This document provides an overview of cyber crime and forensics. It discusses the types of cyber crimes like hacking, phishing, software piracy and cyber stalking. It also outlines the steps of computer forensics which include acquisition, identification, evaluation and presentation of digital evidence. Common tools used in computer forensics are also mentioned.

1. CYBER CRIME &
FORENSICS
Presented By
Saisha sukla (u112105)
Samikhya Joshi (u112106)
Santanu Kumar Das (u112107)
Satyanarayana Das (u112108)

2. Introduction to Cybercrime
 Computer or computer networks are
used as a tool or a target or a place of
criminal activity.
 First recorded cyber crime took place
in the year 1820 in France.
 Unauthorized access to computer
systems, data destruction, data
alteration, theft of intellectual
property.
 Most important revenue sector for
global organized crime.

3. How it differs from terrestrial crime?
 easy to learn how to commit
 require few resources relative to
the potential damage caused
 can be committed in a jurisdiction
without being physically present
in it
 are often not clearly illegal

4. Types of Cybercrime
• Hacking • Financial crimes
• Phishing • Sale of illegal articles
• Software Piracy • Intellectual Property crimes
• Cyber Stalking • Forgery
• Denial of Service • Cyber Defamation

5. Hacking
• The actual word is “Cracking” and not “Hacking”.
• "Deliberately gaining unauthorized access to an
information system.“
• They help the government to protect national
documents of strategic importance, help
organizations to protect documents and company
secrets,
• A Cracker breaks into someone else's computer
system, often on a network, bypasses passwords or
licenses in computer programs or in other ways
intentionally breaches computer security.
• But with time , both the word are used
interchangeably.

6. Phishing
Acquiring information such as usernames,
password and credit card details by disguising
as a trustworthy entity.
India is among the top 15 countries hosting
"phishing" sites which aims at stealing
confidential information such as passwords and
credit card details.

7. Cyber Stalking
Cyber stalking is use of the Internet or other electronic means to stalk
someone. This term is used interchangeably with online harassment and
online abuse.
Denial of Service
•floods the bandwidth of the victim’s network
•fills his e-mail box with spam mail
•deprives him of the services he is entitled to access or provide
•uses a technique called spoofing and buffer overflow

8. Software Piracy
• illegal copying of genuine programs
• counterfeiting and distribution of products
Examples of software piracy
End user copying
Hard disk loading
Counterfeiting
Illegal downloads from the Internet

9. Virus Dissemination
•A program that can ‘infect’ other legitimate
programs by modifying them to include a possibly
‘evolved’ copy of itself.
•Viruses can spread themselves, without the
knowledge or permission of the users, to
potentially large numbers of programs on many
machines.
Typical action of a virus
•Erase files
•Scramble data on a hard disk
•Cause erratic screen behavior
•Halt the PC
•Just replicate itself!

10. Cybercriminals

11. Motivating factors for Cybercrimes
 The challenge….. “because it’s there!”
 Ego
 Espionage
 Ideology
 Mischief
 Money (Extortion or Theft)
Revenge

12. Cost of Cyber crime in India
In India in 2010
 29.9 million people fell victim to cyber crime
 $ 4 billion in direct losses
 $ 3.6 billion in time spent to resolve crimes
 80% of cyber users have been a victim of
cyber crime
 17% of adults online have experienced
cybercrime on their mobile phone
Source : Nortan Cyber Crime Report2011

13. Why India?
 A rapidly growing online user
 121 million internet users
 65 million active internet users, up 28%
from 51 million in 2010
 50 million users shop online on
ecommerce and online shopping sites
 46+ million social network users
 346 million mobile users had subscribed to
data packages
Source : IAMAI; Juxt; wearesocial 2011

14. Combating Cybercrimes
 Technological measures: Public key
cryptography, Digital signatures
,Firewalls, honey pots
 Cyber investigation: Computer forensics
is the process of identifying, preserving,
analyzing and presenting digital
evidence in a manner that is legally
acceptable in courts of law. These rules
of evidence include admissibility (in
courts), authenticity (relation to incident),
completeness, reliability and
believability.
 Legal framework-laws & enforcement

15. International Legislation Initiatives
 OECD
1983 – research in criminal law problems of
computer related crimes
1992 – Guidelines for the security of
information systems
 G8
1997 – Subgroup of High – Tech Crime
 OAS
1999 – Established a group of government
experts on cyber crime
 APEC
2002 – commitment to enact a comprehensive
set of laws relating to cyber security and cyber
crime

16. International Legislation Initiatives
 ASEAN and China
2003 – Formulate cooperative and emergency
response procedures for enhancing cyber
security and combating cyber crime
 United Nations
1998-2000 – Resolution on developments in the
field of Information and Telecommunication in
the context of International security
2003 – Resolutions on combating the criminal
misuse of Information Technology & on the
creation of a global culture of cyber security.
 Europe union
2003-2005 – Council framework decision on
attacks against information system

17. What about the law? (Indian perspective)
Information Technology Act (Amendment) Act 2008 – Chapter XI
 65 – Tempering with computer source documents
 66 – Computer related offences
 66A – punishment for sending offensive messages through
communication services etc.
 66B – Punishment for dishonestly receiving stolen computer
resources or communication devices
 66C – Punishment for identity theft
 66D – Punishment for cheating by personation by using
computer device
 66E – Punishment for violation of privacy
 66F – punishment for cyber terrorism
 67 – punishment for publishing or transmitting obscene
material in electronic form

18. Major Objectives
 Create effective cyber crime laws
 Develop acceptable practices for
search and seizure
 Handle jurisdiction issues
 Cooperate in international
investigations
 Establish effective public/private
sector interaction

19. Safety tips to avoid Cybercrime
 Use anti-virus software and firewalls  Don't share access to your
- keep them up to date computers with strangers
 Keep your operating system up to  If you have a Wi-Fi network,
date with critical security updates and password protect it
patches
 Disconnect from the Internet
 Don't open emails or attachments when not in use
from unknown sources
 Reevaluate your security on a
 Use hard-to-guess passwords. Don’t regular basis
use words found in a dictionary.
Remember that password cracking  Make sure your employees and
tools exist family members know this info
too!
 Back-up your computer data on disks
or CDs often

20. Prominent news for Cyber crimes
 Kevin Mitnick’s (“Condor”) hacking spree cost high-tech companies at
least $ 291.8 million over a two year span before his capture
 David L. Smith, a31 year old programmer ,pleaded guilty to creating the
Melissa virus and using an ex-rated web site to spread it through cyberspace,
causing $80 million damages.
 Four high school Kids hacked into a Bay Area internet server and used
stolen credit card number to order computer equipment: $200k
 A temporary employer broke into Forbes, computers, caused a computer crash,
that cost Forbes $100,000 to restore

21. Case study 1
The Chennai city police have busted an international gang involved in
cyber crime, with arrest of Deepak Prem Manwani (22), who was
caught red handed while breaking into an ATM in the city.
The dimensions of the city cops’ achievement can be gauged from
the fact that they have netted a man who is on the wanted list of
formidable FBI of US.
At the time of his detention, he had with him Rs 7.5 lakhs knocked off
from two ATMs in T Nagar and Abiramipuram in the city. Prior to that,
he had walked away with Rs 50,000 from an ATM in Mumbai.
While investigating it was found that his audacious crime career
started in the internet café. While browsing the net one day, he got
attracted to a site which offered him assistance in breaking into the
ATMs

22. Case study 1
His contacts sitting some where in Europe were ready to give him
credit card numbers of few American banks for $5 per card. This site
also offered the magnetic codes of these cards, but charged $200
per code.
The operators of the site had devised a fascinating idea to get the
PIN of the card users. They floated a new site which resembled that
of a reputed telecom company. That company has millions of
subscribers. The fake site offered the visitors to return $11.75 per
head which, the site promoters said, had been collected in excess by
mistake from them.
Believing that it was a genuine offer from the telecom company in
question, several lakh subscribers logged on the site to get back the
little money. But in the process parted with their PINs

23. Case study 1
Armed with all requisite data to hack the bank ATMs, the gang
started its systematic looting. Apparently Manwani and many others
of his group entered into a deal with the gang behind the site and
could purchase any amount of data.
Meanwhile, Manwani also managed to generate 30 plastic cards that
contained necessary data to enable him to break into ATMs. He was
so enterprising that he was able to sell away a few such cards to his
contacts in Mumbai.
On receipt of large scale complaints from the billed credit card users
and banks in the US, the FBI started investigation into the affair and
also alerted the CBI
Manwani has since been enlarged on bail after interrogation by CBI.
But the city police believe that this is the beginning of a major cyber
crime.

24. Case study 2
In 1988 Robert Morris, Jr. a 23 year old graduate student in computer
science at Cornell and the son of a NSA computer security expert,
wrote an experimental, self replicating, self-propagating program
called a worm (99 lines of code) and injected into the internet. He
choose to release it from MIT, to disguise the fact that the warm
came from Cornell.
60,000 computer site at university sites, hospitals, research facilities,
corporations and govt. institutions were affected; the estimated cost
of dealing with the worms ranged from $200 to $50,000 for each site.
Morris was convicted of violating the computer fraud and Abuse Act;
he received 3 years probation, 400 hours of community service and a
fine of $10050

25. Next steps

26. A final word
Treat your password like you treat your tooth brush. Never
give to any one else to use, and change it every few months.

27. CYBER FORENSICS

28. FORENSICS
 Forensic Science or forensic is the application of
broad spectrum of sciences to answer to
questions related to legal system, may be for
crime or civil actions.
 The use of science and technology to investigate
and establish facts in criminal or civil courts of
law.

29. COMPUTER FORENSICS
Goal of computer forensics is to examine digital
media in a forensically sound manner with the
aim of identifying, preserving, recovering,
analyzing and presenting facts and opinions
about the information.

30. HISTORY
 Michael Anderson
“Father of computer forensics”
special agent with IRS
 Meeting in 1988 (Portland, Oregon)
creation of IACIS, the International Association of Computer
Investigative Specialists
the first Seized Computer Evidence Recovery Specialists (SCERS)
classes held

31. WHY?
 The main task or the advantage from the computer
forensic is to catch the culprit or the criminal who is
involved in the crime related to the computers.
 Computer forensics has emerged as important part in the
disaster recovery management
 Ability to search through a massive amount of data-
Quickly, Thoroughly and In any language
 The importance lies mainly in handling criminal actions
such as fraud, phishing, identity theft or many other
criminal activities

32. WHO USES FORENSICS
 Criminal Prosecutors
 Civil litigators
 Insurance Companies
 Corporations
 Law Enforcement Officials
 Individuals

34. What cyber forensics aims at?
 Identify root cause of an event to ensure it won’t happen again
– Must understand the problem before you can be sure it won’t be
exploited again.
 • Who was responsible for the event?
 • Most computer crime cases are not prosecuted
– Consider acceptability in court of law as our standard for
investigative practice.
– Ultimate goal is to conduct investigation in a manner that will
stand up to legal scrutiny.
– Treat every case like a court case!

35. STEPS FOR COMPUTER FORENSICS:
Acquisition
Identification
Evaluation
Presentation

36. 1) Shut Down the Computer
2) Document the Hardware Configuration of The System
3) Transport the Computer System to A Secure Location
4) Make Bit Stream Backups of Hard Disks and Floppy Disks
5) Mathematically Verify Data on All Storage Devices
6) Document the System Date and Time
METHEDOLOGY: 7) Make a List of Key Search Words
8) Evaluate the Windows Swap File
9) Evaluate File Slack
10) Evaluate Unallocated Space (Erased Files)
11) Search Files, File Slack and Unallocated Space for Key Words
12) Document File Names, Dates and Times
13) Identify File, Program and Storage Anomalies
14) Evaluate Program Functionality
15) Document Your Findings

37. EVIDENCES:
Forensics involves collection of evidences as an important part for investigation.
5 rules of evidences:
1) Admissible
Must be able to be used in court or elsewhere.
1) Authentic
Evidence relates to incident in relevant way.
1) Complete
Exculpatory evidence for alternative suspects.
1) Reliable
No question about authenticity & veracity.
1) Believable
Clear, easy to understand, and believable by a jury.

38. TOP 10 LOCATION FOR EVIDENCE
1) Internet History Files
2) Temporary Internet Files
3) Slack/Unallocated Space
4) Buddy lists, personal chat room records, P2P, others saved areas
5) News groups/club lists/posting
6) Settings, folder structure, file names
7) File Storage Dates
8) Software/Hardware added
9) File Sharing ability
10) E-mails

39. TOOLS AND TECHNIQUES
 There are two types of computer data
1. Persistent data
2. Volatile data
 There are different tools used to collect data
 An essential toolkit should contain-backup, authentication,
decryption, disk editing, log file auditing, IP tracking, data recovery,
and file examination.
 Tools used depend on what data has to be analyzed

40. Some common tools:
 Drivespy
 Encase
 Forensic tool kit
 I Look
 Norton utilies
 Xways

41. TECHNIQUES:
Cross Drive Analysis
Deleted files analysis
Live analysis

42. DISADVANTAGES
 It may happen in some cases that the privacy of the client is
compromised.
 There are also the chances of introduction of some malicious
programs in the computer system that may corrupt the data at a
later stage of time.
 It is also possible that the data is in dispute and neither of the
disputing parties can use the data. Due to this reason the business
operations may also be affected.
 Producing electronic records & preserving them is extremely costly
 Legal practitioners must have extensive computer knowledge and
vice versa

43. THANK YOU