The document outlines the various types of computer forensics technologies utilized in military, law enforcement, and business contexts, emphasizing their role in recovering data and analyzing cyber threats. Key aspects include the objectives of cyber forensics, types of technologies used, and specialized techniques such as live forensics and data recovery. It also discusses encryption methods, vulnerabilities, and the importance of securing data against unauthorized access, as well as cybersecurity measures for wireless networks.

1. MODULE 2

2. TYPES OF COMPUTER FORENSICS
Different areas where cyber forensic technologies used are:
1. Military
2. Law Enforcement
Availability of cyber forensic
evidence of malicious
activity
Recognized scientific forensic disciplines, such
as medical pathology, to provide vital
information used in apprehending criminals
and determining their motives.

3. CONT..
3.Business
Data Recovery
Intellectual property theft
etc...

4. TYPES OF MILITARY FORENSIC
TECHNOLOGY
Key objectives of cyber forensics include rapid discovery of evidence, estimation of
potential impact of the malicious activity on the victim, and assessment of the intent and
identity of the perpetrator.
Real time tracking was difficult because information was intentionally hidden.

5. CONT...
Technology used:
Cyber forensic experiment 2000 (CFX-2000)
● Integrated forensic analysis framework
● The central hypothesis of CFX-2000 is that it is possible to accurately determine the motives, intent,
targets, sophistication, identity, and location of cyber criminals and cyber terrorists
● Tools : commercial off-the-shelf softwares and directorate sponsored R&D prototypes.
● Si-Fi integration environment -Synthesizing Information from Forensic Investigations-> environment
provides collection,examination and analysis process employed during cyber forensic investigation.
● Si-Fi prototype uses Digital Evidence Bags(DEBs) ,they are secure and tamper proof container used to
store digital evidence.
● Investigators-->seal the DEBs ; Authorized user -->open the DEBs

6. CONT...
Result of CFX-2000 verified that hypothesis was largely correct and it was possible to
ascertain the intent and identity of cyber criminals.
CFX-2000 Schematic

7. TYPES OF LAW ENFORCEMENT
COMPUTER FORENSIC
TECHNOLOGY
Computer Evidence Processing Procedure
1. Preservation of Evidence
Computer evidence is fragile and susceptible to alteration.
Black box and safeback computer forensic software tools are good tools for investigation.
Safeback overcomes some of the evidence inherent features of black box software.

8. SAFE BOX
Safeback produces mirror image of entire hard disk drive or partition. They cannot be altered or modified.
PRIMARY USE:
Backups of hard disk in Intel-based computer system.
Intelligent gathering tool for military agencies.
Evidence preservation tool for law enforcement.
Features:
DOS based operation.
Provide a detailed audit trail of backup process.

9. TROJAN HORSE PROGRAMS
The computer forensic expert should be able to demonstrate his/her ability to avoid destructive programs and traps
that can be planted by computer users bent on destroying data and evidence.
COMPUTER FORENSIC DOCUMENTATION
To present a finding we need to have a proper documentation.
FILE SLACK
Slack space in a file is the remnant area at the end of the file in the last assigned disk cluster ,that is unused by
current file data.Techniques and tools are used by experts to capture and evaluate file slack.

10. DATA HIDING TECHNIQUES
Trade secret information and other sensitive data can be easily hidden using many number of techniques.Computer
forensics should be able to understand these anomalies and use tools to unhide these data and information.
One such tool is Anadisk -Diskette Analysis tool
It is primarily used to identify data storage anomalies on
floppy disk and generic hardware in the form of floppy
disk controller.

11. E-COMMERCE INVESTIGATIONS
Net Threat Analyzer can be used to identify past Internet browsing and email activity done through specific
computer.
DUAL PURPOSE PROGRAM
Programs can be designed to perform multiple processes and task at the same time.Computer forensic experts
must have knowledge about this.
TEXT SEARCH TECHNIQUE
Tools that can be used to find targeted string of text in a file.Text Search Plus is a tool used to quickly search hard
disk drive , zip ,floppy for keywords or specific text.

12. FUZZY LOGIC TOOL USED TO IDENTIFY UNKNOWN TEXT
FILTER_G or FILTER_I can be used in this case.It can be used to find patterns in english language grammar in ambient
data files.
2. Disk Structure
Computer forensic experts must understand how computer hard disk and floppy diskettes are structured and
arranged and how evidence can reside at various levels within the structure of data.
They should also know how to modify these data.
3. Data Encryption
Computer forensic should become familiar to software that can be used to crack security associated with different
file structure

13. 4.Matching a diskette to a computer
Specialized tools and techniques that make it possible to conclusively tie a diskette to a computer that was used to
create or edit files stored on it.Computer forensic experts should have knowledge about those softwares that can be
used in this case.
5. Data Compression
Computer forensic experts should have an idea about how data compression works and how it can be used to hide
data and information.
6.Erased Files
Computer forensic experts should have an idea about how to recover previously erased files using DOS program and
by manually using data recovery techniques and be familiar with cluster chaining.

14. 7. Internet abuse detection and identification
Computer forensic expert should become familiar with how to use specialized software to identify how a targeted
computer has been used on the internet.
8. The boot process and memory resident programs
Computer forensic experts should become familiar with how the OS can be modified to change and destroy data at
the whim of the person who configured the system.

15. Specialized forensics techniques

16. 1. Live Forensics
2. Data Recovery
3. Password Recovery
4. File Carving
5. Header Analysis
Techniques

17. * Live forensics: otherwise known as Live Response,
attempts to discover, control, and eliminate threats in
a live, running system environment. Live forensics
deals with active threats at runtime.
Example: A common example of live forensics is the
analysis of system memory.
* Data recovery : The restoration of data that has been
damaged, deleted, or lost.

18. * Password Recovery : It refers to the recovery of
password-protected files that are rendered useless if
the passwords are lost.
Example: During criminal investigations, a common
sight faced by law enforcement is password-protected
files on the suspect’s system. A wide array of utilities is
available to pry open such files. Passware is one tool
used .

19. * File Carving : A forensics technique that uses file
contents, rather than file metadata, to find or recover
said file. File carving extracts meaningful, structured
data from a structureless, unallocated portion of the
drive. It is most useful when file or directory entries
are either corrupt or missing.

20. * Header Analysis: Header analysis enables
investigators to analyze email headers, which can
point to the IP address of the source email, as well as
fix delays in email delivery.

21. * In many cases , documents and files are deleted from
a computer can be found and recovered using the
methods of computer forensics.
* when files or documents are deleted from a
computer the majority of the actual information is left
behind.
* Documents and files deleted or hidden even years ago
may be recovered through a computer investigation.
HIDDEN DATA AND HOW TO FIND IT

23. TOPICS:
● SPYWARE AND ADWARE.
● ENCRYPTION METHODS AND
VULNERABILITIES.
● PROTECTING DATA FROM BEING
COMPROMISED.
● INTERNET TRACING METHODS.

24. SPYWARE
● A product that employs a user's Internet connection in
the background without their knowledge,and
gathers/transmits info on the user or their behavior.
● Spyware products will collect referrer info,your IP
address,system information(such as time of visit, type
of browser used, the operating system and platform, and
CPU speed.)
● Spyware products sometimes wrap other commercial
products, and are introduced to machines when those
commercial products are installed.

25. Examples:
● CoolWebSearch, a group of programs, takes advantage of
Internet Explorer vulnerabilities. The package directs
traffic to advertisements on Web sites including
coolwebsearch.com. It displays pop-up ads, rewrites
search engine results, and alters the infected computer's
hosts file to direct DNS lookups to these sites.
● FinFisher, sometimes called FinSpy is a high-end
surveillance suite sold to law enforcement and
intelligence agencies. Support services such as training
and technology updates are part of the package.
● Zwangi redirects URLs typed into the browser's address
bar to a search page at www.zwangi.com,[53] and may also
take screenshots without permission.

27. adware
● Advertising-supported software.
● Software that brings targeted ads to your computer, after
you provide initial consent for this task.
● Some Adware may hijack the ads of other companies,
replacing them with its own.
● Adware typically will track your browsing habits and
report this info to a central ad server.

28. Examples:
1. CoolWebSearch,pornographic ads.
2. Ads by Gamevance is an adware program associated with
Gamevance, the free gaming software website. Ads by
Gamevance displays pop-up advertisements in the top-left
corner of your Web browser. Ads by Gamevance does not
collect your personal information.
3. Virtumundo, dangerous adware virus. Virtumundo floods your
computer with pop-up advertisements for a fake
anti-spyware program. While the pop-up advertisements may
interfere with your online browsing, the real danger is
that Virtumundo records your keystrokes as you type and
sends the information to a remote hacker. This information
may then be used to steal your identity.

29. How does spyware and adware get our system?
● Spyware is usually an executable software program that
you have inadvertently downloaded to your computer and is
usually bundled within a freeware advertising-supported
software, or shareware software package.
● Because we have become immune to seeing the "next" button
during an install of this type of software, we fail to
read the install wizard screens. These screens will
usually explain in technical jargon what you're actually
installing on your system in addition to the software you
are aware of installing.
● ANTI-MALWARE TOOLS: Bitdefender Adware Removal
Tool,MalwareFox,The Avira Free Security Suite, etc.

30. Encryption methods & vulnerabilities
What is encryption?
Encryption is the process of encoding a message/information
in such a way that only authorized parties can access it and
those who are not authorized cannot.
How does encryption work?
Unencrypted data, often referred to as plaintext, is
encrypted using an encryption algorithm and an encryption
key. This process generates ciphertext that can only be
viewed in its original form if decrypted with the correct
key. Decryption is simply the inverse of encryption.

32. Widely used encryption algorithms fall into two categories:
symmetric and asymmetric:
● Symmetric-key:"secret key," use a single key, sometimes
referred to as a shared secret because the system doing
the encryption must share it with any entity it intends
to be able to decrypt the encrypted data.The most widely
used symmetric-key is the Advanced Encryption Standard
(AES).
● Asymmetric cryptography, also known as public key
cryptography, uses two different but mathematically
linked keys, one public and one private. The public key
can be shared with everyone, whereas the private key must
be kept secret. The RSA encryption algorithm is the most
widely used public key algorithm.

34. The following steps describes the working of E2EE when
two people communicate on WhatsApp.
1. When the user first opens the WhatsApp, two different
keys (public & private) are generated. The encryption
process takes place on the phone itself.
2. The private key must remain with the user whereas the
public key is transferred to the receiver via the
centralised WhatsApp server.
3. The public key encrypts the senders message on the phone
even before it reaches the centralised server.
4. The server is only used to transmit the encrypted
message. The message can only be unlocked by the private
key of the receiver. No third part, including WhatsApp
can intercept and read the message.

35. Insecurity of the Net.
1. First, a weakness in world’s most popular encryption program
that, in some circumstances, allows the encryption program
to be completely bypassed,using this program to encrypt
email to protect its privacy & confidentiality-loss.
2. Second, hackers have recently discovered a cloaking program
that allows them to blow past firewalls on servers and
networks without being detected.
3. Third, a flaw has been announced that affects networks
around the globe regarding the file transfer protocol (FTP)
used on the Internet. These three revelations taken together
are seriously bad news for Internet privacy,
confidentiality, and security.

36. The Fallacies of Encryption and Password Protection
● If a snoop can gain physical access to your computer or
floppy disk where you store your secret key, he can
modify it and wait for you to use it.
● When you do, he or she is secretly notified. From that
point on, he has access to the rest of your encrypted
personal information and you never know it. In effect,the
snoop bypasses a user’s password and bypasses the effects
of encryption entirely.
● In this instance, the protection offered by encryption is
illusory. Likewise, if a hacker can electronically break
into your computer, and you have your secret key stored
there, the security of your digital signature or your
encrypted files is worthless.

37. Internet and Email Encryption and Security
● The most popular encryption program is called PGP, or
Pretty Good Privacy, invented by Phil Zimmerman a decade
ago.PGP is a dual key, algorithm-based code system that
makes encrypted data practically impossible to decipher.
PGP is now owned by Network Associates, Inc. Of the 800
million people using the Internet, about 60 million use
PGP to encrypt email.
● The flaw is serious for two reasons. First, open PGP is
the most widely used encryption system in the world.
Until recently many systems that make e-commerce
available by credit card on the Internet have been based
on PGP. These products are still in use worldwide.

38. ● Second, the theory behind PGP is essentially the same as
that used in the Rivest, Shamir and Adleman (RSA)
standard for digital signatures. The presumed security of
this technique was what persuaded Congress to pass the
Digital Signatures Act, which is based on RSA standards.

39. PROTECTING DATA FROM BEING COMPROMISED
● Business without a computer is now an exception
● You communicate via email and chat, and even voice and
video communication uses computers. You maintain financial
records, schedule appointments, and store significant
amounts of business records, all electronically.
● Individuals who exploit these benefits.Tgital evidence can
often make or break a case.
● Computer forensics is the science whereby experts extract
data from computer media in such a way that it may be used
in a court of law.
● In other words, computer forensics is used by experts to
protect data from bein compromised.

40. INTERNET TRACING METHODS
● It is about how you can find out whether someone faked
his or her email address and how you can find out from
which account that mail really was sent.
● Sometimes people might send you information or hate mail
from a fake address.This can be done quite easily by
simply changing the Sender and Return-to fields to
something different. You can do this, since these fields
(your identity), are normally not checked by the
mailserver when you send mail, but only when you receive
mail .

41. ● Every email has a so-called header. The header is the
part in which the route the email has taken is being
described. Since the header is rather ugly, it is
normally hidden by the email program. Every email program
can display them, look into the Options or Preferences
menu.
● Let us use the following email text to figure out:
“What,who,when,where,why” - 5Ws and more.

47. https://www.online-tech-tips.com/computer-tips/worry-verification-emails-google/

48. 1
Security and Wireless
Technologies
Wireless Network Security is the process of
designing, implementing and ensuring security on
a wireless computer network. It is a subset of
network security that adds protection for a wireless
computer network.

49. 2
Types of Wireless Security
Protocols
• WEP
• WPA
• WPA2
• WPA/WPA2 MIXED
SECURITY
• WPA3
• WPS
• ACCESS CONTROL

50. WEP (Wireless Equivalent
Privacy)
• Developed in 1997
• Earliest Wi-Fi Security Protocol
• 40 bit encryption key
• Easily Hackable
• Deprecated in 2004
3

51. WPA ( Wi-Fi Protected
Access )
• Developed in 2002
• Stronger Encryption
• Uses TKIP ( Temporal Key Integrity Protocol
• Deprecated in 2012
It was designed to provide more secure encryption than the
notoriously weak Wired Equivalent Privacy (WEP), the original WLAN
security protocol. TKIP is the encryption method used in Wi-Fi
Protected Access (WPA)
4

52. Attacking WEP and WPA
 macchanger – a tool that allows you to view and/or spoof (fake) your
MAC address
 airmon – a tool that can help you set your wireless adapter into monitor
mode (rfmon)
 airodump – a tool for capturing packets from a wireless router (otherwise
known as an AP)
5

53. WPA2
• Provides even stronger security than the WPA
• Uses AES ( Advanced Encryption Standard )
• Adopted by the U.S Government.
The Advanced Encryption Standard, or AES, is an encryption method chosen
by the U.S. government to protect classified information and is implemented
in software and hardware throughout the world to encrypt sensitive data.
6

54. Mixed Security
• WPA and WPA2 Mixed
7

55. Mixed Security Option
 Broadcasting TKIP and AES
 Mixed mode is for Compatibility Purposes.
 Not secure as WPA2 because TKIP is also used, which is vulnerable.
8

56. WPA3
 The next Generation of Wireless Security
 Introduced in 2018
 Provides cutting edge security protocols to the market
 Adds new features to simplify wifi security, and enable more robust
authentication.
 Receive increased protection from password guessing attempts.
9

57. WPS - Wi-Fi Protected
Setup
 No Password Required
 Designed to make it as easy as possible for devices to join a secure
Wireless Network.
10

58. ACCESS CONTROL
 This is currently the most robust solution for controlling access to the WLAN
itself. A common but far less robust method is to apply simple MAC address
control lists at the AP, permitting access only by those stations on the list.
11

59. ACCESS CONTROL
12

60. VPN
 A VPN gives you online privacy and anonymity by creating a private
network from a public internet connection. It masks your internet protocol
address to keep your online actions private. It provides secure and
encrypted connections to provide greater privacy and security.
13

61. DOs and DON'Ts
 Don't connect to open networks
 Dont use WEP
 Don't use Mixed Security Option WPA/WPA2 use WPA2 alone instead
 Do use Access Control
 Do use VPN
14