loss: Unauthorised transactions can lead to direct
monetary losses.
2. Identity Theft: Stolen credit card information may be used for
identity theft.

18 Edu Desire
 3. Credit Score Impact: Fraudulent activities can negatively impact
credit scores.

Example: Imagine receiving a message that looks like it's from your
bank, asking for your credit card details to resolve an issue. If you
provide this information, you've fallen victim to Credit Card Frauds in
Mobile. It's crucial to stay vigilant, verify messages, and adopt secure
practices to protect your financial information on mobile devices.

Wireless Computing Era: The Wireless Computing Era is like a

technological revolution, marking a shift from traditional wired

e
connections to a world where computing devices communicate and
connect wirelessly.

Key Elements:

ir
es
1. Wireless Networks: Use of technologies like Wi-Fi, Bluetooth, and
cellular networks for device connectivity.
2. Mobile Devices: Proliferation of smartphones, tablets, and
D
wearables, untethered from physical connections.
3. Cloud Computing: Storing and accessing data and applications
over the internet instead of on local devices.
u

Characteristics:
Ed

1. Mobility: Computing devices can be used and moved without the

constraints of physical cables.
2. Instant Connectivity: Devices can connect to the internet and
each other instantly, enhancing communication.
3. Ubiquitous Access: Information and applications are accessible
from almost anywhere, fostering a connected environment.

Technological Enablers:
1. 5G Technology: High-speed, low-latency wireless networks
supporting advanced applications.
2. IoT Integration: Interconnected devices, from smart homes to
industrial sensors, communicating wirelessly.

19 Edu Desire
 3. Edge Computing: Processing data closer to the source, reducing
reliance on centralised servers.

Impact on Society:
1. Digital Transformation: Changing the way businesses operate,
communicate, and deliver services.
2. Remote Work Revolution: Allowing individuals to work from
anywhere, transforming traditional workspaces.
3. Smart Living: Integration of wireless technologies in homes,
making them smart and connected.

e
Challenges and Considerations:

ir
1. Security Concerns: The need for robust cybersecurity measures to
protect wireless communications.
2. Digital Inclusion: Ensuring equal access to wireless technologies
es
to bridge the digital divide.
3. Privacy Issues: Balancing the convenience of wireless computing
with individual privacy considerations.
D
Example: Imagine a world where you can seamlessly connect to the
internet, work, and communicate without any physical constraints.
u

That's the essence of the Wireless Computing Era, where the airwaves
carry the pulse of our digital lives, shaping the way we live, work, and
Ed

connect.

Security Challenges Posed by Mobile Devices:

20 Edu Desire
1. Lost or Stolen Devices:

e
Challenge: Mobile devices are small and portable, making them easy
targets for theft or misplacement. If not secured, sensitive information

ir
can be accessed. es
Mitigation:
● Strong Passwords or Biometrics: Protect devices with secure
authentication methods.
D
● Remote Wipe: Enable features to remotely erase data in case of
loss.
u

2. Malicious Apps:
Challenge: Fake or malicious apps can compromise security by accessing
Ed

personal information or injecting malware into the device.

Mitigation:
● Official App Stores: Download apps only from trusted sources like
Google Play or the Apple App Store.
● App Permissions: Review and limit app permissions to the
essentials.

3. Phishing Attacks:
Challenge: Mobile users may fall victim to phishing attempts through
fraudulent emails, messages, or websites seeking personal information.

21 Edu Desire
Mitigation:
● User Education: Train users to identify and avoid phishing
attempts.
● Security Software: Use mobile security apps to detect and block
phishing threats.

4. Insecure Wi-Fi Networks:

Challenge: Connecting to unsecured Wi-Fi networks exposes mobile
devices to potential eavesdropping and data interception.

e
Mitigation:

ir
● Use VPNs: Employ Virtual Private Networks for secure data
transmission.
● Avoid Public Wi-Fi for Sensitive Transactions: Refrain from
es
conducting financial or sensitive transactions on unsecured
networks.
D
5. Outdated Software:
Challenge: Failure to update operating systems and apps leaves devices
vulnerable to known exploits and security flaws.
u

Mitigation:
Ed

● Regular Updates: Keep both the operating system and apps up to

date.
● Automatic Updates: Enable automatic updates for added
convenience.

6. Jailbreaking or Rooting:
Challenge: Jailbreaking (iOS) or rooting (Android) devices to remove
restrictions can expose them to malicious software and compromise
security.

Mitigation:

22 Edu Desire
 ● Avoid Jailbreaking or Rooting: Discourage users from bypassing
device security features.
● Mobile Device Management (MDM): Implement MDM solutions to
monitor and control device configurations.

7. Lack of Encryption:
Challenge: Unencrypted data transmission and storage can lead to
unauthorised access and data breaches.

Mitigation:
● Enable Encryption: Encrypt both data at rest and during

e
transmission.

ir
● Secure Communication Channels: Use secure protocols for data
transfer. es
8. BYOD (Bring Your Own Device) Risks:
Challenge: Employees using personal devices for work may introduce
security risks if these devices are not adequately secured.
D
Mitigation:
● BYOD Policies: Implement and enforce clear BYOD security
u

policies.
● Containerization: Use containerization solutions to segregate work
Ed

and personal data on devices.

9. Social Engineering:
Challenge: Cybercriminals may exploit human psychology to manipulate
users into revealing sensitive information.

Mitigation:
● User Education: Train users to recognize and resist social
engineering tactics.
● Multi-Factor Authentication: Implement additional
authentication layers for added security.

23 Edu Desire
10. Insufficient User Awareness:
Challenge: Lack of awareness among users about mobile security best
practices can lead to risky behaviours.

Mitigation:
● Training Programs: Conduct regular security awareness training
for users.
● Communication: Keep users informed about emerging threats and
best practices.

e
ir
Registry Settings for Mobile Devices: Mobile devices, especially those
running iOS and Android, typically do not have a registry like Windows
operating systems. However, they do have settings and configurations
es
that can be managed to enhance security and control device behaviour.
Here are some important settings and configurations for mobile devices:
D
iOS (iPhone and iPad):

1. Device Passcode:
u

● Purpose: Protects the device from unauthorised access.

● Configuration: - Settings > Face ID & Passcode (or Touch ID &
Ed

Passcode) > Turn Passcode On

2. Biometric Authentication:
● Purpose: Enhances device security with fingerprint or face
recognition.
● Configuration: - Settings > Face ID & Passcode (or Touch ID &
Passcode)

3. Find My iPhone:
● Purpose: Allows tracking and remote wiping of a lost or stolen
device.

24 Edu Desire
 ● Configuration: - Settings > [Your Name] > Find My > Find My
iPhone

4. App Permissions:
● Purpose: Control which apps have access to sensitive data.
● Configuration: - Settings > Privacy > [App Name]

5. Automatic Updates:
● Purpose: Ensures the device is running the latest security patches.
● Configuration: - Settings > General > Software Update

e
Android:

1. Screen Lock:

ir
es
● Purpose: Provides an initial layer of security.
● Configuration: - Settings > Security > Screen lock
D
2. Biometric Authentication:
● Purpose: Enhances device security with fingerprint or facial
recognition.
u

● Configuration: - Settings > Security > Biometrics

Ed

3. Find My Device:
● Purpose: Allows tracking and remote wiping of a lost or stolen
device.
● Configuration: - Settings > Security > Find My Device

4. App Permissions:
● Purpose: Control which apps have access to sensitive data.
● Configuration: - Settings > Apps & Notifications > [App Name] >
Permissions

5. Google Play Protect:

25 Edu Desire
 ● Purpose: Scans apps for malware and provides additional security.
● Configuration: - Settings > Google > Security > Play Protect

6. Automatic Updates:
Purpose: Ensures the device is running the latest security patches.
Configuration: - Settings > System > Software Update

Note:
● For enterprise environments, Mobile Device Management (MDM)
solutions can be used to enforce security policies and remotely
manage devices.

e
● Always keep the device's operating system and apps up to date to

ir
patch security vulnerabilities.
● Regularly educate users about mobile security best practices to
minimise risks.
es
These settings may vary slightly based on the device model and
operating system version. It's crucial to stay updated on the latest
D
security features and recommendations provided by the device
manufacturers.
u

Authentication Service Security: Authentication service security is a

critical aspect of ensuring that user identities are properly verified and
Ed

protected. Here are key considerations and measures for enhancing the
security of authentication services:

1. Multi-Factor Authentication (MFA):

26 Edu Desire
Purpose: Adds an extra layer of security by requiring users to provide
multiple forms of identification.

Implementation:
● Combine something the user knows (password) with something
they have (token, mobile device, fingerprint).

2. Secure Password Policies:

Purpose: Ensures that users create and maintain strong, unique
passwords.

e
Implementation:

ir
● Enforce password complexity (length, special characters).
● Regularly prompt users to update passwords.
● Discourage password reuse.
es
3. Encryption:
D
Purpose: Protects sensitive data transmitted between users and
authentication servers.

Implementation:
u

● Use strong encryption protocols (e.g., TLS/SSL) for data in transit.

Ed

● Hash and salt passwords before storing them.

4. Session Management:
Purpose: Prevents unauthorised access during an active session.

Implementation:
● Implement session timeout policies.
● Use secure session tokens.
● Provide users the ability to log out remotely.

5. Brute Force Protection:

27 Edu Desire
Purpose: Mitigates the risk of attackers attempting to guess passwords.

Implementation:
● Implement account lockout policies after a certain number of failed
login attempts.
● Use CAPTCHA or similar mechanisms to deter automated attacks.

6. Secure Credential Storage:

Purpose: Ensures that user credentials are stored securely.

e
Implementation:
● Hash and salt passwords using strong cryptographic algorithms.

ir
● Regularly audit and update credential storage mechanisms.
es
7. User Authentication Logs:
Purpose: Monitors and logs authentication events for analysis and
auditing.
D
Implementation:
● Keep detailed logs of authentication attempts, including successful
u

and failed events.

● Regularly review and analyse authentication logs.
Ed

8. Monitoring for Anomalies:

Purpose: Detects unusual or suspicious behaviour that may indicate
unauthorised access.

Implementation:
● Implement real-time monitoring for unusual login patterns.
● Set up alerts for multiple failed login attempts or other suspicious
activities.

9. API Security:

28 Edu Desire
Purpose: Ensures that authentication APIs are secure and not vulnerable
to attacks.

Implementation:
● Use secure API authentication methods (e.g., OAuth).
● Regularly test and update API security measures.

10. Regular Security Audits:

Purpose: Identifies vulnerabilities and ensures ongoing compliance with
security best practices.

e
Implementation:

ir
● Conduct regular security audits and penetration testing.
● Address identified vulnerabilities promptly.
es
11. User Education:
Purpose: Empowers users to make informed security decisions and
D
recognize phishing attempts.

Implementation:
u

● Provide regular security awareness training.

● Communicate best practices for protecting personal information.
Ed

12. Regulatory Compliance:

Purpose: Ensures adherence to relevant data protection and privacy
regulations.

Implementation:
● Stay informed about and compliant with regulations such as GDPR,
HIPAA, or others applicable to your region or industry.

By implementing these measures, authentication services can

significantly enhance their security posture and protect user identities

29 Edu Desire
from unauthorised access and misuse. It's crucial to adopt a holistic
approach and stay proactive in addressing emerging security threats.

Attacks on Mobile/Cell Phones: Mobile phones are susceptible to

various types of attacks, ranging from traditional malware to more
sophisticated social engineering tactics. Here are some common attacks
on mobile or cell phones:

e
ir
es
1. Malware and Mobile Viruses: Malicious software designed to infect
mobile devices and compromise their functionality.
D
How to Protect:
● Install reputable antivirus and anti-malware apps.
u

● Download apps only from official app stores.

● Keep the device's operating system and apps updated.
Ed

2. Phishing Attacks: Attempts to trick users into revealing sensitive

information by posing as a trustworthy entity.

How to Protect:
● Be cautious of unsolicited emails, messages, or calls asking for
personal information.
● Verify the legitimacy of websites before entering credentials.

3. Man-in-the-Middle (MitM) Attacks: Intercepting and possibly

altering communication between two parties without their knowledge.

30 Edu Desire
How to Protect:
● Use secure Wi-Fi connections or VPNs.
● Be cautious when connecting to public Wi-Fi networks.

4. Ransomware: Malware that encrypts data on the device, demanding a

ransom for its release.

How to Protect:
● Regularly backup important data.

e
● Avoid clicking on suspicious links or downloading unknown
attachments.

ir
5. SIM Card Swapping: Unauthorised individuals attempt to take control
of a user's phone number by swapping the SIM card.
es
How to Protect:
D
● Set up a PIN or password for SIM card changes.
● Contact your mobile carrier immediately if you experience
unexpected loss of service.
u

6. Bluejacking and Bluesnarfing: Exploiting Bluetooth connections to

send unsolicited messages or gain unauthorised access to a device.
Ed

How to Protect:
● Turn off Bluetooth when not in use.
● Set devices to non-discoverable mode in public places.

7. Spyware: Software installed on a device without the user's knowledge

to collect information.

How to Protect:
● Regularly review installed apps and permissions.

31 Edu Desire
 ● Use security software that scans for spyware.

8. Wi-Fi Eavesdropping: Unauthorised individuals intercepting

unencrypted Wi-Fi traffic to capture sensitive information.

How to Protect:
● Use secure, encrypted Wi-Fi connections.
● Avoid transmitting sensitive information on public networks.

9. Social Engineering Attacks: Manipulating individuals to divulge

confidential information or perform actions that may compromise

e
security.

ir
How to Protect:
● Be sceptical of unsolicited communication asking for sensitive
es
information.
● Educate yourself and others about common social engineering
tactics.
D
10. App Permissions Abuse: Malicious apps exploiting excessive
permissions to access and misuse personal data.
u

How to Protect:
Ed

● Review and limit app permissions.

● Only install apps from reputable sources.

11. USB Charging Port Attacks: Malicious USB charging stations or

cables that can install malware when connected to a device.

How to Protect:
● Avoid using public charging stations.
● Use only trusted charging cables and adapters.

32 Edu Desire
12. Browsing and Downloading Risks: Visiting malicious websites or
downloading apps from untrusted sources.

How to Protect:
● Use secure and updated browsers.
● Download apps only from official app stores.

Ensuring mobile security requires a combination of user awareness,

adopting best practices, and utilising security features and tools
provided by the mobile operating system. Regularly updating devices
and staying informed about new threats is essential for maintaining a

e
secure mobile environment.

ir
Security Implications for Organisations:
es
Security is a crucial aspect of any organisation, as it protects sensitive
information, systems, and reputation from harm. However,
organisations face various security threats that can lead to serious
D
consequences.
u
Ed

Common Security Threats

1. Data Breaches: Unauthorised access to confidential data like
customer records or financial information can be costly and
damaging.

2. Malware Infections: Malicious software like viruses or

ransomware can steal data, disrupt operations, or hold systems
hostage.

33 Edu Desire
 3. Phishing Attacks: Deceptive attempts to trick users into
revealing sensitive information like passwords or credit card
details.

4. Denial-of-Service (DoS) Attacks: Overwhelming a system with

traffic to make it unavailable to legitimate users.

5. Supply Chain Attacks: Compromising vendors or suppliers to

gain access to an organisation's systems and data.

Mitigating Security Risks: Organisations can take proactive

e
measures to reduce security risks:

ir
1. Strong Security Policies: Establish clear guidelines for IT usage
and incident response procedures.
es
2. Robust Authentication: Enforce strong passwords and
multi-factor authentication (MFA) for secure account access.
D
3. Cybersecurity Awareness Training: Educate employees on
identifying cyber threats and best practices.

4. Regular Software Updates: Apply software patches promptly

u

to address vulnerabilities.
Ed

5. Network Segmentation: Separate networks to limit the spread

of malware and other threats.

6. Firewalls and Intrusion Detection Systems (IDS): Implement

firewalls to block unauthorised traffic and IDS to monitor for
suspicious activity.

Organisational Measures for Handling Mobile Devices: Enhancing

Security and Productivity
● Mobile devices have become ubiquitous in today's workplace,
transforming how organisations operate and communicate.

34 Edu Desire
 ● However, the increasing reliance on mobile devices also
introduces new security challenges and potential distractions.
● To effectively manage mobile devices within the organisation, a
comprehensive set of measures is essential.

1. Implement a Mobile Device Management (MDM) Solution: MDM

software provides centralised control over mobile devices, enabling IT
administrators to configure settings, enforce security policies, and
remotely manage devices.

Key features of MDM include:

e
● Device enrollment and provisioning: Streamline device setup
and ensure consistent configurations.

● Application

ir
management: Deploy, update, and restrict
es
applications based on organisational needs.

● Remote access and control: Remotely wipe or lock devices in

D
case of loss or theft.

● Security enforcement: Enforce password policies, data

encryption, and other security measures.
u

2. Establish a Mobile Device Policy: A clear and comprehensive

Ed

mobile device policy outlines acceptable usage guidelines, security

requirements, and employee responsibilities.

The policy should address:

● Device usage: Define permitted and prohibited activities on
mobile devices.

● Data security: Specify data protection measures and

encryption protocols.

35 Edu Desire
 ● App installation: Establish guidelines for installing and using
applications.

● BYOD (Bring Your Own Device) Guidelines: Set rules for

personal devices used for work purposes.

● Employee training and awareness: Educate employees on the

policy and its implications.

3. Implement Mobile Threat Defense (MTD) Solutions: MTD

software provides real-time protection against mobile threats, such as

e
malware, phishing attacks, and malicious websites.

ir
Key features of MTD include:
● Threat detection and prevention: Block malicious
es
applications, websites, and phishing attempts.

● Vulnerability assessment: Identify and remediate

D
vulnerabilities in mobile devices and applications.

● Threat intelligence: Leverage real-time threat intelligence to

stay ahead of emerging threats.
u

● Data loss prevention (DLP): Prevent sensitive data from leaving

Ed

the organisation through mobile devices.

4. Secure Mobile Network Connectivity: Organisations should

implement secure network access methods for mobile devices, such
as:
● Virtual Private Networks (VPNs): Encrypt data transmission
over public Wi-Fi networks.

● Mobile Device Management (MDM) integrated VPNs: Integrate

VPN capabilities into MDM solutions for centralized control.

36 Edu Desire
 ● Zero Trust Network Access (ZTNA): Continuously authenticate
and verify user identities before granting access to network
resources.

5. Promote Mobile Device Security Awareness: Educating employees

about mobile security risks and best practices is crucial for preventing
human error.

Regular training sessions should cover topics such as:

● Identifying and avoiding phishing attacks
● Strong password practices

e
● Secure app installation and usage

ir
● Reporting suspicious activity

6. Address Mobile Device Productivity Issues: Organisations should

es
address mobile device productivity issues to ensure optimal employee
performance:
● Provide adequate data plans and Wi-Fi access
D
● Optimise applications for mobile usage
● Encourage breaks and digital detox
● Promote mobile-friendly work practices
u
Ed

Organisational Security Policies and Measures in Mobile

Computing Era: As mobile devices have become indispensable tools
for businesses, organisations need to implement comprehensive
security policies and measures to protect their valuable data and
maintain operational integrity.

Here's an overview of the crucial aspects of organisational security

in the mobile computing era:

37 Edu Desire
1. Mobile Device Management (MDM) Solutions: MDM software

e
provides centralised control over mobile devices, enabling IT
administrators to manage and secure devices effectively. Key features

ir
of MDM include:
● Device enrollment and provisioning: Streamline device setup
and ensure consistent configurations.
es
● Application management: Deploy, update, and restrict
applications based on organisational needs.
● Remote access and control: Remotely wipe or lock devices in
D
case of loss or theft.
● Security enforcement: Enforce password policies, data
encryption, and other security measures.
u

2. Mobile Device Policy: A clear and comprehensive mobile device

Ed

policy outlines acceptable usage guidelines, security requirements,

and employee responsibilities. The policy should address:
● Device usage: Define permitted and prohibited activities on
mobile devices.
● Data security: Specify data protection measures and
encryption protocols.
● App installation: Establish guidelines for installing and using
applications.
● BYOD (Bring Your Own Device) Guidelines: Set rules for
personal devices used for work purposes.
● Employee training and awareness: Educate employees on the
policy and its implications.

38 Edu Desire
3. Mobile Threat Defense (MTD) Solutions: MTD software provides
real-time protection against mobile threats, such as malware, phishing
attacks, and malicious websites. Key features of MTD include:
● Threat detection and prevention: Block malicious
applications, websites, and phishing attempts.
● Vulnerability assessment: Identify and remediate
vulnerabilities in mobile devices and applications.
● Threat intelligence: Leverage real-time threat intelligence to
stay ahead of emerging threats.
● Data loss prevention (DLP): Prevent sensitive data from leaving

e
the organization through mobile devices.

ir
4. Secure Mobile Network Connectivity: Organizations should
implement secure network access methods for mobile devices, such
as:
es
● Virtual Private Networks (VPNs): Encrypt data transmission
over public Wi-Fi networks.
D
● Mobile Device Management (MDM) integrated VPNs: Integrate
VPN capabilities into MDM solutions for centralized control.
● Zero Trust Network Access (ZTNA): Continuously authenticate
and verify user identities before granting access to network
u

resources.
Ed

5. Mobile Device Security Awareness: Educating employees about

mobile security risks and best practices is crucial for preventing
human error. Regular training sessions should cover topics such as:
● Identifying and avoiding phishing attacks
● Strong password practices
● Secure app installation and usage
● Reporting suspicious activity

6. Mobile Device Productivity Optimization: Organisations should

address mobile device productivity issues to ensure optimal employee
performance:

39 Edu Desire
 ● Provide adequate data plans and Wi-Fi access
● Optimise applications for mobile usage
● Encourage breaks and digital detox
● Promote mobile-friendly work practices

e
Unit-3

ir
TOOLS AND METHODS USED IN CYBERCRIME
es
Introduction: Cybercrime involves the use of digital tools and
techniques to conduct illicit activities with the intent to exploit,
compromise, or gain unauthorised access to computer systems,
D
networks, and sensitive information. In this section, we explore various
tools and methods employed by cybercriminals, starting with the use of
proxy servers and anonymizers.
u

Proxy Servers: A proxy server acts as an intermediary between a user's

Ed

device and the internet. It forwards requests from the user to the
destination server and returns the server's responses back to the user,
thereby masking the user's IP address.

Cybercrime Applications:
1. Anonymity: Cybercriminals use proxy servers to hide their
identity and location during attacks.
2. Bypassing Restrictions: Proxies can be used to bypass
geo-restrictions and access content blocked in certain regions.
3. Network Security Evasion: Proxies can be leveraged to evade
network security measures.

40 Edu Desire
Web-based Proxies: Web-based proxies operate through a website and
allow users to access the internet indirectly. Users enter the desired URL
on the proxy website, and the proxy fetches the content.

Cybercrime Applications:
1. Accessing Blocked Content: Web-based proxies enable users to
access restricted websites anonymously.
2. Bypassing Filters: Cybercriminals use web proxies to bypass
content filters and network restrictions.
3. Concealing Online Activity: Individuals may use web proxies to
conceal their online activities.

e
ir
VPN Services: Virtual Private Networks (VPNs) create a secure,
encrypted connection over the internet, masking the user's IP address
and encrypting data traffic.
es
Cybercrime Applications:
1. Anonymous Browsing: VPNs provide anonymity by masking the
D
user's IP address.
2. Secure Communication: Cybercriminals use VPNs to encrypt
communication and evade detection.
u

3. Accessing Restricted Resources: VPNs can be used to access

region-restricted content.
Ed

TOR (The Onion Router): TOR is a decentralised network that aims to

enhance privacy and security on the internet by routing traffic through a
series of volunteer-operated servers.

Cybercrime Applications:
1. Anonymous Communication: TOR provides a level of anonymity
by routing traffic through multiple nodes.
2. Access to the Dark Web: Cybercriminals use TOR to access
websites on the Dark Web, which may host illicit activities.
3. Evasion of Tracking: TOR helps users evade tracking and
surveillance.

41 Edu Desire
SSH Tunnels: Secure Shell (SSH) tunnels create a secure, encrypted
connection between a local and a remote machine, often used for secure
data transfer.

Cybercrime Applications:
1. Data Exfiltration: Cybercriminals may use SSH tunnels for
unauthorised data transfer.
2. Command and Control: Malicious actors use SSH for remote
command and control of compromised systems.
3. Network Evasion: SSH tunnels can bypass network security

e
measures.

ir
Phishing: It is a cybercrime technique where attackers use deceptive
tactics to trick individuals into divulging sensitive information, such as
es
usernames, passwords, and financial details. It often involves the use of
fraudulent emails, messages, or websites that mimic trustworthy entities
to exploit human psychology.
D
Types of Phishing
u

1. Spear Phishing: Targeted phishing attacks that tailor messages to a

specific individual or organisation, often using personal information.
Ed

2. Vishing (Voice Phishing): Phishing attacks conducted via phone calls.

Attackers use social engineering to manipulate individuals into providing
sensitive information.

3. Smishing (SMS Phishing): Phishing attacks conducted through SMS

or text messages. Users may receive fake alerts or messages with
malicious links.

Phishing Techniques:

42 Edu Desire
1. Email Spoofing: Attackers forge the sender's email address to make an
email appear as if it's from a legitimate source.

2. Link Manipulation: Malicious links in emails or messages lead to fake

websites designed to steal login credentials.

3. Fake Websites: Attackers create replicas of legitimate websites to trick

users into entering sensitive information.

4. Clone Phishing: Attackers create a duplicate (clone) of a legitimate

email, altering its content to deceive recipients.

e
ir
5. Man-in-the-Middle (MitM) Attacks: Phishers intercept and alter
communication between two parties, gaining unauthorised access to
sensitive data.
es
Indicators of Phishing:
D
1. Unsolicited Emails: Be cautious of unexpected emails, especially
those urging immediate action.
u

2. Mismatched URLs: Hover over links to reveal the actual URL. Phishers
often use URLs that resemble legitimate sites.
Ed

3. Urgency or Threats: Phishing emails often create a sense of urgency,

threatening account closure or other consequences.

4. Spelling and Grammar Errors: Phishing emails may contain language

errors or inconsistencies.

5. Unusual Sender Addresses: Check sender email addresses for

irregularities or misspellings.

Countermeasures:

43 Edu Desire
1. Security Awareness Training: Educate users about phishing
techniques and how to recognize phishing attempts.

2. Email Filtering: Implement email filtering solutions to detect and

block phishing emails.

3. Multi-Factor Authentication (MFA): Use MFA to add an extra layer of

security, even if login credentials are compromised.

4. URL Inspection: Verify the legitimacy of URLs before clicking,

e
especially in emails or messages.

ir
5. Regular Updates and Patches: Keep software, browsers, and security
systems up to date to mitigate vulnerabilities.
es
Password Cracking: It is a cyber attack technique where unauthorised
D
individuals attempt to gain access to user accounts or systems by
decrypting or bypassing passwords. This activity is often performed
using various methods and tools to exploit weaknesses in password
u

security.
Ed

Methods of Password Cracking:

1. Brute Force Attacks: The attacker systematically tries all possible

combinations of passwords until the correct one is found.
● Countermeasure: Implement account lockout policies and use
strong, complex passwords.

2. Dictionary Attacks: Attackers use precompiled lists of common

passwords (dictionaries) to attempt login.
● Countermeasure: Enforce strong password policies, including the
avoidance of easily guessable passwords.

44 Edu Desire
3. Rainbow Table Attacks: Attackers use precomputed tables (rainbow
tables) of hashed passwords to quickly crack password hashes.
● Countermeasure: Use salting and strong, unique hashing
algorithms to protect password hashes.

4. Credential Stuffing: Attackers use known username and password

pairs obtained from previous data breaches to gain unauthorised access
to other accounts where users have reused passwords.
● Countermeasure: Encourage users to use unique passwords for
different accounts and implement multi-factor authentication.

e
ir
5. Keylogging: Malicious software records keystrokes to capture
usernames and passwords as users type.
● Countermeasure: Use updated antivirus software, employ
es
intrusion detection systems, and educate users about the risks of
downloading unknown software.
D
6. Phishing: Attackers trick individuals into revealing their passwords
through deceptive emails or fake websites.
● Countermeasure: Educate users about phishing risks and
u

implement email filtering solutions.

Ed

Countermeasures:

1. Strong Password Policies: Enforce the use of complex passwords

containing a mix of uppercase and lowercase letters, numbers, and
special characters.

2. Password Hashing and Salting: Use strong, one-way hashing

algorithms and employ unique salts for each user to protect
password hashes.

3. Multi-Factor Authentication (MFA): Implement MFA to add an

extra layer of security even if passwords are compromised.

45 Edu Desire
 4. Account Lockout Policies: Set account lockout policies to prevent
brute force attacks by locking an account after a certain number of
failed login attempts.

5. Regular Security Audits: Conduct regular security audits to

identify and address vulnerabilities in password security.

6. Education and Awareness: Train users to recognize phishing

attempts and understand the importance of strong password
practices.

e
ir
7. Monitoring and Detection: Implement intrusion detection
systems to monitor and detect unusual login patterns or activities.
es
Password cracking is a constant threat, and organisations must adopt a
multi-layered approach to safeguard against various methods used by
attackers. Combining strong technical measures with user education and
D
awareness is essential to maintaining robust password security.
u

Keyloggers: Keyloggers are malicious software or hardware designed to

record keystrokes on a user's device without their knowledge. This can
Ed

include capturing login credentials, sensitive information, and other

typed content.

1. Functionality: Keyloggers may log keystrokes locally on the

compromised device or transmit the captured data remotely to a
malicious server. They can be delivered through malware, phishing,
or compromised software installations.

2. Applications: Keyloggers are often used by cybercriminals for

identity theft, stealing login credentials, capturing financial
information, or espionage.

46 Edu Desire
 3. Countermeasures:
● Use updated antivirus software to detect and remove keyloggers.
● Employ intrusion detection systems to identify unusual behaviour.
● Regularly update and patch software to address vulnerabilities.

Spyware: It is software that secretly monitors and collects user

information without their consent. It can track browsing habits, capture
keystrokes, and gather sensitive data.

1. Functionality: Spyware operates covertly, often disguising itself as

legitimate software. It can be distributed through malicious

e
websites, email attachments, or bundled with seemingly harmless

ir
downloads.

2. Applications: Spyware is commonly used for unauthorised data

es
collection, targeted advertising, identity theft, and corporate
espionage.
D
3. Countermeasures:
● Install reputable antivirus and anti-spyware software.
● Regularly update security software to detect and remove new
u

spyware threats.
● Exercise caution when downloading software or clicking on links,
Ed

especially from unknown sources.

Differences:

Scope:
● Keyloggers specifically focus on capturing keyboard input,
including keystrokes and passwords.
● Spyware has a broader scope, encompassing various activities like
data tracking, information theft, and monitoring.

Delivery:

47 Edu Desire
 ● Keyloggers can be delivered through malware, phishing, or
compromised software installations.
● Spyware can be delivered through malicious websites, email
attachments, or bundled with seemingly harmless downloads.

Intent:
● Keyloggers primarily aim to capture keyboard inputs for
unauthorised access.
● Spyware has a more varied intent, ranging from data collection to
monitoring user behaviour.

e
Detection:

ir
● Detection of both keyloggers and spyware requires robust antivirus
and anti-spyware tools, regular updates, and user awareness.
es
Countermeasures:

Security Software: Install reputable antivirus and anti-spyware

D
software and keep it updated.

User Education: Educate users about the risks of downloading unknown

u

software or clicking on suspicious links.

Ed

Regular Updates: Keep operating systems, software, and security tools

up to date to address vulnerabilities.

Network Monitoring: Employ network monitoring tools to detect and

block suspicious activities.

Endpoint Protection: Implement endpoint protection measures to

prevent the installation of malicious software.

48 Edu Desire
Viruses: A computer virus is a type of malicious software that attaches
itself to legitimate programs or files and spreads when those programs or
files are executed. Viruses can replicate and modify other programs,
causing damage to the infected system.

1. Spread Mechanism: Viruses often rely on user actions to spread,

such as sharing infected files or executing infected programs. They
can also spread through email attachments, infected websites, or
removable media.

2. Payload: Viruses may have a destructive payload, such as

e
corrupting or deleting files, or a stealthy payload, aiming to remain
undetected while compromising system integrity.

ir
3. Detection: Antivirus software is commonly used to detect and
es
remove viruses by scanning files for known virus signatures.
D
Worms: A computer worm is a standalone, self-replicating program that
spreads independently across a network or through the internet. Worms
do not need to attach themselves to other programs and can initiate their
own replication.
u

1. Spread Mechanism: Worms exploit vulnerabilities in network

Ed

protocols or operating systems to propagate. They can spread

without user interaction, often moving from one computer to
another through network connections.

2. Payload: Worms may have various payloads, including creating

backdoors for remote access, installing additional malware, or
using the infected network for coordinated attacks.

3. Detection: Worms are typically detected and mitigated using

network security measures and antivirus software. Behavioural
analysis and anomaly detection may also be employed.

49 Edu Desire
Difference between Worms and Virus :

Basis of WORMS VIRUS

Comparison

Definition A Worm is a form of malware A Virus is a malicious

that replicates itself and can executable code attached to
spread to different computers another executable file which
via Network. can be harmless or can
modify or delete data.

Objective The main objective of worms The main objective of viruses

e
is to eat the system resources. is to modify the information.
It consumes system resources

ir
such as memory and
bandwidth and makes the
system slow in speed to such
es
an extent that it stops
responding.

Host It doesn’t need a host to It requires a host to spread.

replicate from one computer
D
to another.

Harmful It is less harmful as It is more harmful.

compared.
u

Detection Worms can be detected and Antivirus software is used for

and removed by the Antivirus and protection against viruses.
Ed

Protection firewall.

Controlled by Worms can be controlled by Viruses can’t be controlled

remote. remotely.

Execution Worms are executed via Viruses are executed via

weaknesses in the system. executable files.

Comes from Worms generally come from Viruses generally come from
the downloaded files or the shared or downloaded
through a network files.
connection.

Symptoms ● Hampering computer ● Pop-up windows

performance by linking to malicious
slowing down it websites

50 Edu Desire
 ● Automatic opening and ● Hampering computer
running of programs performance by
● Sending of emails slowing down it
without your ● After booting, starting
knowledge of unknown programs.
● Affected the ● Passwords get changed
performance of web without your
browser knowledge
● Error messages
concerning to system
and operating system

Prevention ● Keep your operating ● Installation of Antivirus

e
system and system in software
updated state ● Never open email

ir
● Avoid clicking on links attachments
from untrusted or ● Avoid usage of pirated
unknown websites software
● Avoid opening emails ● Keep your operating
es
from unknown sources system updated
● Use antivirus software ● Keep your browser
and a firewall updated as old versions
○ are vulnerable to
D
linking to malicious
websites
○
u

Types Internet worms, Instant Boot sector virus, Direct

messaging worms, Email Action virus, Polymorphic
worms, File sharing worms, virus, Macro virus, Overwrite
Ed

Internet relay chat (IRC) virus, File Infector virus are

worms are different types of different types of viruses
worms.

Examples Examples of worms include Examples of viruses include

Morris worm, storm worm, Creeper, Blaster, Slammer,
etc. etc.

Interface It does not need human It needs human action to

action to replicate. replicate.

Speed Its spreading speed is faster. Its spreading speed is slower

as compared to worms.

51 Edu Desire
Countermeasures:

1. Antivirus Software: Install and regularly update antivirus

software to detect and remove viruses.
2. Firewalls: Use firewalls to monitor and control incoming and
outgoing network traffic, preventing worm propagation.

3. Operating System Updates: Keep operating systems and software

up to date to patch vulnerabilities exploited by viruses and worms.

4. Network Segmentation: Segment networks to limit the spread of

e
worms and isolate infected areas.

ir
5. User Education: Educate users about safe online practices,
avoiding suspicious emails, and not downloading files from
es
untrusted sources.

Trojan Horses:
D
1. Definition: A Trojan horse, or Trojan, is a type of malicious
software disguised as legitimate or desirable software. Unlike
viruses or worms, Trojans do not replicate themselves but rely on
u

social engineering to trick users into installing them.

Ed

2. Infection Mechanism: Trojans often masquerade as harmless or

useful programs, enticing users to download and install them. Once
installed, they may perform malicious activities without the user's
knowledge.

3. Payload: Trojans can have various payloads, including stealing

sensitive data, providing unauthorised access to the attacker, or
installing other malware on the compromised system.

4. Detection: Antivirus software and anti-malware tools are essential

for detecting and removing Trojan horses. Behavioural analysis and
heuristic detection methods may also be employed.

52 Edu Desire
 5. Examples: Common examples include Zeus, SpyEye, and Emotet.

Backdoors:
1. Definition: A backdoor is a hidden or undocumented access point
in a computer system, allowing unauthorised individuals to gain
remote access and control. Backdoors are often created by
attackers or by software developers for troubleshooting purposes.

2. Installation Mechanism: Backdoors can be installed through

e
various means, including exploiting software vulnerabilities, using

ir
Trojan horses, or by insiders with access to the system.

3. Payload: The primary purpose of a backdoor is to provide covert

es
access to a system, allowing attackers to execute commands,
upload or download files, or manipulate the system without
detection.
D
4. Detection: Detecting backdoors can be challenging as they are
designed to be stealthy. Regular security audits, network
u

monitoring, and intrusion detection systems are essential for

identifying backdoor activity.
Ed

5. Examples: Notable examples include Netcat, SubSeven, and Poison

Ivy.

Differences Between Trojan-horses and Backdoors:

Nature:
● Trojans are deceptive programs that trick users into installing
them, while backdoors are covert access points designed to provide
unauthorised access.

Replication:

53 Edu Desire
 ● Trojans do not replicate themselves; their spread relies on user
interaction. Backdoors do not spread independently but can be
installed by attackers.

Purpose:
● Trojans often have specific malicious payloads, such as data theft
or malware installation. Backdoors are primarily designed for
unauthorised access and control.

Visibility:
● Trojans may display visible malicious activities. Backdoors aim to

e
remain hidden to maintain unauthorised access over time.

ir
Detection Focus:
● Detecting Trojans often involves identifying malicious behaviours
es
or signatures. Detecting backdoors requires monitoring for unusual
network or system activities.
D
Countermeasures:
1. Security Software: Use updated antivirus and anti-malware tools
to detect and remove Trojans.
u

2. Firewalls: Configure firewalls to block unauthorised access points,

Ed

minimising the risk of backdoor installations.

3. Regular Audits: Conduct regular security audits to identify and

close potential vulnerabilities exploited by Trojans and backdoors.

4. Network Monitoring: Employ network monitoring tools and

intrusion detection systems to detect unusual activities indicative
of backdoor usage.

5. User Education: Educate users about the risks of downloading

software from untrusted sources and the importance of being
cautious with email attachments and links.

54 Edu Desire
Steganography: It is the practice of concealing one piece of information
within another in such a way that the hidden message is difficult to
detect. Unlike cryptography, which focuses on making the content of a
communication unreadable, steganography aims to hide the existence of
the communication.

Techniques:

1. Image Steganography:
● Embedding data within images by subtly altering pixel values. This

e
can be achieved through the least significant bit (LSB) method,
where the least significant bits of pixel values are replaced with

ir
hidden data. es
2. Audio Steganography:
● Concealing information within audio files by modifying certain
components, such as the amplitude or frequency. This can be done
D
without significantly altering the perceived quality of the audio.

3. Text Steganography:
u

● Hiding information within text by using techniques like whitespace

manipulation, word or letter arrangement, or embedding messages
Ed

within seemingly innocent text.

4. Video Steganography:
● Embedding data within video files, often by modifying specific
frames or components of the video stream. Similar to image
steganography, this can involve altering pixel values.

5. File Steganography:
● Hiding data within seemingly innocuous files, such as documents
or executable files, by manipulating certain aspects without
affecting the overall functionality.

55 Edu Desire
Applications:

1. Security and Privacy:

● Steganography can be used to securely transmit sensitive
information without drawing attention to the communication.

2. Digital Watermarking:
● Embedding imperceptible marks within media files for copyright
protection or ownership attribution.

3. Covert Communication:

e
● Steganography enables covert communication in situations where

ir
overt communication might raise suspicion.

4. Concealing Malware:
es
● Malicious actors may use steganography to hide malware within
seemingly harmless files, evading detection by security software.
D
Detection:

1. Statistical Analysis:
u

● Monitoring statistical properties of files, such as image or audio

files, to identify deviations from expected patterns.
Ed

2. Signature-based Detection:
● Searching for known steganographic signatures or patterns within
files.

3. Visual Inspection:
● Examining files for irregularities or artefacts that may indicate the
presence of hidden data.

4. Use of Specialized Tools:

56 Edu Desire
 ● Employing steganalysis tools designed to detect steganographic
content within various types of files.

Countermeasures:

1. Regular Audits:
● Conducting regular audits of files and network traffic to detect
anomalies.

2. Traffic Monitoring:
● Monitoring network traffic for unusual patterns or unexpected data

e
transmissions.

ir
3. Content Inspection:
● Inspecting files and media content for signs of manipulation or
es
irregularities.
D
4. Use of Steganalysis Tools:
● Employing specialised steganalysis tools to actively search for and
detect steganographic content.
u

5. User Education:
● Educating users about the risks associated with steganography and
Ed

the importance of secure communication practices.

Denial of Service (DoS) Attack:

1. Definition:
● A DoS attack aims to disrupt or temporarily disable the services of
a host or network, making them unavailable to users. The attack
overwhelms the target system with a flood of traffic or by
exploiting vulnerabilities, causing legitimate users to be unable to
access the services.

57 Edu Desire
2. Methods:
● Flooding Attacks: Overwhelm the target with a high volume of
traffic, such as ICMP flood (Ping flood) or SYN flood attacks.
● Exploiting Vulnerabilities: Exploit weaknesses in software or
protocols to crash or disable the target system.

3. Impact:
● Service Disruption: Denies access to legitimate users, rendering
services temporarily or permanently unavailable.
● Resource Exhaustion: Consumes bandwidth, CPU, memory, or

e
other resources, affecting the overall system performance.

ir
4. Detection and Mitigation:
● Traffic Monitoring: Use network monitoring tools to detect
es
unusual patterns or spikes in traffic.
● Firewalls and Intrusion Prevention Systems (IPS): Employ
firewalls and IPS to filter and block malicious traffic.
D
● Load Balancers: Distribute incoming traffic to prevent
overwhelming a single server.
u

Distributed Denial of Service (DDoS) Attack:

Ed

1. Definition:
● A DDoS attack involves multiple compromised computers, known
as botnets, working together to flood a target system with a
massive volume of traffic. The distributed nature makes DDoS
attacks more challenging to mitigate compared to traditional DoS
attacks.

2. Methods:
● Botnets: Coordinated efforts of multiple compromised devices
(computers, IoT devices) to generate traffic.

58 Edu Desire
 ● Amplification: Exploiting services that can generate a large
response to a small request, magnifying the impact.

3. Impact:
● Service Overwhelm: Overwhelms the target's resources, making it
inaccessible to legitimate users.
● Network Congestion: Floods the target's network, affecting its
ability to respond to legitimate requests.

4. Detection and Mitigation:

● Traffic Analysis: Use anomaly detection and traffic analysis tools

e
to identify unusual patterns.

ir
● Rate Limiting: Implement rate limiting to restrict the number of
requests from a single source.
● Content Delivery Networks (CDNs): Distribute content across
es
multiple servers to absorb and mitigate DDoS traffic.

Difference between DOS and DDOS attacks:

D
DOS DDOS
u

DOS Stands for Denial of service DDOS Stands for Distributed

attack. Denial of service attack.
Ed

In Dos attacks, a single system In DDoS multiple systems attack

targets the victim system. the victim's system.

Victim PC is loaded from the Victim PC is loaded from the

packet of data sent from a single packet of data sent from Multiple
location. locations.

Dos attack is slower as compared DDoS attack is faster than Dos

to DDoS. Attack.

Can be blocked easily as only one It is difficult to block this attack as

system is used. multiple devices are sending
packets and attacking from
multiple locations.

59 Edu Desire
In DOS Attack only a single device In DDoS attacks,The volumeBots
is used with DOS Attack tools. are used to attack at the same
time.

DOS Attacks are Easy to trace. DDOS Attacks are Difficult to

trace.

Volume of traffic in the Dos attack DDoS attacks allow the attacker to
is less as compared to DDos. send massive volumes of traffic to
the victim network.

Types of DOS Attacks are: Types of DDOS Attacks are:

1. Buffer overflow attacks 1. Volumetric Attacks
2. Ping of Death or ICMP flood 2. Fragmentation Attacks

e
3. Teardrop Attack 3. Application Layer Attacks
4. Flooding Attack 4. Protocol Attack.

Detection Challenges:

ir
es
1. DoS Attack: Easier to detect as it involves a limited number of
sources.
2. DDoS Attack: More challenging to detect due to the distributed
D
and diverse sources.

Countermeasures:
u

1. DoS Attack:
Ed

● Firewalls: Filter and block traffic based on predefined rules.

● Intrusion Detection Systems (IDS): Monitor and analyse network
traffic for unusual patterns.
● Rate Limiting: Limit the number of requests from a single source to
prevent resource exhaustion.

2. DDoS Attack:
● Content Delivery Networks (CDNs): Distribute content across
multiple servers to absorb and mitigate traffic.
● Anycast DNS: Distribute DNS resolution requests across multiple
servers.

60 Edu Desire
 ● Traffic Scrubbing Services: Use specialised services to filter and
remove malicious traffic.

Both DoS and DDoS attacks can have severe consequences on the
availability and performance of online services. Implementing a
combination of preventive measures, detection mechanisms, and
mitigation strategies is crucial for safeguarding against these types of
attacks.

SQL Injection: It is a type of cyber attack where malicious SQL

(Structured Query Language) code is inserted into input fields or

e
parameters of a web application's database query. This can lead to
unauthorised access, manipulation, or retrieval of sensitive data from the

ir
database.

Methods:
es
1. Classic SQL Injection: Injecting malicious SQL statements into
D
user-input fields, exploiting the lack of proper input validation and
sanitization.

2. Blind SQL Injection: Exploiting vulnerabilities without directly

u

observing the results. The attacker infers information based on true or

false conditions in the application's response.
Ed

3. Time-Based Blind SQL Injection: Injecting SQL queries that cause

delays in the server's response, revealing information based on the time it
takes to respond.

Impact:

1. Unauthorised Data Access: Attackers can gain access to sensitive data

stored in the database, such as usernames, passwords, or financial
information.

61 Edu Desire
2. Data Manipulation: Malicious users can modify or delete data within
the database, leading to data integrity issues.

3. Server Compromise: In severe cases, successful SQL injection attacks

can lead to the compromise of the entire server hosting the database.

Detection and Prevention:

1. Input Validation and Sanitization: Validate and sanitise user input to

ensure that it adheres to expected formats and does not contain
malicious code.

e
ir
2. Parameterized Statements: Use parameterized statements or
prepared statements in SQL queries to separate SQL code from user
input.
es
3. Least Privilege Principle: Restrict database user privileges to the
minimum necessary for the application to function, reducing the impact
D
of a potential breach.

4. Web Application Firewalls (WAF): Implement WAFs to filter and

u

monitor HTTP traffic between a web application and the internet,

identifying and blocking malicious activity.
Ed

5. Regular Security Audits: Conduct regular security audits and

vulnerability assessments to identify and address potential SQL injection
vulnerabilities.

6. Error Handling: Customise error messages to provide minimal

information to users in case of an error, preventing exposure of sensitive
information.

Buffer Overflow: A buffer overflow occurs when a program writes more

data to a designated memory storage area (buffer) than it can hold. This

62 Edu Desire
overflow can lead to memory corruption, program crashes, and potential
security vulnerabilities.

Causes:
1. Insufficient Input Validation: Lack of proper validation on user inputs
allows for the introduction of excessive data.

2. C and C++ Vulnerabilities: These languages allow direct memory

manipulation, making them prone to buffer overflows if not handled
carefully.

e
3. Stack-based and Heap-based Overflows: Stack overflows may

ir
overwrite return addresses, while heap overflows can affect dynamically
allocated memory. es
Implications:
1. Code Execution: Successful attacks can lead to the execution of
arbitrary code, compromising system integrity.
D
2. Denial of Service (DoS): Buffer overflows may crash programs,
causing service disruptions.
u

3. Information Disclosure: Sensitive information in overflowed buffers

Ed

might be exposed.

Prevention and Mitigation:

1. Input Validation: Validate and sanitise user inputs to prevent
malicious data injection.

2. Bounds Checking: Use programming languages or libraries with

built-in bounds checking.

3. Safe Functions: Prefer safer functions like s̀trncpỳ over riskier ones
like s̀trcpỳ in C.

63 Edu Desire
4. Randomization Techniques: Employ address space randomization to
make it harder for attackers to predict memory layouts.

5. Canaries and Stack Cookies: Introduce random values (canaries) in

the stack to detect and prevent buffer overflows.

6. Static Code Analysis: Utilise static analysis tools during development

to identify and fix potential vulnerabilities.

e
Attacks on Wireless Networks

ir
1. Wireless Eavesdropping:
● Unauthorised interception of wireless communication to capture
es
sensitive information.
● Use encryption protocols like WPA3 for Wi-Fi networks to secure
data in transit.
D
2. Man-in-the-Middle (MitM) Attacks:
● Intercepting and altering communication between two parties
u

without their knowledge.

● Implement secure communication protocols and use techniques
Ed

like HTTPS.

3. Wireless Jamming:
● Deliberate interference with wireless signals, disrupting
communication and causing denial of service.
● Monitor network for unusual interference and use signal-jamming
detection tools.

4. Evil Twin Attacks:

● Creation of a rogue Wi-Fi access point with a name similar to a
legitimate one to trick users into connecting.

64 Edu Desire
 ● Disable automatic connection to open networks and use secure,
well-configured Wi-Fi networks.

5. Rogue Access Points:

● Unauthorised access points added to a network, potentially
exposing it to security risks.
● Regularly scan for and detect unauthorised access points using
network monitoring tools.

6. WPS (Wi-Fi Protected Setup) Attacks:

● Exploiting vulnerabilities in WPS to gain unauthorised access to a

e
Wi-Fi network.

ir
● Disable WPS if not needed or use a strong, unique PIN.

7. Denial of Service (DoS) Attacks:

es
● Overwhelming a wireless network with traffic, rendering it
unavailable.
● Implement traffic filtering and rate limiting, and use intrusion
D
prevention systems.

8. Password Cracking:
u

● Attempting to gain unauthorised access by systematically trying

different password combinations.
Ed

● Use strong, unique passwords and implement account lockout

policies.

9. Sniffing and Spoofing:

● Capturing and analysing data packets or masquerading as a
legitimate network device.
● Encrypt wireless traffic using protocols like WPA3 and employ MAC
address filtering.

10. Bluejacking and Bluesnarfing:

● Unauthorised access or control of Bluetooth-enabled devices.

65 Edu Desire
 ● Disable unnecessary Bluetooth services and use secure pairing
methods.

11. Honeypot Attacks:

● Setting up fake wireless networks to attract and identify attackers.
● Regularly monitor for unusual network activity and use intrusion
detection systems.

12. Packet Injection:

● Injecting malicious data packets into a wireless network to
manipulate or disrupt communication.

e
● Employ intrusion detection and prevention systems to detect and

ir
block suspicious packets.

Identity Theft (ID Theft): IT is a form of fraud in which an unauthorised

es
individual obtains and uses someone else's personal information, such as
their name, Social Security number, financial account details, or other
identifying data, typically for financial gain or to commit various crimes.
D
Key Characteristics:
u

1. Personal Information Theft:

● Attackers acquire and exploit personal details, which may include
Ed

full names, addresses, birthdates, Social Security numbers, or

financial account information.

2. Financial Fraud:
● Stolen identity information is often used to commit financial fraud,
such as opening fraudulent bank accounts, obtaining credit cards,
or making unauthorised purchases.

3. Criminal Activities:

66 Edu Desire
 ● Identity theft can be associated with various criminal activities,
including tax fraud, money laundering, or even involvement in
more serious crimes using a false identity.

4. Phishing and Social Engineering:

● Phishing emails, social engineering tactics, and data breaches are
common methods used to gather personal information for identity
theft.

5. Synthetic Identity Theft:

● Creating entirely fictitious identities by combining real and fake

e
information, making it harder to detect fraudulent activities.

ir
Common Scenarios: es
1. Financial Identity Theft:
● Unauthorised access to financial accounts, credit card fraud, or the
creation of false bank accounts.
D
2. Criminal Identity Theft:
● Committing crimes using someone else's identity, leaving the
u

victim to face legal consequences.

Ed

3. Medical Identity Theft:

● Using stolen identity information to obtain medical services,
prescriptions, or file false insurance claims.

4. Child Identity Theft:

● Exploiting the personal information of minors for various
fraudulent activities.

5. Tax Identity Theft:

● Filing fraudulent tax returns using someone else's identity to claim
refunds.

67 Edu Desire
Prevention and Protection:

1. Monitor Financial Statements:

● Regularly review bank statements, credit card bills, and other
financial accounts for unauthorised transactions.

2. Credit Monitoring:
● Use credit monitoring services to detect unusual activities or new
accounts opened under your name.

e
3. Secure Personal Information:

ir
● Safeguard personal documents, Social Security cards, and other
sensitive information in a secure and locked location.
es
4. Shred Documents:
● Shred documents containing personal information before
D
disposing of them to prevent dumpster diving.

5. Strong Passwords:
● Use strong, unique passwords for online accounts and enable
u

multi-factor authentication when available.

Ed

6. Be Sceptical of Requests:
● Verify the legitimacy of requests for personal information,
especially through unsolicited emails, phone calls, or messages.

7. Update Software:
● Keep software, operating systems, and security applications
up-to-date to protect against vulnerabilities.

8. Data Breach Response:

68 Edu Desire
 ● Be vigilant about potential data breaches and take necessary
actions, such as changing passwords, if your information may have
been compromised.

Recovery:

1. Report to Authorities:
● Report the identity theft to law enforcement agencies and file a
report with the Federal Trade Commission (FTC).

2. Credit Freeze:

e
● Consider placing a credit freeze to restrict access to your credit

ir
reports, preventing new accounts from being opened.

3. Identity Theft Insurance:

es
● Some individuals opt for identity theft insurance to provide
financial assistance in recovering from the impact of identity theft.
D
Identity theft is a pervasive and evolving threat, and individuals must
remain vigilant, take preventive measures, and promptly respond to any
signs of unauthorised use of their personal information.
u
Ed

Unit-4
UNDERSTANDING COMPUTER FORENSICS

Computer Forensics: It is a scientific method of investigation and

analysis in order to gather evidence from digital devices or computer
networks and components which is suitable for presentation in a court of
law or legal body. It involves performing a structured investigation while
maintaining a documented chain of evidence to find out exactly what
happened on a computer and who was responsible for it.

69 Edu Desire
Types of Computer Forensics:
1. Disk Forensics: It deals with extracting raw data from the primary
or secondary storage of the device by searching active, modified, or
deleted files.
2. Network Forensics: It is a sub-branch of Computer Forensics that
involves monitoring and analysing the computer network traffic.
3. Database Forensics: It deals with the study and examination of
databases and their related metadata.
4. Malware Forensics: It deals with the identification of suspicious
code and studying viruses, worms, etc.
5. Email Forensics: It deals with emails and their recovery and

e
analysis, including deleted emails, calendars, and contacts.
6. Memory Forensics: Deals with collecting data from system

ir
memory (system registers, cache, RAM) in raw form and then
analysing it for further investigation.
es
7. Mobile Phone Forensics: It mainly deals with the examination and
analysis of phones and smartphones and helps to retrieve contacts,
call logs, incoming, and outgoing SMS, etc., and other data present
in it.
D
Characteristics:
1. Identification: Identifying what evidence is present, where it is
u

stored, and how it is stored (in which format). Electronic devices

can be personal computers, Mobile phones, PDAs, etc.
Ed

2. Preservation: Data is isolated, secured, and preserved. It includes

prohibiting unauthorised personnel from using the digital device
so that digital evidence, mistakenly or purposely, is not tampered
with and making a copy of the original evidence.
3. Analysis: Forensic lab personnel reconstruct fragments of data and
draw conclusions based on evidence.
4. Documentation: A record of all the visible data is created. It helps
in recreating and reviewing the crime scene. All the findings from
the investigations are documented.
5. Presentation: All the documented findings are produced in a court
of law for further investigations.

70 Edu Desire
Application:
● Intellectual Property theft
● Industrial espionage
● Employment disputes
● Fraud investigations
● Misuse of the Internet and email in the workplace
● Forgeries related matters
● Bankruptcy investigations
● Issues concerned the regulatory compliance

e
Advantages of Computer Forensics :

ir
● To produce evidence in the court, which can lead to the
punishment of the culprit.
es
● It helps the companies gather important information on their
computer systems or networks potentially being compromised.
● Efficiently tracks down cyber criminals from anywhere in the
D
world.
● Helps to protect the organisation’s money and valuable time.
● Allows to extract, process, and interpret the factual evidence, so
it proves the cybercriminal action’s in the court.
u
Ed

Disadvantages of Computer Forensics :

● Before the digital evidence is accepted into court it must be
proved that it is not tampered with.
● Producing and keeping electronic records safe is expensive.
● Legal practitioners must have extensive computer knowledge.
● Need to produce authentic and convincing evidence.
● If the tool used for digital forensics is not according to specified
standards, then in a court of law, the evidence can be
disapproved by justice.
● A lack of technical knowledge by the investigating officer might
not offer the desired result.

71 Edu Desire
Digital Forensic Science:
● Digital Forensics is a branch of forensic science which includes the
identification, collection, analysis and reporting of any valuable
digital information in the digital devices related to computer
crimes, as a part of the investigation.
● In simple words, Digital Forensics is the process of identifying,
preserving, analysing and presenting digital evidence.
● The first computer crimes were recognized in the 1978 Florida
computers act and after this, the field of digital forensics grew
pretty fast in the late 1980-90’s.

e
● It includes the area of analysis like storage media, hardware,
operating system, network and applications.

ir
It consists of 5 steps at high level:
es
1. Identification of evidence: It includes identifying evidence
related to the digital crime in storage media, hardware, operating
system, network and/or applications. It is the most important and
D
basic step.
2. Collection: It includes preserving the digital evidence identified in
the first step so that they don't degrade to vanish with time.
Preserving the digital evidence is very important and crucial.
u

3. Analysis: It includes analysing the collected digital evidence of the

committed computer crime in order to trace the criminal and
Ed

possible path used to breach into the system.

4. Documentation: It includes the proper documentation of the
whole digital investigation, digital evidence, loopholes of the
attacked system etc. so that the case can be studied and analysed
in future also and can be presented in the court in a proper format.
5. Presentation: It includes the presentation of all the digital
evidence and documentation in the court in order to prove the
digital crime committed and identify the criminal.

Branches of Digital Forensics:

72 Edu Desire
 ● Media forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
audio, video and image evidence during the investigation process.
● Cyber forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
digital evidence during the investigation of a cyber crime.
● Mobile forensics: It is the branch of digital forensics which
includes identification, collection, analysis and presentation of
digital evidence during the investigation of a crime committed
through a mobile device like mobile phones, GPS device, tablet,
laptop.
● Software forensics: It is the branch of digital forensics which

e
includes identification, collection, analysis and presentation of
digital evidence during the investigation of a crime related to

ir
softwares only. es
The Need for Computer Forensics:
D
1. Rising Cyber Crime Rates: With the increasing prevalence of
cybercrimes, including hacking, data breaches, and online fraud,
u

there is a growing need for computer forensics to investigate and

respond to digital incidents.
Ed

2. Digital Evidence in Legal Proceedings: As digital evidence

becomes integral to legal proceedings, computer forensics plays a
crucial role in collecting, analysing, and presenting this evidence in
a forensically sound and legally admissible manner.

3. Protection of Sensitive Information: Organizations and

individuals need computer forensics to safeguard sensitive
information from unauthorised access, ensuring the confidentiality
and integrity of digital data.

73 Edu Desire
 4. Corporate Security: In the corporate world, computer forensics is
essential for responding to incidents such as data breaches, insider
threats, and intellectual property theft, helping organisations
maintain a secure digital environment.

5. Incident Response and Mitigation: Computer forensics aids in

incident response by providing methodologies and tools to quickly
identify and mitigate cybersecurity incidents, minimising potential
damage.

6. Legal Compliance: Compliance with legal standards and

e
regulations requires organisations to conduct thorough
investigations using computer forensics when dealing with digital

ir
incidents or potential data breaches.
es
7. Recovery of Lost or Deleted Data: Computer forensics helps in the
recovery of lost or deleted data, which can be critical in both
criminal investigations and corporate settings.
D
8. Prevention and Deterrence: The knowledge that computer
forensics can uncover and trace digital activities serves as a
deterrent, discouraging potential cybercriminals and contributing
u

to overall cybersecurity awareness.

Ed

9. Employee Misconduct Investigations: In cases of employee

misconduct or policy violations, computer forensics assists
organisations in investigating and documenting digital evidence
related to such incidents.

10.Identification of Security Weaknesses: Computer forensics helps

identify security weaknesses and vulnerabilities in digital systems,
enabling organisations to implement effective security measures
and protocols.

11.International Collaboration: With the global nature of cyber

crimes, computer forensics facilitates international collaboration

74 Edu Desire
 among law enforcement agencies and cybersecurity professionals
to combat digital threats.

12.Criminal Investigations: In criminal investigations, computer

forensics is indispensable for examining electronic evidence,
reconstructing digital timelines, and identifying individuals
involved in cybercrimes.

13.Support for Law Enforcement: Law enforcement agencies rely on

computer forensics to gather evidence in cybercrime cases, track
digital footprints, and prosecute individuals engaged in illegal

e
online activities.

ir
14.Continuous Technological Advancements: The ever-evolving
landscape of technology and cyber threats necessitates ongoing
es
advancements in computer forensics tools and techniques to stay
ahead of sophisticated cybercriminal tactics.
D
Cyber Forensics: Cyber forensics is a process of extracting data as proof
for a crime (that involves electronic devices) while following proper
investigation rules to nab the culprit by presenting the evidence to the
u

court. Cyber forensics is also known as computer forensics. The main

aim of cyber forensics is to maintain the thread of evidence and
Ed

documentation to find out who did the crime digitally. Cyber forensics
can do the following:
● It can recover deleted files, chat logs, emails, etc
● It can also get deleted SMS, Phone calls.
● It can get recorded audio of phone conversations.
● It can determine which user used which system and for how
much time.
● It can identify which user ran which program.

1. Investigation Scope:

75 Edu Desire
 ● Cyber forensics covers a broad range of digital incidents, including
hacking, data breaches, malware attacks, cyber espionage, online
fraud, and other criminal activities conducted in the digital realm.

2. Key Objectives:
● The primary objectives of cyber forensics include identifying and
analysing digital evidence, reconstructing digital timelines, and
providing accurate and admissible findings for legal proceedings.

3. Types of Cyber Forensic Investigations:

● Incident Response: Rapid response to cybersecurity incidents to

e
mitigate threats and preserve digital evidence.

ir
● Criminal Investigations: Examination of digital evidence to
identify and prosecute individuals involved in cybercrimes.
● Corporate Investigations: Investigation of data breaches, insider
es
threats, and other digital incidents within corporate environments.

Digital Evidence: It refers to information or data stored in a digital

D
format that holds probative value in legal proceedings. It can include
files, logs, emails, metadata, and other digital artefacts relevant to an
investigation.
u

1. Forms of Digital Evidence:

Ed

● Documentary Evidence: Digital documents, emails, and text files.

● Physical Evidence: Digital devices such as computers,
smartphones, and storage media.
● Transactional Evidence: Digital records of transactions, financial
data, and logs.
● Communication Evidence: Emails, instant messages, and other
digital communications.
● Biometric Evidence: Digital fingerprints, retinal scans, or other
biometric data.

2. Collection and Preservation: Digital evidence must be collected using

forensically sound methods to ensure its integrity and admissibility in

76 Edu Desire
legal proceedings. Preservation involves protecting the evidence from
tampering or alteration.

3. Analysis and Examination: Digital evidence is analysed using

specialised tools and techniques to extract relevant information. This
process involves examining file structures, metadata, and the overall
digital environment.

4. Chain of Custody: The chain of custody is a documented record that

tracks the handling and storage of digital evidence from collection to
presentation in court. Maintaining a secure chain of custody is crucial for

e
legal admissibility.

ir
5. Admissibility in Court: Digital evidence must meet legal standards for
admissibility, including relevance, authenticity, and reliability. Cyber
es
forensic experts play a key role in ensuring that digital evidence is
presented in a manner acceptable to the court.
D
6. Legal Challenges:
Legal challenges related to digital evidence include issues of privacy,
authentication, and the interpretation of complex technical information.
Cyber forensic experts must navigate these challenges to uphold the
u

integrity of the evidence.

Ed

7. Expert Testimony: Cyber forensic professionals often provide expert

testimony in court, explaining the methods used in the investigation, the
significance of digital evidence, and their findings.

8. Continuous Technological Advancements: The field of cyber

forensics continually evolves to address emerging technologies and
challenges. Professionals must stay informed about the latest tools and
techniques to effectively investigate digital incidents.

Process involved in Digital Evidence Collection: The main processes

involved in digital evidence collection are given below:

77 Edu Desire
 ● Data collection: In this process data is identified and collected for
investigation.
● Examination: In the second step the collected data is examined
carefully.
● Analysis: In this process, different tools and techniques are used
and the collected evidence is analysed to reach some conclusion.
● Reporting: In this final step all the documentation, reports are
compiled so that they can be submitted in court.

e
ir
es
Forensic Analysis of E-Mail:
D
● Email forensics involves the systematic examination and analysis
of email data to gather evidence for investigative or legal purposes.
● It plays a crucial role in cybercrime investigations, corporate
incidents, and legal proceedings.
u
Ed

1. Collection of Email Evidence:

● Metadata Extraction: Collect metadata, including sender and
recipient details, timestamps, and email server information.
● Email Headers: Examine email headers for routing information and
details about the email's journey.
● Attachments and Content: Extract and analyse email attachments
and content for potential evidence.

2. Preservation of Email Evidence:

● Original Email Preservation: Preserve original email content,
headers, and metadata to maintain authenticity.

78 Edu Desire
 ● Chain of Custody: Document and maintain a secure chain of
custody to track the handling of email evidence.

3. Email Analysis Techniques:

● Keyword Search: Conduct keyword searches to identify relevant
information within email content.
● Link Analysis: Analyse relationships between email senders,
recipients, and other entities to uncover patterns or connections.
● Timeline Reconstruction: Reconstruct timelines of email
exchanges to understand the sequence of events.
● Content Analysis: Analyse the content of emails for contextual

e
clues, threats, or indications of malicious activity.

ir
4. Authentication and Verification:
● Email Source Verification: Verify the authenticity of emails by
examining the
es source, SPF/DKIM signatures, and sender
information.
● Sender Authentication: Validate the identity of the sender
D
through forensic analysis to prevent email spoofing.

5. Investigation of Email Attachments:

u

● Malware Analysis: Conduct analysis on email attachments to

identify and characterise potential malware.
Ed

● File Metadata Examination: Examine metadata of attached files

for additional insights into their origin and history.

6. Email Header Examination:

● IP Address Analysis: Analyse IP addresses in email headers to trace
the geographic location or identify potential malicious activities.
● Email Routing Analysis: Examine email routing paths to
understand the journey of the email through different servers.

7. Recovering Deleted Emails: Employ forensic techniques to recover

deleted emails, including examining email server logs and backup
systems.

79 Edu Desire
8. Legal Admissibility: Ensure that the methods used in email forensics
adhere to legal standards, making the evidence admissible in court.

9. Reporting: Generate comprehensive reports documenting the findings

of the email forensics analysis, including key evidence, methodologies
used, and conclusions drawn.

10. Challenges in Email Forensics:

● Encrypted Emails: Dealing with encrypted emails that may pose
challenges in accessing content.

e
● Email Spoofing: Identifying and mitigating the impact of email

ir
spoofing, where malicious actors manipulate email headers.
● Privacy Concerns: Balancing the need for investigation with
privacy considerations, especially in corporate or legal contexts.
es
11. Prevention and Best Practices:
● Email Security Measures: Implement robust email security
D
measures, including encryption, spam filters, and user awareness
training.
● Logging and Monitoring: Maintain comprehensive email logs and
u

implement monitoring systems to detect and respond to suspicious

activities.
Ed

Digital Forensics Life Cycle:

● The digital forensics life cycle consists of a series of systematic
steps and processes aimed at identifying, collecting, analysing, and
preserving digital evidence in a forensically sound manner.
● This life cycle is followed in the investigation of cybercrimes,
incidents, or any digital-related legal matters.

Here are the key stages of the digital forensics life cycle:

80 Edu Desire
 1. Identification of evidence: It includes identifying evidence
related to the digital crime in storage media, hardware, operating
system, network and/or applications. It is the most important and
basic step.
2. Collection: It includes preserving the digital evidence identified in
the first step so that they don't degrade to vanish with time.
Preserving the digital evidence is very important and crucial.
3. Analysis: It includes analysing the collected digital evidence of the
committed computer crime in order to trace the criminal and
possible path used to breach into the system.

e
4. Documentation: It includes the proper documentation of the
whole digital investigation, digital evidence, loopholes of the

ir
attacked system etc. so that the case can be studied and analysed
in future also and can be presented in the court in a proper format.
5. Presentation: It includes the presentation of all the digital
es
evidence and documentation in the court in order to prove the
digital crime committed and identify the criminal.
D

Chain of Custody Concept in Digital Forensics:

u

● The chain of custody is a crucial concept in digital forensics and

legal proceedings.
Ed

● It refers to the documentation and procedures used to track the

handling, storage, and transfer of evidence from the moment it is
collected until its presentation in court.
● The chain of custody ensures the integrity and admissibility of
digital evidence by demonstrating that it has been handled in a
secure and controlled manner throughout the investigation.
Here are key aspects of the chain of custody concept:

1. Definition: The chain of custody is a documented trail that details the

chronological and secure handling of digital evidence, from its initial

81 Edu Desire
collection to its presentation in court. It provides a clear record of who
had custody of the evidence, when, and under what circumstances.

2. Importance:
1. Preserving Integrity: Ensures that digital evidence remains
unchanged and authentic.
2. Legal Admissibility: Demonstrates that the evidence has not been
tampered with or altered.
3. Credibility: Enhances the credibility of the evidence and the
investigators involved.
4. Ethical Standards: Upholds ethical standards in handling and

e
presenting evidence in legal proceedings.

ir
3. Key Components:
1. Documentation: Detailed records should be maintained at each
es
stage of evidence handling.
2. Physical Security: Measures to physically secure the evidence,
such as locked storage facilities.
D
3. Access Control: Limiting access to authorised personnel to prevent
unauthorised tampering.
4. Seals and Signatures: The use of seals, signatures, or digital
u

signatures to indicate integrity.

5. Time Stamps: Timestamps on all documentation to record the
Ed

exact timing of each transfer or action.

4. Chain of Custody Process:

● Collection: The process begins with the collection of digital
evidence using forensically sound methods.
● Documentation: Create a detailed record documenting the time,
date, location, and individual responsible for the collection.
● Sealing: Securely seal the evidence to prevent tampering or
contamination.
● Storage: Place the evidence in a secure storage facility with
restricted access.

82 Edu Desire
 ● Transfer: Any transfer of custody must be documented and involve
proper verification.
● Analysis: If analysis is required, document when, where, and by
whom it occurred.
● Court Presentation: Prepare the evidence for court presentation,
maintaining the chain of custody documentation.

Network Forensics:
● Network forensics is a subcategory of digital forensics that
essentially deals with the examination of the network and its traffic

e
going across a network that is suspected to be involved in
malicious activities, and its investigation for example a network

ir
that is spreading malware for stealing credentials or for the
purpose analysing the cyber-attacks.
es
● As the internet grew cybercrimes also grew along with it and so did
the significance of network forensics, with the development and
acceptance of network-based services such as the World Wide Web,
D
e-mails, and others.
● With the help of network forensics, the entire data can be retrieved
including messages, file transfers, e-mails, and, web browsing
history, and reconstructed to expose the original transaction.
u

● It is also possible that the payload in the uppermost layer packet

might wind up on the disc, but the envelopes used for delivering it
Ed

are only captured in network traffic.

Processes Involved in Network Forensics:

● Identification: In this process, investigators identify and evaluate
the incident based on the network pointers.
● Safeguarding: In this process, the investigators preserve and
secure the data so that the tempering can be prevented.
● Accumulation: In this step, a detailed report of the crime scene is
documented and all the collected digital shreds of evidence are
duplicated.

83 Edu Desire
 ● Observation: In this process, all the visible data is tracked along
with the metadata.
● Investigation: In this process, a final conclusion is drawn from the
collected shreds of evidence.
● Documentation: In this process, all the shreds of evidence,
reports, conclusions are documented and presented in court.

Challenges in Network Forensics:

● The biggest challenge is to manage the data generated during
the process.
● Intrinsic anonymity of the IP.

e
● Address Spoofing.

ir
es
D
u
Ed

Advantages:
● Network forensics helps in identifying security threats and
vulnerabilities.
● It analyses and monitors network performance demands.
● Network forensics helps in reducing downtime.
● Network resources can be used in a better way by reporting and
better planning.
● It helps in a detailed network search for any trace of evidence
left on the network.

Disadvantage:

84 Edu Desire
 ● The only disadvantage of network forensics is that It is difficult
to implement.

Approaching a computer forensics investigation: The phases in a

computer forensics investigation are:
● Secure the subject system
● Take a copy of hard drive/disk
● Identify and recover all files
● Access/view/copy hidden, protected, and temp files

e
● Study special areas on the drive

ir
● Investigate the settings and any data from programs on the system
● Consider the system from various perspectives
es
● Create detailed report containing an assessment of the data and
information collected
D
Things to be avoided during forensics investigation:
● Changing date/timestamps of the files
● Overwriting unallocated space
u

Things that should not be avoided during forensics investigation:

Ed

● Engagement contract
● Non-Disclosure Agreement (NDA)

Elements addressed before drawing up a forensics investigation

engagement contract:
● Authorization
● Confidentiality
● Payment
● Consent and acknowledgement
● Limitation of liability

85 Edu Desire
General steps in solving a computer forensics case are:
● Prepare for the forensic examination
● Talk to key people about the case and what you are looking for
● Start assembling tools to collect the data and identify the target
media
● Collect the data from the target media
● Use a write blocking tool while performing imaging of the disk
● Check emails records too while collecting evidence
● Examine the collected evidence on the image that is created
● Analyse the evidence

e
● Report your finding to your client

The Security/Privacy Threats:

ir
es
● Security and privacy threats in the digital landscape are diverse
and evolving.
● Understanding these threats is crucial for individuals,
D
organisations, and policymakers to implement effective measures
for protection.
Here are some key security and privacy threats:
u

1. Malware: Malicious software designed to harm or exploit computer

Ed

systems.
● Threat Impact: Data theft, system damage, unauthorised access,
and financial losses.
● Examples: Viruses, Trojans, ransomware, spyware.

2. Phishing: Deceptive attempts to obtain sensitive information, often

through fraudulent emails or websites.
● Threat Impact: Identity theft, unauthorised access to accounts,
financial fraud.
● Examples: Email phishing, spear phishing, vishing (voice phishing).

3. Data Breaches: Unauthorised access to and exposure of sensitive data.

86 Edu Desire
 ● Threat Impact: Compromised personal information, financial
losses, reputational damage.
● Examples: Hacking incidents, insider threats, accidental data leaks.

4. Social Engineering: Manipulating individuals to divulge confidential

information or perform actions.
● Threat Impact: Unauthorised access, data breaches, identity theft.
● Examples: Impersonation, pretexting, baiting.

5. IoT Vulnerabilities: Security weaknesses in Internet of Things (IoT)

devices.

e
● Threat Impact: Unauthorised access, device manipulation, data

ir
exposure.
● Examples: Insecure smart devices, lack of encryption in IoT
communication.
es
6. Insider Threats: Threats originating from individuals within an
organisation with access to sensitive information.
D
● Threat Impact: Data breaches, intellectual property theft, sabotage.
● Examples: Malicious employees, negligent behaviour, unintentional
mistakes.
u

7. Ransomware: Malware that encrypts data, demanding payment for its

Ed

release.
● Threat Impact: Data loss, financial losses, operational disruptions.
● Examples: WannaCry, NotPetya, Ryuk.

8. Identity Theft: Unauthorised use of someone's personal information

for fraudulent purposes.
● Threat Impact: Financial fraud, damage to personal reputation.
● Examples: Stolen credentials, synthetic identity theft.

9. Artificial Intelligence (AI) Threats: Misuse of AI for malicious

purposes or exploitation of AI vulnerabilities.

87 Edu Desire
 ● Threat Impact: Deepfake creation, AI-powered cyberattacks.
● Examples: AI-driven phishing, adversarial attacks on machine
learning models.

10. Eavesdropping: Unauthorised interception of communications.

● Threat Impact: Privacy invasion, data leakage, industrial espionage.
● Examples: Wiretapping, packet sniffing.

11. Cloud Security Concerns: Risks associated with storing and

accessing data in cloud environments.
● Threat Impact: Data breaches, unauthorised access.

e
● Examples: Insecure APIs, misconfigured cloud settings.

ir
12. Lack of Encryption: Failure to secure data with encryption, making it
vulnerable to unauthorised access.
es
● Threat Impact: Data exposure, privacy violations.
● Examples: Unencrypted communication channels, unsecured
D
storage.

13. Data Mining and Profiling: Unauthorised collection and analysis of

personal data for profiling purposes.
u

● Threat Impact: Invasion of privacy, targeted advertising.

Ed

● Examples: Unethical data harvesting, profiling without consent.

14. Legislative and Regulatory Compliance: Failure to comply with data

protection and privacy regulations.
● Threat Impact: Legal consequences, fines, reputational damage.
● Examples: GDPR violations, non-compliance with local privacy
laws.

Challenges in computer forensics:

1. Encryption: Decrypting data for analysis due to widespread use of
strong encryption.

88 Edu Desire
 2. Volatility of Digital Evidence: Ephemeral nature of digital
evidence, easily altered or destroyed.

3. Anti-Forensics Techniques: Perpetrators using tools to erase

tracks, manipulate timestamps, or obfuscate evidence.

4. Cloud Computing: Difficulty in preserving and collecting evidence

stored in remote cloud servers.

5. Privacy Concerns: Balancing the need for investigations with

e
privacy considerations.

ir
6. Large Volumes of Data: Coping with the exponential growth of
data for collection, analysis, and storage.
es
7. Digital Forensics Standardization: Lack of standardised
procedures and methodologies.
D
8. Rapid Technological Advancements: Keeping up with the
constant evolution of technology.
u

9. Chain of Custody: Maintaining an unbroken chain of custody for

Ed

digital evidence.

10.International Jurisdictional Issues: Investigating cybercrimes

that transcend national borders.

11.Lack of Qualified Personnel: Shortage of skilled professionals in

computer forensics.

Unit-5

89 Edu Desire
INTRODUCTION TO SECURITY POLICIES AND CYBER LAWS

In the digital world, security policies are like rulebooks that

organisations follow to keep information safe. On the legal side, cyber
laws are the rules that everyone, from individuals to big companies, must
follow online. Think of security policies as your personal safety
guidelines, and cyber laws as the rules that help keep the internet a
secure place for everyone. Understanding these rules is essential in
today's digital age for protecting information, ensuring legal compliance,
and making the online world a safer space.

e
Need for an Information Security Policy: In the ever-expanding digital
landscape, an Information Security Policy is not just a document; it's a

ir
crucial shield for organisations.
es
Here's why it's indispensable:

1. Asset Protection:
D
● Why: Safeguards digital and physical assets like data, systems, and
networks.
● Impact: Prevents unauthorised access, data breaches, and
u

potential loss or damage.

Ed

2. Risk Management:
● Why: Identifies and minimises potential risks and vulnerabilities.
● Impact: Mitigates the impact of cyber threats, ensuring business
continuity.

3. Regulatory Compliance:
● Why: Ensures adherence to legal requirements and industry
standards.
● Impact: Avoids legal consequences, fines, and damage to
reputation.

90 Edu Desire
4. Data Integrity:
● Why: Guarantees the accuracy and reliability of information.
● Impact: Prevents data manipulation, corruption, or unauthorised
alterations.

5. User Guidelines:
● Why: Provides clear instructions on acceptable use of resources.
● Impact: Helps employees understand their responsibilities,
reducing human-related risks.

6. Incident Response:

e
● Why: Outlines procedures for handling security incidents.

ir
● Impact: Enables swift and effective response, minimising potential
damage.
es
7. Customer Trust:
● Why: Demonstrates a commitment to protecting customer
D
information.
● Impact: Builds trust, enhancing the organisation's reputation.

8. Competitive Advantage:
u

● Why: Differentiates security-conscious organisations in the

Ed

market.
● Impact: Attracts partners and customers who prioritise secure
business practices.

9. Technology Adoption:
● Why: Facilitates the secure adoption of new technologies.
● Impact: Allows organisations to leverage innovations without
compromising security.

10. Employee Awareness:

● Why: Educates employees on security best practices.

91 Edu Desire
 ● Impact: Creates a security-conscious culture, reducing the
likelihood of insider threats.

11. Business Continuity:

● Why: Ensures uninterrupted operations in the face of security
incidents.
● Impact: Reduces downtime, maintaining productivity and service
delivery.

12. Third-Party Relationships:

● Why: Establishes security expectations for external partners.

e
● Impact: Ensures a secure ecosystem, even when collaborating with

ir
external entities.
es
Introduction to Indian Cyber Law:
Cyber Law also called IT Law is the law regarding
Information-technology including computers and the internet. It is
D
related to legal informatics and supervises the digital circulation of
information, software, information security, and e-commerce.
u

Importance of Cyber Law:

1. It covers all transactions over the internet.
Ed

2. It keeps an eye on all activities over the internet.

3. It touches every action and every reaction in cyberspace.

Area of Cyber Law: Cyber laws contain different types of purposes.

Some laws create rules for how individuals and companies may use
computers and the internet while some laws protect people from
becoming the victims of crime through unscrupulous activities on the
internet.
The major areas of cyber law include:
1. Fraud:
Consumers depend on cyber laws to protect them from online

92 Edu Desire
 fraud. Laws are made to prevent identity theft, credit card theft,
and other financial crimes that happen online. A person who
commits identity theft may face confederate or state criminal
charges. They might also encounter a civil action brought by a
victim. Cyber lawyers work to both defend and prosecute against
allegations of fraud using the internet.

2. Copyright:
The internet has made copyright violations easier. In the early days
of online communication, copyright violations were too easy. Both
companies and individuals need lawyers to bring an action to
impose copyright protections. Copyright violation is an area of

e
cyber law that protects the rights of individuals and companies to

ir
profit from their creative works.

3. Defamation:
es
Several personnel use the internet to speak their mind. When
people use the internet to say things that are not true, it can cross
the line into defamation. Defamation laws are civil laws that save
D
individuals from fake public statements that can harm a business
or someone’s reputation. When people use the internet to make
statements that violate civil laws, that is called Defamation law.
u

4. Harassment and Stalking:

Sometimes online statements can violate criminal laws that forbid
Ed

harassment and stalking. When a person makes threatening

statements again and again about someone else online, there is a
violation of both civil and criminal laws. Cyber lawyers both
prosecute and defend people when stalking occurs using the
internet and other forms of electronic communication.

5. Freedom of Speech:
Freedom of speech is an important area of cyber law. Even though
cyber laws forbid certain behaviours online, freedom of speech
laws also allows people to speak their minds. Cyber lawyers must
advise their clients on the limits of free speech including laws that
prohibit obscenity. Cyber lawyers may also defend their clients

93 Edu Desire
 when there is a debate about whether their actions consist of
permissible free speech.

6. Trade Secrets:
Companies doing business online often depend on cyber laws to
protect their trade secrets. For example, Google and other online
search engines spend lots of time developing the algorithms that
produce search results. They also spend a great deal of time
developing other features like maps, intelligent assistance, and
flight search services to name a few. Cyber laws help these
companies to take legal action as necessary to protect their trade
secrets.

e
ir
7. Contracts and Employment Law:
Every time you click a button that says you agree to the terms and
conditions of using a website, you have used cyber law. There are
es
terms and conditions for every website that are somehow related to
privacy concerns.
D
Advantages of Cyber Law:
● Organisations are now able to carry out e-commerce using the legal
infrastructure provided by the Act.
u

● Digital signatures have been given legal validity and sanction in the
Act.
Ed

● It has opened the doors for the entry of corporate companies for
issuing Digital Signatures Certificates in the business of being
Certifying Authorities.
● It allows the Government to issue notifications on the web thus
heralding e-governance.
● It gives authority to the companies or organisations to file any
form, application, or any other document with any office,
authority, body, or agency owned or controlled by the suitable
Government in e-form using such e-form as may be prescribed by
the suitable Government.
● The IT Act also addresses the important issues of security, which
are so critical to the success of electronic transactions.

94 Edu Desire
 ● Cyber Law provides both hardware and software security.

Objective and Scope of the Digital Personal Data Protection Act 2023:
The Digital Personal Data Protection Act, 2023 (DPDP Act) aims to
regulate the processing of personal data.

The act's objectives are to:

● Protect personal data
● Process data lawfully
● Recognize the need to process data for lawful purposes

e
● Increase data sovereignty

ir
The act's scope includes:
es
● Online and offline data processing
● Cross-border data transfer
● Rights and duties for individuals and data fiduciaries
D
● Establishing the Data Protection Board of India

The DPDP Act was passed by the Rajya Sabha on August 9, 2023. The
u

President of India granted assent to the act on August 11, 2023.

Ed

Intellectual Property Issues: Intellectual property (IP) issues

encompass a wide range of legal concerns related to the protection of
creations of the mind, including inventions, literary and artistic works,
designs, symbols, names, and images used in commerce.
Here are some key intellectual property issues:

There are four main types of IP:

1. Patents: Patents protect inventions, which are new and useful
products or processes. A patent gives the owner the exclusive right
to make, use, and sell the invention for a period of 20 years.

95 Edu Desire
 2. Trademarks: Trademarks protect words, symbols, or designs that
identify and distinguish the source of goods or services. A
trademark gives the owner the exclusive right to use the mark on
their goods or services, and to prevent others from using a
confusingly similar mark.
3. Copyrights: Copyrights protect original works of authorship, such
as books, music, movies, and software. A copyright gives the owner
the exclusive right to reproduce, distribute, perform, display, and
create derivative works from the copyrighted work.
4. Trade secrets: Trade secrets are confidential information that
gives a business a competitive advantage. A trade secret can be
anything from a customer list to a manufacturing process.

e
ir
IP issues can arise in a variety of contexts, including:
1. Infringement: Infringement occurs when someone uses an IP
without the permission of the owner. Infringement can be direct
es
(e.g., copying a copyrighted work) or indirect (e.g., using a
trademark to confuse consumers).
2. Misappropriation: Misappropriation occurs when someone takes
D
advantage of an IP without the owner's permission, but does not
technically infringe the IP. For example, misappropriation can
occur when someone uses an IP to trade on the goodwill of the
u

owner.
3. Licensing: Licensing is an agreement between an IP owner and
Ed

another party that allows the other party to use the IP in exchange
for a fee. Licences can be exclusive or non-exclusive, and can be
limited to certain fields of use or geographic areas.
4. Enforcement: Enforcement is the process of taking legal action to
protect an IP from infringement or misappropriation. Enforcement
can be a complex and expensive process, and there is no guarantee
that it will be successful.

Businesses can take steps to protect their IP by:

1. Identifying their IP: Businesses should identify all of their IP
assets, including patents, trademarks, copyrights, and trade
secrets.

96 Edu Desire
 2. Registering their IP: Businesses should register their trademarks
and copyrights with the appropriate government agencies. Patents
can also be registered, but registration is not required to obtain
patent protection.
3. Keeping their IP confidential: Businesses should keep their trade
secrets confidential by taking steps to prevent unauthorised
disclosure.
4. Monitoring for infringement: Businesses should monitor the
market for unauthorised use of their IP.
5. Taking action against infringement: Businesses should take
action against infringement, such as sending cease-and-desist

e
letters or filing lawsuits.

ir
Protecting IP is an important part of business success. By taking
steps to protect their IP, businesses can:
es
● Minimise the risk of infringement and misappropriation
● Maximise the value of their IP assets
● Gain a competitive advantage
D
● Protect their reputation
● Avoid costly lawsuits
u

IP Legislation in India: Imagine intellectual property (IP) as a special

kind of property, like a house or a car, but instead of being physical,
Ed

it's for creations of the mind. In India, we have laws to protect these
creations, just like we protect physical property.

The main IP laws in India are like rulebooks for different types of
creations:
1. Patents Act, 1970: This rulebook protects new and useful
inventions, like a new type of medicine or a special machine.

2. Copyright Act, 1957: This rulebook protects original works of

creativity, like books, music, movies, or paintings.

97 Edu Desire
 3. Trade Marks Act, 1999: This rulebook protects special symbols
or words that businesses use to identify their products, like a
company logo or brand name.

4. Designs Act, 2000: This rulebook protects the unique

appearance of products, like the shape of a bottle or the design
of a chair.

5. Geographical Indications of Goods (Registration and

Protection) Act, 1999: This rulebook protects special names or
symbols that identify products from a particular place, like
Darjeeling tea or Banarasi silk.

e
ir
6. Semiconductor Integrated Circuit Layout-Designs Act, 2000:
This rulebook protects the specific arrangement of electronic
components on a computer chip.
es
IP Enforcement in India: Imagine a special court called the
Intellectual Property Appellate Board (IPAB) as the IP police. They
D
handle appeals from the Patent Office, Trade Marks Registry, and
Copyright Office, making sure IP rights are protected.
u

Regular courts also play a role in IP disputes, like the High Courts and
Supreme Court, granting injunctions and other remedies to protect IP
Ed

rights.

IP Litigation Costs in India

Protecting IP rights can be costly, like hiring lawyers, experts, and
preparing for trials. Courts can also award significant damages for IP
infringement.

IP Protection for Foreign Investors

Foreign investors can enjoy the same IP protection as Indians.
However, they may face challenges due to language barriers or
cultural differences.

98 Edu Desire
Seeking legal advice from an experienced IP attorney is crucial for
foreign investors to navigate IP protection in India.

Patent:
● A patent is a legal right that gives the inventor the exclusive
right to make, use, sell, and import an invention for a limited
period of time.
● In exchange for this exclusive right, the inventor must disclose
the invention to the public in a detailed patent application.

e
There are three main types of patents:

ir
● Utility patents: Utility patents protect inventions that are new,
useful, and non-obvious. This means that the invention must be
something that has not been invented before, that it must be
es
useful in some way, and that it must not be simply an obvious
variation of something that already exists.
D
● Design patents: Design patents protect the ornamental design
of manufactured products. This means that the patent protects
the way the product looks, but not its function.
u

● Plant patents: Plant patents protect new and distinct varieties

of plants.
Ed

Patent Application Process: The process of obtaining a patent is as

follows:
1. Invent: The inventor must come up with an invention that is
new, useful, and non-obvious.

2. File a patent application: The inventor must file a patent

application with the appropriate government agency. The
application must include a detailed description of the invention,
drawings of the invention, and a claim that defines the
invention.

99 Edu Desire
 3. Examination: The patent application will be examined by a
patent examiner to see if it meets the requirements for a patent.

4. Publication: If the patent application is allowed, it will be

published in the patent office's patent journal.

5. Grant: If no objections are raised to the patent application, the

patent will be granted.

Benefits of Patents: Patents have several benefits for inventors.

Protect the inventor's invention from being copied by others.

e
● Increase the value of the invention.
● Make it easier to attract investors.

ir
● Help to establish the inventor as an expert in their field.
es
Copyright: Copyright is a legal right that gives the owner the
exclusive right to reproduce, distribute, perform, display, and create
D
derivative works from a work of authorship for a limited period of
time.
u

Copyright covers a wide range of works of authorship, including:

1. Literary works: This includes books, articles, poems, scripts,
Ed

musical compositions, and software.

2. Musical works: This includes songs, operas, and instrumental
pieces.
3. Dramatic works: This includes plays, movies, and television
shows.
4. Artistic works: This includes paintings, sculptures,
photographs, and graphic designs.
5. Audiovisual works: This includes movies, television shows, and
video games.

Duration of Copyright Protection:

100 Edu Desire

Copyright protection for works created after January 1, 1978,
generally lasts for the life of the author plus 70 years. For works
created by multiple authors, the copyright protection lasts for 70
years after the death of the last surviving author.

There are two main types of copyright protection:

● Original works of authorship: These works are protected from
the moment of creation.
● Works made for hire: These works are created by an employee
within the scope of their employment and are owned by the
employer.

e
Copyright Registration

ir
Copyright registration is not required to obtain copyright protection,
but it is highly recommended. Registration provides several benefits,
including:
es
● A presumption of validity: If a work is registered, the copyright
owner is presumed to be the owner of the copyright.
D
● A right to statutory damages: If a copyright is registered and
an infringer is found liable, the copyright owner may be able to
recover statutory damages, which are a set amount of money
u

that does not depend on the actual damages suffered by the

copyright owner.
Ed

Trademarks:
A trademark is a legal right that gives the trademark owner the
exclusive right to use a word, symbol, or design to identify and
distinguish the source of goods or services. Trademarks are granted to
businesses in order to protect their brands from unauthorised use or
exploitation.

There are two main types of trademarks:

1. Word marks: Word marks are trademarks that consist of a single
word or phrase. Examples of word marks include "Coca-Cola,"

101 Edu Desire

 "McDonald's," and "Google."

2. Design marks: Design marks are trademarks that consist of a

symbol, logo, or other design. Examples of design marks include
the Nike swoosh, the Apple logo, and the Starbucks siren.

Trademark Registration
● Trademarks are not registered by default.
● In order to obtain trademark registration, a business must file a
trademark application with the appropriate government agency.
● The trademark application must include the trademark, the

e
goods or services that the trademark is used for, and the name
and address of the trademark owner.

ir
There are several benefits to trademark registration:
es
1. National registration: A registered trademark is protected
throughout the country.
D
2. Presumption of validity: A registered trademark is presumed to
be valid, which can make it easier for the trademark owner to
win a lawsuit against an infringer.
u

3. Constructive notice: A registered trademark gives constructive

notice to the public that the trademark is owned by the
Ed

trademark owner. This means that anyone who uses the

trademark without the permission of the trademark owner is
liable for infringement.

4. Enhanced damages: If a trademark owner registers a trademark

and the infringer is found liable for trademark infringement, the
trademark owner may be awarded enhanced damages.

5. The ability to file a lawsuit for trademark infringement in

federal court: Trademark owners with registered trademarks
can file a lawsuit for trademark infringement in federal court.

102 Edu Desire

Conclusion
Trademarks are a valuable tool for businesses. They can help to
protect a business's brand from unauthorised use, increase the value
of the brand, and make it easier to attract customers. If you are a
business owner, I encourage you to learn more about trademarks and
how they can help you protect your brand.

e
ir
es
D
Edu Desire
Computer And Technology
u

The More You Practice, The Better You Get.

Ed

Thank You!
Follow me

103 Edu Desire