Introduction of Cybercrime: Types, The Internet spawns crime, Worms versus viruses, Computers' roles in crimes, Introduction to digital forensics, Introduction to Incident - Incident Response Methodology –Steps - Activities in Initial Response, Phase after detection of an incident
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Computer Forensics
1. Dr R Jegadeesan Prof-CSE
Jyothishmathi Institute of Technology and Science, karimnagar
Computer Forensics
1
2. Introduction of Cybercrime
What is Cyber Crime?
• Cybercrime is defined as a crime where a computer is the object of the
crime or is used as a tool to commit an offense.
• A Cyber Criminal may use a device to access a user’s personal
information, confidential business information, government
information, or disable a device.
• It is also a cybercrime to sell or elicit the above information online
DEFINITIONS
2
3. Introduction of Cybercrime
DEFINITIONS
3
A computer security incident is defined as any unlawful, unauthorized,
or unacceptable action that involves a computer system or a computer
network. Such an action can include any of the following events:
• Theft of trade secrets
• Email spam or harassment
• Unauthorized or unlawful intrusions into computing systems
• Embezzlement
• Possession or dissemination of child pornography
• Denial-of-service (DoS) attacks
• Tortious interference of business relations
• Extortion
• Any unlawful action when the evidence of such action may be
stored on computer media such as fraud, threats, and traditional
crimes.
4. Introduction of Cybercrime
Cybercrimes can generally be divided into two categories:
• Crimes that target networks or devices
✓ Viruses
✓ Malware
✓ DoS Attacks
• Crime using devices to participate in criminal activities
✓ Phishing Emails
✓ Cyberstalking
✓ Identity Theft
TYPES
4
5. Introduction of Cybercrime
Further, there are three major categories that cybercrime falls into:
• Individual
• Property
• Government
The types of methods used and difficulty levels vary depending on the
category
TYPES
5
6. Introduction of Cybercrime
• Individual: This category of cybercrime involves one individual
distributing malicious or illegal information online. This can include
cyberstalking, distributing pornography and trafficking.
• Property: This is similar to a real life instance of a criminal illegally
possessing an individual’s bank or credit card details. The hacker steals
a person’s bank details to gain access to funds, make purchases online
or run phishing scams to get people to give away their information.
• Government: This is the least common cybercrime, but is the most
serious offense. A crime against the government is also known as cyber
terrorism
TYPES
6
7. Introduction of Cybercrime
Worms vs Viruses
7
WORM
• Do not attaches itself to OS
• Self propagates across a
network exploiting security
in widely used services
• It harms the network and
consumes network
bandwidth
• Spread much more rapidly.
Eg. SQL Slammer
worm75,000 victims within
ten minutes
VIRUS
• Attaches itself to OS or the
programs
• Need user action to abet
their propagation
• Damages caused is mostly
local to the machine
• Spread quite slowly
8. Introduction of Cybercrime
Introduction to Digital Forensics
8
General Types of Digital Forensics include
• Network Analysis
▪ Communication analysis
▪ Log analysis
▪ Path tracing
• Media Analysis
▪ Disk imaging
▪ MAC time analysis(Modify, Access, Create)
▪ Content Analysis
▪ Slack space Analysis
▪ Steganography
• Code Analysis
▪ Reverse Engineering
▪ Malicious code review
▪ Exploit review
9. Introduction of Cybercrime
Incident Response Methodology
9
The Six Steps of Incident Response
1. Preparation: get ready to handle the incident
2. Identification: detect the incident
3. Containment: limit the impact of the incident
4. Remediation: remove the threat
5. Recovery: recover to a normal stage
6. Aftermath: draw up and improve the process