Unit 4 and Unit 5 Class Notes - Cyber Security - 1518766008 PDF
Unit 4 and Unit 5 Class Notes - Cyber Security - 1518766008 PDF
Unit 4 and Unit 5 Class Notes - Cyber Security - 1518766008 PDF
Topics to be covered
Cyber Crime and Criminal justice: Concept of Cyber Crime and the IT Act, 2000, Hacking, Teenage Web
Vandals, Cyber Fraud and Cheating, Defamation, Harassment and E-mail Abuse, Other IT Act Offences,
Monetary Penalties, jurisdiction and Cyber Crimes, Nature of Criminality, Strategies to tackle Cyber Crime
and Trends. The Indian Evidence Act of 1872 v. Information Technology Act, 2000: Status of Electronic
Records as Evidence, Proof and Management of Electronic Records; Relevancy, Admissibility and Probative
Value of E-Evidence, Proving Digital Signatures, Proof of Electronic Agreements, Proving Electronic
Messages.
----------------------------------------------------------------------------------------------------------------------------------------------
Cyber Crime-Cyber crime, or computer oriented crime, is crime that involves a computer and a network.
The computer may have been used in the commission of a crime, or it may be the target. Cyber crime is a
Offences that are committed against individuals or groups of individuals with a criminal motive to
intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim
directly or indirectly, using modern telecommunication networks such as Internet (networks including but
not limited to Chat rooms, emails, notice boards and groups) and mobile phones
(Bluetooth/SMS/MMS).Cybercrime may threaten a person or a nation's security and financial health. Issues
surrounding these types of crimes have become high-profile, particularly those surrounding hacking,
copyright infringement, unwarranted mass-surveillance, sextortion, child pornography, and child grooming.
There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or
otherwise.
IT Act, 2000-An Act to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as electronic commerce,
which involve the use of alternatives to paper-based methods of communication and storage of
information, to facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker’s Books Evidence Act, 1891 and
the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.
Hacking-Hacking is unauthorized intrusion into a computer or a network. The person engaged in hacking
activities is generally referred to as a hacker. This hacker may alter system or security features to
accomplish a goal that differs from the original purpose of the system.
Teenage Web Vandals-IT defines, vandalism as willful or malicious destruction, injury, disfigurement, or
defacement of any public or private property, real or personal, without the consent of the owner or
persons having custody or control. Vandalism includes a wide variety of acts, including graffiti, damaging
property (smashing mailboxes, trashing empty buildings or school property, breaking windows, etc.),
stealing street signs, arson, egging homes or cars, toilet papering homes, and other types of mischief.
Cyber Fraud and Cheating-It means the person who is doing the act of cyber crime i.e. stealing password
and data storage has done it with having guilty mind which leads to fraud and cheating.
Defamation-The offense of injuring a person's character, fame, or reputation by false and malicious
statements.
Harassment -Harassment is a form of discrimination. It involves any unwanted physical or verbal behavior
that offends or humiliates you. Generally, harassment is a behavior that persists over time. Serious one-
time incidents can also sometimes be considered harassment.
E-mail Abuse-Email Abuse, also known as junk email, is a type of electronic spam where unsolicited
messages are sent by email. Many email spam messages are commercial in nature but may also contain
disguised links that appear to be for familiar websites but in fact lead to phishing web sites or sites that are
hosting malware. Spam email may also include malware as scripts or other executable file attachments
(Trojans).
Other IT Act Offences-The offences included in the IT Act 2000 are as follows:
i) Tampering with the computer source documents.
ii) Hacking with computer system.
iii) Publishing of information which is obscene in electronic form.
iv) Power of Controller to give directions
v) Directions of Controller to a subscriber to extend facilities to decrypt information
vi) Protected system
vii) Penalty for misrepresentation
viii) Penalty for breach of confidentiality and privacy
ix) Penalty for publishing Digital Signature Certificate false in certain particulars
x) Publication for fraudulent purpose
xi) Act to apply for offence or contravention committed outside India
xii) Confiscation
xiii) Penalties or confiscation not to interfere with other punishments.
xiv) Power to investigate offences.
Monetary Penalties-A Monetary Penalty is a civil penalty imposed by a regulator for a contravention of an
Act, regulation or by-law. It is issued upon discovery of an unlawful event, and is due and payable subject
only to any rights of review that may be available under the AMP's implementing scheme. It is regulatory in
nature, rather than criminal, and is intended to secure compliance with a regulatory scheme, and it can be
employed with the use of other administrative sanctions, such as demerit points and license suspensions.
Nature of Criminality
i) Human individuals as considered as the basis of explaining crime as an individual criminality.
As compared to the theory of crime as a social construct, the focus of the concept of crime as an
individual criminality is already on the individual. Rooting from the person, it looks into the innate
or inherent factors that can significantly influence the making of a criminal.
ii) In the perspective of individual criminality, it can be asserted that a criminal is born or can
be made. In the claim that a criminal is born, it can be traced on the studies regarding the
importance of heredity. On the other hand, the claim that a criminal is made, it is traced on an
individual's environment- one's diet and even the environment. While, the aspect of environment is
still included in the theory of individual criminality, it is still geared towards the study of the
individual.
iii) The concept of a born criminal can be traced with the studies that show the importance
and power of oneself in the development of one's criminality. Being a born criminal is also equated
to being hereditary. A person is more likely to become criminal is it is already in their blood to
become one. In heredity, it includes the elements like physical appearance, modern genetics theory
as well as learning theory.
The Indian Evidence Act of 1872 v. Information Technology Act, 2000-The Court may presume that an
electronic message forwarded by the originator through an electronic mail server to the addressee to
whom the message purports to be addressed corresponds with the message as fed into his computer for
transmission; but the Court shall not make any presumption as to the person by whom such message was
sent.
The Information Technology Act was originally passed on 17th October 2000 with one of the aim to
provide legal recognition to digital/electronic evidence. Hence, amendments were made in the Indian
Evidence Act regarding collection and production of digital evidence in the court of law.
Some of the important provisions of the Indian Evidence Act pertaining to digital/electronic evidence are as
follows –
i) Defining Electronic Record.
ii) Scope of definition of evidence expanded to include electronic records.
iii) Admissibility of electronic records
iv) Presumption as to electronic messages
Relevancy-As a quality of evidence, "relevancy" means applicability to the issue joined. Relevancy is that
which conduces to the proof of a pertinent hypothesis; a pertinent hypothesis being one which, if
sustained, would logically influence the issue.
Proving Digital Signatures-Proving the legality of a digital signature involves a two-step process: having the
signature admitted as evidence and then demonstrating its trustworthiness. To admit a signature as
evidence, you will need expert testimony describing the record creation process and supporting its
accuracy. Once the signed record is admitted, the trustworthiness of the signature must be shown.
Proving Electronic Messages-Under section 88A, it is presumed that an electronic message forwarded by a
sender through an electronic mail server to an addressee corresponds with the message fed into the
sender's computer for transmission. However, there is no presumption regarding the person who sent the
message.
----------------------------------------------------------------------------------------------------------------------------------------------
Unit -5
Topics to be covered
Introduction to Cyber Forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific
Method in Forensic analysis, investigating large scale Data breach cases. Analyzing malicious software.
Types of Computer Forensics Technology, Types of Business Computer Forensic Technology, Specialized
Forensics Techniques.
----------------------------------------------------------------------------------------------------------------------------------------
Computer forensics
i) Computer forensics is the application of investigation and analysis techniques to gather and
preserve evidence from a particular computing device in a way that is suitable for presentation in a
court of law. The goal of computer forensics is to perform a structured investigation while
maintaining a documented chain of evidence to find out exactly what happened on a computing
device and who was responsible for it.
ii) Forensic investigators typically follow a standard set of procedures: After physically isolating
the device in question to make sure it cannot be accidentally contaminated, investigators make a
digital copy of the device's storage media. Once the original media has been copied, it is locked in a
safe or other secure facility to maintain its pristine condition. All investigation is done on the digital
copy. Below Fig. shows the various domains of Forensic Science.
Types of Business Computer Forensic Technology-The following types of business computer forensics
technology are:
i) Remote monitoring of target computers-Data Interception by Remote Transmission (DIRT)
from Codex Data Systems (CDS), is a powerful remote control monitoring tool that allows stealth
monitoring of all activity on one or more target computers simultaneously from a remote command
center. No physical access is necessary. Application also allows agents to remotely seize and secure
digital evidence prior to physically entering suspect premises.
ii) Creating trackable electronic documents-Binary Audit Identification Transfer (BAIT) is
another powerful intrusion detection tool from CDS that allows the user to create trackable
electronic documents. Unauthorized intruders who access, download, and view
these tagged documents will be identified (including their location) to security personnel. BAIT also
allows security personnel to trace the chain of custody and chain of command of all who possess
the stolen electronic documents.
iii) Theft recovery software for laptops and PCs-Also, according to Safe ware Insurance,
756,000 PCs and laptops were stolen in 1997 and 1998, costing owners $2.3 billion dollars. And,
according to a recent joint Computer Security Institute/FBI survey, 69% of the Fortune 1000
companies experienced laptop theft.
Nationwide losses of computer component theft cost corporate America over $8 billion a year. So, if your
company experiences computer-related thefts and you do nothing to correct the problem, there is an 89%
chance you will be hit again.
iv) Basic forensic tools and techniques-The basic techniques needs to know types of computer
crime, cyber law basics, tracing e-mail to source, digital evidence acquisition, cracking passwords,
monitoring computers remotely, tracking on-line activity, finding and recovering hidden and
deleted data, locating stolen computers, creating trackable files, identifying software pirates.
Corporate Cyber Forensics-It deals with the tracking of personal user information by monitoring their
hardware and software components using different techniques to understand their behavior and create
secure platform and infrastructure.
Analysis Phase-Forensic analysis is the process of understanding, recreating and analyzing arbitrary events
that have gathered from digital sources. The analysis phase collects the acquired data and examines it to
find the pieces of evidences. This phase also identify that the system was tampered or not to avoid
identification. Analysis phase examines all the evidence collected during collection and acquisition phases.
There are three types of examinations can be applied for the forensics analysis; limited, partial or full
examination.
Reporting Phase-The reporting phase comprises of documentation and evidence retention. The scientific
method used in this phase is to draw conclusions based on the gathered evidence. This phase is mainly
based on the Cyber laws and presents the conclusions for corresponding evidence from the investigation.
There is a need of good policy for how long evidence from an incident should be retention. Factors to be
considered in this process are prosecution, data retention and cost. To meet the retention requirements
there is a need of maintaining log archival. The archived logs must be protected to maintain confidentiality
and integrity of logs.
Analyzing malicious software-Malware analysis is the study or process of determining the functionality,
origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or
backdoor. Malware or malicious software is any computer software intended to harm the host operating
system or to steal sensitive data from users, organizations or companies. Malware may include software
that gathers user information without permission.
i) Computer security incident management: If an organization discovers or suspects that
some malware may have gotten into its systems, a response team may wish to perform malware
analysis on any potential samples that are discovered during the investigation process to determine
if they are malware and, if so, what impact that malware might have on the systems within the
target organizations' environment.
ii) Malware research: Academic or industry malware researchers may perform malware
analysis simply to understand how malware behaves and the latest techniques used in its
construction.
iii) Indicator of compromise extraction: Vendors of software products and solutions may
perform bulk malware analysis in order to determine potential new indicators of compromise, this
information may then feed the security product or solution to help organizations better defend
themselves against attack by malware.
Forensic Services Available-Through Forensic Evidence Acquisition Services, CDS forensic experts can
provide management with a potent arsenal of digital tools at its disposal. Services include but are not
limited to:
i) Lost password and file recovery
ii) Location & retrieval of deleted and hidden files
iii) File and e-mail decryption
iv) E-mail supervision and authentication
v) Threatening e-mail traced to source
vi) Identification of Internet activity
vii) Computer usage policy and supervision
viii) Remote PC and network monitoring
ix) Tracking and location of stolen electronic files
x) Honey-pot sting operations
xi) Location and identity of unauthorized SW users
xii) Theft recovery software for laptops and PCs
xiii) Investigative and security software creation
Methodology for the Featured Forensic Science Technologies-When deciding which technologies to
include on this list, a number of factors were taken into consideration.
i) Relevance to the Topic of Forensic Technology: The said technology must be actively used in
the field of Forensic Science and can be taught at the college level. Widely regarded technologies
were considered first, while more experimental technologies were included only on the basis of
reputable peer-reviewed documentation.
ii) Novelty in the Field of Forensic Science: More experimental technologies were given higher
priority based on whether the technology gave advanced information that is not readily available by
using other technologies. These “cutting-edge” technologies were thoroughly vetted to ensure that
they have become accepted techniques by leaders in the field.
iii) Reliability of Technology: Finally, only techniques used with more than 80% reliability were
included in this list. Factors that affect reliability included case closure rate, successful conviction
rate and correct identification rate.
----------------------------------------------------------------------------------------------------------------------------------------