Cyber Forensics – CS Professional Study Material

April 21, 2023 / CS Professional / By

Chapter 6 Cyber Forensics – Forensic Audit ICSI Study Material is designed strictly as per the latest syllabus and exam pattern.

Cyber Forensics – CS Professional Forensic Audit Study Material

Question 1.
What do you mean by Cyber Crime?
Answer:
Cyber Crime: Meaning and Definition:
Crime is not per sea legal term. It derives its meaning and has a connotation in the background of a society than the State as such. Thus, it defies an attempt to lay down a strait jacket definition with clearly defined boundaries. However, usually it is put synonymous to something which is “a wrong”, “an offence”, “a misdemeanour” or “a felony”. Crime is both a social and an economic phenomenon. It is as old and historical as the human society itself. Many ancient books, right from the pre-historic days, and mythological stories have spoken about crimes being committed by individuals; be it committed against an individual like ordinary theft and burglary or against the nation at large like the crimes of spying, treason, etc.
Kautilya’s Arthashastra, a document written around in the 350 BC is considered to be one of the most authentic administrative treatises in India which discusses the various Crimes committed in the society, security initiatives to be taken by the rulers to curb them, possible crimes in a State, etc. It also advocates awarding different punishments for different offences listed therein. Further, the concept of restoration of loss to the victims has also been discussed in it.
Information Technology. Cyber-crimes do not know or recognise any territorial boundary or barrier.
In general, a Cyber Crime can be classified into the following three categories:

  1. Target Cyber Crime: It is a crime wherein a computer is the target of the offence.
  2. Tool Cyber Crime: It is a crime wherein a computer is used as a tool in committing the offence.
  3. Computer incidental: It is a crime wherein the computer plays only a minor role in the commission of the offence.

Cyber Forensics - CS Professional Study Material

Question 2.
Write a brief note International Guidance to Cyber Forensics Laws.
Answer:
International Guidance to Cyber Forensics Laws:
Moore’s law predicts that computing power doubles every 18 months. This ever increasing power enables humans to undertake tasks that are more complex and resource intensive. With the boom of Information Technology (IT) and enhanced technological developments, the IT environment evolved to the specialised Information Security (IS) discipline. This, in turn, acted as catalyst for the development of the digital forensics discipline.
The intention of these technology advances is to make human lives easier and more fulfilling: hand biometric applications can ensure that only authorised people can operate guns; online social communities such as Facebook, Twitter and Instagram can globally connect people; and Iris recognition can lead to a keyless environment.
Computers enable humans to an inconceivable amount of power. However, not all humans can suitably handle power. Accordingly, it is necessary to incorporate digital forensics in the everyday business environment to address the collection and acquisition of digital evidence dispersed through digital systems. The eventual purpose of this evidence collection might be either internal organisational investigations, or prosecution in a court of law.

Necessity of International Standards:
Generally when procedures are standardised, the associated costs are lower, training is simplified and consumers accept products and services more readily.
“Standards are also the key to enhancing our global competitiveness, attracting investment and encouraging and supporting innovation”
Some standardisation benefits include :

  • improving the suitability of products, processes and services for their Intended purposes;
  • preventing barriers to international trade; and
  • preventing unsafe products and procedures from reaching consumers through the regulatory use of safety standards.

WSSN (World Standards Services Network):
WSSN is a publicly accessible network of standards organisations around the world. (WSSN 2006). The three main standards organisations listed on this site are the International Organization for Standardization (ISO), the International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU).
IEC and ITU ensures that where appropriate, ISO has liaison agreements with IEC to provide technical input on matters pertaining to specific IT-related international standards. The WSSN website www.wssn.net also links to a complete list of the international standardising bodies, regional standardising bodies, as well as national members of ISO and IEC.

ISO (International Organization for Standardization):
ISO is the world’s largest developer and publisher of international standards. This organisation is a network of the national standards institutes of 162 countries, one member per country.
The ISO secretariat is situated in Switzerland and coordinates the interaction between member countries’ mandates (some countries are mandated by government, whilst other are mandated by the private sector). As a result, ISO facilitates consensus between member bodies on solutions that meet both the requirements of business and the broader needs of society (ISO 2009b). ISO, in collaboration with IEC (through JTC 1), published a whole portfolio of standards related to generic methods, techniques and guidelines for information, IT and communication security.

SABS (South African Bureau of Standards):
The SABS is the recognised national institution for the promotion and maintenance of standards in South Africa. It is an autonomous body established through legislation in 1969. The SABS prepares and publishes South African National Standards (identified by the letters SANS) that reflects national consensus on a wide range of subject’s. It administers more than 450 technical committees and sub committees to produce standards. The SABS is committed to providing standardisation services that improve the competitiveness of South Africa through the understanding and development of standardisation products and services within South Africa and internationally.

Digital Forensics and Cyber Laws: Procedure for Investigation:
The field of computer forensics investigation is growing, especially as law enforcemept and legal entities realize just how valuable information technology (IT) professionals are when it comes to investigative procedures. With the advent of cyber-crime, tracking malicious online activity has become crucial for protecting private citizens, as well as preserving online operations in public safety, national security, government and law enforcement.

Policy and Procedure Development:
Whether related to malicious cyber activity, criminal conspiracy or the intent to commit a crime, digital evidence can be delicate and highly sensitive. Cyber security professionals understand the value of this information and respect the fact that it can be easily compromised if not properly handled and protected.

Evidence Assessment:
A key component of the investigative process involves the assessment of potential evidence in a cyber-crime. Central to the effective processing of evidence is a clear understanding of the details of the case at hand and thus, the classification of cyber-crime in question.

Evidence Acquisition:
Perhaps the most critical facet of successful computer forensic investigation is a rigorous, detailed plan for acquiring evidence. Extensive documentation is needed prior to, during, and after the acquisition process; detailed information must be recorded and preserved, including all hardware and software specifications, any systems used in the investigation process, and the systems being investigated.

Evidence Examination:
In order to effectively investigate potential evidence, procedures must be in place for retrieving, copying, and storing evidence within appropriate databases. Investigators typically examine data from designated archives, using a variety of methods and approaches to analyze information; these could include utilizing analysis software to search massive archives of data for specific keywords or file types, as well as procedures for retrieving files that have been recently deleted. Data tagged with times and dates is particularly useful to investigators, as are suspicious files or programs that have been encrypted or intentionally hidden.

Documenting and Reporting:
In addition to fully documenting information related to hardware and software specs, computer forensic investigators must keep an accurate record of all activity related to the investigation, including all methods used for testing system functionality and retrieving, copying, and storing data, as well as all actions taken to acquire, examine and assess evidence. Not only does this demonstrate how the integrity of user data has been preserved, but it also ensures proper policies and procedures have been adhered to by all parties. As the purpose of the entire process is to acquire data that can be presented as evidence in a court of law, an investigator’s failure to accurately document his or her process could compromise the validity of that evidence and ultimately, the case itself.

Cyber Forensics - CS Professional Study Material

Question 3.
What do you mean Data Extraction? Discuss the concept with examples.
Answer:
Introduction to Data Extraction:
Data extraction is the act or process of retrieving data out of (usually unstructured or poorly structured) data sources for further data processing or data storage (data migration). The import into the intermediate extracting system is thus usually followed by data transformation and possibly the addition of metadata prior to export to another stage in the data workflow. To make things easy, one may use following data extraction tools for professionals as well as beginners

Out Wit Hub:
Out Wit hub is one of the most popular web scraping tools available in the market. It usually segregates the web pages into different elements and then navigates from page to page to extract the relevant data from the website. This tool has an extension for Mozilla Firefox and Chrome which makes it easy to access and is mainly used to extract links, email ids, data tables, images, etc.

Web Scraper
This is a very simple and easy-to-use web scraping tool available in the industry. It has the unique ability to login to external pages and is mainly used by companies for document extraction, web data scraping, email id extraction, pricing extraction, contact detail extraction, image extraction, etc.

Spinn3r
This is a web service which is used to index the blogs around the world. It provides access to every blog that is published in real-time and is mainly used by organizations to get information from social media, forums, web blogs, reviews, comments, mainstream news monitoring, etc.

Fminer
This is another popular tool used by companies which mainly acts as a visual web scraping tool, web data extractor, and a macro recorder. It is mainly used for disparate web scraping, email id extraction, phone number extraction, image extraction, document extraction, etc.

Parse Hub
This is one of the most well-known visual extraction tools in the market which can be used by anyone to extract data from the web. The tool is mainly used to extract images, email ids, documents, web data, contact info, phone numbers, pricing details, etc.

Octaparse
This is one of the most powerful web scraping tools which can grab all the open data from any website and also save the user the effort of copy-pasting the information or any kind of further coding. This is mainly used to extract IP addresses, disparate data, email addresses, phone numbers, web data, etc.

Table Capture
This tool is an extension to the Chrome browser which helps to capture the data from the website while navigating through the web pages without any hassles. It easily scrapes the data from an HTML table of any website copies it to a clip board and converts it into any of the data formats such as Google spreadsheets, CSV, or Excel.

Scrapy
This is an open source code development framework which performs data extraction with Python. This tool allows developers to program crawlers to extract and track information for one or many websites at once.

Tabula
This is a desktop application for Mac OSX, Windows, and Linux, which helps companies and individuals to convert PDF files into an Excel or CSV file which can be easily edited. This is one of the most used extraction tools in data journalism.

Dexi.io
This web scraping tool doesn’t need any kind of download and is a browser-based tool. This tool allows you to set up crawlers and fetch web data in real-time and also allows you to save the gathered information directly in the Google Drive or export it through CSV or JSON. One unique feature of this tool is that the data can be extracted anonymously using different proxy servers.

Advantages of Using Data Extraction Tools:
The internet is a massive pool of data and it is important for businesses to access relevant information and derive useful insights to ensure their / success in this fast-paced world. Some of the key benefits of using data extraction tools include –

  • Improves Accuracy: Using data extraction tools automates time-consuming manual process, reduces repetitive tasks and helps improve accuracy of the extracted data.
  • Saves Time: These tools quickly extract huge sets of relevant data within a short time. Therefore, it is important to correctly identify the right data scraping tool as per your requirement which will help you save time to focus on other core tasks.
  • Increases Productivity: With appropriate tools in place, your employees are spending more time on tasks which add value to your business and hence their overall productivity is drastically increased.
  • Improves Visibility: These tools provide the staff with full visibility of all the records and make the management of stored data easy.
  • Saves Costs: By automating time consuming and cumbersome tasks, companies need not hire extra staff and hence save on overhead costs considerably.

Cyber Forensics - CS Professional Study Material

Question 4.
Discuss the Concept of Ethical Hacking.
Answer:
Ethical Hacking:
An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners – and with their permission to find security vulnerabilities that a malicious hacker could potentially exploit.

Hacking Computer System: Hacktivism attacks those included Famous Twitter, blogging platform by unauthorized access/control over the computer. Due to the hacking activity there will be loss of data as well as computer. Also research especially indicates that those attacks were not mainly intended for financial gain too and to diminish the reputation of particular person or company.

Cyber Forensics Notes

Introduction to Cyber Crime
Report states that globally 3.2 billion people are now online, representing 43.4 per cent of the world’s population, while mobile-cellular subscriptions have reached almost 7.1 billion worldwide, with over 95 per cent of the global population now covered by a mobile-cellular signal.

As per the report published in The Indian Express2, India has been ranked 131 out of 167 nations on a global index that measures the level of Information and Communication Technology access, even as the number of households with a computer and internet connection has increased to a good extent in the country over the last five years.

Cyber Crime: Meaning and Definition
Crime is not per se a legal term. It derives its meaning and has a connotation in the background of a society than the State as such. Thus, it defies an attempt to lay down a strait jacket definition with clearly defined boundaries. However, usually it is put synonymous to something which is “a wrong”, “an offence”, “a misdemeanour” or “a felony”. Crime is both a social and an economic phenomenon. It is as old and historical as the human society itself. Many ancient books, right from the pre-historic days, and mythological stories have spoken about crimes being committed by individuals; be it committed against an individual like ordinary theft and burglary or against the nation at large like the crimes of spying, treason, etc. In general, a Cyber Crime can be classified into the following three categories:

  1. Target Cyber Crime: It is a crime wherein a computer is the target of the offence.
  2. Tool Cyber Crime: It is a crime wherein a computer is used as a tool in committing the offence.
  3. Computer Incidental: It is a crime wherein the computer plays only a minor role in the commission of the offence.

International Guidance to Cyber Forensics Laws7:
Moore’s law predicts that computing power doubles every 18 months. This ever increasing power enables humans to undertake tasks that are more complex and resource intensive. With the boom of Information Technology (IT) and enhanced technological developments, the IT environment evolved to the specialised Information Security (IS) discipline. This, in turn, acted as catajyst for the development of the digital forensics discipline.

Necessity of International Standards:
Generally when procedures are standardised, the associated costs are lower, training is simplified and consumers accept products and services more readily.
Standards are also the key to enhancing our global competitiveness, attracting investment and encouraging and supporting innovation”
Some standardisation benefits include :

  • improving the suitability of products, processes and services for their intended purposes;
  • preventing barriers to international trade; and
  • preventing unsafe products and procedures from reaching consumers through the regulatory use of safety standards.

WSSN (World Standards Services Network):
WSSN is a publicly accessible network of standards organisations around the world. (WSSN 2006). The three main standards organisations listed on this site are the International Organization for Standardization (ISO), the International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU).

Cyber Forensics - CS Professional Study Material

ISO (International Organization for Standardization):
ISO is the world’s largest developer and publisher of international standards. This organisation is a network of the national standards institutes of 162 countries, one member per country.

SABB (South African Bureau of Standards):
The SABS is the recognised national institution for the promotion and maintenance of standards in South Africa. It is an autonomous body established through legislation in 1969. The SABS prepares and publishes South African National Standards (identified by the letters SANS) that reflects national consensus on a wide range of subjects. It administers more than 450 technical committees and sub committees to produce standards. The SABS is committed to providing standardisation services that improve the competitiveness of South Africa through the understanding and development of standardisation products and services within South Africa and internationally.

Cyber Crime : Meaning and Definition:
Crime is not per se a legal term. It derives its meaning and has a connotation in the background of a society than the State as such. Thus, it defies an attempt to lay down a strait jacket definition with clearly defined boundaries. However, usually it is put synonymous to something which is “a wrong”, “an offence”, “a misdemeanour” or “a felony”. Crime is both a social and an economic phenomenon. It is as old and historical as the human society itself. Many ancient books, right from the pre-historic days, and mythological stories have spoken about crimes being committed by individuals; be it committed against an individual like ordinary theft and burglary or against the nation at large like the crimes of spying, treason, etc. In general, a Cyber Crime can be classified into the following three categories:

  1. Target Cyber Crime: It is a crime wherein a computer is the target of the offence.
  2. Tool Cyber Crime: it is a crime wherein a computer is used as a tool in committing the offence.
  3. Computer Incidental: It is a crime wherein the computer plays only a minor role in the commission of the offence.

International Guidance to Cyber Forensics Laws7:
Moore’s law predicts that computing power doubles every 18 months. This ever increasing power enables humans to undertake tasks that are more complex and resource intensive. With the boom of Information Technology (IT) and enhanced technological developments, the IT environment evolved to the specialised Information Security (IS) discipline. This, in turn, acted as catalyst for the development of the digital forensics discipline.

Necessity of International Standards:
Generally when procedures are standardised, the associated costs are lower, training is simplified and consumers accept products and services more readily.
Standards are also the key to enhancing our global competitiveness, attracting investment and encouraging and supporting innovation”
Some standardisation benefits include :

  • improving the suitability of products, processes and services for their Intended purposes;
  • preventing barriers to international trade; and
  • preventing unsafe products and procedures from reaching consumers through the regulatory use of safety standards.

WSSN (World Standards Services Network):
WSSN is a publicly accessible network of standards organisations around the world. (WSSN 2006). The three main standards organisations listed on this site are the International Organization for Standardization (ISO), the International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU).

ISO (International Organization for Standardization):
ISO is the world’s largest developer and publisher of international standards, This organisation is a network of the national standards institutes of 162 countries, one member per country.

SABB (South African Bureau of Standards):
The SABS is the recognised national institution for the promotion and maintenance of standards in South Africa. It is an autonomous body established through legislation in 1969. The SABS prepares and publishes South African National Standards (identified by the letters SANS) that reflects national consensus on a wide range of subjects. It administers more than 450 technical committees and sub committees to produce standards. The SABS is committed to providing standardisation services that improve the competitiveness of South Africa through the understanding and development of standardisation products and services within South Africa and internationally.

Cyber Forensics - CS Professional Study Material

Digital Forensics and Cyber Laws: Procedure for Investigation
The field of computer forensics investigation is growing, especially as law enforcement and legal entities realize just how valuable information technology (IT) professionals are when it comes to investigative procedures. With the advent of cyber-crime, tracking malicious’online activity has become crucial for protecting private citizens, as well as preserving online operations in public safety, national security, government and law enforcement. Tracking digital activity allows investigators to connect cyber communications and digitally-stored information to physical evidence of criminal activity; computer forensics also allows investigators to uncover premeditated criminal intent and may aid in the prevention of future cyber-crimes. For those working in the field, there are five critical steps in computer forensics, all of which contribute to a thorough and revealing investigation.

Policy and Procedure Development ,
Whether related to malicious cyber activity, criminal conspiracy or the intent to commit a crime, digital evidence can be delicate and highly sensitive. Cyber security professionals understand the value of this information and respect the fact that it can be easily compromised if not properly handled and protected.

Evidence Assessment
A key component of the investigative process involves the assessment of potential evidence in a cyber-crime. Central to the effective processing of evidence is a clear understanding of the details of the case at hand and thus, the classification of cyber-crime in question.

Evidence Acquisition
Perhaps the most critical facet of successful computer forensic investigation is a rigorous, is a rigorous, detailed plan for acquiring evidence. Extensive documentation is needed prior to, during, and after the acquisition process; detailed information must be recorded and preserved, including all hardware and software specifications, any systems used in the investigation process, and the systems being investigated.

Documenting and Reporting
In addition to fully documenting information related to hardware and software specs, computer forensic investigators must keep an accurate record of all activity related to the investigation, including all methods used fortesting system functionality and retrieving, copying, and storing data, as well as all actions taken to acquire, examine and assess evidence. Not only does this demonstrate how the integrity of user data has been preserved, but it also ensures proper policies and procedures.have been adhered to by all parties. As the purpose of the entire process is to acquire data that can be presented as evidence in a court of law, an investigator’s failure to accurately document his or her process could compromise the validity of that evidence and ultimately, the case itself.

Introduction to Data Extraction
Data extraction is the act or process of retrieving data out of (usually unstructured or poorly structured) data sources for further data processing or data storage (data migration). The import into the intermediate extracting system is thus usually followed by data transformation and possibly the addition of metadata prior to export to another stage in the data workflow. To make things easy, one may use following data extraction tools for professionals as well as beginners
Out Wit Hub:
Out Wit hub is one of the most popular web scraping tools available in the market. It usually segregates the web pages into different elements and then navigates from page to page to extract the relevant data from the website. This tool has an extension for Mozilla Firefox and Chrome which makes it easy to access and is mainly used to extract links, email ids, data tables, images, etc.
Web Scraper:
This is a very simple and easy-to-use web scraping tool available in the industry. It has the unique ability to login to external pages and is mainly used by companies for document extraction, web data scraping, email id extraction, pricing extraction, contact detail extraction, image extraction, etc.
Spinn3r:
This is a web service which is used to index the blogs around the world. It provides access to every blog that is published in real-time and is mainly used by organizations to get information from social media, forums, web blogs, reviews, comments, mainstream news monitoring, etc.
Fminer:
This is another popular tool used by companies which mainly acts as a visual web scraping tool, web data extractor, and a macro recorder. It is mainly used for disparate web scraping, email id extraction, phone number extraction, image extraction, document extraction, etc.
Parse Hub:
This is one of the most well-known visual extraction tools in the market which can be used by anyone to extract data from the web. The tool is mainly used to extract images, email ids, documents, web data, contact info, phone numbers, pricing details, etc.

Cyber Forensics - CS Professional Study Material

Advantages of Using Data Extraction Tools:
The internet is a massive pool of data and it is important for businesses to access relevant information and derive useful insights to ensure their success in this fast-paced world. Some of the key benefits of using data extraction tools include –

  • Improves Accuracy: Using data extraction tools automates time-consuming manual process, reduces repetitive tasks and helps improve accuracy of the extracted data.
  • Saves Time: These tools quickly extract huge sets Of relevant data within a short time. Therefore, it is important to correctly identify the right data scraping tool as per your requirement which will help you save time to focus oh other core tasks
  • Increases Productivity: With appropriate tools in place, your employees are spending more time on tasks which add value to your business and hence their overall productivity is drastically increased.
  • Improves Visibility: These tools provide the staff with full visibility of ail the records and make the management of stored data easy
  • Saves Costs: By automating time consuming and cumbersome tasks, companies need not hire extra staff and hence save on overhead costs considerably.

Ethical Hacking:
An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners – and with their permission – to find security vulnerabilities that a malicious hacker could potentially exploit.
Hacking Computer System: Hacktivism attacks those included Famous Twitter, blogging platform by unauthorized access/control over the computer. Due to the hacking activity there will be loss of data as well as computer. Also research especially indicates that those attacks were not mainly intended for financial gain too and to diminish the reputation of particular person or company.

Leave a Comment

Your email address will not be published. Required fields are marked *