1. Cyber Crime Investigator
Internet Fundamentals:
The history of the Internet
How the Internet is managed
IP Addresses (IPv4 and IPv6)
Domain Name System (DNS)
Secure DNS Deployment
Web 101:
Registering & configuring a domain
Setting up a domain with a web host
Setting up custom MX records
Setting up the email system
Setting up MySQL databases
Setting up one-click installs
Setting up a Virtual Private Server
Setting up a cloud server
Configuring SSL
Setting up Word press
Hidden Web:
What do criminals sell online?
Case 1: Silk Road
Case 2: Dark market
Anatomy of a Financial Cyber Crime
Organization
Tor – the technology powering the
Hidden web
Bit coin – the powerful virtual currency
Coding for the web:
HTML5 basics
PHP basics
MySQL basics
Customizing an HTML5 web template
Cyber Crime 101
Terminologies & Real World Cyber Crime cases
2. EBanking Attacks:
Phishing Attacks (clone, spear, phone,
Email spoofing, fake urls etc.)
Phishing Countermeasures
Sender Policy Framework
Domain Keys Identified Mail
Plastic Card Fraud
ATM Card Skimming & PIN Capturing
Preventing Card Trapping.
The US$ 45 million ATM fraud
Web Hacking:
SQL Injection
Broken Athentication and Session
Hijacking
Cross Site Scripting
Insecure Direct Object Access
Security Misconfiguration
Sensetive Data Exposure
Missing Function Level Access Contrrol
Cross Site Request Forgery
Using Component with known
Vulnerabilities
Unvalidated Redirect and Forwards
Web Investigation:
External Examination
Confiscation and seizure
Handling Real World Investigations
Electronic Crime Scene Investigation
Investigating Internet based crimes
Computer Emergency Response Teams
Setting up a Cyber Crime Investigation
Cell
ASCL Case File: E-commerce Fraud
Email Investigation:
Email basics
Analysis of the Gmail, Rediffmail,
Yahoo and Thunderbird headers
Online email header analysis tools
Tracking email accounts
Common Internet Message Headers
3. Investigating Server Logs:
Configuring an FTP Server
FTP Server Logs
Configuring a Web Server
Web Server Logs
Configuring a DNS server
ASCL Case File: Web Defacement
ASCL Case File: Cyber Sabotage
Investigating Web Browsers:
Investigating Mozilla Firefox
Investigating Safari
Investigating Google Chrome
Investigating Opera
Investigating Internet Explorer
Cyber Security Fundamentals:
Secure eBanking
Securing your Laptop
Password security
Securing your Smartphone
Social network security
Securing your home WiFi
Securing your Gmail account
Securing Firefox
Securing Chrom
PRATICAL ASSESSMENT / PROJECT: COUNTER-STRIKE CASE STUDY &
FINANCIAL FRAUD CASE STUDY
4. Cyber Forensic Analyst
Forensic Fundamentals:
Forensic Audio and Video Analysis
Bloodstain Pattern Analysis
Digital Evidence
DNA Evidence
Forensic Drug Chemistry
Explosives Analysis
Fingerprint Analysis
Firearms Examination
Footwear & Tire Track Examination
Forensic Toxicology
Trace Evidence.
Crime Scene Photography
Cyber Forensics Fundamentals:
Understanding Cyber Forensics
Electronic Crime Scene Investigation
Best Practices for Seizing Electronic Evidence and Computer-Based Electronic
Evidence
Forensic Examination of Digital Evidence
Integrating Forensic Techniques into Incident Response
Digital Forensic Analysis Methodology
Cyber Forensics - Best Practices, SOPs & Guidelines:
B/P for Computer Forensics, Mobile Phone Forensics & Portable GPS Device
Examinations
SOP for Computer Forensics
Capture of Live Systems
Procedures for imaging and analyzing Mac OS X computers
Locating potential evidence in P2P
Guidelines for Validation Testing & for Training
Quality Assurance for Digital Evidence Laboratories & for Processing of Digital
and
Multimedia Evidence
Core Competencies for Forensic Audio & Mobile Phone Forensics
5. Cyber Forensic Case Files:
ASCL Case File: Financial Fraudster
ASCL Case File: Hacking & Intrusion
ASCL Case File: DDOS attack
ASCL Case File: Death Investigation
ASCL Case File: Malware
ASCL Case File: Money Laundering
ASCL Case File: Piracy
ASCL Case File: Tax Evasion
ASCL Case File: Terrorism
File Forensics: file extensions, file signatures and file formats
Image Forensics:
ASCL Image Analysis Tool" for detecting and analyzing detailed Meta
information in image files.
Exchangeable image file (Exif) format
Using the ASCL Exif Tool
Format-Based Forensics
Camera-Based Forensics
Pixel-Based Forensics
Statistical-Based Forensics
Geometric-Based Forensics
Physics-Based Forensics
Video Forensics
Printer Forensics
Financial Crimes:
Basic financial concepts: Shares,Debentures and Bonds, Money Market
Instruments, Commodities,Derivatives, Futures, Options, Swaps, Hedging &
Arbitrage, Carbon Credits & Depository Receipts
ASCL Case Files: Income Tax Raid
ASCL Case Files: Lottery Fraud
ASCL Case Files: Accounting Fraud
Investigation Guidelines
Crypto Forensics:
How cryptography works: Keys, Symmetric cryptography, Asymmetric
cryptography
Hash functions
Digital Signatures
Digital signature certificates
6. Obtaining a digital signature certificate
Digitally signing emails
Digitally signing word documents
ASCL Case Files: Digital Signature Fraud
Password Forensics:
File passwords recovery techniques (Instant Password Extraction, "Fake"
Password
Creation, Reset the Password, Brute Force Attack, Dictionary Attack, Known
Plain Text Attack, Guaranteed Recovery)
Using 16 file passwords recovery software
Breaking Windows OS passwords
Cracking PGP passphrases
Cracking MD5 hashes
Steganography
Windows Forensics:
Conduct live forensics on a Windows computer:
RAM forensics, volatile memory forensics, deleted data recovery.
Forensic implications of: Microsoft Vista, Microsoft Windows 7
Documentation & Reports:
Request for Service
Chain of Custody Form
Computer Evidence Assessment / Analysis Checklist
Cyber Forensics Analysis Report
Sample FIR, Criminal Complaint, Property Search & Seizure Form, Final Form
and Property Final Form
Complaint to Adjudicating Officer
Integrated Investigation Forms
Sample Subpoenas and Reports, Case Examples & Sample Forms (NIJ)
Media Sanitization:
Sanitization techniques
Tools and resources
Sanitization validation form
Standard operating procedures for digital media sanitization
Clearing and sanitization matrix
Standards for sanitization / secure disposal
Sample media sanitization and destruction policy
RESEARCH PROJECT TOPIC: “FORENSIC INVESTIGATION OF SOCIAL MEDIA AS A
PAYMENT SYSTEM.”
7. International Program in Cyber Law:
1. Cyber Law (India)
2. Data Privacy Law
3. IT Law Compliance
4. International Law on cyber crime
5. US Law on cyber crime
6. EU Law on cyber crime
7. International E-commerce Law
8. Global Cyber Law Database
RESEARCH PROJECT: “A BRIEF HANDBOOK ON CYBER CRIME CASES UNDER
INFORMATION TECHNOLOGY ACT, 2000 – DETAILS AND ANALYSIS.”
Fraud Control:
1. Fraud Risk Investigation
2. Fraud And Corruption Control
3. IS 15900
4. UK Bribery Act 2010
5. US Foreign Corrupt Practices Act
ASSESSMENT:
1. TRANSPARENCY INTERNATIONAL GUIDELINES ON GOOD PRACTICES &
PROCEDURE FOR ANTI-BRIBERY PROGRAM
2. 1S 15900:
Conduct IS 15900 Gap Analysis for any organization
Fill Risk Assessment Form
Fill Fraud Risk Treatment Form
Prepare: Fraud & Corruption Control Manual for your organization
8. Cyber Security:
Cyber Security Fundamentals:
Lexcode Information Security Sphere
Computer Security Incident Handling Guide
National Infrastructure Protection - Emerging Technologies
Social Networking - Good Practice Guide
Mobile Devices - Executive Briefing Paper
Guidelines for Media Sanitization
Contingency Planning Guide for Federal Information Systems
Cyber Security Standards:
RBI Guidelines on Information security, Electronic Banking, Technology
risk management and cyber frauds
Security and Privacy Controls for Federal Information Systems and
Organizations
Understanding the Payment Card Industry Data Security Standard version
3.0 (PCI DSS Guide)
Requirements and Security Assessment Procedures (Version 3.0) - Payment
Card Industry (PCI) Data Security Standard
Vetting the Security of Mobile
Additional Case Papers Prepared for Following Topics:
1. Evernote Application and Data Privacy – Few Flaws and Possible Fixes –A
Case Study
2. Google Glass – How it is Hacking your Privacy & Bypassing Surveillance – A
Case Study
3. How Whatsapp is Bugging Us – A Case Study
COIN [Collaborative Online Investigation Network]:
Contributions:
1. 500+ Suspicious IP Address
2. 800+ Fake Domain / Websites
3. Tor Check List