際際滷

際際滷Share a Scribd company logo

Cyber Crimes & Cyber Forensics

Download as PPT, PDF
J
jahanzebmunawar

Cyber crimes are evolving rapidly as technology advances. Cyber forensics provides an effective tool to investigate cyber crimes by identifying, preserving, and analyzing digital evidence. However, cyber forensics faces multi-dimensional challenges, including technical issues due to rapidly changing technology, large amounts of data, and unclear legal standards for digital evidence. Advanced tools and techniques like password cracking grids, biometrics, and stylometry are helping address some challenges, but cyber forensics must continue adapting to investigate new types of crimes.

1 of 62
Downloaded 192 times
CYBER CRIMES CDA C & CYBER FORENSICS & TECHNOLOGY
CYBER CRIMES ARE
CYBERCRIME GRAPH 0 50 100 150 200 250 300 350 2000 2001 2002 2003 2004
CYBER CRIMES ARE NEITHER FORWARD.. NOR BACKWARD.. BUT AWKWARD:
CASE #1. TM5/2004/PS_WRD_MINISTER
NARRATION Y RECEIVES AN EMAIL FROM PROF.(MRS).X INTRODUCING HERSELF AS TECHNOLOGIST WORKING IN THE AREA OF AFFORDABLE DRINKING WATER PROJECT AND SEEKING A DATE FOR APPOINTMENT Y RESPONDS FAVOURABLY WITH A DATE.
NARRATION(CONTD) Y RECEIVES A EMAIL FROM SECURITY CHIEF OF PROF.(MRS).X FROM HONGKONG TELLING THAT HE IS DOING THE DUE DILIGENCE CHECK Y RESPONDS FAVOURABLY.
NARRATION(CONTD) Y RECEIVES A EMAIL FROM PROTOCOL OFFICER OF PROF. (MRS).X FROM MUMBAI TELLING THAT SHE IS DOING THE DUE DILIGENCE CHECK Y RESPONDS FAVOURABLY.
NARRATION(CONTD) APPOINTED DATE COMES X DOESNOT SHOW UP NEXT DAY, Y GETS MAIL FROM SECURITY CHIEF ASKING FOR WHEREABOUTS OF X Y IS THREATENED OF CONSEQUENCES SUBMIT OR FIGHT PANIC, ANXIETY & DESPAIR
WE SAW CONVENTIONAL CRIMES BEING COMMITTED WITH EASE AND SOPHISTICATION, USING COMPUTER AND INFORMATION TECHNOLOGY.
CASE #2. RC05/ /93/2005
NARRATION COMPANY X GETS AN OFFSHORE S/W DELIVERY JOB FROM COMPANY Y Y INSISTS ON LOTS OF CUSTOMISATION X DEPUTES TWO ENGINEERS WITH SOURCE CODE TO CARRY OUT CUSTOMISATION AT THE Ys PREMISES CONTRACT GETS TERMINATED ENGINEERS RESIGN ON COMING BACK Y LAUNCHES NEW S/W WITH SIMILAR FEATURES YET, CREATES SIMPLE & EASY PLATFORMS # Case Referred by : Judicial First Class Magistrate # Case Registered under Sec 65 and 72 of IT act # Complainant : Software Company # Accused : Two Former Employees # Nature of Crime : Source Code Theft
WE ARE SEEING NEW VERSIONS OF CONVENTIONAL CRIMES EMERGING, TARGETTING COMPUTERS AND INFORMATION TECHNOLOGY.
CASE #3. RC11(A)/2004//./22004S-0001
NARRATION X IS CAUGHT IN A CYBER CRIME X CLAIMS HE CAN CRACK PASSWORDS, BREAK INTO EMAIL ACCOUNTS, INTERCEPT CHATS ETC X PRODUCES EMAIL/CHAT PRINT OUTS WHICH SHOW POSSIBILITY OF TERRORIST ATTACK REWARD OR PUNISH.. ARRAY OF CONFUSION
NOW WE SEE NEW CRIMES BEING INVENTED, CONFUSING COMPUTERS AND INFORMATION TECHNOLOGY
NEED EFFECTIVE MEANS TO PRE-EMPT CYBER CRIMES EFFECTIVE WAY TO ENSURE DEFINITE PUNISHMENT AS DETERENT AGAINST CYBER CRIMES
CYBER FORENSICS CAN BE AN EFFECTIVE TOOL
CYBER FORENSICS IS The unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.
MULTI DIMENSIONAL CHALLENGES WHY IS IT UNIQUE ?
MULTI DIMENSIONAL CHALLENGE TECHNICAL OPERATIONAL SOCIAL LEGAL
TECHNICAL TECHNOLOGY IS CHANGING RAPIDLY CYBER CRIMES ARE ALSO CHANGING RAPIDLY SYSTEMS AND CRIMES EVOLVE MORE RAPIDLY THAN THE TOOLS THAT EXAMINE THEM
TECHNOLOGY EVOLUTION OBSOLESENCE NEWER DEVICES NEW TOOLS NEW METHODOLOGIES
TECHNICAL UBIQUITY OF COMPUTERS CRIMES OCCUR IN ALL JURISDICTIONS TRAINING LEA BECOMES A CHALLENGE TECHNOLOGY REVOLUTION LEADS TO NEWER SYSTEMS, DEVICES ETC..
OPERATIONAL ALL DATA MUST BE GATHERED AND EXAMINED FOR EVIDENCE GIGABYTES OF DATA PROBLEMS OF STORAGE ANALYSIS PRESENTATION.. NO STANDARD SOLUTION AS YET
SOCIAL IT RESULTS IN UNCERTAINITIES ABOUT EFFECTIVENESS OF CURRENT INVESTIGATION TECHNIQUES SUB OPTIMAL USE OF RESOURCES PRIVACY CONCERNS
LEGAL USE & BOUNDS OF DIGITAL EVIDENCE IN LEGAL PROCEDURES STILL UNCLEAR CURRENT TOOLS & TECHNIQUES NOT RIGOROUSLY USED / CONTESTED IN COURT
TYPICAL TOOLS EMAIL TRACER TRUEBACK CYBERCHECK MANUAL
EMAIL TRACER FORENSIC TOOL
FEATURES OF EMAIL TRACER Display of Actual Mail Content for Outlook Express, Eudora, MS Outlook and mail clients with MBOX mailbox. Display the Mail Content (HTML / Text) Display the Mail Attributes for Outlook Express. Display of extracted E-mail header information Save Mail Content as .EML file. Display of all Email attachments and Extraction. Display of E-mail route. IP trace to the senders system. Domain name look up. Display of geographical location of the senders gateway on a world map. Mail server log analysis for evidence collection. Access to Database of Country code list along with IP address information.
EMAIL TRACING OVER WEB AS A PRE-EMPTIVE TOOL
EMAIL TRACING SERVICE Users can submit their tracing task to Email Tracer through web. Tracing IP Address upto city level (non- spoofed) Detection of spoofed mail Detailed report
Cyber Crimes & Cyber Forensics
Cyber Crimes & Cyber Forensics
Cyber Crimes & Cyber Forensics
SEIZURE & ACQUISITION TOOL TRUEBACK
FEATURES OF TRUE BACK DOS application with event based Windowing System. Self-integrity check. Minimum system configuration check. Extraction of system information Three modes of operation: - Seize - Acquire - Seize and Acquire Disk imaging through Parallel port. Disk imaging using Network Interface Card. Block by Block acquisition with data integrity check on each block. IDE/SCSI, USB, CD and Floppy acquisition. Acquisition of floppies and CDs in Batch mode. Write protection on all storage media except destination media. Checking for sterile destination media. Progress Bar display on all modes of operation. Report generation on all modes of operation. BIOS and ATA mode acquisition
ANALYSIS TOOL CYBER CHECK
CyberCheck - FeaturesCyberCheck - Features Standard Windows application.Standard Windows application. Self-integrity check.Self-integrity check. Minimum system configuration check.Minimum system configuration check. Analyses evidence file containing FAT12, FAT16,Analyses evidence file containing FAT12, FAT16, FAT32, NTFS and EXT2FS file system.FAT32, NTFS and EXT2FS file system. Analyses evidence files created by the following diskAnalyses evidence files created by the following disk imaging tools:imaging tools: TrueBackTrueBack LinkMassterLinkMasster EncaseEncase User login facilities.User login facilities.
CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Creates log of each analysis session and AnalyzingCreates log of each analysis session and Analyzing officers details.officers details. Block by block data integrity verification while loadingBlock by block data integrity verification while loading evidence file.evidence file. Explorer type view of contents of the whole evidenceExplorer type view of contents of the whole evidence file.file. Display of folders and files with all attributes.Display of folders and files with all attributes. Show/Hide system files.Show/Hide system files. Sorting of files based on file attributes.Sorting of files based on file attributes. Text/Hex view of the content of a file.Text/Hex view of the content of a file. Picture view of an image file.Picture view of an image file. Gallery view of images.Gallery view of images.
CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Graphical representation of the following views of anGraphical representation of the following views of an evidence file:evidence file: Disk View.Disk View. Cluster View.Cluster View. Block view.Block view. Timeline view of:Timeline view of: All filesAll files Deleted files.Deleted files. Time anomaly files.Time anomaly files. Signature mismatched files.Signature mismatched files. Files created within a time frame.Files created within a time frame.
CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Display of cluster chain of a file.Display of cluster chain of a file. Single and Multiple Keyword search.Single and Multiple Keyword search. Extraction of Disk, Partition, File and MBR slacks.Extraction of Disk, Partition, File and MBR slacks. Exclusive search in slack space.Exclusive search in slack space. Extraction of unused unallocated clusters andExtraction of unused unallocated clusters and exclusion from search space.exclusion from search space. Exclusive search in used unallocated clusters .Exclusive search in used unallocated clusters . Extraction of lost clusters.Extraction of lost clusters. Exclusive search in data extracted from lost clusters.Exclusive search in data extracted from lost clusters. Extraction of Swap files.Extraction of Swap files. Exclusive search in data extracted from Swap files.Exclusive search in data extracted from Swap files.
CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) File search based on file extension.File search based on file extension. File search based on hash value.File search based on hash value. Exclusion of system files from search space.Exclusion of system files from search space. Data recovery from deleted files, slack space,Data recovery from deleted files, slack space, used unallocated clusters and lost clusters.used unallocated clusters and lost clusters. Recovery of formatted partitions.Recovery of formatted partitions. Recovery of deleted partitions.Recovery of deleted partitions. Exporting files, folders and slack content.Exporting files, folders and slack content. Exporting folder structure including file names into aExporting folder structure including file names into a file.file. Exporting files on to external viewer.Exporting files on to external viewer.
CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Local preview of storage media.Local preview of storage media. Network preview of storage media using cross-overNetwork preview of storage media using cross-over cable.cable. Book marking of folders, files and data.Book marking of folders, files and data. Adding book marked items into report.Adding book marked items into report. Restoration of storage media.Restoration of storage media. Creating raw image.Creating raw image. Raw image analysis.Raw image analysis. Facility for viewing Mailbox files of Microsoft OutlookFacility for viewing Mailbox files of Microsoft Outlook Express, Microsoft Outlook, Eudora and LinuxExpress, Microsoft Outlook, Eudora and Linux Mail clients.Mail clients.
CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Registry viewer.Registry viewer. Hash set of system files.Hash set of system files. Identification of encrypted & password protected files.Identification of encrypted & password protected files. Identification of steganographed image files.Identification of steganographed image files. Generation of analysis report with the followingGeneration of analysis report with the following features.features. Complete information of the evidence fileComplete information of the evidence file system.system. Complete information of the partitions and driveComplete information of the partitions and drive geometry.geometry. Hash verification details.Hash verification details. User login and logout information.User login and logout information.
CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Exported content of text file and slackExported content of text file and slack information.information. Includes picture file as image.Includes picture file as image. Saving report, search hits and book markedSaving report, search hits and book marked items for later use.items for later use. Password protection of report.Password protection of report. Print report.Print report.
ISSUES AHEAD.. &.. TECHNOLOGY BEHIND..
CASE #4 A young girl had been involved in a series of sexually explicit exchanges via instant messenger system and email. Upon investigation, the perpetrator was tracked to the home of a 50 year old prominent local physician. Computers seized from the physicians house had 240GB hard disk each, full of files.
ISSUE #1 How to get convincing leads to go ahead with the case in a short time from among the overload of available material.
ADVANCED CONCEPT SEARCH
Cyber Crimes & Cyber Forensics
ISSUE #2 Computers contained many password protected/encrypted files. How to get into these files in a short time.
PASSWORD CRACKING GRID Enabled Password Cracker
GRID GRID SERVER FSL POLICE CRIME CELL CBI INTERNET PASSWORD CRACKING OF ZIP FILES USING GRID CYBER FORENSICS LAB
GRID GRID SERVER FSL POLICE CRIME CELL CBI INTERNET PASSWORD CRACKING OF ZIP FILES USING GRID 1.ZIPPED FILE SUBMISSION 2. SERVER RECEIVES AND DISTRIBUTES TO GRID CLIENTS 3. CLIENTS COMPUTES AND SEND RESULTS TO SERVER 4. GRID SERVER SENDS RESULTS OVER INTERNET
ISSUE #3 However, the case took a twist when it came to light that the doctors 13-year- old son and 15 year old nephew had also been using the doctors account. Who was at the keyboard then?
WHOS AT THE KEYBOARD? BIOMETRICS A software driver associated with the keyboard records the users rhythm in typing. These rhythms are then used to generate a profile of the authentic user.
WHOS AT THE KEYBOARD? FORENSIC STYLISTICS A qualitative approach to authorship assesses errors and idiosyncrasies based on the examiners experience. This approach could be quantified through Databasing.
WHOS AT THE KEYBOARD? STYLOMETRY It is quantitative and computational method, focusing on readily computable and countable language features, e.g. word length, phrase length, sentence length, vocabulary frequency, distribution of words of different lengths.
REAL CYBER FORENSIC CHALLENGE IS YET TO COME.. .
GOAs SKYBUS MISHAP Konkan Railway Corporation Ltd's Skybus Metro dashed against a pole on the track during its trial run at Madgoan in Goa. "The skybus should have approached the station at the speed of 20 kmph. However, it was driving at 50 kmph. The sudden jerk after it hit the pole caused one person standing at the door, to fall off and two others to suffer major injuries."
QUESTIONS BEING ASKED Had the SKYBUS been tested sufficiently and should this controller bug have been found out during testing? WHO developed the control system software? Who carried out the design and who carried out the design approval?

More Related Content

Cyber Crimes & Cyber Forensics

  • 4. CYBER CRIMES ARE NEITHER FORWARD.. NOR BACKWARD.. BUT AWKWARD:
  • 6. NARRATION Y RECEIVES AN EMAIL FROM PROF.(MRS).X INTRODUCING HERSELF AS TECHNOLOGIST WORKING IN THE AREA OF AFFORDABLE DRINKING WATER PROJECT AND SEEKING A DATE FOR APPOINTMENT Y RESPONDS FAVOURABLY WITH A DATE.
  • 7. NARRATION(CONTD) Y RECEIVES A EMAIL FROM SECURITY CHIEF OF PROF.(MRS).X FROM HONGKONG TELLING THAT HE IS DOING THE DUE DILIGENCE CHECK Y RESPONDS FAVOURABLY.
  • 8. NARRATION(CONTD) Y RECEIVES A EMAIL FROM PROTOCOL OFFICER OF PROF. (MRS).X FROM MUMBAI TELLING THAT SHE IS DOING THE DUE DILIGENCE CHECK Y RESPONDS FAVOURABLY.
  • 9. NARRATION(CONTD) APPOINTED DATE COMES X DOESNOT SHOW UP NEXT DAY, Y GETS MAIL FROM SECURITY CHIEF ASKING FOR WHEREABOUTS OF X Y IS THREATENED OF CONSEQUENCES SUBMIT OR FIGHT PANIC, ANXIETY & DESPAIR
  • 10. WE SAW CONVENTIONAL CRIMES BEING COMMITTED WITH EASE AND SOPHISTICATION, USING COMPUTER AND INFORMATION TECHNOLOGY.
  • 12. NARRATION COMPANY X GETS AN OFFSHORE S/W DELIVERY JOB FROM COMPANY Y Y INSISTS ON LOTS OF CUSTOMISATION X DEPUTES TWO ENGINEERS WITH SOURCE CODE TO CARRY OUT CUSTOMISATION AT THE Ys PREMISES CONTRACT GETS TERMINATED ENGINEERS RESIGN ON COMING BACK Y LAUNCHES NEW S/W WITH SIMILAR FEATURES YET, CREATES SIMPLE & EASY PLATFORMS # Case Referred by : Judicial First Class Magistrate # Case Registered under Sec 65 and 72 of IT act # Complainant : Software Company # Accused : Two Former Employees # Nature of Crime : Source Code Theft
  • 13. WE ARE SEEING NEW VERSIONS OF CONVENTIONAL CRIMES EMERGING, TARGETTING COMPUTERS AND INFORMATION TECHNOLOGY.
  • 15. NARRATION X IS CAUGHT IN A CYBER CRIME X CLAIMS HE CAN CRACK PASSWORDS, BREAK INTO EMAIL ACCOUNTS, INTERCEPT CHATS ETC X PRODUCES EMAIL/CHAT PRINT OUTS WHICH SHOW POSSIBILITY OF TERRORIST ATTACK REWARD OR PUNISH.. ARRAY OF CONFUSION
  • 16. NOW WE SEE NEW CRIMES BEING INVENTED, CONFUSING COMPUTERS AND INFORMATION TECHNOLOGY
  • 17. NEED EFFECTIVE MEANS TO PRE-EMPT CYBER CRIMES EFFECTIVE WAY TO ENSURE DEFINITE PUNISHMENT AS DETERENT AGAINST CYBER CRIMES
  • 18. CYBER FORENSICS CAN BE AN EFFECTIVE TOOL
  • 19. CYBER FORENSICS IS The unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.
  • 22. TECHNICAL TECHNOLOGY IS CHANGING RAPIDLY CYBER CRIMES ARE ALSO CHANGING RAPIDLY SYSTEMS AND CRIMES EVOLVE MORE RAPIDLY THAN THE TOOLS THAT EXAMINE THEM
  • 24. TECHNICAL UBIQUITY OF COMPUTERS CRIMES OCCUR IN ALL JURISDICTIONS TRAINING LEA BECOMES A CHALLENGE TECHNOLOGY REVOLUTION LEADS TO NEWER SYSTEMS, DEVICES ETC..
  • 25. OPERATIONAL ALL DATA MUST BE GATHERED AND EXAMINED FOR EVIDENCE GIGABYTES OF DATA PROBLEMS OF STORAGE ANALYSIS PRESENTATION.. NO STANDARD SOLUTION AS YET
  • 26. SOCIAL IT RESULTS IN UNCERTAINITIES ABOUT EFFECTIVENESS OF CURRENT INVESTIGATION TECHNIQUES SUB OPTIMAL USE OF RESOURCES PRIVACY CONCERNS
  • 27. LEGAL USE & BOUNDS OF DIGITAL EVIDENCE IN LEGAL PROCEDURES STILL UNCLEAR CURRENT TOOLS & TECHNIQUES NOT RIGOROUSLY USED / CONTESTED IN COURT
  • 30. FEATURES OF EMAIL TRACER Display of Actual Mail Content for Outlook Express, Eudora, MS Outlook and mail clients with MBOX mailbox. Display the Mail Content (HTML / Text) Display the Mail Attributes for Outlook Express. Display of extracted E-mail header information Save Mail Content as .EML file. Display of all Email attachments and Extraction. Display of E-mail route. IP trace to the senders system. Domain name look up. Display of geographical location of the senders gateway on a world map. Mail server log analysis for evidence collection. Access to Database of Country code list along with IP address information.
  • 31. EMAIL TRACING OVER WEB AS A PRE-EMPTIVE TOOL
  • 32. EMAIL TRACING SERVICE Users can submit their tracing task to Email Tracer through web. Tracing IP Address upto city level (non- spoofed) Detection of spoofed mail Detailed report
  • 37. FEATURES OF TRUE BACK DOS application with event based Windowing System. Self-integrity check. Minimum system configuration check. Extraction of system information Three modes of operation: - Seize - Acquire - Seize and Acquire Disk imaging through Parallel port. Disk imaging using Network Interface Card. Block by Block acquisition with data integrity check on each block. IDE/SCSI, USB, CD and Floppy acquisition. Acquisition of floppies and CDs in Batch mode. Write protection on all storage media except destination media. Checking for sterile destination media. Progress Bar display on all modes of operation. Report generation on all modes of operation. BIOS and ATA mode acquisition
  • 39. CyberCheck - FeaturesCyberCheck - Features Standard Windows application.Standard Windows application. Self-integrity check.Self-integrity check. Minimum system configuration check.Minimum system configuration check. Analyses evidence file containing FAT12, FAT16,Analyses evidence file containing FAT12, FAT16, FAT32, NTFS and EXT2FS file system.FAT32, NTFS and EXT2FS file system. Analyses evidence files created by the following diskAnalyses evidence files created by the following disk imaging tools:imaging tools: TrueBackTrueBack LinkMassterLinkMasster EncaseEncase User login facilities.User login facilities.
  • 40. CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Creates log of each analysis session and AnalyzingCreates log of each analysis session and Analyzing officers details.officers details. Block by block data integrity verification while loadingBlock by block data integrity verification while loading evidence file.evidence file. Explorer type view of contents of the whole evidenceExplorer type view of contents of the whole evidence file.file. Display of folders and files with all attributes.Display of folders and files with all attributes. Show/Hide system files.Show/Hide system files. Sorting of files based on file attributes.Sorting of files based on file attributes. Text/Hex view of the content of a file.Text/Hex view of the content of a file. Picture view of an image file.Picture view of an image file. Gallery view of images.Gallery view of images.
  • 41. CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Graphical representation of the following views of anGraphical representation of the following views of an evidence file:evidence file: Disk View.Disk View. Cluster View.Cluster View. Block view.Block view. Timeline view of:Timeline view of: All filesAll files Deleted files.Deleted files. Time anomaly files.Time anomaly files. Signature mismatched files.Signature mismatched files. Files created within a time frame.Files created within a time frame.
  • 42. CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Display of cluster chain of a file.Display of cluster chain of a file. Single and Multiple Keyword search.Single and Multiple Keyword search. Extraction of Disk, Partition, File and MBR slacks.Extraction of Disk, Partition, File and MBR slacks. Exclusive search in slack space.Exclusive search in slack space. Extraction of unused unallocated clusters andExtraction of unused unallocated clusters and exclusion from search space.exclusion from search space. Exclusive search in used unallocated clusters .Exclusive search in used unallocated clusters . Extraction of lost clusters.Extraction of lost clusters. Exclusive search in data extracted from lost clusters.Exclusive search in data extracted from lost clusters. Extraction of Swap files.Extraction of Swap files. Exclusive search in data extracted from Swap files.Exclusive search in data extracted from Swap files.
  • 43. CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) File search based on file extension.File search based on file extension. File search based on hash value.File search based on hash value. Exclusion of system files from search space.Exclusion of system files from search space. Data recovery from deleted files, slack space,Data recovery from deleted files, slack space, used unallocated clusters and lost clusters.used unallocated clusters and lost clusters. Recovery of formatted partitions.Recovery of formatted partitions. Recovery of deleted partitions.Recovery of deleted partitions. Exporting files, folders and slack content.Exporting files, folders and slack content. Exporting folder structure including file names into aExporting folder structure including file names into a file.file. Exporting files on to external viewer.Exporting files on to external viewer.
  • 44. CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Local preview of storage media.Local preview of storage media. Network preview of storage media using cross-overNetwork preview of storage media using cross-over cable.cable. Book marking of folders, files and data.Book marking of folders, files and data. Adding book marked items into report.Adding book marked items into report. Restoration of storage media.Restoration of storage media. Creating raw image.Creating raw image. Raw image analysis.Raw image analysis. Facility for viewing Mailbox files of Microsoft OutlookFacility for viewing Mailbox files of Microsoft Outlook Express, Microsoft Outlook, Eudora and LinuxExpress, Microsoft Outlook, Eudora and Linux Mail clients.Mail clients.
  • 45. CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Registry viewer.Registry viewer. Hash set of system files.Hash set of system files. Identification of encrypted & password protected files.Identification of encrypted & password protected files. Identification of steganographed image files.Identification of steganographed image files. Generation of analysis report with the followingGeneration of analysis report with the following features.features. Complete information of the evidence fileComplete information of the evidence file system.system. Complete information of the partitions and driveComplete information of the partitions and drive geometry.geometry. Hash verification details.Hash verification details. User login and logout information.User login and logout information.
  • 46. CyberCheck FeaturesCyberCheck Features (Contd )(Contd ) Exported content of text file and slackExported content of text file and slack information.information. Includes picture file as image.Includes picture file as image. Saving report, search hits and book markedSaving report, search hits and book marked items for later use.items for later use. Password protection of report.Password protection of report. Print report.Print report.
  • 48. CASE #4 A young girl had been involved in a series of sexually explicit exchanges via instant messenger system and email. Upon investigation, the perpetrator was tracked to the home of a 50 year old prominent local physician. Computers seized from the physicians house had 240GB hard disk each, full of files.
  • 49. ISSUE #1 How to get convincing leads to go ahead with the case in a short time from among the overload of available material.
  • 52. ISSUE #2 Computers contained many password protected/encrypted files. How to get into these files in a short time.
  • 53. PASSWORD CRACKING GRID Enabled Password Cracker
  • 54. GRID GRID SERVER FSL POLICE CRIME CELL CBI INTERNET PASSWORD CRACKING OF ZIP FILES USING GRID CYBER FORENSICS LAB
  • 55. GRID GRID SERVER FSL POLICE CRIME CELL CBI INTERNET PASSWORD CRACKING OF ZIP FILES USING GRID 1.ZIPPED FILE SUBMISSION 2. SERVER RECEIVES AND DISTRIBUTES TO GRID CLIENTS 3. CLIENTS COMPUTES AND SEND RESULTS TO SERVER 4. GRID SERVER SENDS RESULTS OVER INTERNET
  • 56. ISSUE #3 However, the case took a twist when it came to light that the doctors 13-year- old son and 15 year old nephew had also been using the doctors account. Who was at the keyboard then?
  • 57. WHOS AT THE KEYBOARD? BIOMETRICS A software driver associated with the keyboard records the users rhythm in typing. These rhythms are then used to generate a profile of the authentic user.
  • 58. WHOS AT THE KEYBOARD? FORENSIC STYLISTICS A qualitative approach to authorship assesses errors and idiosyncrasies based on the examiners experience. This approach could be quantified through Databasing.
  • 59. WHOS AT THE KEYBOARD? STYLOMETRY It is quantitative and computational method, focusing on readily computable and countable language features, e.g. word length, phrase length, sentence length, vocabulary frequency, distribution of words of different lengths.
  • 60. REAL CYBER FORENSIC CHALLENGE IS YET TO COME.. .
  • 61. GOAs SKYBUS MISHAP Konkan Railway Corporation Ltd's Skybus Metro dashed against a pole on the track during its trial run at Madgoan in Goa. "The skybus should have approached the station at the speed of 20 kmph. However, it was driving at 50 kmph. The sudden jerk after it hit the pole caused one person standing at the door, to fall off and two others to suffer major injuries."
  • 62. QUESTIONS BEING ASKED Had the SKYBUS been tested sufficiently and should this controller bug have been found out during testing? WHO developed the control system software? Who carried out the design and who carried out the design approval?

Editor's Notes

  • #4: GEQD, AVERAGE ONE CRIME/DAY, 2/3 QUALIFIED ENGINEERS, SEIZE/ACQUIRE/ANALYSE/COLLECT EVIDENCE/PRESERVE/DEPOSE, MOSTLY ECONOMIC OFFENCE; OTHERS CONSULT PRIVATE AGENCIES