UNIT 1

#QUESTIONS:
1. Give an explain categorization of cybercrimes.
2.Elaborate on Salami attack with example.
3.What is software piracy? List five different losses after buying the pirated
software.
4.Explain in detail the web jacking. Also determine the cyber crime class of web
jacking.
5. Write short notes on: i] data diddling ii] identity theft

# Cybercrime:
1. Cybercrime refers to criminal activities that are carried out using computers
or the internet.
2. -The definition of cybercrime is, ”a crime conducted in which computer was
directly and significantly instrumental.”
3. These crimes can range from hacking into personal or business computers
to steal sensitive information, to using the internet to commit fraud, identity
theft, or spread malicious software (malware).
4. Cybercrime can also involve activities such as online harassment, child
exploitation, and cyberstalking.
5. Cybercriminals often use sophisticated techniques to exploit vulnerabilities
in computer systems and networks, making it challenging to detect and
prevent such crimes.
6. Cybercrime can also be called as computer related crime, computer crime,
e-crime, Internet crime, high-tech crime.
7. Types of attacks in cybercrime:
i] Techno-crime Attack:
• It is also called as active attack.
• In this attack the intention of attacker is to copy, steal, prevent
access, corrupt or damage the part or the complete computer
system.
 • It is more dangerous than passive attack.
ii] Techno-vandalism Attack:
• It is also called as passive attack.
• Passive attacks makes use of information from the system but does
not a affect the system resources.
• The goal is to obtain information that is being transmitted.
• It involves an attacker passively collecting data without altering or
destroying it.
8. Cybercrime takes place through use of:
i] Computer: Computer is used as a tool to gain information which can
result in heavy loss or damage to the owner.
ii] Internet: it is the means by which offender can gain the sensitive
information of companies, firms, individuals and banks.

#Cyber Criminals:
1.Cyber Criminals are those who conduct acts such as:
– Child pornography
– Credit card fraud
– Cyberstalking
– Defaming another online
– Gaining unauthorized access to computer systems
– Ignoring copyrights
– Software licensing and trademark protection
– Software piracy
2. Types of Cybercriminals:
Type I: Cybercriminals-hungry for recognition
These are individuals or groups are motivated by the desire for fame. They may
carry out high-profile cyber attacks to gain attention. Their actions are often
aimed at causing widespread disruption or damage to attract media attention.
i] Hobby hackers
ii] IT professionals
iii] Terrorist organization
Type II: Cybercriminals-not interested in recognition
These cybercriminals are more focused on financial gain or other specific
objectives rather than seeking recognition for their actions. They may engage in
activities such as identity theft, financial fraud, or selling stolen data on the
dark web.
i] Psychological perverts
ii] Financially motivated hackers
iii] Organized criminals
Type III: Cybercriminals-the insiders
These are individuals who have insider knowledge or access to sensitive
information within an organization. They may exploit their position to carry out
cyber attacks or to steal data for personal gain or to benefit a competitor.
Insider threats can be particularly challenging to detect and prevent, as the
individuals involved may have legitimate access to the systems they are
targeting.
i] Former employee seeking revenge
ii] Competing companies using employees to gain economic advantage

# Motives Behind Cybercrime:

•Greed •Desire to gain knowledge •Publicity •Desire for revenge • A sense of
adventure • Looking for thrill to access forbidden information • Destructive
mindset • Desire to sell network security services

# Classification of Cybercrimes:
Cybercrimes are classified into five categories

1. Cybercrime against an individual

A. Electronic mail spoofing: Email spoofing is a technique used by
cybercriminals to send emails with a fake sender address. This is
often done to trick recipients into believing that the email is from
a legitimate source, such as a bank, company, or government
agency.
B. Phishing: Phishing is a type of cyberattack where attackers use
fraudulent emails, messages, or websites to trick individuals into
providing sensitive information such as passwords, credit card
 numbers, or personal information. Phishing attacks often appear
to come from a legitimate source, such as a bank, social media
platform, or government agency, and they typically create a sense
of urgency or fear to prompt the victim to act quickly without
thinking.
C. Spamming: Spamming is sending unwanted content electronic to a
large number of people. This content can be malicious irrelevant
or in appropriate and is used as a tool to gain access to personal
information and identities
D. Cyber Defamation: Cyber defamation, also known as online
defamation, is the act of making false statements about a person or
organization through digital means, such as on social media, websites,
forums, or blogs, that harm their reputation.

2. Cybercrime against property

A. Credit Card Frauds: Credit card fraud is a type of identity theft
that involves the unauthorized use of someone else's credit card
information to make purchases or withdraw funds.
B. Intellectual Property (IP)Crimes: Intellectual property (IP) crimes
refer to violations of the rights of creators and owners of
intellectual property. These crimes can take various forms and
often involve the unauthorized use, reproduction, or distribution
of intellectual property such as inventions, literary and artistic
works, designs, symbols, and names.
C. Internet Theft Crime: Internet time theft refers to the
unauthorized use of an organization's internet resources by
employees for personal purposes during work hours. This can
include activities such as browsing social media, shopping online,
or streaming videos, which can result in decreased productivity
and wasted company resources.
3. Cybercrime against organization
A. Password Sniffing: It is an attack on the internet that is used to
steal passwords and user names from the network.
B. Virus Attack: A virus is a type of malicious software that infects a
computer system and can cause harm, such as corrupting files,
stealing data, or disrupting normal operations. Virus attacks are
typically initiated by opening infected email attachments,
 downloading infected files from the internet, or using infected
external storage devices.
C. Email Bombing: Email bombing is a form of cyber attack in which
the attacker sends a large number of emails to a single email
address or domain, with the goal of overwhelming the
recipient's inbox and causing disruption. This can lead to the
recipient being unable to access legitimate emails or important
information.
4. Cybercrime against society
A. Forgery: It refers to the creation or alteration of digital
documents, such as emails, contracts, or certificates, with the
intent to deceive. This can include forging digital signatures or
altering the content of electronic documents to mislead others.
B. Cyberterrrorism: It is defined as disruptive attacks by
recognised terrorist organisation against computer systems
with the intent of generating alarm, panic or the physical
disruption of the information system
C. Web Jacking: It occurs when someone forcefully takes control
of a website by cracking the password and later changing it.
5. Crimes emanating from Usenet newsgroup
– Usenet is a popular means of sharing and distributing information
on the web with respect to specific topic or subjects.
– Usenet groups may carry very offensive, harmful and inaccurate
material.
– Viruses can also be spread through use net messages causing harm
to a user's computer.

# Email Spoofing:
1. Email spoofing is a threat that involves sending email messages with a fake
sender address.
2. The sender's address is forged in such a way that the receiver will trust the
email thinking it has been sent by any trusted official source.
3. After gaining the trust through a forged address the attackers can ask for
sensitive information such as personal data, bank details, etc.
4. It is common practice among cyber criminals because of the vulnerable and
weak email system.
5.Email spoofing is mainly conducted for following reasons:
• Scamming,
• injecting malware,
• phishing
6.Example: An attacker might create an email that looks like it comes from a
trusted official source. The message tells the user that their account will be
suspended if they don't click a link.

7. There are several ways in which email spoofing can be accomplished:

a. The sender manipulates the email header to make it appear as though

the email is coming from a different email address than the actual
sender's.
b. The sender uses a domain name that is very similar to a legitimate
domain to make it appear as though the email is coming from a trusted source.
c. Malware installed on a victim's computer can be used to send out
spoofed emails without the victim's knowledge.

#Spamming:
1. Spamming refers to the practice of sending unwanted messages, often in
bulk, over the internet.
2. These messages can take various forms, including email spam, instant
messages, social media spam, and forum or blog spam.
3. The primary purpose of spamming is usually to advertise products or
services, but it can also be used for malicious purposes such as spreading
malware or phishing attempts.
4. Spamming is considered a nuisance and a potential security threat.
5. It can overload email servers, clog up inboxes, and lead to a negative user
experience.
6. In some cases, spam messages may contain links to malicious websites or
scam attempts, putting recipients at risk of identity theft or financial loss.
7. To protect against spam, individuals and organizations can take several
measures, including:
- Using spam filters: Most email providers offer spam filtering tools that can
help reduce the amount of spam that reaches your inbox.
- Being cautious with email addresses: Avoid posting your email address in
public forums or on social media where it can be easily harvested by
spammers.
- Unsubscribing from mailing lists: If you receive unwanted emails from
legitimate companies, use the unsubscribe option to stop receiving them.
- Reporting spam: Most email providers have a way to report spam messages,
which helps improve their spam filtering algorithms.
By taking these precautions, individuals and organizations can help reduce the
impact of spam and protect themselves from potential security threats.

# Cyber Defamation:
1. Cyber defamation is also known as online defamation.
2. It refers to the act of distributing false or harmful statements about a person
or an organization through digital means.
3. It occurs on platforms such as social media, websites, or online forums.
4. Types of Defamation:
i]Libel (written defamation)
ii] slander (spoken defamation)
5.Examples of cyber defamation include posting false accusations about
someone on social media, leaving negative reviews or comments online that
are untrue, or spreading rumors through online platforms.
6. Cyber defamation can have serious consequences, including damage to a
person's reputation, emotional distress, and even legal action.
7. To protect against cyber defamation, individuals should be cautious about
what they post online and avoid making false or defamatory statements about
others.
8. If you come across defamatory content online, you can report it to the
platform or website hosting the content or seek legal advice on how to address
the issue.

# Internet Time Theft:

1.Internet time theft, also known as time theft or cyberslacking.
2. It is used by an unofficial individual of the internet hours paid for by another
individual.
3.It comes under hacking.
4.The person gets access to someone else's ISP user id and password either by
hacking or by gaining access to it by illegal means and uses the Internet
without the other persons knowledge.
5. This can include activities such as browsing social media, shopping online, or
watching videos.

# Salami Attack/Salami Technique:

1.Salami attack is a method of Cyber crime that attackers or a hacker typically
used to commit financial crimes.
2.Cyber criminal stills money or resources from financial accounts on a system
one at the time.
3. This attack occurs when several minor attacks combined to create a sturdy
attack, because of this sort of cybercrime this attacks frequently go undetected.
4.During this kind of attack the alterations made are so insignificant that in a
single case it would go completely unnoticed.
5. Example: A bank employee inserts the program into a bank server that
deducts a small amount from the account of every customer every month. The
unauthorised debit goes unnoticed by the customers but the employee will
make a sizable amount every month.

6. To prevent Salami Attacks, organizations can implement security measures

such as:

1. Transaction Monitoring: Regularly monitor transactions for any unusual

or unauthorized activity.
 2. Data Encryption: Encrypt sensitive data to protect it from being
accessed or manipulated by attackers.
3. Access Controls: Limit access to sensitive systems and data to
authorized personnel only.
4. Regular Audits: Conduct regular audits of financial transactions and
accounts to detect any anomalies or discrepancies.
5. User Awareness: Educate users about the importance of cybersecurity
and how to recognize and report suspicious activity.

# Data Diddling:
1.Data diddling is a type of Cyber crime in which data is altered as it is
entered into a computer system and the altered data is changed back
after the processing is completed.
2.In other words information is changed from the way it should be
entered by a person typing in the data.
3.This act is performed by a virus that changes data or a programmer of
the database.

4.Example: a person entering accounting may change data to show their

account or a friend or a family member that it is paid in full. By changing
or failing to enter the information they are able to steal from the
company.

5.To deal with this type of crime a company must implement policies and
internal controls.
6.This may include following regular audits.

7.Real Life example: Doodle me Doodle: electricity board in India have

been victims to data diddling programs inserted when private parties
computerised their system.

# Forgery:
1. Forgery refers to the act of manipulating or altering digital contain such as
images videos or documents.
2. The purpose of forgery is fraud or deception.
3. It involves using digital Tools and techniques to create fraudulent
representation that appear authentic and genuine.
4. It is an act of fraud and is considered a white collar crime.
5. Example: when someone creates a false government documents such as
driver licence.
6. Forgery can take many forms, including:
i]Document Forgery: This involves creating false documents or altering existing
ones. For example, forging signatures on checks, creating fake IDs, or altering
contracts.
ii]Art Forgery: This is the creation of works of art that are falsely credited to
other, usually more famous, artists. This can involve creating entirely new pieces
or altering existing ones.
iii]Forgery in Writing: This includes forging another person's handwriting or
copying someone else's work and presenting it as your own.
iv]Currency Forgery: This involves creating counterfeit money, which is a
serious crime as it undermines the stability of a country's economy.
v]Electronic Forgery: With the rise of digital technology, forgery has also
moved into the electronic realm. This includes things like forging emails or
creating fake websites to deceive people.

# Web Jacking:
1. Web jacking, also known as website hijacking.
2. It occurs when someone forcefully takes control of a website by cracking
the password and later changing it.
3. The attacker may change the information on the site.
4. It is also done to extract sensitive information.
5. The first step of this crime involves “password sniffing”.
6. The actual owner of the website does not have any more control over what
appears on that website.
7. Web jacking can be done for various reasons, such as gaining notoriety,
spreading a political message, or for financial gain.
8. It is considered illegal and unethical, and website owners should take steps
to secure their websites against such attacks.
9. To protect against web jacking, website owners should regularly update
their software, use strong passwords, implement security measures such as
firewalls and intrusion detection systems, and educate their users about
phishing attacks.
10.Example: ‘Gold Fish Case’
In this case, the site was hacked and the information pertaining to gold fish
was changed.

# Hacking:
1. Hacking is the unauthorized access, modification, or use of computer
systems or networks.
2. The goal of gaining access to sensitive information, disrupting normal
operations, or causing damage.
3. It is an offense.
4. The person involved in hacking is called hacker who is also known as
cybercriminal or cracker.
5. The hacker use a variety of techniques to hack into systems.
6. Hackers write or use ready made computer programs to attack the target
computers.
7. The purpose of hacking is:
•Greed •Desire to gain knowledge •Publicity •Desire for revenge • A sense
of adventure • Looking for thrill to access forbidden information •
Destructive mindset • Desire to sell network security services
8. Types of hackers:
i] Black Hat: Criminal Hacker
ii] White Hat: Ethical Hacker
iii] Grey Hat: deals with both of the above

# Online Frauds:
1.Fraud that is committed using the internet is ‘online fraud’.
2. Online frauds includes online scams, identity theft, fraud buying products
online from your account without your knowledge, identity spoofing, etc.
3. These frauds can target individuals, businesses, or governments.
4. Some common types of online frauds include:
a. Phishing: This involves sending emails or messages that appear to be from
a legitimate source to trick recipients into providing sensitive information, such
as passwords, credit card numbers, or social security numbers.
 b . Identity Theft: Hackers steal personal information, such as social security
numbers or bank account details, to impersonate victims and make
unauthorized transactions or open accounts in their name.
c. Online Shopping Fraud: Fraudsters set up fake online stores or auction
sites to lure buyers into paying for goods or services that they never receive.
d. Payment Card Fraud: This includes unauthorized use of credit or debit
card information to make purchases or withdraw money.
e. Investment Scams: Fraudulent schemes that promise high returns on
investments but are actually designed to deceive investors and steal their
money.
f. Charity Scams: Scammers pose as legitimate charities to solicit donations
that are never used for charitable purposes.

g. Ransomware: Malicious software that encrypts a victim's files and

demands payment in exchange for decryption keys.

5.To protect against online frauds, it is important to use strong, unique

passwords for online accounts, be cautious of emails or messages from
unknown sources, keep software and systems up to date, and regularly monitor
financial accounts for unauthorized transactions.

# Child Pornography:
1. Child pornography means any visual depiction, including the following:
a. Any photograph that can be considered obscene and/ or unsuitable for the
age of child viewer.
b. Film, video, picture
c. Obscene computer generated image or picture.
2. It is considered as an offense.
3. It is operated in the following way:
a. Pedophiles use false identity to trap the children/teenagers
b. They contact children/teens in various chat rooms
c. Befriend the child/teen.
d. Extract personal information from the child/teen by winning his
confidence.
 e. Gets the e-mail address of the child/teen
f. Starts sending pornographic images/text to the victim
g. Extract personal information from child/teen
h. At the end of it, the pedophile set up a meeting with the child/teen outof
the house.

#Software Piracy:
1.Software piracy refers to the unauthorized copying, distribution, or use of
software.
2. This includes making copies of software without a proper license, sharing
software with others who are not licensed to use it, or using software that has
been illegally obtained.
3. It may take many forms including:
a. Unauthorised copying of software programs purchased legitimately.
b. Gaining illegal access to protected software.
c. Reproducing and distributing unauthorised software.
4. Because a software pirate does not have proper permission from the owner
to take or use the software piracy is equivalent to theft and therefore is a
crime.
5. Example: End user copying ,hard disk loading with illicit means, illegal
downloads from internet.
6. Buying Pirated software have a lot to lose:

• Getting untested software that may havebeen

copied thousands of times.
• Potentially contain hard-drive-infecting
viruses
• No technical support in case of software
failure
• No legal right to use
• No warranty
No warrenty protection protectio
# Email Bombs:
1. An email bomb is a type of cyber attack in which a large volume of emails
are sent to a victim's email account or server.
2. The intention is to overwhelm the system and causing it to crash or
become unusable.
3. Email bombs are typically carried out using automated tools or scripts
that can generate and send a large number of emails in a short period of
time.
4. Email bombs can disrupt the normal functioning of an email account or
server, causing inconvenience to the victim and potentially leading to loss
of important emails or data.
5. In addition, email bombs can also be used as a form of harassment or to
disrupt the operations of an organization or business.
6. To protect against email bombs, individuals and organizations can take
several measures, including:
a. Using spam filters and antivirus software to detect and block malicious
emails.
b. Implementing rate limiting on email servers to prevent a large volume
of emails from being received or sent in a short period of time.
c. Educating users about email security best practices, such as not clicking
on links or opening attachments from unknown or suspicious senders.
d. Monitoring email traffic for unusual patterns or spikes in volume that
may indicate an email bomb attack.

# Identity Theft:
1. Identity theft is a fraud involving another person’sidentity for an illicit
purpose.
2. The criminal uses someone else’s identity for his/ herown
illegal purposes.

3. Phishing and identity theft are related offenses

Examples:
a. Fraudulently obtaining credit

b. Stealing money from victim’s bank account

 c. Using victim’s credit card number

d. Establishing accounts with utility companies

e. Renting an apartment

f. Filing bankruptcy using the victim’s name

4. The consequences of identity theft can be severe, including financial losses,
damage to credit ratings, and emotional distress.
5. To protect against identity theft, individuals can take several preventive
measures, including:
a. Using Strong Passwords: Create strong, unique passwords for online
accounts and change them regularly.
b. Monitoring Accounts: Regularly check bank statements, credit card
statements, and credit reports for unauthorized transactions or accounts
opened in your name.
c. Secure Personal Information: Keep sensitive documents in a safe place and
shred them before disposing of them.
d. Be Cautious Online: Avoid clicking on links or downloading attachments
from unknown or suspicious sources.
e. Use Security Software: Install and maintain antivirus software, firewalls, and
anti-spyware programs on your devices.
f. Limit Sharing Personal Information: Be cautious about sharing personal
information, especially online and over the phone.

# Social Engineering:
1. Social engineering is a technique used by cybercriminals to manipulate people
into divulging confidential information or performing actions that compromise
security.
2. Social engineering exploits human psychology and emotions to trick
individuals into providing sensitive information or performing actions that
benefit the attacker.
3.. A social engineer usually uses telecommunications or internet to get
them to do something that is against the security practices and/ or
policies of the organization.
4. SE involves gaining sensitive info or unauthorized access privileges by
building inappropriate trust relationships with insiders.
5.It is an art of exploiting the trust of people.
6. Classification of SE:
A. Human-Based Social Engineering: needs interaction
with humans; it means person-to-person contact and then
retrieving the desired information. People use human based
social engineering techniques in different ways; the top
popular methods are:

– Impersonating an employee or valid user

– Posing as an important user
– Using a third person
– Calling technical support
– Shoulder surfing
B. Computer –Based Social Engineering: Computer-based
social engineering uses computer software that attempts to
retrieve the desired information.

– Fake E-mails
– E-mail attachments
– Pop-up windows
 Unit 2
# Questions:
1.With neat diagram, explain in detail the Push Attack on mobile devices.
2. What is Bluesnarfing? List and briefly explain five Bluetooth hacking tools.
3. Elaborate on Car Whisperer
4. Explain 6 ways to protect your mobile phone from being stolen.
5. What is Mishing? Explain Vishing and Smishing
6. With neat diagram, explain the types of mobility and its implication.

# Types of mobility and its implication:

1. User Mobility: This refers to the movement of users between different
network locations while maintaining connectivity. For example, when a person
moves from one Wi-Fi hotspot to another, their device needs to seamlessly
switch its connection without interrupting ongoing activities like video calls or
downloads. Implications include the need for efficient handover mechanisms,
authentication, and authorization protocols to ensure a secure and
uninterrupted user experience.
2. Device Mobility: Device mobility involves the movement of devices between
different networks or access points. For instance, when a smartphone moves
from a cellular network to a Wi-Fi network, it needs to maintain its connectivity
and session continuity. Implications include the need for protocols that enable
devices to discover and connect to new networks, as well as mechanisms to
manage IP address changes and maintain quality of service.
3. Session Mobility: Session mobility refers to the ability of a user or device to
maintain an ongoing session (such as a call or data transfer) while moving
between networks or locations. This requires protocols and mechanisms to
transfer session state information between different network elements and
ensure continuity of the session without interruption. Implications include the
need for efficient session handover mechanisms and support for seamless
session migration.
4. Service Mobility: Service mobility involves the movement of services or
applications between different network locations or devices. For example, a
user might start watching a video on their smartphone and then switch to their
smart TV without interrupting the playback. Implications include the need for
service discovery mechanisms, support for service adaptation to different
network conditions, and seamless service handover between devices.

# Credit Card Frauds in Mobile and Wireless Computing Era:

Credit card fraud in the era of mobile and wireless computing has evolved with
the advancement of technology. Here are some key aspects of credit card fraud
in this context:
1. Lost or Stolen Cards: With the increased use of mobile wallets and payment
apps linked to credit cards, there is a higher risk of losing a smartphone
containing credit card information. This can lead to unauthorized transactions if
the device is not protected with strong security measures.
2. Skimming and Phishing: Criminals use various techniques to steal credit card
information, such as skimming devices at ATMs or gas stations, or phishing
scams through emails or fake websites. Mobile devices are also vulnerable to
such attacks, especially if users are not cautious about the links they click or the
apps they download.
3. Data Breaches: Hackers target businesses and financial institutions to steal
large amounts of credit card information. Mobile apps and wireless networks
can also be vulnerable to data breaches if not properly secured.
4. Identity Theft: In the mobile and wireless era, identity theft can occur more
easily, as personal information is often stored on devices or transmitted over
networks. Criminals can use this information to apply for credit cards or make
fraudulent transactions.
5. Contactless Payment Risk: Contactless payment methods, such as NFC (Near
Field Communication) and RFID (Radio Frequency Identification), are
convenient but can be vulnerable to unauthorized scanning or interception of
payment information.
6. Mobile Banking Risks: Mobile banking apps are convenient for managing
finances, but they can also be targeted by fraudsters. Phishing attacks,
malware, and insecure networks can compromise sensitive financial
information.
To mitigate these risks, users should:
- Use strong, unique passwords for mobile devices and apps.
- Enable two-factor authentication for added security.
- Regularly monitor credit card statements for unauthorized transactions.
- Use reputable antivirus and anti-malware software on mobile devices.
- Avoid sharing sensitive information over unsecured Wi-Fi networks.
- Keep mobile apps and operating systems up to date to protect against
vulnerabilities.
# Types and techniques of credit card frauds
A. Traditional Techniques:
1. Identity Theft: This involves stealing personal information, such as Social
Security numbers, to open new credit card accounts or make unauthorized
purchases. Criminals often obtain this information through methods like
dumpster diving, phishing, or data breaches.
2. Financial Fraud: This includes unauthorized transactions, such as using
stolen credit card numbers to make purchases online or over the phone. It can
also involve counterfeiting credit cards or altering checks.
B. Modern Techniques:
1. Triangulation: In this technique, fraudsters set up a fake online store and use
stolen credit card information to purchase items from legitimate retailers. They
then have these items shipped directly to customers, avoiding direct contact
with the stolen credit card information.
2. Credit Card Generators: These are software programs or websites that
generate valid credit card numbers. While these numbers are not linked to
actual accounts, they can be used for fraudulent purposes, such as testing
stolen credit card numbers or creating fake credit cards.

# Attacks on mobile/ cell phones:

1. Mobile Phone Theft: This involves physically stealing a mobile phone. The
thief can then access personal data on the device, make unauthorized calls, or
sell the device for profit. To prevent theft, users should enable screen lock, use
tracking apps, and avoid leaving their phones unattended in public places.
2. Mobile Viruses: These are malicious software programs designed to infect
mobile devices. They can steal personal information, track user activities, or
damage the device. Users can protect against mobile viruses by installing
reputable antivirus software and keeping their operating systems and apps up
to date.
3. Phishing: Phishing attacks attempt to trick users into providing sensitive
information such as passwords or credit card numbers. In mobile phishing
(mishing), attackers send fraudulent text messages or emails that appear to be
from legitimate sources. Users should be cautious of unsolicited messages and
verify the sender's identity before clicking on links or providing information.
4. Vishing: Vishing is a form of phishing conducted over voice calls. Attackers
use social engineering techniques to persuade victims to reveal personal
information or perform certain actions, such as transferring money. Users
should be wary of unsolicited calls asking for personal information and verify
the caller's identity before disclosing any details.
5. Smishing: Smishing is another form of phishing that uses SMS or text
messages to trick users into providing sensitive information or clicking on
malicious links. Users should avoid clicking on links or downloading
attachments from unknown senders and should verify the authenticity of
messages before taking any action.
6. Bluetooth Hacking: Bluetooth hacking involves exploiting vulnerabilities in
Bluetooth-enabled devices to gain unauthorized access. Attackers can steal
data, control the device remotely, or spread malware. Users can protect against
Bluetooth hacking by keeping their devices' Bluetooth functionality turned off
when not in use and by using strong, unique passwords for Bluetooth
connections.

# Mobile Phone Theft:

1.Mobile phone theft is a common occurrence and can result in the loss of
personal data, financial loss, and privacy breaches.
2.Mobile phone theft typically occurs in crowded places, public transportation,
or when devices are left unattended.
3.Thieves target smartphones due to their high resale value and the valuable
information stored on them.
4. Once stolen, phones can be sold, used for fraudulent activities, or their data
can be extracted for identity theft.
5. Protect Your Mobile Phone from Being Stolen:
a. Keep Your Phone Secure: Use a passcode, pattern lock, or biometric
authentication (such as fingerprint or face recognition) to secure your device.
Enable remote tracking and wiping features to locate your phone and erase
data if it's stolen.
b. Be Aware of Your Surroundings: Avoid using your phone in crowded or
unsafe areas where theft is more likely to occur. Keep your phone out of sight
when not in use, and avoid leaving it unattended in public places.
c. Use Anti-Theft Apps: Install reputable anti-theft apps that can track your
phone's location, remotely lock it, or wipe its data if stolen.
d. Keep Your Phone Updated: Regularly update your phone's operating system
and apps to protect against security vulnerabilities that could be exploited by
thieves.
e. Backup Your Data: Regularly backup your data to a secure location (such as
cloud storage) so that you can recover it if your phone is stolen or lost.
f. Report Stolen Phones: If your phone is stolen, report it to the police and your
mobile carrier. Provide them with your phone's IMEI number, which can help
track and recover your device.

# Mobile Virus:
1.Mobile viruses are malicious software programs designed to infect mobile
devices, such as smartphones and tablets.
2. These viruses can cause various types of damage, including data loss,
unauthorized access to sensitive information, and financial loss.
3. Mobile viruses spread through following ways:
a. App Downloads: Mobile viruses can be spread through infected apps
downloaded from unofficial app stores or websites. These apps may appear
legitimate but contain malicious code that infects the device when installed.
b. Phishing Attacks: Attackers can use phishing techniques to trick users into
downloading malicious apps or clicking on malicious links that install viruses on
their devices.
c. Bluetooth and Wi-Fi: Viruses can spread through Bluetooth and Wi-Fi
connections if the infected device is in close proximity to other devices. This
type of spread is less common but can occur in crowded places or public
networks.
d. Email and Messaging: Viruses can be sent as attachments in emails or
messages, and if opened, can infect the device. This method is more common
on computers but can also affect mobile devices.
4. To Protect Against Mobile Viruses:
a. Use Trusted Sources: Only download apps from official app stores, such as
Google Play Store for Android devices and the Apple App Store for iOS devices.
These stores have security measures in place to detect and remove malicious
apps.
b. Enable App Verification: Enable app verification settings on your device,
which checks apps for malware before they are installed.
c. Keep Software Updated: Regularly update your device's operating system
and apps to protect against known vulnerabilities that viruses can exploit.
d. Use Antivirus Software: Install reputable antivirus software on your device
and regularly scan for viruses and malware.
e. Be Wary of Links and Attachments: Avoid clicking on links or downloading
attachments from unknown or suspicious sources, as they may contain viruses.
f. Use Secure Connections: Avoid using public Wi-Fi networks for sensitive
activities, such as online banking, as they may be insecure and susceptible to
virus infections.
g. Backup Your Data: Regularly back up your data to a secure location, such as
cloud storage, so that you can recover it in case of a virus infection.

# Mishing:
1."Mishing" is a term used to describe a type of phishing attack that specifically
targets mobile devices, such as smartphones and tablets.
2. It involves sending fraudulent text messages (SMS) to trick users into
providing sensitive information or clicking on malicious links. Mishing is similar
to email phishing but is tailored for mobile devices.
3. Variants of Mishing:
A. Vishing (Voice Phishing): Vishing is a form of mishing that uses voice
messages instead of text messages. Attackers use automated phone calls or
voice messages to deceive users into providing personal information or visiting
malicious websites.
B. Smishing (SMS Phishing): Smishing is another variant of mishing that uses
SMS messages to trick users. Attackers send text messages containing links to
fake websites or malware-infected apps, aiming to steal personal information
or install malware on the device.
4. Working of Mishing, Vishing, and Smishing:
A. Text Messages (Mishing and Smishing): Attackers send text messages to
mobile users, posing as legitimate organizations or individuals. These messages
typically contain a sense of urgency or a tempting offer to lure users into
clicking on links or providing personal information.
B. Voice Messages (Vishing): Attackers use automated phone calls or voice
messages to deceive users. The messages often claim to be from a bank,
government agency, or other trusted organization, asking users to verify their
account details or take immediate action to avoid consequences.
5. Measures to Protect Against Mishing, Vishing, and Smishing:
A. Be Skeptical: Be cautious of unsolicited messages or calls, especially those
that ask for personal or financial information. Verify the sender's identity
before taking any action.
B. Do Not Click on Links: Avoid clicking on links in text messages or emails from
unknown or suspicious senders. Instead, visit the official website of the
organization directly by typing the URL into your browser.
C. Use Security Software: Install reputable antivirus software on your mobile
device to protect against malware and phishing attacks.
D. Enable Two-Factor Authentication (2FA): Enable 2FA on your accounts to
add an extra layer of security. This can help protect your accounts even if your
credentials are compromised.
E. Educate Yourself: Stay informed about the latest phishing techniques and
trends. Educate yourself and others about how to recognize and avoid phishing
attacks.

# Bluetooth hacking:
1.Bluetooth hacking refers to the unauthorized access of a Bluetooth-enabled
device, such as a mobile phone, tablet, or laptop, by exploiting vulnerabilities in
the Bluetooth protocol.
2.Bluetooth hacking can lead to various threats, including data theft,
unauthorized access to device functions, and privacy breaches.
3. It is also known as Bluesnarfing.
4.Threats of Bluetooth Hacking:
a. Data Theft: Attackers can steal sensitive information stored on the device,
such as contacts, messages, and files.
b. Unauthorized Access: Attackers can gain control of the device's functions,
such as making calls, sending messages, or accessing the internet, without the
user's permission.
c. Privacy Breaches: Bluetooth hacking can lead to privacy breaches, as
attackers can eavesdrop on conversations or track the device's location.
5.Bluetooth Attacks:
a. Bluejacking: Bluejacking is a harmless form of Bluetooth attack where an
attacker sends unsolicited messages or vCards (electronic business cards) to
nearby Bluetooth-enabled devices. The purpose of bluejacking is usually to
annoy or prank the recipient, rather than to cause harm.
b. Bluesnarfing: It is a more serious Bluetooth attack where an attacker gains
unauthorized access to a device's data, such as contacts, messages, and files.
This is done by exploiting vulnerabilities in the Bluetooth protocol to bypass
security measures.
c. Bluebugging: Bluebugging is a more advanced Bluetooth attack where an
attacker gains complete control of a device, allowing them to make calls, send
messages, and access the internet without the user's knowledge. This attack is
typically used for more malicious purposes, such as fraud or espionage.
d. Car Whisperer: Car Whisperer is a type of Bluetooth attack that targets car
audio systems with Bluetooth capabilities. Attackers can gain control of the
car's audio system, allowing them to eavesdrop on conversations or play
malicious audio files.
6. To Protect Against Bluetooth Hacking:
1. Turn Off Bluetooth When Not in Use: This prevents unauthorized access to
your device when you are not actively using Bluetooth.
2. Use Strong Passwords: Use strong, unique passwords for Bluetooth
connections to prevent unauthorized access.
3. Keep Software Updated: Regularly update your device's operating system
and apps to protect against known vulnerabilities.
4. Disable Discoverable Mode: Only enable Bluetooth's discoverable mode
when actively pairing with a device, and disable it immediately afterward.
5. Be Cautious of Pairing Requests: Be wary of pairing requests from unknown
or suspicious devices, as they could be attempting to initiate a Bluetooth
attack.

# Bluetooth hacking tools:

1. BlueSnarf: BlueSnarf is a Bluetooth hacking tool that allows attackers to
access and steal data from Bluetooth-enabled devices, such as contacts,
messages, and files. It exploits vulnerabilities in the Bluetooth protocol to
bypass security measures and gain unauthorized access.
2. Bluebugging Tools: Bluebugging tools are used to exploit vulnerabilities in
the Bluetooth protocol to gain complete control of a Bluetooth-enabled device.
Attackers can use these tools to make calls, send messages, and access the
internet without the user's knowledge or permission.
3. BTScanner: BTScanner is a Bluetooth scanning tool that allows users to
discover and identify nearby Bluetooth devices. It can be used by attackers to
identify potential targets for Bluetooth hacking attacks, such as Bluejacking or
Bluesnarfing.
4. Bluesnarfer: Bluesnarfer is a tool used to exploit the Bluesnarfing
vulnerability in the Bluetooth protocol. It allows attackers to access and steal
data from Bluetooth-enabled devices, such as contacts, messages, and files,
without the user's knowledge or permission.
5. Car Whisperer: Car Whisperer is a Bluetooth hacking tool specifically
designed to target car audio systems with Bluetooth capabilities. Attackers can
use Car Whisperer to gain control of the car's audio system, allowing them to
eavesdrop on conversations or play malicious audio files.
 Unit 3
#Questions:
1.List and briefly discuss Six Tools and Methods used for Cyber attack.
2. What is password cracking? List and discuss three types of password cracking attacks.
3. Write a short note on i) Keyloggers and Spywares ii) Virus & Worms
4. List and briefly discuss all stages of an cyber attack on network.
5. Explain 6 ways to secure the wireless networks.
6. What is DoS attack? Classify the DoS attack.
7. What is SQL injection attack? State the 4 steps of sql injection attack.
8.List and briefly explain 6 components of wireless network.

# Proxy server:
1. Proxy server is computer on a network which acts as an intermediary for
connections with other computers on that network.
2. Attacker first connects to proxy server and then establishes a connection
with the target system.
3. This enables an attacker to surf the Web anonymously and/or hide the
attack.
4. Working of Proxy Server: When you send a request to access a website or a
resource on the internet, the request goes to the proxy server first. The
proxy server then forwards the request to the internet on your behalf,
receives the response, and forwards it back to you.
5. Purpose of proxy server:
– Keep the system behind the curtain
– Speed up access to resource
– Specialized proxy servers are used to filter unwanted content such as
advertisement
– Proxy server can be used as IP address multiplexer to enable to
connect number of computers on the Internet, whenever one has only
one IP address
6. Advantages of using proxy server:
a. Improved Security: Proxy servers can act as a barrier between your
network and the internet, helping to protect against malicious attacks,
 viruses, and other threats. They can also provide encryption and
authentication to enhance security.
b. Privacy Protection: By masking your IP address, proxy servers can help
protect your privacy online. They can prevent websites from tracking
your browsing habits and can provide a level of anonymity.
c. Access Control: Proxy servers can be used to restrict access to certain
websites or content, either for security reasons or to enforce company
policies. They can also be used to bypass geo-restrictions and access
content that is blocked in your region.
d. Bandwidth Savings: Proxy servers can cache frequently accessed
content, such as web pages, images, and videos. This can reduce the
amount of bandwidth used and improve loading times for users
accessing the same content.
e. Improved Performance: By caching content and optimizing traffic,
proxy servers can improve the performance of web browsing and other
internet-related activities.
f. Content Filtering: Proxy servers can be configured to filter out
malicious content, such as malware, phishing sites, and other threats.
They can also be used to block access to specific websites or categories
of websites.
g. Cost Savings: By reducing bandwidth usage and improving
performance, proxy servers can help reduce the costs associated with
internet connectivity.

# Phishing:
1.Phishing is a type of cyberattack where attackers use fraudulent emails,
messages, or websites to trick individuals into providing sensitive information
such as passwords, credit card numbers, or personal information.
2.Phishing attacks often appear to come from a legitimate source, such as a
bank, social media platform, or government agency, and they typically create a
sense of urgency or fear to prompt the victim to act quickly without thinking.

3. The goal of phishing attacks is to steal sensitive information or to

install malware on the victim's device.

4. Working of Phishing attacks:

a. Planning: decide the target & determine how to get E- Mail address
b. Setup: create methods for delivering the message & to collect the data
about the target
c. Attack: sends a phony message that appears to be from a reputable source
d. Collection: record the information of victims entering into web pages or
pop-up window
e. Identify theft and fraud: use information that they have gathered to make
illegal purchases and commit fraud

5. Phishing attacks can also occur through other channels, such as text
messages (smishing) or phone calls (vishing). Attackers use social engineering
techniques to make their messages appear legitimate and to manipulate
victims into taking the desired action.

6.To protect from phishing attacks, it's important to be cautious when opening
emails or messages from unknown senders, and to verify the legitimacy of
websites before entering sensitive information. Using security software and
keeping it up to date can also help protect against phishing attacks.

# Password Cracking:
1. Password Cracking is the process of recovering passwords from data that
have been stored in or transmitted by a computer system.
2. It is typically performed by hackers or security testers to assess the
strength of passwords and the security of a system.
3. A common approach (brute-force attack) is to try guesses repeatedly for
the password and check them.
4. Purpose of password cracking:
a. Unauthorized Access: The primary purpose of password cracking is to
gain unauthorized access to a computer system, network, or account.
Attackers may crack passwords to steal sensitive information, commit
fraud, or disrupt operations.

b. Security Testing: Security professionals may use password cracking

as a means of testing the strength of passwords and the overall security of
a system. By attempting to crack passwords, they can identify weaknesses
and vulnerabilities that need to be addressed.
 c. Recovery of Lost Passwords: In some cases, individuals may use
password cracking tools to recover lost or forgotten passwords for their
own accounts. This is typically done when other methods of password
recovery are not available or feasible.

d. Educational Purposes: Password cracking is sometimes used for

educational purposes to help individuals understand how passwords can
be cracked and the importance of using strong passwords.

5. Some key measures to prevent password cracking:

a. Use Strong Passwords: Use passwords that are long, complex, and
difficult to guess. Include a mix of letters, numbers, and special characters.
b. Use Different Passwords for Different Accounts: Use unique passwords
for each of your accounts.
c. Enable Multi-Factor Authentication (MFA): This adds an extra layer of
security by requiring you to provide additional verification, such as a code sent
to your phone, in addition to your password.
d. Regularly Update Passwords: Regularly update your passwords to reduce
the risk of them being cracked.
e. Educate Users: Educate users about the importance of strong passwords
and password security best practices. Encourage them to use strong and
unique passwords.

6. Types of password cracking attacks:

A. Dictionary Attack: In a dictionary attack, an attacker uses a predefined list
of commonly used passwords, known as a "dictionary," to attempt to crack
passwords. The dictionary may also include common phrases, names, or words
related to the target. The objective of a dictionary attack is to quickly crack
passwords by trying common and likely choices first, rather than exhaustively
trying all possible combinations.
B. Brute Force Attack: In a brute force attack, an attacker tries every possible
combination of characters until the correct password is found. This can involve
trying all possible combinations of letters, numbers, and symbols. The
objective of a brute force attack is to exhaustively search for the correct
password, regardless of its complexity, by trying all possible combinations.
C. Hybrid attack: A hybrid attack in password cracking combines elements of
both brute force and dictionary attacks to increase the efficiency of password
recovery. It is a more sophisticated approach than either method alone,
leveraging the strengths of each to optimize the attack.

# Keyloggers:
1.Keyloggers, short for keystroke loggers, are malicious software or hardware
devices designed to record and monitor the keystrokes typed on a computer
keyboard.
2.They are used by attackers to capture sensitive information such as
usernames, passwords, credit card numbers, and other personal information.
3.Keyloggers can be installed surreptitiously on a victim's device and can
operate silently in the background without the user's knowledge.
4. Types of keyloggers:
A. Software-based keyloggers:
a. Software-based keyloggers are programs or malware that are installed on
a computer to capture keystrokes.
b. They can be installed through malicious email attachments, infected
websites, or by exploiting vulnerabilities in software.
c. Once installed, software-based keyloggers can capture all keystrokes typed
on the keyboard, including usernames, passwords, messages, and other
sensitive information. They can also capture screenshots, track website
visits, and record other activities on the computer.
B. Hardware-based keyloggers:
a. Hardware-based keyloggers are physical devices that are attached to a
computer's keyboard or inserted between the keyboard cable and the
computer's USB port.
b. They capture keystrokes as they pass through the device.
c. Hardware-based keyloggers work by intercepting and recording
keystrokes before they reach the computer's operating system.
d. They are often used in situations where software-based keyloggers may be
easily detected or removed.

# Spyware:
1.Spyware is a type of malicious software (malware) that is designed to
secretly monitor and collect information from a computer or device without
the user's knowledge or consent.

2. Spyware can gather a wide range of information, including keystrokes,

passwords, web browsing habits, and personal information such as credit card
numbers and social security numbers.

3. This information is then sent to the creator of the spyware, who can use it
for various malicious purposes, such as identity theft or fraud.

4.Spyware is often installed on a computer or device without the user's

knowledge, typically through phishing emails, malicious websites, or bundled
with legitimate software.

5. Once installed, spyware can run silently in the background, making it difficult
for users to detect.

6. Prevention from spywares can be done through following ways:

a. use reputable antivirus and anti-malware software

b. keep your operating system and software up to date

c. be cautious when downloading files or clicking on links from unknown

or untrusted sources.

d. regularly scanning your computer for spyware and other malware can
help detect and remove any malicious software that may be present.

# Viruses:
1.A computer virus is a type of malicious software (malware) that infects the
files on a computer.
2. They spread themselves without the knowledge or permission of the users.
3. They have the ability to replicate themselves, spread to other computers,
and cause various types of damage.
4. They attach themselves to executable files or documents and replicate when
the infected file is executed.
5. Viruses are designed to spread quickly and can be transmitted through email
attachments, infected files, or malicious websites.
6. Once a computer is infected, the virus can execute malicious code, steal
sensitive information, or damage files and software on the infected computer.
7. Prevention from virus:

a. use reputable antivirus and anti-malware software

b. keep your operating system and software up to date

c. be cautious when downloading files or clicking on links from unknown or

untrusted sources.

d. regularly scanning your computer for spyware and other malware can help
detect and remove any malicious software that may be present.

# Worms:

1.Worms are a type of malware that is designed to replicate itself and spread
across networks and systems.

2.Unlike viruses, worms do not need to attach themselves to other programs

or files to spread.

3.Instead, they can independently replicate and spread to other computers

and devices connected to the same network.

4.Worms can spread through various means, including email attachments,

malicious links, or exploiting vulnerabilities in operating systems or software.

5. Once a worm infects a computer or device, it can perform a variety of

malicious actions, including:

a. Replication: Worms are designed to replicate themselves and spread to

other computers and devices.

b. Data Theft: Worms can be used to steal sensitive information, such as

usernames, passwords, and financial data, from infected computers.
 c. System Damage: Worms can cause damage to infected systems by
deleting files, corrupting data, or causing system crashes.

d. Backdoor Installation: Worms can create a backdoor on infected

systems, allowing attackers to gain unauthorized access to the system at
a later time.

6. Prevention from virus:

a. use reputable antivirus and anti-malware software

b. keep your operating system and software up to date

c. be cautious when downloading files or clicking on links from unknown or

untrusted sources.

d. regularly scanning your computer for spyware and other malware can help
detect and remove any malicious software that may be present.

# Trojan horses:

1.Torjan horse is a program in which malicious or harmful code is contained

inside that can get control over the system and cause harm.

2.They are a type of malware that disguises itself as legitimate software to trick
users into downloading and installing it on their systems.

3. Once installed, Trojans can perform a variety of malicious actions, such as

stealing sensitive information, spying on user activities, and damaging or
disrupting the system.

4.Unlike viruses and worms, Trojans do not replicate themselves but rely on
social engineering tactics to spread.

5. Trojan horses are typically distributed through email attachments, malicious

websites, or software downloads.

6.To protect against Trojan horse malware, it's important to follow these best
practices:

• Keep your operating system and software up to date with the latest
security patches.
 • Use reputable antivirus and anti-malware software and keep it updated.
• Be cautious when downloading software or clicking on links from
unknown or untrusted sources.
• Avoid opening email attachments from unknown or suspicious senders.
• Use strong, unique passwords for your accounts and enable two-factor
authentication where available.

# Backdoors:
1. A backdoor is a hidden or undocumented method of bypassing normal
authentication, encryption, or security controls in a computer system,
application, or device.
2.Backdoors are often created by developers for troubleshooting purposes or
by attackers for malicious intent.
3. They can be used to gain unauthorized access to a system, steal information,
or remotely control a device.
4. They work in background and hides from user.
5. They are most dangerous parasite, as it allows a malicious person to perform
any possible action.
6. They allow an attacker to create, delete, rename, copy or edit any file;
change any system setting, setting, alter window registry; run, control and
terminate application; install arbitrary software.

7. Prevention:

• Antivirus and Anti-Malware Software: Use reputable antivirus and anti-

malware software to detect and remove backdoors and other types of
malware from your system.
• Keep Software Updated: Regularly update your operating system and
software applications to protect against known vulnerabilities that
backdoors can exploit.
• Use Strong Authentication: Use strong, unique passwords and enable
multi-factor authentication (MFA) to protect against unauthorized
access to your accounts and systems.
• Monitor Network Traffic: Monitor network traffic for suspicious activity
that may indicate the presence of a backdoor or other malicious activity.
# Steganography:
1.Steganography is the practice of concealing a message, file, image, or video
within another message, file, image, or video.
2.Unlike cryptography, which focuses on making a message unreadable to
unauthorized users, steganography focuses on hiding the existence of the
message itself.
3.The goal of steganography is to conceal the fact that a message is being sent,
as opposed to concealing the contents of the message.

4. There are several techniques used in steganography to hide messages,

including:

• Text Steganography: Hiding text within another text or document

by using invisible characters, changing the font or color of the text,
or using other subtle modifications.
• Image Steganography: Hiding data within an image by modifying
the color values of pixels, embedding data in the least significant
bits of the image, or using algorithms that are imperceptible to
the human eye.
• Audio Steganography: Hiding data within an audio file by
modifying the audio waveform, embedding data in the least
significant bits of the audio file, or using other techniques that are
difficult to detect.
• Video Steganography: Hiding data within a video file by modifying
the video frames, embedding data in the least significant bits of
the video file, or using other techniques that are imperceptible to
the human eye.
5. Steganography has various applications, including:
• Covert Communication: Steganography can be used by spies,
criminals, or activists to communicate secretly without raising
suspicion.
• Digital Watermarking: Steganography is used to embed digital
watermarks in images, videos, or audio files to protect against
copyright infringement.
 • Data Hiding: Steganography can be used to hide sensitive data
within other files, making it difficult for unauthorized users to
access the data.

6.Detecting steganography can be challenging, as the modifications made to

the carrier file are often difficult to detect.

7. However, there are techniques and tools available for detecting

steganography, such as analyzing the statistical properties of the carrier file or
using specialized software designed to detect steganography.

# DoS Attack:

1.A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the normal

functioning of a target server, service, or network by overwhelming it with a
flood of illegitimate traffic or resource requests.

2. It is an attempt to make a computer service unavailable to its intended

users.

3. The goal of DoS attack is not to gain unauthorised access to systems a data
but to prevent intended user of a service from using it.

4. Activities done by DoS attack are:

a. Flood a network with traffic.

b. Disrupt connection between two systems.

c. Prevent a particular individual from accessing service.

d. Disrupt service to a specific system or person.

5. Classification of DoS Attacks:

a. Bandwidth Attacks: These attacks flood the target network with a massive
amount of traffic, consuming all available bandwidth and preventing legitimate
users from accessing the network or service.
 b. Logic Attacks: Logic attacks exploit vulnerabilities in the target's software
or protocols to cause a system crash or degrade its performance.

c. Protocol Attacks: These attacks exploit weaknesses in network protocols to

consume excessive server resources or cause network disruptions.

d. Unintentional DoS Attacks: These are not initiated with malicious intent
but can still disrupt services

6. DoS attacks can have serious consequences, including financial losses,

reputational damage, and legal implications.

7. Organizations must implement robust security measures, such as firewalls,

intrusion detection systems (IDS), and DoS protection services, to mitigate the
risks posed by these attacks.

# DDoS Attack:

1.It stands for Distributed Denial of Service attack.

2.It is a malicious attempt to disrupt the normal traffic of a targeted server,

service, or network by overwhelming it with a flood of internet traffic.

3.In a typical DDoS attack, multiple compromised computer systems, often

infected with malware, are used to target a single system.

4. To protect from DoS / DDoS Attacks:

• Implement router filters • Disable any unused or inessential n/w service •

Observe your system performance and establish baselines for ordinary activity
• Routinely examine your physical security •Use tools to detect changes in
configuration info or other • Establish and maintain regular backup schedules
and policies
# SQL Injection Attack:

1.SQL injection is a type of attack that targets the SQL (Structured Query
Language) database management system.

2.It is a code injection technique that exploits a security vulnerability occurring

in Database (DB) layer of application.

3. It is also known as SQL insertion attacks

4. The target of attackers is to attack the SQL servers

5. The main objective of SQL injection is “to obtain the information while
accessing a DB table that may contain personal information”

6. The attack is done by inserting malicious code into a web form field.

7. Steps:

i. The attacker looks for the web pages that allows submitting data, that is,
login page, search page, feedback, etc. The attacker also looks for the web
pages that display the HTML commands such as POST and GET by checking
the site's source code.

ii. The attacker checks the source code of the HTML and look for "FORM"
tag in the HTML code. Everything between the <FORM> and </FORM>
have potential parameters that might be useful to find the vulnerabilities.

iii. The attacker inputs a single quote under the text box provided on the
web page to accept the username and password.

iv. The attacker uses SQL commands such as SELECT statement command
to retrieve data from the database or INSERT statement to add information
to the database.

7. To prevent from SQL Injection attacks:

a. Use Parameterized Queries or Prepared Statements: Instead of

directly embedding user input in SQL queries, use parameterized
queries.
 b. Input Validation: Validate and sanitize all user input before using it in
SQL queries. Ensure that input matches the expected data type, format,
and length.
c. Use Stored Procedures: Use stored procedures to encapsulate SQL
code on the database server.
d. Error Handling: Implement proper error handling in your application.
Avoid displaying detailed error messages to users, as they can reveal
sensitive information that attackers can exploit.
e. Database Security: Regularly update your database software and
apply security patches. Use firewalls and other security measures to
protect your database from unauthorized access.

# Tools and methods used in cyber attacks:

1. Malvertising: Malvertising, short for malicious advertising, is the use of

online advertising to spread malware. Attackers use legitimate ad networks to
display malicious ads that can infect users' devices when clicked or viewed.

2. Scareware: Scareware is a type of malware that tricks users into believing

their computer is infected with viruses or other threats. The goal is to scare
users into purchasing fake antivirus software or services to "fix" the non-
existent issues.

3. Clickjacking: Clickjacking is a technique used to trick users into clicking on a

disguised or invisible link by overlaying it with a legitimate-looking element.
This can lead to unintended actions, such as downloading malware or sharing
sensitive information.

4. Ransomware: Ransomware is a type of malware that encrypts files on a

victim's computer and demands payment (usually in cryptocurrency) for the
decryption key. Ransomware attacks can be devastating, as they can render
important files inaccessible.

5. Phishing: Phishing is a method used to trick users into providing sensitive

information, such as usernames, passwords, or credit card details, by disguising
as a trustworthy entity in an email, text message, or website.

6. Man-in-the-Middle (MitM) Attack: In a MitM attack, an attacker intercepts

communication between two parties (e.g., a user and a website) to eavesdrop,
modify, or inject malicious content into the communication. This can be used to
steal sensitive information or manipulate data.

(Also add password cracking, keyloggers, spywares, virus, worms, torjan horses,
sql injection, dos attack)

# Stages of cyber attack on network:

1. Initial Uncovering: This stage involves the attacker identifying the target
network and gathering information about its vulnerabilities, architecture, and
potential entry points. This could include scanning the network for open ports,
identifying software versions, and collecting information about potential
targets.
2. Network Probe: Once the attacker has identified potential vulnerabilities,
they may use tools and techniques to probe the network further. This could
involve scanning for specific vulnerabilities, such as outdated software or
misconfigured services, that could be exploited to gain access.
3. Crossing the Line Toward Electronic Crime: In this stage, the attacker takes
action to exploit the identified vulnerabilities and gain unauthorized access to
the network. This could involve using exploits, malware, or social engineering
techniques to gain a foothold in the network.
4. Capturing the Network: With access to the network, the attacker seeks to
expand their access and control over the network. This could involve escalating
privileges, moving laterally through the network to identify additional targets,
and establishing persistence to maintain access.
5. Grab the Data: Once the attacker has gained access and control over the
network, they may seek to exfiltrate sensitive data. This could involve stealing
data such as personal information, financial data, or intellectual property for
financial gain or other malicious purposes.
6. Covering Tracks: To avoid detection and attribution, the attacker may
attempt to cover their tracks by deleting logs, modifying timestamps, or using
other techniques to hide their activities. This stage is aimed at making it
difficult for investigators to trace the attack back to its source.

# Components of wireless network:

1.Access Points (APs):

a.Access points are devices that allow wireless devices to connect to the wired
network.

b.They act as bridges between wireless devices and the wired network
infrastructure, providing connectivity and access to resources.

2.Antennas:

a. Antennas are used to transmit and receive wireless signals.

b. They are essential components of wireless devices and access points,

helping to establish communication over the air and to improve signal strength
and coverage.

3.Wireless Standards:

a.Wireless networks operate according to specific standards, such as Wi-Fi

(802.11) standards, which define the protocols and technologies used for
wireless communication.

4.Wi-Fi hotspots:

a. These are the locations where wireless connectivity to the internet is

provided using a wireless access point (WAP).

b. They are commonly found in public areas like cafes, airports, hotels allowing
users to connect to the internet using their Wi-Fi enabled device.

5.Media Access Control (MAC):

a. It refers to the unique hardware address a signed to each device that

connects to a network.

b. MAC addresses are used by access point to identify and authenticate devices
trying to connect to the network.

6. Wi-Fi Protected Access (WPA):

a. It is a security protocol design to secure wireless network.

b. The current and most widely used version is WPA2.

7.Wi-Fi routers:

a. Routers are networking devices that connect multiple networks together.

b. It serves as an access point allowing wireless devices to connect to a wired

network or the internet.

# Ways to secure wireless network:

1.Use Strong Passwords: Set strong, unique passwords for your wireless network
and router. Avoid using default passwords, as they are easily guessable. Use a
combination of letters, numbers, and special characters.

2. Enable WPA/WEP Encryption: Use strong encryption protocols such as WPA2

(Wi-Fi Protected Access 2) or WPA3 on your wireless router. This will encrypt data
transmitted over the wireless network. This prevents unauthorized users from
intercepting and reading the data.

3. MAC Address Filtering: Enable MAC address filtering on your wireless router to
only allow devices with specific MAC addresses to connect to the network.

4.Disable Unused Services: Disable any unnecessary services or features on

your wireless router, such as remote management to reduce the attack
surface.

5.Change Default Settings: Change the default SSID (Service Set Identifier) of
your wireless network and disable SSID broadcasting. This makes it harder for
attackers to identify and target your network.

6.Use a Firewall: Enable the firewall on your wireless router to block

unauthorized access attempts and filter incoming and outgoing traffic.

7.Position Your Router Carefully: Place your wireless router in a central

location and away from windows to reduce signal leakage outside your home
or office, minimizing the risk of unauthorized access from nearby locations.

8.Monitor Network Activity: Regularly monitor your wireless network for

unusual activity, such as unknown devices connected to the network or
unusually high data usage, which could indicate a security breach.
 Unit 4
#Questions:
1.Techniques of ID theft with example.
2.With diagram, explain rules of evidence.
3. List 12 different phishing countermeasures.
4. List 12 different sources of digital evidence.
5. List 6 techniques of phishing attacks.
6. List and explain 3 methods of phishing attack.
7. With diagram, explain digital forensics science.
8. List and briefly discuss any 6 countermeasures for ID Theft.

# Phishing:
1.Phishing is a type of cyberattack where attackers use fraudulent emails,
messages, or websites to trick individuals into providing sensitive information
such as passwords, credit card numbers, or personal information.
2.Phishing attacks often appear to come from a legitimate source, such as a
bank, social media platform, or government agency, and they typically create a
sense of urgency or fear to prompt the victim to act quickly without thinking.
3. The goal of phishing attacks is to steal sensitive information or to install
malware on the victim's device.
4. Working of Phishing attacks:
a. Planning: decide the target & determine how to get E- Mail address
b. Setup: create methods for delivering the message & to collect the data
about the target
c. Attack: sends a phony message that appears to be from a reputable source
d. Collection: record the information of victims entering into web pages or
pop-up window
 e. Identify theft and fraud: use information that they have gathered to make
illegal purchases and commit fraud
5. Phishing attacks can also occur through other channels, such as text
messages (smishing) or phone calls (vishing). Attackers use social engineering
techniques to make their messages appear legitimate and to manipulate
victims into taking the desired action.
6.To protect from phishing attacks, it's important to be cautious when opening
emails or messages from unknown senders, and to verify the legitimacy of
websites before entering sensitive information. Using security software and
keeping it up to date can also help protect against phishing attacks.

# Methods of Phishing:
1. Dragnet Phishing: In dragnet phishing, attackers send out a large number of
generic phishing emails to a wide audience, hoping to catch as many victims as
possible. These emails typically don't target specific individuals but instead use
generic messages that could apply to many people. The goal is to lure
unsuspecting recipients into clicking on malicious links or downloading
malicious attachments.
2. Rod and Reel Phishing: This method involves more targeted attacks
compared to dragnet phishing. Attackers carefully select their targets and craft
personalized phishing emails that appear to come from a legitimate source,
such as a trusted company or colleague. The emails often contain convincing
information or requests that prompt the victim to provide sensitive information
or click on malicious links.
3. Lobster Pot Phishing: Lobster pot phishing is a term used to describe a
phishing attack that lures victims into a trap, much like how lobsters are
attracted to a lobster pot. In this method, attackers create a fake website or
landing page that looks identical to a legitimate site, such as a banking or social
media site. They then lure victims to this fake site through phishing emails or
messages, where the victims unknowingly enter their sensitive information,
which is captured by the attackers.
4. Gillnet Phishing: Gillnet phishing is similar to dragnet phishing, but with a
more focused approach. In gillnet phishing, attackers target a specific group of
individuals or organizations with similar characteristics, such as employees of a
particular company or members of a specific industry. The phishing emails are
tailored to this group, making them more convincing and increasing the
likelihood of success.

# Phishing Techniques:
Phishing techniques are methods used by cybercriminals to deceive individuals
into providing sensitive information such as passwords, credit card numbers, or
personal details.
1. URL (Web Link) Manipulation: In URL manipulation, attackers create a
deceptive web address that closely resembles a legitimate website. For
example, they might use a misspelled or slightly altered version of a popular
website's URL to trick users into visiting a fake website and entering their
credentials.
2. Filter Evasion: Filter evasion techniques are used to bypass spam filters and
other security measures. Attackers might use techniques such as embedding
malicious content in images or using obfuscated URLs to make phishing emails
appear legitimate to filters.
3. Website Forgery: Website forgery involves creating a fake website that looks
identical to a legitimate site. Attackers use this technique to trick users into
entering their credentials or personal information, which is then captured by
the attackers.
4. Flash Phishing: Flash phishing involves using Adobe Flash to create a fake
login prompt on a legitimate website. When users enter their credentials, the
information is captured by the attackers. This technique is less common now
due to the decline of Adobe Flash.
5. Social Phishing: Social phishing, also known as social engineering phishing,
involves manipulating individuals into providing sensitive information through
social interactions. Attackers might use social media, email, or other
communication channels to trick users into revealing information.
6. Phone Phishing (Vishing): Phone phishing, or vishing, involves using phone
calls to deceive individuals into providing sensitive information. Attackers might
impersonate a trusted entity, such as a bank or government agency, to trick
users into revealing their credentials or personal information over the phone.
7. Spear Phishing: Spear phishing is a targeted form of phishing where
attackers customize their messages for specific individuals or organizations. The
messages often appear to come from a trusted source and are designed to trick
the recipient into revealing sensitive information or clicking on a malicious link.

# Types of Phishing Scams:

1. Deceptive Phishing: This is the most common type of phishing scam. It
involves sending emails that appear to be from a legitimate source, such as a
bank or a trusted company, to trick recipients into providing personal
information, like passwords or credit card numbers, by clicking on a link or
replying to the email.
2. Malware-Based Phishing: In this type of phishing, emails contain malicious
attachments or links that, when clicked, download malware onto the victim's
device. This malware can steal sensitive information, such as login credentials
or financial data.
3. Keyloggers: Keyloggers are a type of malware that records keystrokes on a
computer or mobile device. Attackers use keyloggers to capture sensitive
information, such as passwords or credit card numbers, entered by the victim.
4. Session Hijacking: Also known as session fixation, this type of phishing attack
occurs when an attacker takes control of a user's session on a website. This
allows the attacker to access the victim's account and perform actions on their
behalf.
5. Web Trojans: Web Trojans are malicious programs that disguise themselves
as legitimate software. They can infect a user's device when they visit a
compromised website and can steal sensitive information or provide attackers
with unauthorized access to the device.
6. Data Theft: Data theft phishing scams involve stealing sensitive information,
such as passwords or credit card numbers, from individuals or organizations.
Attackers can use this information for financial gain or to commit identity theft.
7. Content Injection: Content injection phishing attacks involve injecting
malicious code into a legitimate website. When users visit the compromised
website, the malicious code can steal their sensitive information or redirect
them to a phishing site.
8. Man-in-the-Middle (MITM) Phishing: In a MITM phishing attack, an attacker
intercepts communication between two parties, such as a user and a website,
without their knowledge. This allows the attacker to eavesdrop on the
communication and steal sensitive information.
9. Search Engine Phishing: Search engine phishing involves attackers creating
fake websites that appear in search engine results. When users click on these
fake websites, they are directed to phishing sites that steal their sensitive
information.

# Phishing Countermeasures :
1. Keep Antivirus Up to Date: Ensure your antivirus software is always updated
to detect and block phishing attempts, malware, and other threats.
2. Do Not Click on Hyperlinks in Emails: Avoid clicking on links in emails,
especially from unknown or suspicious senders. Instead, manually type the
website address into your browser.
3. Use and Update Security Software: Use reputable security software and
keep it updated to protect against phishing and other online threats.
4. Verify HTTPS: Look for "https://" at the beginning of a website's URL and a
padlock icon in the address bar to verify that the website is secure and
encrypts your data.
5. Get Educated: Learn about phishing scams and how to recognize them. Be
cautious of emails, messages, or websites that seem suspicious or ask for
personal information.
6. Use Firewall: Enable and maintain a firewall to monitor and control incoming
and outgoing network traffic to protect against unauthorized access.
7. Multi-Factor Authentication: Use multi-factor authentication (MFA)
whenever possible. This adds an extra layer of security by requiring more than
one form of verification to access an account.
8. Do Not Enter Sensitive Information into Pop-up Windows: Be wary of pop-
up windows asking for sensitive information. Close the window and contact the
company directly if you are unsure.
9. Use Email Filtering: Use email filtering software to help identify and block
phishing emails before they reach your inbox.
10. Strong Passwords: Use strong, unique passwords for your accounts and
change them regularly. Consider using a password manager to keep track of
your passwords securely.
11. Use Anti-Spam software: It helps keeping phishing attacks at minimum.
Many phishing attacks can be reduced.
12.Use Anti-Spyware software: It can detect a problem and can provide a fix.

# ID Theft:
1.Identity theft is a serious crime where someone wrongfully obtains and uses
another person's personal data in a fraudulent or deceptive manner, typically
for economic gain.
2.Identity theft occurs when someone uses another person's personal
information, such as their name, Social Security number, credit card number, or
other identifying information, without permission to commit fraud or other
crimes.
3.Identity thieves can obtain personal information in various ways, including
stealing wallets, mail, or documents containing personal information, hacking
into computers or networks to steal data, or tricking individuals into providing
their information through phishing scams or other fraudulent means.
4. Impact of ID Theft:
- Financial Loss: Victims of identity theft may suffer financial losses due to
unauthorized transactions, fees, and legal costs to restore their identity.
- Emotional Distress: Dealing with the aftermath of identity theft can be
stressful and emotionally draining for victims.
- Damage to Credit: Identity theft can damage a victim's credit score, making
it difficult to obtain loans, credit cards, or even employment.
- Legal Issues: Victims may face legal issues if identity theft leads to criminal
charges or other legal problems under their name.
5. Prevention and Protection:
- Secure Personal Information: Store sensitive documents in a safe place,
shred documents before disposing of them, and be cautious when sharing
personal information online or over the phone.
 - Monitor Accounts: Regularly review bank statements, credit card
statements, and credit reports for any unauthorized activity.
- Use Strong Passwords: Use strong, unique passwords for online accounts
and consider using two-factor authentication for added security.
- Be Cautious of Phishing Scams: Be wary of emails, calls, or messages asking
for personal information and verify the source before providing any
information.

# Types of Identity Theft:

1.Financial Identity Theft: This occurs when someone steals your financial
information, such as credit card details or bank account numbers, to make
unauthorized transactions or open new accounts in your name.
2. Criminal Identity Theft: In this type, a person uses your identity when they
are arrested or charged with a crime. This can lead to a criminal record being
created in your name for offenses you didn't commit.
3. Identity Cloning: Identity cloning involves creating a complete duplicate of
someone else's identity, including their name, date of birth, and other personal
information. The cloned identity can be used for various fraudulent activities.
4. Business Identity Theft: Here, a criminal steals a business's identity to
commit fraud or other illegal activities. This can involve using the business's
name, credit history, or tax identification number for fraudulent purposes.
5. Medical Identity Theft: This occurs when someone uses your personal
information to receive medical services, prescription drugs, or file insurance
claims in your name. It can lead to inaccuracies in your medical records and
bills.
6. Synthetic Identity Theft: In this type, a thief combines real and fake
information to create a new identity. For example, they might use a real Social
Security number with a fake name and address to open accounts or obtain
credit.
7. Child Identity Theft: Children's identities can be targeted because they often
have clean credit histories. Thieves can use a child's Social Security number to
open accounts, apply for benefits, or commit other fraud.
# ID Theft Techniques:
ID Theft Techniques

A. Human Based B. Computer Based

1. Direct access to info 1. Backup Theft

2. Theft of a purse/wallet 2. Malware
3. Dishonest employee 3. Redirectors
A. Human Based Techniques: These are the techniques used by an attacker
without and or minimal use of technology.
Examples:
1. Direct access to information: People who have earn a certain degree of
trust can obtain legitimate access to a business to steal personal
information.
2. Theft of a purse/wallet : Wallets often containing bank credit and debit
cards, driving licence which can help the attacker to steal information.
3. Dishonest employee: An employee with access to personal files can
gather all sorts of confidential information and can use it to provide sufficient
damage.
B. Computer Based Techniques: These techniques leverage technology to
steal personal information. They often exploit vulnerabilities in software or
use malicious software to gain unauthorized access to systems.
Examples:
1.Backup Theft: It is the most common method this include stealing
equipment or backups to recover the data.
2. Malware: It is a malicious software, such as keyloggers or spyware, is
used to capture keystrokes, screen activity, or other sensitive information from
a victim's computer.
3. Redirectors: These are malicious programs that redirect users network
traffic to locations they did not intend to visit.
# Countermeasures to protect against identity theft:
1. Keep Records Secure: Keep a record of your financial data and transactions
in a secure location. Shred documents containing sensitive information before
disposing of them.
2. Install Security Software: Use antivirus and anti-malware software on your
devices and keep them updated to protect against malicious software.
3. Use Secure Websites: When shopping or banking online, ensure the website
is secure by looking for "https://" in the URL and a padlock icon in the address
bar.
4. Set Up Information Security: Enable security features such as two-factor
authentication (2FA) on your accounts to add an extra layer of protection.
5. Be Wary of Email Attachments and Links: Do not open attachments or click
on links in emails from unknown or suspicious sources. They may contain
malware or lead to phishing websites.
6. Monitor Your Accounts: Regularly check your bank statements, credit card
statements, and credit reports for any unauthorized transactions or suspicious
activity.
7. Use Strong, Unique Passwords: Use strong, unique passwords for your
online accounts and change them regularly. Consider using a password
manager to help you create and store complex passwords.
8. Limit Sharing Personal Information: Be cautious about sharing personal
information, both online and offline. Only provide information when absolutely
necessary and verify the legitimacy of the request.
9. Educate Yourself: Stay informed about the latest scams and techniques used
by identity thieves to protect yourself from falling victim.
10. Secure Your Devices: Keep your computer, smartphone, and other devices
secure by using up-to-date operating systems, applying security patches, and
using encryption where possible.

# Digital Forensics:
1.Digital forensics is a branch of forensic science that focuses on the recovery,
investigation, and analysis of digital devices and digital data for use as evidence
in legal proceedings.
2.It involves the identification, preservation, examination, and analysis of
digital evidence in a way that maintains its integrity and can withstand legal
scrutiny.
3. The first step in digital forensics is to identify potential sources of digital
evidence, which can include computers, smartphones, tablets, servers, and
other digital devices. This involves determining what types of evidence may be
present on these devices and how they may be relevant to the investigation.
4. Once potential evidence has been identified, it must be preserved to ensure
its integrity and prevent tampering. This involves making a bit-for-bit copy of
the original evidence, known as a forensic image, using specialized tools and
techniques.
5.The forensic image is then used for analysis, preserving the original evidence
in its original state.
6. The next step is to examine the forensic image to extract relevant
information and identify potential evidence. This may involve searching for
specific files, emails, chat logs, internet history, or other types of data that may
be relevant to the investigation. This process requires specialized tools and
techniques to ensure that the evidence is collected and analyzed in a
forensically sound manner.
7. Once the evidence has been extracted, it is analyzed to determine its
significance and relevance to the investigation. This may involve correlating
different pieces of evidence, reconstructing events, or identifying patterns or
trends that may be relevant to the case. The analysis is conducted using a
combination of automated tools and manual examination by forensic experts.
8. The findings of the analysis are documented in a forensic report, which
provides a detailed account of the evidence collected, the analysis conducted,
and the conclusions reached. The report is written in a clear and concise
manner that can be easily understood by non-technical audiences, such as
lawyers, judges, and juries.
9. Role of Digital Forensics:
a. Digital forensics plays a crucial role in modern law enforcement, corporate
security, and legal proceedings.
b. It helps investigators uncover evidence that may be crucial to solving
crimes, prosecuting offenders, and defending the innocent.
 c. It can be used in a wide range of cases, including cybercrimes, fraud, theft,
intellectual property theft, and employee misconduct.

# Need of Computer Forensics:

Computer forensics, a subset of digital forensics, is essential for several
reasons:
1. Cybercrime Investigation: As cybercrime continues to rise, computer
forensics is crucial for investigating crimes such as hacking, malware attacks,
identity theft, and online fraud. It helps identify perpetrators, gather evidence,
and support prosecutions.
2. Data Breach Response: Organizations face the risk of data breaches, which
can lead to the exposure of sensitive information. Computer forensics helps
determine the cause of the breach, the extent of the damage, and the steps
needed to prevent future breaches.
3. Intellectual Property Protection: Companies invest significant resources in
developing intellectual property, such as software, designs, and proprietary
information. Computer forensics can help protect these assets by detecting and
mitigating theft or unauthorized use.
4. Employee Misconduct Investigations: Computer forensics is used to
investigate allegations of employee misconduct, such as data theft,
unauthorized access to company resources, or violations of company policies. It
helps gather evidence for disciplinary actions or legal proceedings.
5. Litigation Support: In legal cases involving digital evidence, computer
forensics is crucial for collecting, preserving, and analyzing data that can be
used as evidence in court. It ensures that digital evidence is admissible and can
withstand legal scrutiny.
6. Compliance and Regulatory Requirements: Many industries have specific
regulations and standards regarding data protection and security. Computer
forensics helps organizations comply with these requirements by ensuring the
integrity and security of digital information.
7. Incident Response: In the event of a security incident, such as a cyber attack
or data breach, computer forensics is used to identify the cause, contain the
damage, and restore systems to normal operation. It helps organizations
respond quickly and effectively to minimize the impact of the incident.
# Rules of Evidence:
1.Rules of evidence refers to the principals and guidelines used to collect,
preserve, analyse and present digital evidence in a way that maintains its
integrity, authenticity in legal proceedings.
2.These rules are designed to ensure that only reliable and relevant evidence is
presented in the court.
3.There are number of contexts involved in actually identifying a piece of digital
evidence such as: physical, logical and legal context.
A. Physical Context: It refers to tangible items that can be directly
observed and collected, such as computers, storage devices, smartphones, and
other electronic devices.
B. Logical Evidence: It refers to data and information that is stored
electronically and can be accessed and analyzed using software tools. This
includes files, emails, chat logs, internet history, and other digital artifacts.
C. Legal Evidence: Legal evidence refers to evidence that is admissible in
court and can be used to support or refute a claim or argument. This includes
physical and logical evidence that meets the legal standards for admissibility.

Physical Context Logical Context Legal Context

media
data
information
evidence
fig: Path of digital evidence

# Sources of digital evidence:

1. Computers: Computers are a primary source of digital evidence. They can
contain a wide range of information, including files, emails, chat logs, internet
history, and system logs.
2. Mobile Devices: Mobile phones and tablets are another common source of
digital evidence. They can contain call logs, text messages, photos, videos,
location data, and app usage information.
3. External Storage Devices: External storage devices such as USB drives,
external hard drives, and SD cards can contain files and other data that may be
relevant to an investigation.
4. Cloud Storage: Cloud storage services like Dropbox, Google Drive, and iCloud
can be a source of digital evidence. They can contain files, photos, and other
data that has been stored or accessed by a user.
5. Email: Email accounts can contain a wealth of information, including
correspondence, attachments, and contact lists, which can be valuable sources
of digital evidence.
6. Social Media: Social media accounts can provide information about a
person's activities, interests, and connections. Posts, messages, photos, and
location check-ins can all be used as digital evidence.
7. Internet History: Internet browsing history can provide insight into a
person's online activities, including websites visited, searches performed, and
online purchases made.
8. Network Traffic: Network traffic logs can be used as digital evidence to track
a person's online activities, including websites visited, emails sent and
received, and files downloaded.
9. Surveillance Cameras: Surveillance camera footage can be used as digital
evidence in investigations, providing visual records of events that have
occurred in a specific location.
10. GPS Devices: GPS devices, including those in cars and smartphones, can
provide location data that can be used as digital evidence to track a person's
movements.
11. Financial Records: Financial records, including bank statements, credit card
statements, and transaction logs, can be used as digital evidence in cases
involving fraud or financial crimes.
12. Metadata: Metadata is information about other data, such as when a file
was created or modified, who created it, and where it was stored. Metadata
can be a valuable source of digital evidence in investigations.
# Forensics Analysis of E-Mail:
Forensic analysis of emails involves examining email messages and associated
metadata to gather evidence for legal or investigative purposes.
1. Collection: The first step is to collect email data. This can be done by
exporting emails from email clients or servers, or by using specialized forensic
tools to extract emails from storage media.
2. Examination: Once the emails are collected, they are examined for relevant
information. This includes analyzing the content of the emails, such as the text,
attachments, and formatting, as well as any metadata associated with the
emails, such as sender and recipient addresses, timestamps, and email
headers.
3. Metadata Analysis: Email metadata can provide valuable information for
forensic analysis. Metadata can reveal information about the email's journey,
including the IP addresses of the sending and receiving servers, the email client
used, and the path the email took through the internet.
4. Content Analysis: The content of the emails is analyzed to identify any
relevant information. This can include evidence of wrongdoing, such as
incriminating statements or evidence of fraud, as well as information about the
sender's or recipient's activities.
5. Attachment Analysis: Attachments to emails are examined to determine
their contents and relevance to the investigation. This can include analyzing the
file type, examining the contents of the attachment, and determining if the
attachment has been altered or tampered with.
6. Link Analysis: Links contained in emails are analyzed to determine their
destination and relevance to the investigation. This can include analyzing the
URL to determine if it leads to a malicious website or if it has been used in
phishing attacks.
7. Timeline Reconstruction: Email timestamps are used to reconstruct a
timeline of events. This can be useful in establishing the sequence of events
and determining the chronology of communications.
8. Reporting: The findings of the email forensic analysis are documented in a
report. The report includes details of the emails examined, the analysis
performed, and the conclusions reached. The report is prepared in a format
that is suitable for presentation in court or other legal proceedings.
 Unit 5
#Questions:
1. List and briefly explain seven phases in Computer Forensics.
2. What are Rootkits? Explain in detail Binary Rootkits.
3. With neat diagram, explain in detail the Scanning and Probing step in
network hacking.
4. Illustrate the network forensics.
5. List and briefly discuss typical elements addressed in forensics investigation
contract.
6. With neat diagram explain in detail the Digital forensic life cycle
7. List and briefly explain seven phases in computer or Digital forensics
8. With neat diagram discuss about chain of custody concept.

# Digital Forensics Life Cycle:

The digital forensics lifecycle is a structured approach to conducting a digital

forensic investigation. It consists of several stages, each with its own set of
activities and objectives. The lifecycle provides a systematic framework for
collecting, preserving, analyzing, and presenting digital evidence.
Stages of life cycle are as follows:
1.Identification/preparation: This is the initial phase where the need for a
digital investigation is identified. It could be triggered by a security incident,
legal issue or other reasons.
2.Search and Seizure: In this phase, investigators collect all relevant digital
evidence. This could include data from computers, mobile devices, server, etc.
3. Preservation: Once the need for investigation is established, the next step is
to preserve the digital evidence to prevent any changes or loss of data.
4.Examination: During this phase, investigator analyse the collected evidence
to extract relevant information. This can involve recovering deleted files,
identifying patterns or anomalies.
5. Analysis: In this phase, the investigators try to understand the significance of
the evidence and draw a conclusion from the evidence.
6.Reporting: After the investigation is completed, it’s important to review the
entire process to ensure that all relevant evidence was collected and analyse
properly.

# Seven phases in Computer Forensics:

1.Preparation and identification:
i. This phase involves preparing for the investigation by identifying the scope,
objectives and resources required.
ii. Investigators also identify potential sources of evidence and ensure that they
have the necessary tools and permissions to proceed.

2.Collection and recording:

i. Investigators collect the evidence identified in the previous phase using
forensics tools and techniques.
ii. This may include making forensic copies of storage devices capturing volatile
data from live systems and documenting the chain of custody.

3.Storing and transporting:

i. Once the evidence is collected it is stored securely to prevent tampering or
loss.
ii. If the evidence needs to be transported it must be done securely to
maintenance integrity.

4.Examination /investigation:
i. In this phase, forensic experts examine the collected evidence to extract
relevant information.
ii. This involves recovering deleted files, analysing file metadata and identifying
suspicious activities.

5.Analysis interpretation and attribution:

i. Analysis phase involves analysing the extracted information to reconstruct
events and identify patterns or anomalies.
ii. Based on the analysis, investigators interpret the findings to determine the
significance of the evidence and attribute it to specific actions and individuals.

6.Reporting:
i. Finally investigators prepare a detailed report documenting the findings
methodology and conclusions.
ii. This report is often used in legal proceeding to support the investigation.

7.Testifying:
i. Investigators also required to testify in court to explain their findings and
methodology.
ii. It involves presentation and cross-examination of expert witness.

# Typical elements addressed in forensics investigation contract:

1. Authorization
i.This section define the scope of the investigation.
ii.Customer will be asked to authorized/facilitate the conduct an evaluation.
iii. Customer is supposed to declare that the representation of information/
data on said property/equipment are true and correct.
2. Confidentiality:
i.The computer forensics laboratory cannot disclose the confidential
information except to its employees, consultants or contractors as needed for
the investigation.
3. Payment :
i.This section specifies the payment terms.
ii. The payment terms include the amount, schedule and method of payment
for the investigation services.
4.Consent and acknowledgement :
i.This section confirms that the client concerns to the investigation and
acknowledges the potential outcomes and limitations of the investigation.
5. Limitations of liability:
i. This section specify that the computer forensics laboratory is not liable for
any claims regarding the physical functioning of the equipment.
ii. The laboratory will not be liable for any loss of data or loss of revenue of
project.

# Chain of custody:
1.Chain of custody is a crucial concept in digital forensics
2. It refers to the chronological documentation of the custody, control, transfer,
analysis, and disposition of physical and digital evidence.
3.It is used to ensure the integrity and admissibility of evidence in legal
proceedings.
4.The chain of custody in digital cyber forensics is also known as the paper
trail or forensic link, or chronological documentation of the evidence.
5. Chain of custody process:
1. Data Collection: This is the initial stage where evidence is identified,
collected, and documented. It's crucial to use proper techniques and tools to
avoid contamination or damage to the evidence. The chain of custody form is
initiated here, documenting who collected the evidence, where, and when.
2. Examination: After collection, the evidence is examined by forensic experts.
This stage involves analyzing the evidence to extract relevant information. For
digital evidence, this might involve analyzing data from devices like computers
or mobile phones.
3. Analysis: In this stage, the evidence is further analyzed to draw conclusions.
This could involve comparing evidence against known data or using specialized
tools to uncover hidden information. The analysis aims to determine the
significance of the evidence in relation to the investigation.
4. Reporting: Finally, the findings from the analysis are documented in a report.
This report includes details about the evidence, the methods used for analysis,
and the conclusions drawn. The report must be clear, concise, and unbiased,
providing an accurate account of the findings.

# Network Forensics:
1.Network forensics is the process of capturing, recording, and analyzing
network traffic data to discover the source of security attacks or other problem
incidents.
2.It involves monitoring and analyzing computer network traffic patterns and
intrusions in order to identify and respond to unauthorized activity.
3. Network forensics can be used to investigate a wide range of security
incidents, including network breaches, insider attacks, and malware infections.
4. Phases:
A. Data Collection: Network forensics begins with the collection of network
traffic data. This data can be collected using a variety of tools and techniques,
such as network taps, packet sniffers, and logging mechanisms. The goal is to
capture all relevant network traffic data, including packet headers, payload
data, and session information.
B. Data Preservation: Once the data is collected, it must be preserved in a
forensically sound manner to ensure its integrity and admissibility as evidence.
This may involve creating a forensic image of the network traffic data or using
other techniques to prevent tampering or alteration.
C. Data Analysis: The next step is to analyze the network traffic data to identify
any suspicious or malicious activity. This can involve examining packet headers
and payloads, correlating data from multiple sources, and using specialized
tools and techniques to detect patterns or anomalies indicative of an attack.
D. Incident Response: Based on the analysis, network forensics investigators
can develop a response plan to mitigate the effects of the incident and prevent
future attacks. This may involve blocking malicious traffic, patching
vulnerabilities, or implementing other security measures.
E. Reporting: Finally, the findings of the network forensics investigation are
documented in a report. This report includes details of the incident, the
methods used for analysis, and the conclusions drawn. The report may also
include recommendations for improving network security and preventing
similar incidents in the future.

# Steps for solving a computer forensics case:

1.Prepare for the forensics examination.

2.Talk to key people to find out what you are looking for and what the circumstances surrounding the
case are.

3.Start assembling your tools to collect the data in question, Identify the target media.

4.Collect the data from the target media. Create exact duplicate image of the device in question

5. To extract the contents of the computer in question, connect the computer to a portable hard
drive or other storage media and then boot the computer. Use a write-blocking tool when imaging
the media.

6. When collecting evidence, be sure check E-Mail records as well.

7.Examine the collected evidence on the image you have created. Document anything that you find
and where you found it. Look for tools available both commercial products and open source
products.
8. Analyze the evidence collected manually looking into storage media and Check the registry,
Internet searches, E-Mail and pictures.

9.Report your findings back to your client. This report may end up as evidence in a court case.

# Rootkits:
1.A “Rootkit” is a set of tools used after cracking a computer operating system
that hides logins, processes, password, etc.
2.Rootkits are basically a type of malicious software that are designed to
conceal their presence or the presence of the Other malicious programs on a
system.
3.They are often used by attackers to maintain access to a system while
avoiding detection.
4.Root kits are installed after an attacker has gained root access.
5.Root kids consists of tools that generally have three functions:
a. Maintain root access to the system
b. Hide the presence of the attacker
c. Attack against other systems
6. Roots are serious threat to the security of a system as they can give attackers
full control over the system by remaining undetected.

# Binary Rootkits:
1.Binary roots are a specific type of rootkits that infect executable files on a
system.
2.When an infected executable is run the rootkit is loaded into memory and
can then perform its malicious activities.
3.Binary root gets take administrative utilities and modify them to hide specific
connections processes and activities of specific users.
4.Binary rootkits can be defeated through the use of file integrity scanner.
5.File integrity scanners work by computing checksums or digital signatures.
6.Binary rootkits can also be detected by system integrity tools.

# Challenges in computer forensics:

1. Data Volume: The sheer volume of digital data that needs to be analyzed in
a forensic investigation can be overwhelming. Storage capacities have
increased dramatically, leading to large amounts of data that need to be
processed and analyzed.
2. Data Complexity: Digital data is often complex, with multiple layers of
encryption, compression, and obfuscation. Analyzing such data requires
specialized tools and expertise.
3. Data Integrity: Ensuring the integrity of digital evidence is crucial in forensic
investigations. Any alteration or tampering with the data can render it
inadmissible in court. Maintaining the chain of custody and using forensic
techniques to verify the integrity of the data is essential.
4. Data Privacy: Privacy laws and regulations impose restrictions on how digital
data can be collected, stored, and analyzed. Investigators need to ensure that
they comply with these laws while conducting forensic investigations.
5. Anti-Forensic Techniques: Attackers use anti-forensic techniques to thwart
forensic investigations, such as data encryption, data hiding, and data
destruction. Detecting and overcoming these techniques require advanced
forensic tools and techniques.
6. Cross-Border Jurisdiction: Digital evidence can be stored across multiple
jurisdictions, raising issues of jurisdictional authority and legal requirements.
Investigators need to navigate these complexities while ensuring that the
evidence is admissible in court.
7. Rapid Technological Changes: Technology evolves rapidly, leading to new
challenges in forensic investigations. Investigators need to stay updated with
the latest technologies and techniques to effectively conduct forensic
investigations.
8. Resource Constraints: Forensic investigations require specialized tools,
equipment, and expertise, which can be costly and resource-intensive.
Organizations and agencies conducting forensic investigations often face
budgetary constraints.
9. Legal and Ethical Challenges: Forensic investigators must adhere to legal and
ethical standards while conducting investigations. They must ensure that their
actions are lawful and that they respect the privacy rights of individuals.
10. Evidence Preservation: Preserving digital evidence in a forensically sound
manner is challenging, particularly in dynamic environments where data can be
easily altered or deleted. Ensuring the integrity and authenticity of the
evidence requires careful handling and storage.