SlideShare a Scribd company logo

Presentation cyber forensics & ethical hacking

Download as PPTX, PDF
A
Ambuj Kumar

basics of forensic and hacking

Technology
1 of 85
CYBER FORENSICS
Who am I ? Ambuj Kumar Cyber Security Analyst Received hall of fame from Practo, eur.nl, HackerEarth, Maastricht University, Govt of India. Winner of Hackathon.
Topics  Cyber Forensics Fundamentals & Process  Acquisition & Duplication  Hashing & Write Protection  Analyzing & Investigating Deleted Data  Security operation ceter  Malicious file  Facebook crime
WHAT IS CYBER FORENSICS? Cyber forensics is an electronic discovery technique used to determine and reveal technical criminal evidence. Cyber forensics involves the  Collection- What needs to be investigated.  Preservation  Analysis  Documentation and  Presentation of computer evidence stored on a computer.
Cyber Forensic Process
Cyber forensic Forensics Goals • Finding legal evidence in computing devices and preserving its integrity in a way that is deemed admissible in a court of law. • Preserving and recovering evidence following court- accepted technical procedures. • Identifying data leaks within an organization. • Accessing possible damage occurring during a data breach.
Cybercrime Attack Mode • Insider attacks(most dangerous) • External attacks
How Are Computers Used in Cybercrimes? • A computing device is used as a weapon to commit a crime. • Example: Launching denial-of-service (DoS) attacks or sending • Ransomware • Gaining unauthorized access
Forensics Investigation Types • Public investigations(Public investigations involve law enforcement agencies and are conducted according to country or state law) • Private (corporate) sector investigations (Private investigations are usually conducted by enterprises to investigate policy violations, litigation dispute, wrongful termination, or leaking of enterprise secrets )
Digital Evidence Types • User-created data includes anything created by a user (human) • using a digital device. It includes the following and more: • Text files (e.g. MS Office documents, IM chat, bookmarks), • spreadsheets, database, and any text stored in digital format, • Audio and video files, • Digital images, • Webcam recordings (digital photos and videos), • Address book and calendar,
• Hidden and encrypted files (including zipped folders) created by the computer user, • Previous backups (including both cloud storage backups and offline backups like CD/DVDs and tapes), • Account details (username, picture, password), • E-mail messages and attachments (both online and client e- mails as Outlook), • Web pages, social media accounts, cloud storage, and any online accounts created by the user.
Challenge of Acquiring Digital Evidence • computer with a password, access card, or dongle. • Digital steganography techniques to conceal incriminating data in images, videos, audio files, file systems, and in plain sight (e.g. Within MS Word document). • Encryption techniques to obscure data, making it unreadable without the password.
• Full disk encryption (FDE) including system partition (e.g. BitLocker drive encryption). • Strong passwords to protect system/volume; cracking them is very time consuming and expensive. • File renaming and changing their extensions (e.g., changing DOCX into DLL, which is a known Windows system file type)
• Attempts to destroy evidence through wiping the hard drive • securely using various software tools and techniques. • Removing history from the web browser upon exit and disabling
• Physically damaged digital media; for example, we cannot retrieve • deleted files from a failed HDD before repairing it. • Sensitivity of digital evidence; if not handled carefully it might be destroyed. Heat, cold, moisture, magnetic fields, and even just dropping the media device can destroy it. • Easy alteration of digital evidence; for instance, if a computer is ON, you must leave it ON and acquire its volatile memory (if possible), but if the computer is OFF, leave it OFF to avoid changing any data.
• Cybercrimes can cross boarders easily through the Internet, making the lack of cyberlaw standardization a major issue in this domain. • USB thumb drive that belongs to a suspect, but the data inside it is fully encrypted and protected with a password, the suspect can deny its ownership of this thumb, making the decryption process very difficult to achieve without the correct password/key file.
Who Should Collect Digital Evidence? • Analytical thinking: This includes the ability to make correlations between different events/facts when investigating a crime. • Solid background in IT knowledge: This includes wide knowledge about different IT technologies, hardware devices, operating systems, and applications. This does not mean that an investigator should know how each technology works in detail.
• Hacking skills: To solve a crime, you should think like a hacker. Knowing attack techniques and cybersecurity concepts is essential for a successful investigation. • Understanding of legal issues concerning digital crime investigations. • Excellent knowledge of technical skills related to digital
• forensics like data recovery and acquisition and writing technical reports. • Online searching skills and ability to gather information from publicly available sources (i.e., OSINT).
FIRST RESPONDENT TEAM The first responder is the first person to encounter a crime scene. A first responder has the expertise and skill to deal with the incident. The first responder may be an officer, security personnel, or a member of the IT staff or incident response team. Roles of First Respondent Team: 1. Identifying the crime scene 2. Protecting the crime scene 3. Preserving temporary and fragile evidence
First Responder Toolkit • Crime scene tape. • Stick-on labels and ties. • Color marker pens. • Notepad. • Gloves. • Magnifying glass. • Flashlight.
• Sealable bags of mixed size; should be antistatic bags to preserve evidence integrity. • Camera (can capture both video and images and must be configured to show the date/time when the capture happens). • Radio frequency-shielding material to prevent some types of seized devices (e.g., smartphones and tablets with SIM cards) from receiving calls or messages (also known as a Faraday shielding bag). This bag will also protect evidence against • Bootable CDs.
• Lightning strikes and electrostatic discharges. • Chain of custody forms. • Secure sanitized external hard drive to store image of any digital exhibits. • USB hub.
Locations of Electronic Evidence • Desktops • Laptops • Tablets • Servers and RAIDs • Network devices like hubs, switches, modems, routers, and wireless access points • Internet-enabled devices used in home automation (e.g., AC and smart refrigerator)
• IoT devices • DVRs and surveillance systems • MP3 players • GPS devices • Smartphones
• Game stations (Xbox, PlayStation, etc.) • Digital cameras • Smart cards • Pagers • Digital voice recorders • External hard drives • Flash/thumb drives • Printers • Scanners
Chain of Custody • What is the digital evidence? (E.g., describe the acquired digital evidence.) • Where was the digital evidence found? (E.g., computer, tablet, cell phone, etc.; also to be included is the state of the computing device upon acquiring the digital evidence–ON or OFF?)
• How was the digital evidence acquired? (E.g., tools used; you also need to mention the steps taken to preserve the integrity of evidence during the acquisition phase.) • When was the digital evidence accessed, by whom and for what reason? • How was the digital evidence used during the investigation?
• How was the digital evidence transported, preserved, and handled? • How was the digital evidence examined? (E.g., any tools and techniques used.)
Sample Chain of Custody Form
Chain of custody
Acquisition & Duplication Acquisition • Acquisition is the process of collecting digital evidence from an electronic media.
Duplication • A forensic duplication is an accurate copy of data that is created with the goal of being admissible as evidence in legal proceedings. • We define forensic duplication as an image of every accessible bit from the source medium.
Types of Duplication 1. Simple duplication • Copy selected data; file, folder, partition. 2. Forensic duplication • Every bit on the source is retained • Including deleted files
Duplication/Cloning FtkImager • https://accessdata.com/product- download/ftk-imager-version-4-5
Hashing & Write Protection Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hash value generation in digital forensic: • Generally, hash value is used to check the integrity of any data file but, in digital forensic it is used to check the integrity of evidence disk data. • The image of a disk is created in digital forensic for analysis so, it is necessary the image have exactly or replica of evidence disk. • The hash value generated during imaging should match when that image of evidence disk is extracted for detail analysis. In digital forensic hash value is generated for whole disk data not only single or multiple files.
Hashes • MD5: 464668D58274A7840E264E8739884247 • SHA-1: 4698215F643BECFF6C6F3D2BF447ACE0C067149E • SHA-256: F2ADD4D612E23C9B18B0166BBDE1DB839BFB8A376ED01E32 FADB03A0D1B720C7 • SHA-384: 2707F06FE57800134129D8E10BBE08E2FEB622B76537A7C42 95802FBB94755BBEE814B101ED18CC2D0126BD66E5D77B6
• SHA-512: C526BC709E2C771F9EC039C25965C91EAA3451A8CB43651A 4CD813F338235F495D37891DD25FE456FE2A8CA894576293 78BE63FB3A9A5AD54D9E11E4272D60C • RIPEMD-128: A868B98EAEC84891A7B7BA620EDDE621 • TIGER: F31A22CEED5848E69316649D4BAFBE8F9274DED53E25C02D • PANAMA: 7E703B1798A26A0AF21ECD661CBADB9C72B419455814CA7B 82E29EE0C03FA493
Hash myfiles • https://www.nirsoft.net/utils/hash_m y_files.html
Write Protection: Write protection is any physical mechanism that prevents modification or erasure of valuable data on a device.
Write protection
Analyzing & Investigating Deleted Data Data recovery is the extraction of data from damaged evidence sources in a forensically sound manner. This method of recovering data means that any evidence resulting from it can later be relied on in a court of law. Tools for recovering deleted Data:  Disk Drill  Recuva  MiniTool Power Data Recovery  Lazesoft
• https://www.cleverfiles.com/disk- drill-windows.html Disk Drill
Faraday bag
Faraday bag
HONEY POT • It can be used to detect attacks or deflect them from a legitimate target.
What is Deception technology?  Deception technology has evolved from honeypots to more sophisticated systems that can track intruders' movements. The technology has been commercialized over the last few years as a separate product line  Today's deception technology is more focused on Active Directory, where it can create a perceived AD environment, "This allows it to capture each and every step an attacker is taking in real time.
• Another advantage of newer deception technology is that it helps in detection of lateral movement of hackers and intruders long before an attack takes place.
Pentbox • https://github.com/H4CK3RT3CH/pen tbox-1.8
Red team • Red teams often consist of independent ethical hackers who evaluate system security in an objective manner.
Red team works • Penetration testing • Social engineering • Phishing
Blue Team • Blue teams use a variety of methods and tools as countermeasures to protect a network from cyber attacks.
Blue team work • Implementing SIEM solutions • Ensuring firewall access controls are properly configured • Deploying IDS and IPS software as a detective and preventive security control.
• Using vulnerability scanning software on a regular basis. • Securing systems by using antivirus or anti-malware software. • Segregating networks and ensure they are configured correctly.
SIEM • Security information and event management solution supports threat detection, compliance and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources.
SIEM Technology
Tools • Splunk Enterprise Security • IBM Qradar • AlienVault
Firewall • Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
IDS • Intrusion Detection System (IDS) is a network security technology originally built for detecting vulnerability
Tools
Intrusion detection system • May use signature based technique • Snort network intrusion detection system(NIDS) • Available for windows as well as Linux
IPS • An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats
Difference
Windows Log Analysis • In an event of a forensic investigation, Windows Event Logs serve as the primary source of evidence as the operating system logs every system activity. Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artefacts. The information that needs to be logged depends upon the audit features that are turned on which means that the event logs can be turned off with the administrative privileges. From the forensic point of view, the Event Logs catch a lot of data.
• The Windows Event Logs are used in forensics to reconstruct a timeline of events. • The main three components of event logs are: – Application – System – Security • On Windows Operating System, Logs are saved in root location %System32%winevtLogs. • When Maximum Log size is reached: – Oldest Events are Overwritten – Archive the Logs when full – If do not wish to overwrite the events, clear logs manually
The type of events that are recorded can be any occurrence that affects the system: • An Incorrect Login Attempt, • A Hack, Breach, System Settings Modification, • An Application Failure, • System Failure etc. All these events are logged in the “%System32%/Winevt/Log”.
Full Event Log View • https://www.nirsoft.net/utils/full_event_log_view.html#: ~:text=FullEventLogView%20is%20a%20simple%20tool, network%2C%20and%20events%20stored%20in%20.
Kali Linux • https://www.kali.org/downloads/
Linux Log analysis
Kali Linux Password Reset 1. Boot your Kali system and let the GNU Grub page will appear. 2. On the GNU GRUB page select the * Advanced options for Kali GNU/Linux option by down arrow key and press enter. 3. Now simply select the second one Recovery mode option and press E key to go to recovery mode of Kali Linux. 4. To modify it just change read-only mode (ro) to rw (write mode) and add init=/bin/bash like below screenshot then press F10 to reboot the Kali Linux. 5. After rebooting the Kali Linux system, it will bring you the bellow screen to reset Kali Linux password.
• To reset root password of Kali Linux system, simply type “passwd ” and hit the enter. Then type the new password twice for the root user. After successfully resetting Kali Linux lost password, you will see the succeed message*password update successfully*. Well reboot the system with reboot –f and log in with a newly changed password of root user.
Investigation of fake IP
Analyzing malicious File
Presentation cyber forensics & ethical hacking

Recommended

Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxApplied Forensic Research Sciences
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 

Recommended

Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxApplied Forensic Research Sciences
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics pptOECLIB Odisha Electronics Control Library
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics toolSreekanth Narendran
 
First Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeFirst Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeApplied Forensic Research Sciences
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
Malware forensic
Malware forensicMalware forensic
Malware forensicSumeraHangi
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniDr Raghu Khimani
 

More Related Content

What's hot

Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
Malware forensic
Malware forensicMalware forensic
Malware forensicSumeraHangi
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 

What's hot (20)

Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
First Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeFirst Responder Officer in Cyber Crime
First Responder Officer in Cyber Crime
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 

Similar to Presentation cyber forensics & ethical hacking

mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniDr Raghu Khimani
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collectiongagan deep
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxgouriuplenchwar63
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptxKomalNagre4
 
Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenMarc Hullegie
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 

Similar to Presentation cyber forensics & ethical hacking (20)

mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
File000117
File000117File000117
File000117
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
css ppt.ppt
css ppt.pptcss ppt.ppt
css ppt.ppt
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Sujit
SujitSujit
Sujit
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
 
Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuven
 
Computer Forensics Bootcamp
Computer Forensics BootcampComputer Forensics Bootcamp
Computer Forensics Bootcamp
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 

Recently uploaded

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Presentation cyber forensics & ethical hacking

  • 2. Who am I ? Ambuj Kumar Cyber Security Analyst Received hall of fame from Practo, eur.nl, HackerEarth, Maastricht University, Govt of India. Winner of Hackathon.
  • 3. Topics  Cyber Forensics Fundamentals & Process  Acquisition & Duplication  Hashing & Write Protection  Analyzing & Investigating Deleted Data  Security operation ceter  Malicious file  Facebook crime
  • 4. WHAT IS CYBER FORENSICS? Cyber forensics is an electronic discovery technique used to determine and reveal technical criminal evidence. Cyber forensics involves the  Collection- What needs to be investigated.  Preservation  Analysis  Documentation and  Presentation of computer evidence stored on a computer.
  • 6. Cyber forensic Forensics Goals • Finding legal evidence in computing devices and preserving its integrity in a way that is deemed admissible in a court of law. • Preserving and recovering evidence following court- accepted technical procedures. • Identifying data leaks within an organization. • Accessing possible damage occurring during a data breach.
  • 7. Cybercrime Attack Mode • Insider attacks(most dangerous) • External attacks
  • 8. How Are Computers Used in Cybercrimes? • A computing device is used as a weapon to commit a crime. • Example: Launching denial-of-service (DoS) attacks or sending • Ransomware • Gaining unauthorized access
  • 9. Forensics Investigation Types • Public investigations(Public investigations involve law enforcement agencies and are conducted according to country or state law) • Private (corporate) sector investigations (Private investigations are usually conducted by enterprises to investigate policy violations, litigation dispute, wrongful termination, or leaking of enterprise secrets )
  • 10. Digital Evidence Types • User-created data includes anything created by a user (human) • using a digital device. It includes the following and more: • Text files (e.g. MS Office documents, IM chat, bookmarks), • spreadsheets, database, and any text stored in digital format, • Audio and video files, • Digital images, • Webcam recordings (digital photos and videos), • Address book and calendar,
  • 11. • Hidden and encrypted files (including zipped folders) created by the computer user, • Previous backups (including both cloud storage backups and offline backups like CD/DVDs and tapes), • Account details (username, picture, password), • E-mail messages and attachments (both online and client e- mails as Outlook), • Web pages, social media accounts, cloud storage, and any online accounts created by the user.
  • 12. Challenge of Acquiring Digital Evidence • computer with a password, access card, or dongle. • Digital steganography techniques to conceal incriminating data in images, videos, audio files, file systems, and in plain sight (e.g. Within MS Word document). • Encryption techniques to obscure data, making it unreadable without the password.
  • 13. • Full disk encryption (FDE) including system partition (e.g. BitLocker drive encryption). • Strong passwords to protect system/volume; cracking them is very time consuming and expensive. • File renaming and changing their extensions (e.g., changing DOCX into DLL, which is a known Windows system file type)
  • 14. • Attempts to destroy evidence through wiping the hard drive • securely using various software tools and techniques. • Removing history from the web browser upon exit and disabling
  • 15. • Physically damaged digital media; for example, we cannot retrieve • deleted files from a failed HDD before repairing it. • Sensitivity of digital evidence; if not handled carefully it might be destroyed. Heat, cold, moisture, magnetic fields, and even just dropping the media device can destroy it. • Easy alteration of digital evidence; for instance, if a computer is ON, you must leave it ON and acquire its volatile memory (if possible), but if the computer is OFF, leave it OFF to avoid changing any data.
  • 16. • Cybercrimes can cross boarders easily through the Internet, making the lack of cyberlaw standardization a major issue in this domain. • USB thumb drive that belongs to a suspect, but the data inside it is fully encrypted and protected with a password, the suspect can deny its ownership of this thumb, making the decryption process very difficult to achieve without the correct password/key file.
  • 17. Who Should Collect Digital Evidence? • Analytical thinking: This includes the ability to make correlations between different events/facts when investigating a crime. • Solid background in IT knowledge: This includes wide knowledge about different IT technologies, hardware devices, operating systems, and applications. This does not mean that an investigator should know how each technology works in detail.
  • 18. • Hacking skills: To solve a crime, you should think like a hacker. Knowing attack techniques and cybersecurity concepts is essential for a successful investigation. • Understanding of legal issues concerning digital crime investigations. • Excellent knowledge of technical skills related to digital
  • 19. • forensics like data recovery and acquisition and writing technical reports. • Online searching skills and ability to gather information from publicly available sources (i.e., OSINT).
  • 20. FIRST RESPONDENT TEAM The first responder is the first person to encounter a crime scene. A first responder has the expertise and skill to deal with the incident. The first responder may be an officer, security personnel, or a member of the IT staff or incident response team. Roles of First Respondent Team: 1. Identifying the crime scene 2. Protecting the crime scene 3. Preserving temporary and fragile evidence
  • 21. First Responder Toolkit • Crime scene tape. • Stick-on labels and ties. • Color marker pens. • Notepad. • Gloves. • Magnifying glass. • Flashlight.
  • 22. • Sealable bags of mixed size; should be antistatic bags to preserve evidence integrity. • Camera (can capture both video and images and must be configured to show the date/time when the capture happens). • Radio frequency-shielding material to prevent some types of seized devices (e.g., smartphones and tablets with SIM cards) from receiving calls or messages (also known as a Faraday shielding bag). This bag will also protect evidence against • Bootable CDs.
  • 23. • Lightning strikes and electrostatic discharges. • Chain of custody forms. • Secure sanitized external hard drive to store image of any digital exhibits. • USB hub.
  • 24. Locations of Electronic Evidence • Desktops • Laptops • Tablets • Servers and RAIDs • Network devices like hubs, switches, modems, routers, and wireless access points • Internet-enabled devices used in home automation (e.g., AC and smart refrigerator)
  • 25. • IoT devices • DVRs and surveillance systems • MP3 players • GPS devices • Smartphones
  • 26. • Game stations (Xbox, PlayStation, etc.) • Digital cameras • Smart cards • Pagers • Digital voice recorders • External hard drives • Flash/thumb drives • Printers • Scanners
  • 27. Chain of Custody • What is the digital evidence? (E.g., describe the acquired digital evidence.) • Where was the digital evidence found? (E.g., computer, tablet, cell phone, etc.; also to be included is the state of the computing device upon acquiring the digital evidence–ON or OFF?)
  • 28. • How was the digital evidence acquired? (E.g., tools used; you also need to mention the steps taken to preserve the integrity of evidence during the acquisition phase.) • When was the digital evidence accessed, by whom and for what reason? • How was the digital evidence used during the investigation?
  • 29. • How was the digital evidence transported, preserved, and handled? • How was the digital evidence examined? (E.g., any tools and techniques used.)
  • 30. Sample Chain of Custody Form
  • 31.
  • 33. Acquisition & Duplication Acquisition • Acquisition is the process of collecting digital evidence from an electronic media.
  • 34. Duplication • A forensic duplication is an accurate copy of data that is created with the goal of being admissible as evidence in legal proceedings. • We define forensic duplication as an image of every accessible bit from the source medium.
  • 35. Types of Duplication 1. Simple duplication • Copy selected data; file, folder, partition. 2. Forensic duplication • Every bit on the source is retained • Including deleted files
  • 37. Hashing & Write Protection Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hash value generation in digital forensic: • Generally, hash value is used to check the integrity of any data file but, in digital forensic it is used to check the integrity of evidence disk data. • The image of a disk is created in digital forensic for analysis so, it is necessary the image have exactly or replica of evidence disk. • The hash value generated during imaging should match when that image of evidence disk is extracted for detail analysis. In digital forensic hash value is generated for whole disk data not only single or multiple files.
  • 38. Hashes • MD5: 464668D58274A7840E264E8739884247 • SHA-1: 4698215F643BECFF6C6F3D2BF447ACE0C067149E • SHA-256: F2ADD4D612E23C9B18B0166BBDE1DB839BFB8A376ED01E32 FADB03A0D1B720C7 • SHA-384: 2707F06FE57800134129D8E10BBE08E2FEB622B76537A7C42 95802FBB94755BBEE814B101ED18CC2D0126BD66E5D77B6
  • 39. • SHA-512: C526BC709E2C771F9EC039C25965C91EAA3451A8CB43651A 4CD813F338235F495D37891DD25FE456FE2A8CA894576293 78BE63FB3A9A5AD54D9E11E4272D60C • RIPEMD-128: A868B98EAEC84891A7B7BA620EDDE621 • TIGER: F31A22CEED5848E69316649D4BAFBE8F9274DED53E25C02D • PANAMA: 7E703B1798A26A0AF21ECD661CBADB9C72B419455814CA7B 82E29EE0C03FA493
  • 41. Write Protection: Write protection is any physical mechanism that prevents modification or erasure of valuable data on a device.
  • 42.
  • 43.
  • 45. Analyzing & Investigating Deleted Data Data recovery is the extraction of data from damaged evidence sources in a forensically sound manner. This method of recovering data means that any evidence resulting from it can later be relied on in a court of law. Tools for recovering deleted Data:  Disk Drill  Recuva  MiniTool Power Data Recovery  Lazesoft
  • 49. HONEY POT • It can be used to detect attacks or deflect them from a legitimate target.
  • 50.
  • 51. What is Deception technology?  Deception technology has evolved from honeypots to more sophisticated systems that can track intruders' movements. The technology has been commercialized over the last few years as a separate product line  Today's deception technology is more focused on Active Directory, where it can create a perceived AD environment, "This allows it to capture each and every step an attacker is taking in real time.
  • 52. • Another advantage of newer deception technology is that it helps in detection of lateral movement of hackers and intruders long before an attack takes place.
  • 54. Red team • Red teams often consist of independent ethical hackers who evaluate system security in an objective manner.
  • 55. Red team works • Penetration testing • Social engineering • Phishing
  • 56. Blue Team • Blue teams use a variety of methods and tools as countermeasures to protect a network from cyber attacks.
  • 57. Blue team work • Implementing SIEM solutions • Ensuring firewall access controls are properly configured • Deploying IDS and IPS software as a detective and preventive security control.
  • 58. • Using vulnerability scanning software on a regular basis. • Securing systems by using antivirus or anti-malware software. • Segregating networks and ensure they are configured correctly.
  • 59.
  • 60. SIEM • Security information and event management solution supports threat detection, compliance and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources.
  • 62.
  • 63. Tools • Splunk Enterprise Security • IBM Qradar • AlienVault
  • 64. Firewall • Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
  • 65.
  • 66. IDS • Intrusion Detection System (IDS) is a network security technology originally built for detecting vulnerability
  • 67. Tools
  • 68. Intrusion detection system • May use signature based technique • Snort network intrusion detection system(NIDS) • Available for windows as well as Linux
  • 69. IPS • An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats
  • 71. Windows Log Analysis • In an event of a forensic investigation, Windows Event Logs serve as the primary source of evidence as the operating system logs every system activity. Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artefacts. The information that needs to be logged depends upon the audit features that are turned on which means that the event logs can be turned off with the administrative privileges. From the forensic point of view, the Event Logs catch a lot of data.
  • 72. • The Windows Event Logs are used in forensics to reconstruct a timeline of events. • The main three components of event logs are: – Application – System – Security • On Windows Operating System, Logs are saved in root location %System32%winevtLogs. • When Maximum Log size is reached: – Oldest Events are Overwritten – Archive the Logs when full – If do not wish to overwrite the events, clear logs manually
  • 73. The type of events that are recorded can be any occurrence that affects the system: • An Incorrect Login Attempt, • A Hack, Breach, System Settings Modification, • An Application Failure, • System Failure etc. All these events are logged in the “%System32%/Winevt/Log”.
  • 74.
  • 75.
  • 76.
  • 77. Full Event Log View • https://www.nirsoft.net/utils/full_event_log_view.html#: ~:text=FullEventLogView%20is%20a%20simple%20tool, network%2C%20and%20events%20stored%20in%20.
  • 80. Kali Linux Password Reset 1. Boot your Kali system and let the GNU Grub page will appear. 2. On the GNU GRUB page select the * Advanced options for Kali GNU/Linux option by down arrow key and press enter. 3. Now simply select the second one Recovery mode option and press E key to go to recovery mode of Kali Linux. 4. To modify it just change read-only mode (ro) to rw (write mode) and add init=/bin/bash like below screenshot then press F10 to reboot the Kali Linux. 5. After rebooting the Kali Linux system, it will bring you the bellow screen to reset Kali Linux password.
  • 81. • To reset root password of Kali Linux system, simply type “passwd ” and hit the enter. Then type the new password twice for the root user. After successfully resetting Kali Linux lost password, you will see the succeed message*password update successfully*. Well reboot the system with reboot –f and log in with a newly changed password of root user.
  • 82.