CYBER FORENSICS Kiran Bettadapur S 1112020 1 DIGITAL

CYBER FORENSICS | Kiran Bettadapur S. | 11/1/2020 1

DIGITAL ERA 11/1/2020 2

INTERNET TRAFFIC 100, 000, 000 Gigabytes STORE… Ø ALL FILMS [HD]: 2000 X Ø ALL BOOKS [PDF]: 333 X Ø ALL YOUTUBE: 1, 000 X 11/1/2020 Over 100, 000 Petabytes/Month in 2016 3

CYBERCRIME COMPUTER AS OBJECT: COMPUTER AS MEDIUM: CONTENTS OF COMPUTER: ü ILLEGAL ACCESS ü UNLAWFUL DATA TRANSMISSION ü DATA DELETION ü WEBSITE DEFACING ü ü ü ü ID THEFT FRAUD E-THEFT PHISHIING CHILD PORNOGRAPHY STOLEN SENSITIVE INFO TERROR ATTACK DETAILS CYBERCRIME TYPES AGAINST PERSONS: AGAINST PROPERTY AGAINST GOVERNMENT: ü ü ü DENIAL OF SERVICE ü MALWARE: Viruses, Trojans, Worms, Mail Bombs, Ransomware ü CYBER SQUATTING ü HACKING ü SALAMI SLICING (PENNY SHAVING) ü CREDIT CARD FRAUD ü IP CRIMES: Software Piracy; IP Violations (Copyright, TM, etc. ) ü SALE OF ILLEGAL ITEMS: WEAPONS, WILDLIFE, DRUGS ü CYBER WAR & TERRORISM ü CHILD PORNOGRAPHY ü ONLINE GAMBLING ü SECURE SYSTEM HACKING ü ONLINE ESPIONAGE ü ü ü IDENTITY THEFT INFO THEFT DEFAMATION CYBER THREATS, BULLYING & STALKING FORGERY HARASSMENT E-MAIL SPOOFING & SPAM; PHISHING CHILD SOLICITING 11/1/2020 4

WHAT IS? o Challenges of Cyber Crime: o Emerging Field o Digital Evidence n Collection n Analysis o Results From: Incidents CYBER FORENSICS n On the Increase n Skillful Criminals n No Barriers or Borders n Evolving Laws o Digital Evidence Sources o Result Of: Investigation n Computers n Storage Devices o Results In: Legal Evidence n Mobile Devices: Phones, Tabs, etc. n Electronic Gadgets: Cameras, etc. 11/1/2020 5

BRANCHES Branches of CYBER FORENSICS [part of digital forensics] CLOUD & NETWORK FORENSICS: DATA & DATABASE FORENSICS ü SECURITY ATTACKS & PROBLEM INCIDENTS ü TWO SYSTEMS: MOBILE DEVICE FORENSICS: ü ü ü CELL PHONES; DIGITAL CAMERAS; I-PODS; etc… ü ANY MEDIUM FOR STORAGE OF CONTENT ─ CATCH-IT-AS-YOUCAN… Batch-mode Traffic Analysis …Needs Storage ─ STOP-LOOK-’N-LISTEN… Individual Packet Analysis …Needs processing power 11/1/2020 SERVER SIDE CLIENT SIDE MALWARE E-MAIL & SOCIAL MEDIA INCIDENT RESPONSE AUDITS 6

WHAT IT ENTAILS 2. 1. 3. 7. 8. 6. 4. 5. 11/1/2020 7

DIGITAL EVIDENCE ASPECTS PRIMARY STORAGE Ø PHYSICAL : ü Chain of Custody ü Document ü Secure Storage ü Photos ü Original + Backup + Working SECONDARY STORAGE 11/1/2020 OFFLINE STORAGE Ø LOGICAL : ü Work on Copy ü Minimal Access of Original ü Use Writeblocking ü Use Hash Functions TERTIARY / NEARLINE / CLOUD STORAGE 8

COLLECTION CHALLENGES 2. 1. 3. 6. 4. 5. 11/1/2020 9

EVIDENCE TAMPERING 2. 1. 3. 6. 4. 5. 11/1/2020 10

ANALYSIS CROSS-DRIVE ANALYSIS: LIVE ANALYSIS: STOCHASTIC FORENSICS: ü CORRELATION…of info on multiple devices ü IDENTIFY SOCIAL NETWORKS ü ANOMALY DETECTION ü SYTEM EXAMINATION… from within the OS ü PROBABILITY THEORY ü ACTIVITIES LACKING DIGITAL ARTIFACTS ü DATA THEFT q CUSTOM TOOLS q SYSADMIN TOOLS ü DE-ENCRYPTION METHODS & TECHNIQUES STEGANALYSIS: ü STEGANOGRAPHY q Concealment of Data … in picture or digital image q Encrypted Payload ü BARRAGE NOISE q Random data; white noise, q Misinformation, meaningless drivel ü DETECTING HASH VALUE CHANGES CRYPTANALYSIS: ü DECIPHERING ENCRPTED MESSAGES q No access to key or encryption algorithm ü SYMMETRIC KEY q Block Ciphers (Blocks of text) q Stream Ciphers (Individual characters) DELETED FILE RETRIEVAL: ü DISK RECONSTRUCTION q Reconstruct from file sectors ü FILE CARVING q Search for file-headers in disk image q Reconstruct Deleted Material ü HASH FUNCTIONS 11/1/2020 11

PROCESS COLLECTION: PREPARATION ØTraining of Investigators ØTools & Planning ØSuspect Questioning ØWarrant TRIAL & TESTIMONY 11/1/2020 ØDevices/Sources: RFID, Black-boxes (vehicle), etc. ØDue Care No Heat, XRay, etc. ØImaging media ØChain of custody ØDocument EXAMINATION: ANALYSIS; REPORTING ØElectronic Content ØProcedures & Techniques: Case by Case basis ØTools: ü Integrated / Special ü En. Case, FTK, Sleuth Kit, Scalpel, Pro. Discover ØLogs, files, emails, registry, Browsing History, etc. ØCracking PWD ØExtracting files ØPresenting Exhibits 12

11/1/2020 13

“Thank You!” 11/1/2020 14