Cyber Forensics and Information Security

COMMON CYBER ATTACKS

• Theft - stealing physical, digital, identity or intellectual property.

• Online Financial Frauds - Business Email Compromise /Business Takeover, Debit / Credit Card Fraud / SIM Swap Fraud, Demat Depository Fraud, E-Wallet Related Fraud, Fraud Call / Vishing, Internet Banking related fraud, UPI Fraud, etc.

• Malicious Code – Virus and Worms, Rootkit, Trojan Horses, Back door or Trap door, Logic Bombs, Spyware, Adware, Ransomeware, etc.

• Denial of Service (DOS /DDOS attacks)– Service made unavailable to legitimate users.

• Profile Hacking on social media sites, etc.

• Publishing / Transmitting sexually explicit material in electronic form, Child Pornography

• Cryptocurrency Investment Frauds - Fraudulent opportunity to invest in a cryptocurrency with guaranteed high returns e.g. “pump and dump” scams, giveaway scams, etc.

• Online and Social Media Scam – Cheating by Impersonation, Cyberbullying, Stalking, Sexting, Email, etc. 

• Phishing, Fake / Impersonating Profile, Impersonating Email, Online Job Fraud, Online Matrimonial, etc.

• AI (artificial intelligence) - driven fraud: AI is being used to generate fraudulent documents, such as fake ID cards or bank statements, to bypass verification systems and commit financial crimes.

• Deep fakes - AI can create realistic audio and video content, allowing cybercriminals to impersonate individuals and manipulate victims. This can be used for fraud, disinformation, or even blackmail.

• Voice Cloning: AI-powered voice cloning technology can be used to impersonate individuals in social engineering attacks, deceiving victims into revealing sensitive information and even making financial transactions.

• A digital arrest scam is a fraudulent tactic used by cybercriminals to falsely accuse individuals of breaking the law, often claiming the existence of a digital arrest warrant. These scammers pose as officials from organizations such as customs, income tax department or even central investigative agencies. Their goal? To intimidate you into paying money or providing sensitive personal details. 

Principles of Information Security

CYBER CRIME AND THE INTERNET

Cyber space has transformed the global economy. Increased number of communications via email, chat, social networking, huge volume of online shopping, internet banking, gaming, purchase of online gifts, travel tickets, online purchase of property and so on reflects that the society has a paradigm shift from citizens to netizens. Cyber crime is going to be a major problem to any country’s law enforcement.

REASONS FOR CYBER CRIME

• Wider ACCESS to INFORMATION.

• Complexity of computer system.

• Negligence of network users.

• Non-availability / loss of evidence.

• Lack of jurisdiction leading to fearless crimes.

CYBER FORENSICS

Crime is as old as mankind. Forensic Science is the science that deals with the analysis of evidence collected from all possible sources. Forensic Science, is a multidisciplinary subject drawing principally from chemistry, biology, physics, geology, psychology, social science, graphology and the like.

The latest entrant in the field is Cyber Forensics. It is digital and includes advanced computer science technology to recover any digital evidence / traces. Cyber crimes are staggering. Cyber Forensics is one of the emerging professions of 21st century.

Cyber Forensics is the study of extracting, analyzing and documenting evidence from a computer system or network, often used by law enforcement officials to seek out evidence for a criminal trial.

TYPES OF CYBER FORENSICS

• Disk Forensics – deals with extracting data/information from storage media.

• Network Forensics – relates to monitoring and analysis of computer network traffic.

• Wireless Forensics – sub part of network forensics. It provides tools required to collect and analyze data from wireless network traffic.

• Database Forensics – relates to study and examination of databases.  

• Malware Forensics – deals with analysis and identification of a malicious code.

• Mobile Phone Forensics – deals with examination and analysis of mobile devices, to retrieve phone and SIM contacts, call logs, SMS/MMS, audio, video, paired device history, geolocation, calender information, etc.

• GPS Forensics – relatively new, used for examining and analyzing GPS devices to retrieve Tracklogs, TrackPoints, Waypoints, Routes, Photos, audio, etc. 

• Email Forensics – deals with recovery and analysis of emails including deleted emails, calenders and contacts.

• Memory Forensics – deals with collecting data from system memory.

• Linux Forensics – involves using tools and techniques to collect, preserve and analyze digital evidence from Linux systems.

• MAC Forensics – involves using tools and techniques to collect, preserve and analyze digital evidence from MAC devices.

• Virtual Machine Forensics – involves examining digital evidence within a virtualized environment, such as VM hard drives and network logs.

• Cloud Forensics – is a subset of network forensics with techniques tailored to cloud computing environments.

• Internet Artifacts – Web browsers automatically record website visited, date and time visited, number of times visited by user. 

CYBER LAWS AND DIGITAL EVIDENCE & SIGNATURE

• Cyber laws prevent or reduce large scale damage from cyber criminal activities by protecting INFORMATION ACCESS, PRIVACY, communications, intellectual property (IP) and freedom of speech related to the use of the Internet, websites, email, computers, cell phones, software and hardware.

• The IT Act 2000 was conceived to regulate the electronic commerce. 

• Digital evidence / electronic evidence is any information stored or transmitted in digital form that a party to a court case may use at trial.

• Digital Signature is an electronic, encrypted, stamp of authentication on digital information such as email messages and electronic documents. 

INFORMATION SECURITY

Information and information systems which help us to store, process and retrieve the right type of information, to the right type of user at the right time.

This sort of protection helps information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability (CIA). 

It is impossible to obtain perfect information security. Information security is a process, not a goal. It is impossible to make a system available to anyone, anywhere, anytime, through any means. However, such unrestricted access poses danger to the security of the information.

On the other hand, a completely secure information system would not allow anyone to access information. To achieve balance, operate an information system that satisfies the user and the security profession – the security professional – the security level must allow reasonable access, yet protect against threats. 

INFORMATION SECURITY MEASURES

• Physical Security – CCTV Surveillance, security guards, protective barriers, locks, access control protocols, Motion detector, Sensors, smart locks.

• Perimeter Security – Border Routers, Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Virtual Private Network, Software Architecture, De-militarized Zones and Screened Subnets.

• Fire Prevention and Detection – Heat detector, Smoke detector, Flame Detector, Fire Gas Detector.

• Safe Disposal of physical assets – Recycling, Tracking.

• Modern Sophisticated Equipment – RFID / Photo ID Badges, Iris recognition, Fingerprint recognition, Facial recognition, Security alarm systems, Alerting devices, Keypads.