Unit 2
Unit 2
Unit 2
Contents
• Introduction,
• Forensics Investigation,
• Cyber Security Regulations, • Challenges in Computer Forensics,
• Roles of International Law. • Special Techniques for Forensics Auditing.
• The INDIAN Cyberspace,
• National Cyber Security Policy.
• Historical background of Cyber forensics,
• Digital Forensics Science,
• The Need for Computer Forensics,
• Cyber Forensics and Digital evidence,
• Forensics Analysis of Email,
• Digital Forensics Lifecycle,
sections
• Section 43 (data protection),
• Section 66 (hacking),
• Section 66A (measures against sending offensive
messages),
• Section 66B punishment for illegally possessing
stolen computer resources or communication
devices),
• Need for NCSS 2020 India was one of the few countries to propound a
futuristic National Cyber Security Policy 2013(NCSP 2013).
forensics
• It is difficult to pinpoint when computer forensics history began. Most experts
agree that the field of computer forensics began to evolve more than 30 years
ago.
• Until the late 1990s, what became known as digital forensics was commonly
termed ‘computer forensics’. The first computer forensic technicians were law
enforcement officers who were also computer hobbyists.
• 1970s
- First crimes cases involving computers, mainly financial fraud
• 1980’s
- Financial investigators and courts realize that in some cases all the records and
evidences were only on computers.
- Norton Utilities, “Un-erase” tool created
- Association of Certified Fraud Examiners began to seek training in what became
computer forensics
- SEARCH High Tech Crimes training created
- Regular classes began to be taught to Federal agents in California and at FLETC in
Georgia
- HTCIA formed in Southern California
• 1984
FBI Magnetic Media Program created. Later it become Computer Analysis and
Response Team (CART)
• 1987
Acces Data – Cyber Forensic Company formed
• 1988
- Creation of IACIS, the International Association of Computer Investigative
Specialists
- First Seized Computer Evidence Recovery Specialists (SCERS) classes held
• 1993
First International Conference on Computer Evidence held
• 1995
International Organization on Computer Evidence (IOCE) formed
• 1997
The G8 countries in Moscow declared that “Law enforcement personnel must be trained
and equipped to address high-tech crimes”.
BVRIT HYDERABAD College of Engineering for Women
19
• 1998
In March G8 appointed IICE to create international principles, guidelines and
procedures relating to digital evidence
• 1998
INTERPOL Forensic Science Symposium
• 1999
FBI CART case load exceeds 2000 cases, examining 17 terabytes of data
• 2000
First FBI Regional Computer Forensic Laboratory established
• 2003
FBI CART case load exceeds 6500 cases, examining 782 terabytes of data
• The first computer crime was reported in 1978, followed by the Florida computers
act, it wasn’t until the 1990s that it became a recognized term.
• It was only in the early 21st century that national policies on digital forensics
emerged.
• Digital forensics - the process of identifying, preserving, analyzing, and documenting
digital evidence in order to present evidence in a court of law when required.
• Helps you to identify the evidence quickly, and also allows you to estimate the
potential impact of the malicious activity on the victim.
• Producing a computer forensic report which offers a complete report on the
investigation process.
• Preserving the evidence by following the chain of custody.
evidence
• Digital evidence is information stored or transmitted in binary form that may be
relied on in court.
• It can be found on a computer hard drive, a mobile phone, among other places.
• Example - suspects' e-mail or mobile phone files might contain critical evidence
regarding their intent, their whereabouts at the time of a crime and their relationship
with other suspects.
• These actors fall under “User Actors”, “Message Handling Service (MHS)
Actors” and “ADministrative Management Domain (ADMD) Actors” groups.
• User Actors are people, organizations or processes that serve as sources or sinks of
messages. They can generate, modify or look at the whole message.
• E-mail forensic analysis - the study of the source and content of e-mail message
as evidence, identifying the actual sender, recipient and date and time it was sent,
etc. to collect credible evidence to bring criminals to justice.
• When digital forensics investigators study emails to find the source of spoofed
messages, they have to analyze every field of email architecture.
• Email header is one of the vital resources that contains many important fields,
one of which is Message-ID. So, it is important to understand what Message-IDs
are, how they are created and extracted, and how they can help investigators in
extracting useful information.
Forensics Investigation
• Forensics are the scientific methods used to
solve a crime.
• Forensic investigation - the gathering and
analysis of all crime-related physical evidence
in order to come to a conclusion about a
suspect.
• Investigators will look at blood, fluid, or
fingerprints, residue, hard drives, computers, or
other technology to establish how a crime took
place.
Investigation
• Digitpol utilizes global leading technology, Cellebrite Technology, Cellebrite’s
forensic expert technology allows us to carry out forensic acquisition of data
from the supported listed devices.
• What Data is Recoverable ?
o SMS | IM Chat | WhatsApp | Viber | Skype | Wechat | IRC
| Deleted
o Call history | Incoming | Outgoing | Missed | Deleted
o EMAILs | Incoming | Outgoing | Drafts | Deleted
o GPS locations | Waypoints | GEO tagging of pictures
o Photos | Sent | Received | Deleted
o Social Network logs | Activity Time | GEO Login |
Deleted
o Internet History | History | Entered Keywords | Searches |
Deleted | Cookies
o Wifi Data | SSID | MAC | I.P
o Bluetooth | Paired devices | Timestamp
BVRIT HYDERABAD College of Engineering for Women
42
Computers
• Computer forensics is a branch of digital
forensic science pertaining to evidence
found in computers and digital storage
media.
• Goal - To examine digital media in a
forensically sound manner with the aim of
identifying, preserving, recovering,
analyzing and presenting facts and opinions
about the digital information, most often
associated with the investigation of a wide
variety of computer crime, computer
forensics may also be used in civil
proceedings.
BVRIT HYDERABAD College of Engineering for Women
43
Email Forensics
• Digitpol's Email Fraud Investigation Team are certified digital forensic experts
and fraud examiners and can assist to all cases related to Email Scams and Fraud.
• Digitpol can examine emails in PST format or any raw email format to determine
the senders IP address, email server used and metadata to investigate and
undercover fraud.
• Email fraud investigation is the collection and forensic investigation of
evidence into email hacking, phishing attacks, tracing and recovery of stolen
funds.
• Email Fraud is the intentional deception made for personal gain or to damage
another individual through email. As soon as email became widely used, it began
to be used as a means to defraud people.
• Email fraud can take the form of a "con game" or scam. Investigating email
fraud reaches to all aspect of cyber crime from recovery of funds transferred
to a fraudsters bank account to a forensic examination to determine how
fraudsters hacked into email accounts.
• Email fraud, scams, phishing attacks happens in most cases when cyber
criminals find ways to hack into the email servers or accounts of small and
medium companies, often targeting those with business in Asia countries.
• Cyber criminals gain access to email accounts and search through email
accounts looking for sensitive information such as outstanding, unpaid
invoices or data relating to financial transactions and business between
supplier, vendor and clients.
Email Fraud Investigation
• Digitpol's Cyber and Fraud Team are certified fraud and forensic examiners
and can deploy to assist with all cases related to email fraud, email spear
phishing attacks, email scams and on-line related fraud.
• The evidence discovered can help you protect your business and prevent further
breaches.
Drone Forensic
Digitpol's expert forensic technology to carry out forensic acquisition of data from the supported
drones.
• Serial number of the drone aircraft and some internal
components such as MAC, IMEI, & IMSI
• Version numbers for firmware
• Metadata from operations such as launching, waypoint
logs, GPS available or unavailable during flight.
• Geo location information for critical locations –
launching, landing, and home or return location
• Full flight path information
• Wifi Data | SSID | MAC | I.P
• Bluetooth | Paired devices | Timestamp
• They perform Surveys to record all Wi-Fi networks on the 2.4GHz and 5GHz
spectrum to determine what devices are on your network and if any rogue devices
are present.
• Digitpol’s Wi-Fi experts are certain Wi-Fi and IOT over-the-air attacks will
rise in 2020, Digitpol’s team are conducting Wi-Fi audits for business across
Europe, the probe audits details such as the number of connected devices on a
network, Wi-Fi traffic, approved Wi-Fi devices, security flaws, unauthorized
devices and instant upgrades.
• The audits have so far discovered out-of-date firmware allowing remote control,
hijacked routers, modified firmware, many connected unauthorized devices and
active interception.
• The probe can be deployed as a fixed install to sites to detect Wi-Fi interference
within 900ms.
Auditing.
• Forensic accounting is a type of accounting which cross-checks the various
financial records of a business to find any indication of fraud being committed
and also provides an in-depth analysis of the financial books which could be
presented in the court of law as evidence.
2. Conducting Interviews
• Conducting an interview is an essential
technique which can transform an unwilling
person into a source of valuable information
which helps in fully understanding all the
facts.
• An interview should be conducted by
accurately assessing the gravity of the situation
and preparing the questions according to it.
• Discussions should take every little detail into
account and look at the greater picture to
figure out the magnitude of the illegal activity
and the culprit responsible.
BVRIT HYDERABAD College of Engineering for Women
62
4. Analyzing Evidence
• Proper analysis of the obtained evidence can point to the guilty party and can
also assist to understand the extent of the fraud committed in the business.
• This analysis would also help in understanding how secure the company is
against financial scams and installing various austerity measures to prevent any
such future situation.
5. Surveillance
• This can be done physically or electronically and is one of the conventional
measures conducted to uncover any fraud which can be done by monitoring and
tracking all the official emails and messages.
6. Going Undercover
• This is an extreme measure and should be used only as a last resort.
• It is best left to the professionals as they have the proper knowledge of how
and where to conduct the investigations.
• Even a small mistake while being undercover can signal the offender that
something is wrong and the person might vanish.
7. Analyzing the Financial Statements
• This is a precious tool for finding out the fraud committed. All the necessary
details are summarized in the financial statement, and the analysis of these
statements can help a forensic accountant to figure out the scam.
Thanks!
Any questions?