Cyber security and digital forensic

Case Study:

Stuxnet: Malware by Isreal and US, 500KB size , Ethics and the Law

Banking Financial sector (Bangladesh hack):

Sunanda Pushar case,Vyapam Case,Pratyusha Banerjee suside case

11 May (Huthis ) : Ukerain shut down for two days.

Squreware (Ramsomeware) : 63 file extension on malicious software works

HBO , Kim kardashian

Cyber crime, cyber war, cyber terrorism (C3)

NCRB.com National cyber cri

Group alfa bay similar to silkroad

Critical information infrastructure (CII)

SIGINT: Signal Intelligence

COMMIT: communication intelligence

ELINT: Electronic intelligent

OSINT: Open source

PSYOPS: Psychological operations

IFISINT: Foreign instrument signal intelligence

IMINT: Imagery intelligence

MASINT: Measurement intelligence

HUMINT: Human intelligence

GEOSPATIAL INT: Analysis and presentation security Reverent Activity

8200 isreal govt. sponsored hacking group

Cyber/ Computer/ Digital Forensics

Tools and standards:

Forensic +Tools +Brain =intelligence

Locards exchange principle holds that the perpetrator of a crime will bring
something into the crime scene and leave with something from it, and that both
can be used as forensic evidence.

Forensic is finding scientific answer to legal questions.

Ncase is a Recovery tool.

Steps of computer forensics: IPAD

1. Identification
2. Preservation [make imaging physical or logical: then chair of custody
COC::]
3. Analysis [60% time is consumed here]
4. Documenting Report

Disk, Network/ IoT, Wireless Forensics

Classification of Cyber forensics:

Memory forensics: Dump you RAM and work on it

Database: study the database, time stamp

Malware:

Mobile device
Email

COC: points to remember for foolproof CHAIN OF CUSTODY

Physical security, data encryption, multiple copies, sticky notes

Code of criminal Procedure (SoP: Standard operating procedure):

Some tooks:

50 GB/hr for cloning the data

Ceddelk :

Ufet : Mobile forensic took

UFET touch:

Write Blocker: Imaging of hard drive.

Oxygen Forensic suit 2014: Phone forensic

Open source

DFF, Autopsy, Caine interface, AccessData (input is image and parse to structure
data)

++++++++++++++++++++PRACTICAL HANDON+++++++++++++++++++++++++++

AccessData FTK Imager (keep the information that from which device data is
retrieved)[software forensic imagers]

Logical data + slack area= physical cloning

Central 5 forensic centers FSL-Forensic science lab

Blanko is ant forensic tool to delete the data. (wipeing)

OSForensics, F-RAT, USBDeview, Autoruns Sysinternals,

SAM,SYSTEM,SECURITY,SOFTWARE, NTUSER.DAT
Artifacts =>

D3pakblogspot.wordpress.com

Lighshot