If you are planning to dip your foot into the field of CYBER FORENSICS or you just want the general knowledge about it, this might be helpful for you.
What is Cyber Crime?
Cyber crime can be defined as an illegal activity that is related to a computer and any other network operated device. In this type of crime, computer is the main thing used to commit an off sense. The computer technology may be used by the hackers or cyber criminals for getting the personal information, business trade secrets or any other important information for malicious or explosive purposes. In addition to this, the criminals also use the computers for the document, data storage or communication. The people who committed these types of crimes are generally referred as hackers.
Types of Cyber Crimes
Botnets
It can be defined as a network that consists of compromised computers. The remote attackers control them for performing illicit tasks such as attacking computers or sending spam to them. These bots can also be used for performing other internet crimes such as malware or carrying the malicious tasks. There are lots of Botnet Removal Tools that can help the users to detect and remove Botnets.
Ransomware
Ransomware is one of the most common types of cyber crimes and known as one of the detestable malware-based attacks. It enters the computer network and encrypts the important files by using the public-key encryption. This encryption key remains on the server of the hacker. After that, the users whose computer get attacked are asked to pay huge ransoms for getting the private key.
Identity Theft
You often heard about the identity theft and fraud because it is the most common type of cyber crime. In this type of crime, the people purports to be some other person with a purpose of doing a fraud for having financial profits. However, when it is performed using the internet, then it is known as the online identity theft. The major source of this cyber crime is to steal the identifying information of any other person and used it for making financial gains.
Other types of cyber crime also include DDoS attacks, Spam, Phishing, Social Engineering, Malvertising and many more.
The four characteristics of a cyber crime are
IDENTIFYING
To investigate and find out “What Happened?”
PRESERVING
To safeguard all the evidence against tampering of evidence which is crucial for the case.
ANALYZING
To estimate all the possibilities that caused the crime.
PRESENTING
To present the evidence in a proper format.
Methodology
- First you Shut down the Computer, then
- Document the Hardware Configuration of The System
- Transport the Computer System to A Secure Location
- Make Bit Stream Backups of Hard Disks and Floppy Disks
- Mathematically Verify Data on All Storage Devices
- Document the System Date and Time
- Make a List of Key Search Words
- Evaluate the Windows Swap File
- Evaluate File Slack
- Evaluate Unallocated Space (Erased Files)
- Search Files, File Slack and Unallocated Space for Key Words
- Document File Names, Dates and Times
- Identify File, Program and Storage Anomalies
- Evaluate Program Functionality
- Document Your Findings
and these are some of the insights of the work in cyber crime.
Evidence
Note : An item does not become officially a piece of evidence until a court admits it.
Much of forensics practice concerns how to collect, preserve and analyze these items without compromising their potential to be admitted as evidence in a court of law.
Digital Evidence
Any data that is recorded or preserved on any medium in or by a computer system or other similar device, that can be read or understand by a person or a computer system or other similar device. It includes a display, print out or other output of that data.
Types of Digital Evidence
1) PERSISTANT DATA
Meaning data that remains intact when the computer is turned off. E.g. hard drives, disk drives and removable storage devices (such as USB drives or flash drives).
2) VOLATILE DATA,
Meaning data that would be lost if the computer is turned off. E.g. deleted files, computer history, the computer’s registry, temporary files and web browsing history.
5 Rules of Evidence
- Admissible
Must be able to be used in court or elsewhere.
2. Authentic
Evidence relates to incident in relevant way.
3. Complete (no tunnel vision)
Exculpatory evidence for alternative suspects.
4. Reliable
No question about authenticity & veracity.
5. Believable
Clear, easy to understand, and believable by a jury.
Top 10 locations for evidence
- Internet History Files
- Temporary Internet Files
- Slack/Unallocated Space
- Buddy lists, personal chat room records, others saved areas
- News groups/club lists/posting
- Settings, folder structure, file names
- File Storage Dates
- Software/Hardware added
- File Sharing ability
- E-mails
Skills Required For Computer Forensics Application
- Programming or computer-related experience
- Broad understanding of operating systems and applications
- Strong analytical skills
- Strong computer science fundamentals
- Strong system administrative skills
- Knowledge of the latest intruder tools
- Knowledge of cryptography and steganography
- Strong understanding of the rules of evidence and evidence handling
- Ability to be an expert witness in a court of law
Applications
- Financial fraud detection
- Criminal prosecution
- Civil litigation
- “Corporate security policy and violations”
Conclusion
With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics.
This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.
Share this with your friends who is trying to get into this field.
