SlideShare a Scribd company logo

Cyber Forensics

Deepak Kumar (D3)
Deepak Kumar (D3)

DIGITAL FORENSICS IS A BRANCH OF FORENSIC SCIENCE FOCUSING ON THE RECOVERY AND INVESTIGATION OF RAW DATA RESIDING IN ELECTRONIC OR DIGITAL DEVICES. THE GOAL OF THE PROCESS IS TO EXTRACT AND RECOVER ANY INFORMATION FROM A DIGITAL DEVICE WITHOUT ALTERING THE DATA PRESENT ON THE DEVICE. --D3 For more; https://d3pakblog.wordpress.com

Education
1 of 33
Download to read offline
The Technology World Always has the Sharpest Brains... There are equally sharp minds, working against you… Src : Securus First F O R E N S I C S A S A S E R V I C E D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
EVERY CRIME LEAVES A TRAIL OF EVIDENCE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
F O R E N S I C S A S A S E R V I C E D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
DISCLAIMER Different organisations are subject to different laws and regulations. This resource is for educational and research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions. Some information from the internet and some of personal experience; doesn’t want to hurt anybody  D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
ONCE THE DOCUMENTS HAVE BEEN POSTED ONLINE, THE GENIE IS OUT OF THE BOTTLE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
SOME CASE STUDIES • STUXNET, APT (MALWARE) 2010 • SONY PICTURE (IP THEFT) 2014 • BANGLADESH BANK HACK, COSMOS BANK(BFSI SECTOR) 2016 • MIRAI DYN BOTNET (IOT) 2016 • MP VYAPAM, SUNANDA PUSHKAR, HRITHIK ROSHAN KANGANA, AARUSHI TALWAR, MOVIE LEAKED PIRACY, HBO GOP, ATM BANKING, IRCTC DATA BREACH, WANNACRY, PETYA, BAD RABBIT… • STILL IN JURIS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
SO WHAT IS 4N6 ? D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E A B
OR YOU MEAN • VAPT Skills • Almost Just Doing Data Recovery • Working On Tools & Technology • Malware Analysis • Password Cracking • Running Certain Script Programming • Rooting / Jailbreak Mobile Phones • Anything else? D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
Science for the examination and analysis of digital trace evidence. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
STANDARDS + TOOLS + ? = FORENSICS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
STANDARDS + TOOLS + INTELLIGENCE = FORENSICS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
DIGITAL FORENSICS STANDARDS & GUIDELINES • NIST: National Institute of Standard Technology (CFTT, NSRL, CFReDS) • ISO/IEC 27037: Guidelines for identification, collection, acquisition & preservation of digital evidence • ISO/IEC 17025: General requirements for the competence of testing and calibration laboratories • NIJ: National Institute of Justice (Several Standards, National Criminal Justice Reference Service) • IOCE: International Organization on Computer Evidence • ASCLD/LAB: American Society of Crime Laboratory Directors/Laboratory Accreditation Board • ASTM: E2678 standard; Guide for Education & Training • AES: Audio Engineering Society (Authentication of Analog tape) • SWGDE & SWGIT: Scientific Working Group on Digital Evidence & Scientific Working Group on Imaging Technology • ACPO: Association of Chief Police Officers • DSCI Manual India (Not specific standards but Manual) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
Section 79 A of IT act : Central Government to notify Examiner of Electronic Evidence • The Central Government may for the purposes of providing expert opinion on electronic form evidence before any court or other authority specify by notification in the Official Gazette any Department body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence. • The Lab has to follow competence of testing and calibration laboratories as per ISO/ IEC 17025:2005 and best practices as stated in ISO/IEC 27037:2012, guidelines for identification collection acquisition and preservation of digital evidence D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E 1. CFL, Army Cyber Group, DGMO, Signals 2. SFSL-DFS, Madiwala-Bangalore 3. CFSL, Hyderabad 4. DFS, Gandhinagar, Gujarat 5. CF-Data Mining Lab, SFIO-MCA, Delhi 6. FSL, Rohini, Delhi
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE CHAIN OF CUSTODY Lack of integrity in the process of custody and, absence of appropriate documentation in this regard, will not only be detrimental to the cyber crime investigation, during trial but also, expose the IOs to criminal liability under Section 72 of the ITAA2008 F O R E N S I C S A S A S E R V I C E
SOME BEST TOOLS Commercial/Proprietary • Mobile Forensics : UFED, Oxygen, Santoku • Composite: EnCase, FTK, NUIX, Belkasoft, CyberCheck, Magnet Axiom, OSForensics • Writeblocker/Imager : Tableau, Ad Triage, FTK Imager, Encase Imager, DD Opensource/GPL • Volatility, Nirsoft, GRR, DFF, Autopsy TSK, Regripper, Caine Distro, Wireshark, JTR, Xplico, Networkminer, Splunk, Arsenal image mounter, HashMyFiles, SysInternal, Mimikatz, Metasploit, Redline, MobSF, Github (Tools), OS (DEFT, SIFT, KALI, CAINE) For more list : https://d3pakblog.wordpress.com/2016/12/27/computer-forensic-tools/ Career: https://d3pakblog.wordpress.com/2017/07/16/forensics-as-career/ D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE CAREER F O R E N S I C S A S A S E R V I C E
So What Required D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E Where to Start Which degree is Important Is Programming required Which Certification What job Profile ? What to Study But I am L33T
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
STEPS TO FOLLOW D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE 4. Web Application /Network (VAPT) 3. Networking Skills 7. Cyber Crime/Cyber Law 9. Certifications – Add Value F O R E N S I C S A S A S E R V I C E 5. Foreniscs (CHFI,SANS,Tools Whitepapers/Webinars) 6. Basic Idea of Risk/Compliance/Audit/ Standards 1. DEGREE 2. Mentor + Dedication 8. Hands-On Practices/ Case Studies 10. LinkedIn/ Dream Job
GOOD THINGS OF TECHNOLOGY D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DEEP-WEB / REDDITLEAD (SOCIAL NETWORKING) MOBILE IOT IOT / Sync COOKIES INTELLIGENCE F O R E N S I C S A S A S E R V I C E
GOOD THINGS OF TECHNOLOGY (Cont.) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE CTI COMMUNITIES OPEN-SOURCE INTELLIGENCE / GIT GOOGLE F O R E N S I C S A S A S E R V I C E And The best : Social Engineering
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE USE CASE F O R E N S I C S A S A S E R V I C E
USE CASE : IP Theft o Employee Resigned o Joined New Company o Data theft o Type of data (pdf, xlsx) o Browser history cleared o No data in Recycle bin o Formatted USB  Forensics Imaging (Physical If required)  Timeline  Machine (Laptop/Desktop) : User info (SID)  Data Recovery (Specific data formats)  Mail Check (pst,ost, lotus etc)  SIEM/DLP logs (Data copied)  Firewall (3rd party URL data uploaded) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Q U E S T I O N AN S W E R F O R E N S I C S A S A S E R V I C E
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Cyber Kill Chain MITRE ATT&CK MATRIX Recon Weaponise Delivery Exploitation Installation C2 Actions & Objectives  Task: Identify the Attackers’ Step by Step Process  Goal: Disrupting Attackers’ operations  Motivation  Preparation  SE  OSINT  Configuration  Packaging  Powershell  Add  Mechanism of Delivery  Infection Vector  Phishing  Technical or human?  Applications affected  Method & Characteristics  Persistence  Characteristic s of change  Self0signed Driver  Communication between victim & adversary  VPN  What the adversary does when they have control of the system  Data Exfil  APT MITRE ATT&CK:  Active Scanning  Passive Scanning  Determine Domain & IP Address Space  Analyze Third-Party IT Footprint MITRE ATT&CK:  Malware  Scripting  Service Execution MITRE ATT&CK:  Spearphishing Attachment/Link  Exploit Public- Facing Application  Supply Chain Compromise MITRE ATT&CK:  Local Job Scheduling  Scripting  Rundll32 MITRE ATT&CK:  Application Shimming  Hooking  Login Items MITRE ATT&CK:  Data Obfuscation  Domain Fronting  Web Service MITRE ATT&CK:  Email Collection  Data from Local System/Network Share  Surveillance F O R E N S I C S A S A S E R V I C E
FORENSIC CHALLENGES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
Don’t believe marketing hype "oh, we spent $$$ in $Vendor product, so we are safe" Any "tool", regardless of the price, is still a "tool" D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DEMOGRAPHIC F O R E N S I C S A S A S E R V I C E
IMAGE FORENSICS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
D3pak@Protonmail.com Resources : D3pakblog.wordpress.com D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Thank You F O R E N S I C S A S A S E R V I C E

Recommended

Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - NotesKranthi
 
Darkweb
DarkwebDarkweb
DarkwebSateesh Gollapudi
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : OverviewDeepak Kumar (D3)
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsNicholas Davis
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 

Recommended

Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - NotesKranthi
 
Darkweb
DarkwebDarkweb
DarkwebSateesh Gollapudi
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : OverviewDeepak Kumar (D3)
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsNicholas Davis
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsOne97 Communications Limited
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityVivek Agarwal
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
The Dark Web
The Dark WebThe Dark Web
The Dark Webjamiecornista
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data ProtectionStrategic Insurance Software
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityPriyanshu Ratnakar
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsAbdallah Hodieb
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media ForensicsJohn J. Carney, Esq.
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 

More Related Content

What's hot

Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityPriyanshu Ratnakar
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 

What's hot (20)

Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data Protection
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media Forensics
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 

Similar to Cyber Forensics

Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchYury Chemerkin
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
Harness the Power of Big Data with Oracle
Harness the Power of Big Data with OracleHarness the Power of Big Data with Oracle
Harness the Power of Big Data with OracleSai Janakiram Penumuru
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunk
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Data in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathonData in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathonCisco DevNet
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?Brian Proctor - GICSP, CISSP, CRISC
 
Recent developments in data analytics and big data
Recent developments in data analytics and big dataRecent developments in data analytics and big data
Recent developments in data analytics and big dataDez Blanchfield
 
Developing your IoT Solutions with Intel
Developing your IoT Solutions with IntelDeveloping your IoT Solutions with Intel
Developing your IoT Solutions with IntelAmazon Web Services
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunk
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
 

Similar to Cyber Forensics (20)

Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
Harness the Power of Big Data with Oracle
Harness the Power of Big Data with OracleHarness the Power of Big Data with Oracle
Harness the Power of Big Data with Oracle
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
Securitarian
SecuritarianSecuritarian
Securitarian
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior Analytics
 
Data in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathonData in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathon
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?Encryption in industrial control systems; Is the juice worth the squeeze?
Encryption in industrial control systems; Is the juice worth the squeeze?
 
Digital tech trends
Digital tech trendsDigital tech trends
Digital tech trends
 
2004 05 intelligence processing seminar
2004 05 intelligence processing seminar2004 05 intelligence processing seminar
2004 05 intelligence processing seminar
 
Big Data Re-Told
Big Data Re-ToldBig Data Re-Told
Big Data Re-Told
 
Recent developments in data analytics and big data
Recent developments in data analytics and big dataRecent developments in data analytics and big data
Recent developments in data analytics and big data
 
Developing your IoT Solutions with Intel
Developing your IoT Solutions with IntelDeveloping your IoT Solutions with Intel
Developing your IoT Solutions with Intel
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary Session
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 

More from Deepak Kumar (D3)

Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
How to social/official network
How to social/official networkHow to social/official network
How to social/official networkDeepak Kumar (D3)
 

More from Deepak Kumar (D3) (20)

Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
THINK
THINKTHINK
THINK
 
Cyber Security Tips
Cyber Security TipsCyber Security Tips
Cyber Security Tips
 
CISSP INFORGRAPH MINDMAP
CISSP INFORGRAPH MINDMAPCISSP INFORGRAPH MINDMAP
CISSP INFORGRAPH MINDMAP
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & Tips
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
21st Century Cyber Forensics
21st Century Cyber Forensics21st Century Cyber Forensics
21st Century Cyber Forensics
 
Phishing
PhishingPhishing
Phishing
 
IoT
IoTIoT
IoT
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Ransomware
Ransomware Ransomware
Ransomware
 
Success Mantra
Success MantraSuccess Mantra
Success Mantra
 
Facebook Security Tips
Facebook Security TipsFacebook Security Tips
Facebook Security Tips
 
DDOS
DDOS DDOS
DDOS
 
Registry Registrar Registrant
Registry Registrar RegistrantRegistry Registrar Registrant
Registry Registrar Registrant
 
Whatsapp
WhatsappWhatsapp
Whatsapp
 
How to social/official network
How to social/official networkHow to social/official network
How to social/official network
 
Sexting
SextingSexting
Sexting
 
Phishing Scam
Phishing ScamPhishing Scam
Phishing Scam
 

Recently uploaded

AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 

Recently uploaded (20)

AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 

Cyber Forensics

  • 1. The Technology World Always has the Sharpest Brains... There are equally sharp minds, working against you… Src : Securus First F O R E N S I C S A S A S E R V I C E D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 2. EVERY CRIME LEAVES A TRAIL OF EVIDENCE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 3. F O R E N S I C S A S A S E R V I C E D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 4. DISCLAIMER Different organisations are subject to different laws and regulations. This resource is for educational and research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions. Some information from the internet and some of personal experience; doesn’t want to hurt anybody  D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE
  • 5. ONCE THE DOCUMENTS HAVE BEEN POSTED ONLINE, THE GENIE IS OUT OF THE BOTTLE D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 6. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 7. SOME CASE STUDIES • STUXNET, APT (MALWARE) 2010 • SONY PICTURE (IP THEFT) 2014 • BANGLADESH BANK HACK, COSMOS BANK(BFSI SECTOR) 2016 • MIRAI DYN BOTNET (IOT) 2016 • MP VYAPAM, SUNANDA PUSHKAR, HRITHIK ROSHAN KANGANA, AARUSHI TALWAR, MOVIE LEAKED PIRACY, HBO GOP, ATM BANKING, IRCTC DATA BREACH, WANNACRY, PETYA, BAD RABBIT… • STILL IN JURIS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 8. SO WHAT IS 4N6 ? D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E A B
  • 9. OR YOU MEAN • VAPT Skills • Almost Just Doing Data Recovery • Working On Tools & Technology • Malware Analysis • Password Cracking • Running Certain Script Programming • Rooting / Jailbreak Mobile Phones • Anything else? D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 10. Science for the examination and analysis of digital trace evidence. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 11. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 12. STANDARDS + TOOLS + ? = FORENSICS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 13. STANDARDS + TOOLS + INTELLIGENCE = FORENSICS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 14. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 15. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 16. DIGITAL FORENSICS STANDARDS & GUIDELINES • NIST: National Institute of Standard Technology (CFTT, NSRL, CFReDS) • ISO/IEC 27037: Guidelines for identification, collection, acquisition & preservation of digital evidence • ISO/IEC 17025: General requirements for the competence of testing and calibration laboratories • NIJ: National Institute of Justice (Several Standards, National Criminal Justice Reference Service) • IOCE: International Organization on Computer Evidence • ASCLD/LAB: American Society of Crime Laboratory Directors/Laboratory Accreditation Board • ASTM: E2678 standard; Guide for Education & Training • AES: Audio Engineering Society (Authentication of Analog tape) • SWGDE & SWGIT: Scientific Working Group on Digital Evidence & Scientific Working Group on Imaging Technology • ACPO: Association of Chief Police Officers • DSCI Manual India (Not specific standards but Manual) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 17. Section 79 A of IT act : Central Government to notify Examiner of Electronic Evidence • The Central Government may for the purposes of providing expert opinion on electronic form evidence before any court or other authority specify by notification in the Official Gazette any Department body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence. • The Lab has to follow competence of testing and calibration laboratories as per ISO/ IEC 17025:2005 and best practices as stated in ISO/IEC 27037:2012, guidelines for identification collection acquisition and preservation of digital evidence D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E 1. CFL, Army Cyber Group, DGMO, Signals 2. SFSL-DFS, Madiwala-Bangalore 3. CFSL, Hyderabad 4. DFS, Gandhinagar, Gujarat 5. CF-Data Mining Lab, SFIO-MCA, Delhi 6. FSL, Rohini, Delhi
  • 18. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE CHAIN OF CUSTODY Lack of integrity in the process of custody and, absence of appropriate documentation in this regard, will not only be detrimental to the cyber crime investigation, during trial but also, expose the IOs to criminal liability under Section 72 of the ITAA2008 F O R E N S I C S A S A S E R V I C E
  • 19. SOME BEST TOOLS Commercial/Proprietary • Mobile Forensics : UFED, Oxygen, Santoku • Composite: EnCase, FTK, NUIX, Belkasoft, CyberCheck, Magnet Axiom, OSForensics • Writeblocker/Imager : Tableau, Ad Triage, FTK Imager, Encase Imager, DD Opensource/GPL • Volatility, Nirsoft, GRR, DFF, Autopsy TSK, Regripper, Caine Distro, Wireshark, JTR, Xplico, Networkminer, Splunk, Arsenal image mounter, HashMyFiles, SysInternal, Mimikatz, Metasploit, Redline, MobSF, Github (Tools), OS (DEFT, SIFT, KALI, CAINE) For more list : https://d3pakblog.wordpress.com/2016/12/27/computer-forensic-tools/ Career: https://d3pakblog.wordpress.com/2017/07/16/forensics-as-career/ D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 20. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE CAREER F O R E N S I C S A S A S E R V I C E
  • 21. So What Required D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E Where to Start Which degree is Important Is Programming required Which Certification What job Profile ? What to Study But I am L33T
  • 22. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 23. STEPS TO FOLLOW D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE 4. Web Application /Network (VAPT) 3. Networking Skills 7. Cyber Crime/Cyber Law 9. Certifications – Add Value F O R E N S I C S A S A S E R V I C E 5. Foreniscs (CHFI,SANS,Tools Whitepapers/Webinars) 6. Basic Idea of Risk/Compliance/Audit/ Standards 1. DEGREE 2. Mentor + Dedication 8. Hands-On Practices/ Case Studies 10. LinkedIn/ Dream Job
  • 24. GOOD THINGS OF TECHNOLOGY D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DEEP-WEB / REDDITLEAD (SOCIAL NETWORKING) MOBILE IOT IOT / Sync COOKIES INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 25. GOOD THINGS OF TECHNOLOGY (Cont.) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE CTI COMMUNITIES OPEN-SOURCE INTELLIGENCE / GIT GOOGLE F O R E N S I C S A S A S E R V I C E And The best : Social Engineering
  • 26. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE USE CASE F O R E N S I C S A S A S E R V I C E
  • 27. USE CASE : IP Theft o Employee Resigned o Joined New Company o Data theft o Type of data (pdf, xlsx) o Browser history cleared o No data in Recycle bin o Formatted USB  Forensics Imaging (Physical If required)  Timeline  Machine (Laptop/Desktop) : User info (SID)  Data Recovery (Specific data formats)  Mail Check (pst,ost, lotus etc)  SIEM/DLP logs (Data copied)  Firewall (3rd party URL data uploaded) D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Q U E S T I O N AN S W E R F O R E N S I C S A S A S E R V I C E
  • 28. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Cyber Kill Chain MITRE ATT&CK MATRIX Recon Weaponise Delivery Exploitation Installation C2 Actions & Objectives  Task: Identify the Attackers’ Step by Step Process  Goal: Disrupting Attackers’ operations  Motivation  Preparation  SE  OSINT  Configuration  Packaging  Powershell  Add  Mechanism of Delivery  Infection Vector  Phishing  Technical or human?  Applications affected  Method & Characteristics  Persistence  Characteristic s of change  Self0signed Driver  Communication between victim & adversary  VPN  What the adversary does when they have control of the system  Data Exfil  APT MITRE ATT&CK:  Active Scanning  Passive Scanning  Determine Domain & IP Address Space  Analyze Third-Party IT Footprint MITRE ATT&CK:  Malware  Scripting  Service Execution MITRE ATT&CK:  Spearphishing Attachment/Link  Exploit Public- Facing Application  Supply Chain Compromise MITRE ATT&CK:  Local Job Scheduling  Scripting  Rundll32 MITRE ATT&CK:  Application Shimming  Hooking  Login Items MITRE ATT&CK:  Data Obfuscation  Domain Fronting  Web Service MITRE ATT&CK:  Email Collection  Data from Local System/Network Share  Surveillance F O R E N S I C S A S A S E R V I C E
  • 29. FORENSIC CHALLENGES D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 30. Don’t believe marketing hype "oh, we spent $$$ in $Vendor product, so we are safe" Any "tool", regardless of the price, is still a "tool" D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 31. D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE DEMOGRAPHIC F O R E N S I C S A S A S E R V I C E
  • 32. IMAGE FORENSICS D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE F O R E N S I C S A S A S E R V I C E
  • 33. D3pak@Protonmail.com Resources : D3pakblog.wordpress.com D3PAK KUMAR (D3) DIGITAL FORENSICS | CYBER INTELLIGENCE Thank You F O R E N S I C S A S A S E R V I C E