Introduction to Computer Forensics & Cyber Security
1. HACKING AND CRACKING
 Hacking is the activity of identifying weaknesses in
a computer system or a network to exploit the
security to gain access to personal data or business
data. An example of computer hacking can be:
using a password cracking algorithm to gain access
to a computer system.
 Cracking is a technique used to breach computer
software or an entire computer security system, and
with malicious intent. Though functionally the same
as hacking, cracking is strictly used in a criminal
sense.
2. Credit Card Frauds
 These are new trends in cybercrime that are
coming up with mobile computing : mobile
commerce and mobile banking.
 Mobile credit card transactions are now very
common.
 Wireless credit card processing is a relatively new
service that will allow person to process credit
cards electronically, virtually anywhere.
 Wireless credit card processing is a very desirable
system.
3.
4.  There is a system available from an Australian
company “Alacrity” called closed-loop environment
for wireless (CLEW) which works in following
manner.
1. Merchant sends a transaction to bank
2. The bank transmits the request to the authorized
cardholder.
3. The cardholder approves or reject (password
protected).
4. The bank/merchant is notified.
5. The credit card transaction is completed.
5. Types and Techniques of Credit Card
Frauds
1. Traditional Technique
2. Modern Technique
 The traditional credit card fraud is paper based
fraud, wherein a criminal uses stolen or fake
documents such as utility bills and bank
statements that can build up useful Personally
Identifiable Information (PII) to open an account in
someone else’s name.
6.  Traditional fraud can be divided into
1. ID theft : where an individual pretends to be someone
else
2. Financial fraud : where an individual gives false
information about his or her financial status to acquire
credit.
 Illegal use of lost and stolen cards is another form
of traditional technique.
 Stealing a credit card is either by pickpocket or
from postal service before it reaches its final
destination.
7.  Skimming is where the information held on either
the magnetic strip on the back of the credit card or
the data stored on the smart chip are copied from
one card to another.
 Site cloning and false merchant sites on the internet
are becoming a popular method of fraud and to
direct the users to such fake sites is called
phishing.
 Triangulation :
ď‚— It is another method of credit card fraud.
 The criminal offers the goods with heavy discounted rates
through a website hosted by him.
 The customer registers on this website with his/her name and
other valid details like credit card number.
 The criminal orders the goods from website with the help of
stolen credit card details
 The criminal keeps on purchasing other goods with the card.
8.  Credit card generators
ď‚— It is another modern technique that creates valid credit
card numbers and expiry dates. The criminal highly rely
on these generators to create valid credit cards. There
are available for download on internet.
 Tips to prevent Credit Card Fraud :
 Do’s
 Put your signature on the card immediately upon its receipt.
 Make the photocopy of both the sides of your card and
preserve it at a safe place.
 Change the PIN before doing any transaction.
 Always carry the details about contact number of bank.
 Keep an eye on your card during the transaction.
 Preserve all the receipts to compare with credit card invoice.
 Destroy all the receipt after reconcile.
 Report the loss of the card immediately.
9.  Don’t’s
 Store your card number and PIN in your cell.
 Lend your cards to anyone.
 Leave cards or transaction receipt lying around.
 Sign a blank receipt.
 Write your card number/PIN on a card / chit.
 Give out immediately your account number over phone.
10. WEB TECHNOLOGY
Web Technology refers to the various tools and
techniques that are utilized in the process of
communication between different types of devices
over the internet. A web browser is used to access
web pages. Web browsers can be defined as
programs that display text, data, pictures, animation,
and video on the Internet. Hyperlinked resources on
the World Wide Web can be accessed using software
interfaces provided by Web browsers.
11. WEB TECHNOLOGY CAN BE CLASSIFIED INTO
THE FOLLOWING SECTIONS:
 World Wide Web (WWW): The World Wide Web is based on several
different technologies : Web browsers, Hypertext Markup Language
(HTML) and Hypertext Transfer Protocol (HTTP).
 Web Browser: The web browser is an application software to
explore www (World Wide Web). It provides an interface between the
server and the client and requests to the server for web documents
and services.
 Web Server: Web server is a program which processes the network
requests of the users and serves them with files that create web
pages. This exchange takes place using Hypertext Transfer Protocol
(HTTP).
 Web Pages: A webpage is a digital document that is linked to the
World Wide Web and viewable by anyone connected to the internet
has a web browser.
 Web Development: Web development refers to the building,
creating, and maintaining of websites. It includes aspects such as
web design, web publishing, web programming, and database
management. It is the creation of an application that works over the
12. CRYPROGRAPHY
Technique of securing information and
communications through use of codes so that only
those person for whom the information is intended
can understand it and process it. Thus preventing
unauthorized access to information. The prefix “crypt”
means “hidden” and suffix graphy means “writing”.
13. CONTD.
 In Cryptography the techniques which are use to
protect information are obtained from mathematical
concepts and a set of rule based calculations
known as algorithms to convert messages in a way
that make it hard to decode it.
 These algorithms are used for cryptographic key
generation, digital signing, verification to protect
data privacy, web browsing on internet and to
protect confidential transactions such as credit card
and debit card transactions.
14. TECHNIQUES USED FOR CRYPTOGRAPHY
In today’s age of computers cryptography is often
associated with the process where an ordinary plain
text is converted to cipher text .
which is the text made such that intended receiver of
the text can only decode it and hence this process is
known as encryption. The process of conversion of
cipher text to plain text this is known as decryption.
15. FEATURES OF CRYPTOGRAPHY ARE AS FOLLOWS:
1. Confidentiality:
Information can only be accessed by the person for
whom it is intended and no other person except him
can access it.
2. Integrity:
Information cannot be modified in storage or
transition between sender and intended receiver
without any addition to information being detected.
3. Non-repudiation:
The creator/sender of information cannot deny his
intention to send information at later stage.
4. Authentication:
The identities of sender and receiver are confirmed.
As well as destination/origin of information is
confirmed.
16. TYPES OF CRYPTOGRAPHY:
1. Symmetric Key Cryptography:
It is an encryption system where the sender and receiver of message
use a single common key to encrypt and decrypt messages.
Symmetric Key Systems are faster and simpler but the problem is
that sender and receiver have to somehow exchange key in a secure
manner. The most popular symmetric key cryptography system is
Data Encryption System(DES).
2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with
fixed length is calculated as per the plain text which makes it
impossible for contents of plain text to be recovered. Many operating
systems use hash functions to encrypt passwords.
3. Asymmetric Key Cryptography:
Under this system a pair of keys is used to encrypt and decrypt
information. A public key is used for encryption and a private key is
used for decryption. Public key and Private Key are different. Even if
the public key is known by everyone the intended receiver can only
decode it because he alone knows the private key.
18. REAL LIFE CASES
 Dr. Gerald Barnes
Gerald Barnbaum lost his pharmacist license after committing
Medicaid fraud. He stole the identity of Dr. Gerald Barnes and
practiced medicine under his name. A type 1 diabetic died
under his care. “Dr. Barnes” even worked as a staff physician
for a center that gave exams to FBI agents. He’s currently
serving hard time.
 Andrea Harris-Frazier
Margot Somerville lost her wallet on a trolley. Two years later
she was arrested. Andrea Harris-Frazier had defrauded
several banks—using Somerville’s identity—out of tens of
thousands of dollars. The real crook was caught.
 Abraham Abdallah
A busboy named Abraham Abdallah got into the bank
accounts of Steven Spielberg and other famous people after
tricking his victims via computer, getting sufficient data to fake
being their financial advisors—then calling their banks…and
19. CYBERCRIME:
THE LEGAL PERSPECTIVE
 Cybercrime possess a mammoth challenge
 Computer crime: Criminal Justice Resource
Manual(1979)
ď‚— Any illegal act for which knowledge of computer
technology is essential for a successful prosecution.
 International legal aspects of computer crimes were
studied in 1983
ď‚— Encompasses any illegal act for which the knowledge of
computer technology is essential for its prepetration
20. CYBERCRIME:
THE LEGAL PERSPECTIVE
 The network context of cyber crime make it one of
the most globalized offenses of the present and
most modernized threats of the future.
 Solution:
ď‚— Divide information system into segments bordered by
state boundaries.
Not possible and unrealistic because of
globalization
ď‚— Or incorporate the legal system into an integrated entity
obliterating these state boundaries.
21. CYBERCRIMES: AN INDIAN PERSPECTIVE
 India has the fourth highest number of internet
users in the world.
 45 million internet users in India
 37% - in cybercafes
 57% are between 18 and 35 years
 The Information Technology (IT) Act, 2000,
specifies the acts which are punishable. Since the
primary objective of this Act is to create an enabling
environment for commercial use of I.T.
22. CYBERCRIMES: AN INDIAN PERSPECTIVE
 217 cases were registered under IT Act during the year
2007 as compared to 142 cases during the previous year
(2006)
 Thereby reporting an increase of 52.8% in 2007 over
2006.
 22.3% cases (49out of 217 cases) were reported from
Maharashtra followed by Karnataka (40), Kerala (38) and
Andhra Pradesh and Rajasthan (16 each).
24. INCIDENCE OF CYBER CRIMES IN
CITIES
 17 out of 35 mega cities did not report any case of
Cyber Crime i.e, neither under the IT Act nor under IPC
Sections) during the year 2007.
 17 mega cities have reported 118 cases under IT Act
and 7 megacities reported 180 cases undervarious
section of IPC.
 There was an increase of 32.6% (from 89 cases in 2006
to 118 cases in 2007) in cases under IT Act as
compared to previous year (2006),
 and an increase of 26.8% (from 142 cases in 2006 to
180 cases in 2007) of cases registered under various
section of IPC
 Bengaluru (40), Pune (14) and Delhi (10) cities have
reported high incidence of cases (64 out of 118 cases)
registered under IT Act, accounting for more than half of
the cases (54.2%) reported under the Act.