1)Define the following:
1)proxy server and anonymizer
2)phishing
3)keyloggers and spyware
4)virus and worms
5)Trojans and backdoors
Proxy Server and Anonymizer :
* A proxy server is a computer on a network that acts as an intermediary for connections with other computers on that network.* An anonymizer, or anonymous proxy, is a tool that attempts to make activity on the Internet untraceable. It accesses the Internet on the user's behalf, protecting personal information by hiding the source computer's identifying information.
Phishing:
* Phishing is an alternative spelling of "fishing," as in "to fish for information". It involves sending phony messages that appear to be from a reputable source to trick victims into revealing information.
Keyloggers and Spyware:* Keystroke logging, or keylogging, is the practice of noting (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that such actions are being monitored.* Spyware is a type of malware installed on computers that collects information about users without their knowledge.
Virus and Worms:* A computer virus is a program that can "infect" legitimate programs by modifying them to include a possibly "evolved" copy of itself. Viruses spread themselves without the knowledge or permission of the users.* A computer worm is a self-replicating software program that spreads through a network, with or without user intervention.
Trojans and Backdoors:* A Trojan Horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data. A Trojan Horse may get control and cause harm, for example, ruining the file allocation table on the hard disk.* A backdoor is a means of access to a computer program that bypasses security mechanisms.
Network attack incidents reveal that attackers are often very systematic in launching their attacks. The basic stages of an attack are:
3) Explain the various types of computer virus.* Initial Uncovering: In this first step, known as reconnaissance, the attacker gathers as much information as possible about the target by legitimate means, such as searching the internet using Google, social networking websites, and people finder websites.* Network Probe: At this stage, the attacker employs more invasive techniques to scan for information. This typically involves performing a "ping sweep" of the network's IP addresses to identify potential targets, followed by using a "port scanning" tool.* Crossing the Line Toward Electronic Crime (E-crime): The attacker now moves towards committing what is technically a "computer crime". This is done by exploiting possible vulnerabilities or "holes" on the target system.* Capturing the Network: At this stage, the attacker attempts to "own" the network. They gain a foothold in the internal network quickly and easily by compromising low-priority target systems. The next step is to remove any evidence of the attack.* Grab the Data: Once the attacker has "captured the network," they take advantage of their position to steal confidential data, customer credit card information, deface webpages, alter processes, and even launch attacks at other sites from the compromised network.* Covering Tracks: This is the final step in any cyber-attack, referring to activities undertaken by the attacker to extend misuse of the system without being detected.
Computer viruses can be categorized based on their attack methods on various system elements, which can endanger the system and personal data. Here are the various types mentioned:* Boot sector viruses: These viruses infect the storage media (like floppy diskettes and hard drives) where the operating system is stored and used to start the computer system. The data and programs on these drives are stored in smaller sections called sectors, which get infected.* Program viruses: These viruses become active when a program file (typically with extensions like .bin, .com, .exe, .ovl, .drv) is executed or opened. Once these program files are infected, the virus makes copies of itself and spreads to other programs on the computer.* Multipartite viruses: This type is a hybrid, combining characteristics of both boot sector and program viruses. It infects program files as well as the boot record when the infected program is active.* Stealth viruses: These viruses camouflage or mask themselves, making them difficult for antivirus software to detect, and they prevent antivirus software from finding them.* Polymorphic viruses: These viruses act like a "chameleon," changing their virus signature (i.e., binary pattern) every time they spread, multiplying and infecting new files.* Macro viruses: These affect many applications, such as Microsoft Word and Microsoft Excel, by supporting MACROs (i.e., macro languages). Macros are programs embedded in a document.* Active X and Java Control viruses: These viruses relate to all web browsers having settings about Active X and Java Controls.
* Dragnet Phishing
This method uses mass spammed emails with fake corporate identities, such as logos and trademarks, sent to a large number of people. Phishers don't target specific victims in advance; instead, they rely on false information in the email to prompt an immediate response, often by convincing recipients to click links that lead to deceptive websites or pop-up windows where personal information is requested.
* Rod-and-Reel Phishing
Unlike dragnet phishing, this technique involves phishers identifying specific potential victims beforehand. They then send false information to these individuals to trick them into revealing personal and financial data. An example is a fake webpage offering a better price for an item the victim is looking for, which then asks for bank account numbers and passwords before confirming the "sale."
* Lobsterpot Phishing
This technique relies on creating bogus websites that mimic legitimate corporate sites, targeting a specific group of victims. Phishers embed misleading web links in emails to make them appear genuine, directing victims to these fake sites. Once on these "spoofed" sites, users might unknowingly submit personal information, which the phishers then use for illicit activities like making purchases or applying for new credit cards.* Gillnet PhishingThis technique heavily uses social engineering by injecting malicious code into emails and websites. For example, opening an infected email or visiting a compromised website can introduce a Trojan Horse into a user's system. This malicious code can change browser settings to redirect users to a phishing site when they attempt to visit legitimate banking websites. It can also record keystrokes and passwords, which are then transmitted to the phishers.
* Urgent Messages
A common tactic in phishing attacks is to create a sense of fear or urgency to compel an immediate response. Emails might warn that failure to reply will result in account access being revoked, or claim that suspicious activity has been detected in the user's account, or that the organization is implementing new privacy software for identity theft solutions. These urgent messages are designed to make the recipient act without thinking critically.
5) List and describe the different types of phishing scams.
* Spear Phishing
This is a highly targeted form of phishing where attackers focus on specific individuals, often within an organization. Unlike general phishing, spear phishing emails are meticulously crafted to appear as if they come from a trusted source (e.g., a superior or colleague) and leverage specific information about the target to increase their credibility. The objective is frequently to gain access to sensitive information or to install malicious software.
* Whaling
Whaling is a specialized type of spear phishing that specifically targets high-ranking individuals within an organization, such as CEOs or CFOs. The term "whaling" refers to the significant amount of information or financial gain that can be acquired by compromising such a high-value target. These attacks are carefully designed and often involve impersonating legal or financial authorities to deceive the executive into making a large financial transfer or disclosing critical data.
* Smishing
Smishing refers to phishing attempts delivered via SMS (text messages). Victims receive fraudulent text messages that appear to originate from legitimate sources, often containing links to malicious websites or instructions to call a fake customer service number. The goal is to trick individuals into revealing personal or financial details.
* Vishing
Vishing, a portmanteau of "voice" and "phishing," describes phishing attacks conducted over the phone. Attackers impersonate legitimate entities (e.g., banks, government agencies) and employ social engineering tactics to manipulate victims into divulging sensitive information verbally. They may use Caller ID spoofing to make the incoming call appear genuine.
* Pharm Droiding
This is a type of pharming attack specifically aimed at Android devices. It involves redirecting users to malicious websites even when they enter the correct URL. This redirection can occur through DNS poisoning, where attackers compromise DNS servers to reroute traffic, or by infecting the device with malware that modifies its DNS settings.
6)Discuss the techniques of identity theft.
* Shoulder Surfing
This technique involves directly observing individuals as they input sensitive information. Identity thieves might stand close enough to victims at an ATM to watch them enter their PIN, or peek over their shoulder in a public place to read credit card numbers or security codes during online transactions or phone calls.
* Skimming
Skimming involves using a device to illegally copy data from the magnetic stripe on the back of a credit or debit card. These devices are often discreetly attached to legitimate card readers at ATMs, gas pumps, or point-of-sale terminals. When a card is swiped, the skimmer captures the card number, expiration date, and other crucial data, while the legitimate transaction proceeds as normal, making the theft undetectable at the moment of the transaction.
* Dumping (Dumpster Diving)
This technique involves sifting through discarded trash or recycling bins to find documents containing personal information. Thieves look for items like bank statements, utility bills, credit card offers, medical records, or other papers that have been thrown away without being properly shredded. Such documents can provide enough details to open new accounts, apply for loans, or access existing accounts.
* Hacking
Hacking is a prevalent technique where criminals gain unauthorized access to computer systems or networks with the aim of stealing personal data. This can be achieved by exploiting software vulnerabilities, deploying malware, or breaching databases that store customer information, leading to the compromise of large amounts of sensitive personal data.
* Pretexting
Pretexting involves obtaining personal information by creating a fabricated scenario or impersonating someone else. Attackers might contact individuals or organizations by phone, email, or in person, posing as a bank official, a government agent, a tech support representative, or a utility company employee. They create a sense of urgency or authority to trick the victim into willingly disclosing sensitive information under false pretenses.
7)What is digital Forensics? Explain the roles and typical scenario involved in digital Forensics.
Digital forensics is a scientific discipline focused on the collection, analysis, interpretation, and presentation of digital evidence. It involves scientifically derived and proven methods to preserve, validate, identify, document, and interpret digital evidence from various sources. This process aims to reconstruct criminal events or anticipate unauthorized actions that could disrupt planned operations.
The roles of digital forensics, or what can be achieved using its techniques, include:
* Uncovering and documenting evidence and leads.
* Corroborating and clarifying evidence discovered through other means.
* Assisting in demonstrating patterns of events.
* Connecting attack and victim computers.
* Revealing the complete sequence of events leading to a compromise attempt, whether successful or not.
* Extracting data that might be hidden, deleted, or not directly accessible.
* Generating investigative leads for further follow-up and verification.
* Helping to verify an intrusion hypothesis.
* Eliminating incorrect assumptions.
Typical scenarios where digital forensics is involved include:
* Employee Internet abuse.
* Data leaks or data breaches.
* Industrial espionage.
* Damage assessment.
* Criminal fraud and deception cases.
* General criminal cases.
* Copyright violations.
8) Discuss the various methods for obtaining Forensic evidence.
Various methods are employed to identify, collect, and analyze forensic evidence in cybercrime investigations:
* Evidence Collection from Various Sources: Digital evidence can be gathered from a wide range of devices. Obvious sources include computers, cell phones, digital cameras, hard drives, CD-ROMs, and USB memory devices. Less obvious sources can include digital thermometers, automobile black boxes, RFID tags, and even webpages, which need to be preserved due to their changeable nature.
* Systematic Forensic Process: The process of obtaining forensic evidence typically follows several structured phases:
* Identification and Preparation: This initial stage involves recognizing the incident, utilizing appropriate tools and techniques, and obtaining necessary search warrants and authorization.
* Search and Seizure: Evidence is recognized and collected during this phase.
* Preservation: Ensuring the security and integrity of the collected evidence is crucial at this stage.
* Examination: This involves duplicating evidence and recovering data. A key part of examination is "imaging of electronic media" where the evidence is believed to reside.
* Analysis: Investigators determine the significance of the data, reconstruct data fragments, and draw conclusions. Different types of analysis include media analysis, file system analysis, application analysis, network analysis, OS analysis, executable analysis, image analysis, and video analysis.
* Reporting and Testifying: Conclusions are summarized, translated, and explained in reports, which can then be presented in court.
* Data Extraction from Digital Media: Forensic tools can be used to uncover evidence from various areas of storage media, including history files, data clusters, unallocated space, temporary files, file stacks, formatted files and file systems on disks, FAT information (file allocation table), and hidden files.
* User Interviews: Valuable information for forensic examination can be obtained by interviewing the computer user. These interviews can provide insights into system configuration, applications, encryption keys, and methodologies. Having a user's passphrases can significantly ease the analysis of encrypted files, containers, and network servers.
9)Write a short note on:
* chain of custody
* digital Forensics science
* Chain of Custody
The chain of custody is a fundamental concept in cyber forensics and digital forensics investigations. It refers to the chronological documentation trail that records the seizure, custody, control, transfer, analysis, and final disposition of evidence, whether physical or electronic. Its primary purpose is to maintain the integrity of the evidence by providing documentation of its handling, and to allow the person presenting a piece of evidence to demonstrate that it is indeed what it claims to be.
* Digital Forensics Science
Digital forensics is the application of analytical techniques for the reliable and unbiased collection, analysis, interpretation, and presentation of digital evidence. It involves using scientifically derived and proven methods for the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence from various digital sources. The goal is to facilitate or further the reconstruction of criminal events or to help anticipate unauthorized actions that could disrupt planned operations. According to the FBI, digital evidence is present in almost every crime scene, highlighting the importance for law enforcement to know how to recognize, seize, transport, and store original digital evidence for forensic examination.
){kind=link}
0 Comments