logging in or signing up cyber crime aSGuest69756 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 191 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 01, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript CYBER CRIMES : CYBER CRIMES CDAC & CYBER FORENSICS & TECHNOLOGY CYBER CRIMES ARE… : CYBER CRIMES ARE… CYBER CRIMES ARE… : CYBER CRIMES ARE… NEITHER FORWARD.. NOR BACKWARD.. BUT AWKWARD: CASE #1. TM5/2004/PS_WRD_MINISTER : CASE #1. TM5/2004/PS_WRD_MINISTER NARRATION : NARRATION “Y” RECEIVES AN EMAIL FROM PROF.(MRS).X INTRODUCING HERSELF AS TECHNOLOGIST WORKING IN THE AREA OF AFFORDABLE DRINKING WATER PROJECT AND SEEKING A DATE FOR APPOINTMENT “Y” RESPONDS FAVOURABLY WITH A DATE. NARRATION(CONTD) : NARRATION(CONTD) “Y” RECEIVES A EMAIL FROM SECURITY CHIEF OF PROF.(MRS).X FROM HONGKONG TELLING THAT HE IS DOING THE DUE DILIGENCE CHECK “Y” RESPONDS FAVOURABLY. NARRATION(CONTD) : NARRATION(CONTD) “Y” RECEIVES A EMAIL FROM PROTOCOL OFFICER OF PROF.(MRS).X FROM MUMBAI TELLING THAT SHE IS DOING THE DUE DILIGENCE CHECK “Y” RESPONDS FAVOURABLY. NARRATION(CONTD) : NARRATION(CONTD) APPOINTED DATE COMES “X” DOESNOT SHOW UP NEXT DAY, “Y” GETS MAIL FROM SECURITY CHIEF ASKING FOR WHEREABOUTS OF “X”… “Y” IS THREATENED OF CONSEQUENCES … SUBMIT OR FIGHT PANIC, ANXIETY & DESPAIR WE SAW… : WE SAW… CONVENTIONAL CRIMES BEING COMMITTED WITH EASE AND SOPHISTICATION, USING COMPUTER AND INFORMATION TECHNOLOGY. CASE #2. : CASE #2. RC05/ …/93/2005 NARRATION : NARRATION COMPANY “X” GETS AN OFFSHORE S/W DELIVERY JOB FROM COMPANY “Y” “Y” INSISTS ON LOTS OF CUSTOMISATION “X” DEPUTES TWO ENGINEERS WITH SOURCE CODE TO CARRY OUT CUSTOMISATION AT THE “Y”’s PREMISES CONTRACT GETS TERMINATED ENGINEERS RESIGN ON COMING BACK “Y” LAUNCHES NEW S/W WITH SIMILAR FEATURES YET, CREATES SIMPLE & EASY PLATFORMS # Case Referred by : Judicial First Class Magistrate # Case Registered under Sec 65 and 72 of IT act # Complainant : Software Company # Accused : Two Former Employees # Nature of Crime : Source Code Theft WE ARE SEEING… : WE ARE SEEING… NEW VERSIONS OF CONVENTIONAL CRIMES EMERGING, TARGETTING COMPUTERS AND INFORMATION TECHNOLOGY. CASE #3. RC11(A)/2004/…/…./22004S-0001 : CASE #3. RC11(A)/2004/…/…./22004S-0001 NARRATION : NARRATION “X” IS CAUGHT IN A CYBER CRIME “X” CLAIMS HE CAN CRACK PASSWORDS, BREAK INTO EMAIL ACCOUNTS, INTERCEPT CHATS ETC “X” PRODUCES EMAIL/CHAT PRINT OUTS WHICH SHOW POSSIBILITY OF TERRORIST ATTACK REWARD OR PUNISH…….. ARRAY OF CONFUSION NOW WE SEE… : NOW WE SEE… NEW CRIMES BEING INVENTED, CONFUSING COMPUTERS AND INFORMATION TECHNOLOGY NEED… : NEED… EFFECTIVE MEANS TO PRE-EMPT CYBER CRIMES EFFECTIVE WAY TO ENSURE DEFINITE PUNISHMENT AS DETERENT AGAINST CYBER CRIMES CYBER FORENSICS CAN BE AN EFFECTIVE TOOL : CYBER FORENSICS CAN BE AN EFFECTIVE TOOL CYBER FORENSICS IS…… : CYBER FORENSICS IS…… “The unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.” MULTI DIMENSIONAL CHALLENGES : MULTI DIMENSIONAL CHALLENGES WHY IS IT UNIQUE ? MULTI DIMENSIONAL CHALLENGE : MULTI DIMENSIONAL CHALLENGE TECHNICAL OPERATIONAL SOCIAL LEGAL TECHNICAL : TECHNICAL TECHNOLOGY IS CHANGING RAPIDLY CYBER CRIMES ARE ALSO CHANGING RAPIDLY SYSTEMS AND CRIMES EVOLVE MORE RAPIDLY THAN THE TOOLS THAT EXAMINE THEM Slide 23: TECHNOLOGY EVOLUTION OBSOLESENCE NEWER DEVICES NEW TOOLS NEW METHODOLOGIES TECHNICAL : TECHNICAL UBIQUITY OF COMPUTERS CRIMES OCCUR IN ALL JURISDICTIONS TRAINING LEA BECOMES A CHALLENGE TECHNOLOGY REVOLUTION LEADS TO NEWER SYSTEMS, DEVICES ETC.. OPERATIONAL : OPERATIONAL ALL DATA MUST BE GATHERED AND EXAMINED FOR EVIDENCE GIGABYTES OF DATA PROBLEMS OF STORAGE ANALYSIS PRESENTATION.. NO STANDARD SOLUTION AS YET SOCIAL : SOCIAL IT RESULTS IN UNCERTAINITIES ABOUT EFFECTIVENESS OF CURRENT INVESTIGATION TECHNIQUES SUB OPTIMAL USE OF RESOURCES PRIVACY CONCERNS LEGAL : LEGAL USE & BOUNDS OF DIGITAL EVIDENCE IN LEGAL PROCEDURES STILL UNCLEAR CURRENT TOOLS & TECHNIQUES NOT RIGOROUSLY USED / CONTESTED IN COURT TYPICAL TOOLS : TYPICAL TOOLS EMAIL TRACER TRUEBACK CYBERCHECK MANUAL EMAIL TRACER FORENSIC TOOL : EMAIL TRACER FORENSIC TOOL FEATURES OF EMAIL TRACER : FEATURES OF EMAIL TRACER Display of Actual Mail Content for Outlook Express, Eudora, MS Outlook and mail clients with MBOX mailbox. Display the Mail Content (HTML / Text) Display the Mail Attributes for Outlook Express. Display of extracted E-mail header information Save Mail Content as .EML file. Display of all Email attachments and Extraction. Display of E-mail route. IP trace to the sender’s system. Domain name look up. Display of geographical location of the sender’s gateway on a world map. Mail server log analysis for evidence collection. Access to Database of Country code list along with IP address information. EMAIL TRACING OVER WEB : EMAIL TRACING OVER WEB AS A PRE-EMPTIVE TOOL EMAIL TRACING SERVICE : EMAIL TRACING SERVICE Users can submit their tracing task to Email Tracer through web. Tracing IP Address upto city level (non-spoofed) Detection of spoofed mail Detailed report SEIZURE & ACQUISITION TOOLTRUEBACK : SEIZURE & ACQUISITION TOOLTRUEBACK FEATURES OF TRUE BACK : FEATURES OF TRUE BACK DOS application with event based Windowing System. Self-integrity check. Minimum system configuration check. Extraction of system information Three modes of operation: - Seize - Acquire - Seize and Acquire Disk imaging through Parallel port. Disk imaging using Network Interface Card. Block by Block acquisition with data integrity check on each block. IDE/SCSI, USB, CD and Floppy acquisition. Acquisition of floppies and CDs in Batch mode. Write protection on all storage media except destination media. Checking for sterile destination media. Progress Bar display on all modes of operation. Report generation on all modes of operation. BIOS and ATA mode acquisition ANALYSIS TOOL : ANALYSIS TOOL CYBER CHECK Slide 39: CyberCheck - Features Standard Windows application. Self-integrity check. Minimum system configuration check. Analyses evidence file containing FAT12, FAT16, FAT32, NTFS and EXT2FS file system. Analyses evidence files created by the following disk imaging tools: TrueBack LinkMasster Encase User login facilities. Slide 40: CyberCheck– Features (Contd …) Creates log of each analysis session and Analyzing officer’s details. Block by block data integrity verification while loading evidence file. Explorer type view of contents of the whole evidence file. Display of folders and files with all attributes. Show/Hide system files. Sorting of files based on file attributes. Text/Hex view of the content of a file. Picture view of an image file. Gallery view of images. Slide 41: CyberCheck– Features (Contd …) Graphical representation of the following views of an evidence file: Disk View. Cluster View. Block view. Timeline view of: All files Deleted files. Time anomaly files. Signature mismatched files. Files created within a time frame. Slide 42: CyberCheck– Features (Contd …) Display of cluster chain of a file. Single and Multiple Keyword search. Extraction of Disk, Partition, File and MBR slacks. Exclusive search in slack space. Extraction of unused unallocated clusters and exclusion from search space. Exclusive search in used unallocated clusters . Extraction of lost clusters. Exclusive search in data extracted from lost clusters. Extraction of Swap files. Exclusive search in data extracted from Swap files. Slide 43: CyberCheck– Features (Contd …) File search based on file extension. File search based on hash value. Exclusion of system files from search space. Data recovery from deleted files, slack space, used unallocated clusters and lost clusters. Recovery of formatted partitions. Recovery of deleted partitions. Exporting files, folders and slack content. Exporting folder structure including file names into a file. Exporting files on to external viewer. Slide 44: CyberCheck– Features (Contd …) Local preview of storage media. Network preview of storage media using cross-over cable. Book marking of folders, files and data. Adding book marked items into report. Restoration of storage media. Creating raw image. Raw image analysis. Facility for viewing Mailbox files of Microsoft Outlook Express, Microsoft Outlook, Eudora and Linux Mail clients. Slide 45: CyberCheck– Features (Contd …) Registry viewer. Hash set of system files. Identification of encrypted & password protected files. Identification of steganographed image files. Generation of analysis report with the following features. Complete information of the evidence file system. Complete information of the partitions and drive geometry. Hash verification details. User login and logout information. Slide 46: CyberCheck– Features (Contd …) Exported content of text file and slack information. Includes picture file as image. Saving report, search hits and book marked items for later use. Password protection of report. Print report. ISSUES AHEAD.. &.. TECHNOLOGY BEHIND.. : ISSUES AHEAD.. &.. TECHNOLOGY BEHIND.. CASE #4 : CASE #4 A young girl had been involved in a series of sexually explicit exchanges via instant messenger system and email. Upon investigation, the perpetrator was tracked to the home of a 50 year old prominent local physician. Computers seized from the physician’s house had 240GB hard disk each, full of files. ISSUE #1 : ISSUE #1 How to get convincing leads to go ahead with the case in a short time from among the overload of available material. ADVANCED CONCEPT SEARCH : ADVANCED CONCEPT SEARCH ISSUE #2 : ISSUE #2 Computers contained many password protected/encrypted files. How to get into these files in a short time. PASSWORD CRACKING : PASSWORD CRACKING GRID Enabled Password Cracker Slide 54: GRID GRID SERVER FSL POLICE CRIME CELL CBI INTERNET PASSWORD CRACKING OF ZIP FILES USING GRID CYBER FORENSICS LAB Slide 55: GRID GRID SERVER FSL POLICE CRIME CELL CBI INTERNET PASSWORD CRACKING OF ZIP FILES USING GRID 1.ZIPPED FILE SUBMISSION 2. SERVER RECEIVES AND DISTRIBUTES TO GRID CLIENTS 3. CLIENTS COMPUTES AND SEND RESULTS TO SERVER 4. GRID SERVER SENDS RESULTS OVER INTERNET ISSUE #3 : ISSUE #3 However, the case took a twist when it came to light that the doctor’s 13-year-old son and 15 year old nephew had also been using the doctor’s account. Who was at the keyboard then? WHO’S AT THE KEYBOARD? : WHO’S AT THE KEYBOARD? BIOMETRICS A software driver associated with the keyboard records the user’s rhythm in typing. These rhythms are then used to generate a profile of the authentic user. WHO’S AT THE KEYBOARD? : WHO’S AT THE KEYBOARD? FORENSIC STYLISTICS A qualitative approach to authorship assesses errors and “idiosyncrasies” based on the examiner’s experience. This approach could be quantified through Databasing. WHO’S AT THE KEYBOARD? : WHO’S AT THE KEYBOARD? STYLOMETRY It is quantitative and computational method, focusing on readily computable and countable language features, e.g. word length, phrase length, sentence length, vocabulary frequency, distribution of words of different lengths. REAL CYBER FORENSIC CHALLENGE IS YET TO COME.. : REAL CYBER FORENSIC CHALLENGE IS YET TO COME.. …. GOA’s SKYBUS MISHAP : GOA’s SKYBUS MISHAP Konkan Railway Corporation Ltd's Skybus Metro dashed against a pole on the track during its trial run at Madgoan in Goa. "The skybus should have approached the station at the speed of 20 kmph. However, it was driving at 50 kmph. The sudden jerk after it hit the pole caused one person standing at the door, to fall off and two others to suffer major injuries." QUESTIONS BEING ASKED : QUESTIONS BEING ASKED Had the SKYBUS been tested sufficiently and should this controller bug have been found out during testing? WHO developed the control system software? Who carried out the design and who carried out the design approval? You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
cyber crime aSGuest69756 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 191 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 01, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript CYBER CRIMES : CYBER CRIMES CDAC & CYBER FORENSICS & TECHNOLOGY CYBER CRIMES ARE… : CYBER CRIMES ARE… CYBER CRIMES ARE… : CYBER CRIMES ARE… NEITHER FORWARD.. NOR BACKWARD.. BUT AWKWARD: CASE #1. TM5/2004/PS_WRD_MINISTER : CASE #1. TM5/2004/PS_WRD_MINISTER NARRATION : NARRATION “Y” RECEIVES AN EMAIL FROM PROF.(MRS).X INTRODUCING HERSELF AS TECHNOLOGIST WORKING IN THE AREA OF AFFORDABLE DRINKING WATER PROJECT AND SEEKING A DATE FOR APPOINTMENT “Y” RESPONDS FAVOURABLY WITH A DATE. NARRATION(CONTD) : NARRATION(CONTD) “Y” RECEIVES A EMAIL FROM SECURITY CHIEF OF PROF.(MRS).X FROM HONGKONG TELLING THAT HE IS DOING THE DUE DILIGENCE CHECK “Y” RESPONDS FAVOURABLY. NARRATION(CONTD) : NARRATION(CONTD) “Y” RECEIVES A EMAIL FROM PROTOCOL OFFICER OF PROF.(MRS).X FROM MUMBAI TELLING THAT SHE IS DOING THE DUE DILIGENCE CHECK “Y” RESPONDS FAVOURABLY. NARRATION(CONTD) : NARRATION(CONTD) APPOINTED DATE COMES “X” DOESNOT SHOW UP NEXT DAY, “Y” GETS MAIL FROM SECURITY CHIEF ASKING FOR WHEREABOUTS OF “X”… “Y” IS THREATENED OF CONSEQUENCES … SUBMIT OR FIGHT PANIC, ANXIETY & DESPAIR WE SAW… : WE SAW… CONVENTIONAL CRIMES BEING COMMITTED WITH EASE AND SOPHISTICATION, USING COMPUTER AND INFORMATION TECHNOLOGY. CASE #2. : CASE #2. RC05/ …/93/2005 NARRATION : NARRATION COMPANY “X” GETS AN OFFSHORE S/W DELIVERY JOB FROM COMPANY “Y” “Y” INSISTS ON LOTS OF CUSTOMISATION “X” DEPUTES TWO ENGINEERS WITH SOURCE CODE TO CARRY OUT CUSTOMISATION AT THE “Y”’s PREMISES CONTRACT GETS TERMINATED ENGINEERS RESIGN ON COMING BACK “Y” LAUNCHES NEW S/W WITH SIMILAR FEATURES YET, CREATES SIMPLE & EASY PLATFORMS # Case Referred by : Judicial First Class Magistrate # Case Registered under Sec 65 and 72 of IT act # Complainant : Software Company # Accused : Two Former Employees # Nature of Crime : Source Code Theft WE ARE SEEING… : WE ARE SEEING… NEW VERSIONS OF CONVENTIONAL CRIMES EMERGING, TARGETTING COMPUTERS AND INFORMATION TECHNOLOGY. CASE #3. RC11(A)/2004/…/…./22004S-0001 : CASE #3. RC11(A)/2004/…/…./22004S-0001 NARRATION : NARRATION “X” IS CAUGHT IN A CYBER CRIME “X” CLAIMS HE CAN CRACK PASSWORDS, BREAK INTO EMAIL ACCOUNTS, INTERCEPT CHATS ETC “X” PRODUCES EMAIL/CHAT PRINT OUTS WHICH SHOW POSSIBILITY OF TERRORIST ATTACK REWARD OR PUNISH…….. ARRAY OF CONFUSION NOW WE SEE… : NOW WE SEE… NEW CRIMES BEING INVENTED, CONFUSING COMPUTERS AND INFORMATION TECHNOLOGY NEED… : NEED… EFFECTIVE MEANS TO PRE-EMPT CYBER CRIMES EFFECTIVE WAY TO ENSURE DEFINITE PUNISHMENT AS DETERENT AGAINST CYBER CRIMES CYBER FORENSICS CAN BE AN EFFECTIVE TOOL : CYBER FORENSICS CAN BE AN EFFECTIVE TOOL CYBER FORENSICS IS…… : CYBER FORENSICS IS…… “The unique process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally accepted.” MULTI DIMENSIONAL CHALLENGES : MULTI DIMENSIONAL CHALLENGES WHY IS IT UNIQUE ? MULTI DIMENSIONAL CHALLENGE : MULTI DIMENSIONAL CHALLENGE TECHNICAL OPERATIONAL SOCIAL LEGAL TECHNICAL : TECHNICAL TECHNOLOGY IS CHANGING RAPIDLY CYBER CRIMES ARE ALSO CHANGING RAPIDLY SYSTEMS AND CRIMES EVOLVE MORE RAPIDLY THAN THE TOOLS THAT EXAMINE THEM Slide 23: TECHNOLOGY EVOLUTION OBSOLESENCE NEWER DEVICES NEW TOOLS NEW METHODOLOGIES TECHNICAL : TECHNICAL UBIQUITY OF COMPUTERS CRIMES OCCUR IN ALL JURISDICTIONS TRAINING LEA BECOMES A CHALLENGE TECHNOLOGY REVOLUTION LEADS TO NEWER SYSTEMS, DEVICES ETC.. OPERATIONAL : OPERATIONAL ALL DATA MUST BE GATHERED AND EXAMINED FOR EVIDENCE GIGABYTES OF DATA PROBLEMS OF STORAGE ANALYSIS PRESENTATION.. NO STANDARD SOLUTION AS YET SOCIAL : SOCIAL IT RESULTS IN UNCERTAINITIES ABOUT EFFECTIVENESS OF CURRENT INVESTIGATION TECHNIQUES SUB OPTIMAL USE OF RESOURCES PRIVACY CONCERNS LEGAL : LEGAL USE & BOUNDS OF DIGITAL EVIDENCE IN LEGAL PROCEDURES STILL UNCLEAR CURRENT TOOLS & TECHNIQUES NOT RIGOROUSLY USED / CONTESTED IN COURT TYPICAL TOOLS : TYPICAL TOOLS EMAIL TRACER TRUEBACK CYBERCHECK MANUAL EMAIL TRACER FORENSIC TOOL : EMAIL TRACER FORENSIC TOOL FEATURES OF EMAIL TRACER : FEATURES OF EMAIL TRACER Display of Actual Mail Content for Outlook Express, Eudora, MS Outlook and mail clients with MBOX mailbox. Display the Mail Content (HTML / Text) Display the Mail Attributes for Outlook Express. Display of extracted E-mail header information Save Mail Content as .EML file. Display of all Email attachments and Extraction. Display of E-mail route. IP trace to the sender’s system. Domain name look up. Display of geographical location of the sender’s gateway on a world map. Mail server log analysis for evidence collection. Access to Database of Country code list along with IP address information. EMAIL TRACING OVER WEB : EMAIL TRACING OVER WEB AS A PRE-EMPTIVE TOOL EMAIL TRACING SERVICE : EMAIL TRACING SERVICE Users can submit their tracing task to Email Tracer through web. Tracing IP Address upto city level (non-spoofed) Detection of spoofed mail Detailed report SEIZURE & ACQUISITION TOOLTRUEBACK : SEIZURE & ACQUISITION TOOLTRUEBACK FEATURES OF TRUE BACK : FEATURES OF TRUE BACK DOS application with event based Windowing System. Self-integrity check. Minimum system configuration check. Extraction of system information Three modes of operation: - Seize - Acquire - Seize and Acquire Disk imaging through Parallel port. Disk imaging using Network Interface Card. Block by Block acquisition with data integrity check on each block. IDE/SCSI, USB, CD and Floppy acquisition. Acquisition of floppies and CDs in Batch mode. Write protection on all storage media except destination media. Checking for sterile destination media. Progress Bar display on all modes of operation. Report generation on all modes of operation. BIOS and ATA mode acquisition ANALYSIS TOOL : ANALYSIS TOOL CYBER CHECK Slide 39: CyberCheck - Features Standard Windows application. Self-integrity check. Minimum system configuration check. Analyses evidence file containing FAT12, FAT16, FAT32, NTFS and EXT2FS file system. Analyses evidence files created by the following disk imaging tools: TrueBack LinkMasster Encase User login facilities. Slide 40: CyberCheck– Features (Contd …) Creates log of each analysis session and Analyzing officer’s details. Block by block data integrity verification while loading evidence file. Explorer type view of contents of the whole evidence file. Display of folders and files with all attributes. Show/Hide system files. Sorting of files based on file attributes. Text/Hex view of the content of a file. Picture view of an image file. Gallery view of images. Slide 41: CyberCheck– Features (Contd …) Graphical representation of the following views of an evidence file: Disk View. Cluster View. Block view. Timeline view of: All files Deleted files. Time anomaly files. Signature mismatched files. Files created within a time frame. Slide 42: CyberCheck– Features (Contd …) Display of cluster chain of a file. Single and Multiple Keyword search. Extraction of Disk, Partition, File and MBR slacks. Exclusive search in slack space. Extraction of unused unallocated clusters and exclusion from search space. Exclusive search in used unallocated clusters . Extraction of lost clusters. Exclusive search in data extracted from lost clusters. Extraction of Swap files. Exclusive search in data extracted from Swap files. Slide 43: CyberCheck– Features (Contd …) File search based on file extension. File search based on hash value. Exclusion of system files from search space. Data recovery from deleted files, slack space, used unallocated clusters and lost clusters. Recovery of formatted partitions. Recovery of deleted partitions. Exporting files, folders and slack content. Exporting folder structure including file names into a file. Exporting files on to external viewer. Slide 44: CyberCheck– Features (Contd …) Local preview of storage media. Network preview of storage media using cross-over cable. Book marking of folders, files and data. Adding book marked items into report. Restoration of storage media. Creating raw image. Raw image analysis. Facility for viewing Mailbox files of Microsoft Outlook Express, Microsoft Outlook, Eudora and Linux Mail clients. Slide 45: CyberCheck– Features (Contd …) Registry viewer. Hash set of system files. Identification of encrypted & password protected files. Identification of steganographed image files. Generation of analysis report with the following features. Complete information of the evidence file system. Complete information of the partitions and drive geometry. Hash verification details. User login and logout information. Slide 46: CyberCheck– Features (Contd …) Exported content of text file and slack information. Includes picture file as image. Saving report, search hits and book marked items for later use. Password protection of report. Print report. ISSUES AHEAD.. &.. TECHNOLOGY BEHIND.. : ISSUES AHEAD.. &.. TECHNOLOGY BEHIND.. CASE #4 : CASE #4 A young girl had been involved in a series of sexually explicit exchanges via instant messenger system and email. Upon investigation, the perpetrator was tracked to the home of a 50 year old prominent local physician. Computers seized from the physician’s house had 240GB hard disk each, full of files. ISSUE #1 : ISSUE #1 How to get convincing leads to go ahead with the case in a short time from among the overload of available material. ADVANCED CONCEPT SEARCH : ADVANCED CONCEPT SEARCH ISSUE #2 : ISSUE #2 Computers contained many password protected/encrypted files. How to get into these files in a short time. PASSWORD CRACKING : PASSWORD CRACKING GRID Enabled Password Cracker Slide 54: GRID GRID SERVER FSL POLICE CRIME CELL CBI INTERNET PASSWORD CRACKING OF ZIP FILES USING GRID CYBER FORENSICS LAB Slide 55: GRID GRID SERVER FSL POLICE CRIME CELL CBI INTERNET PASSWORD CRACKING OF ZIP FILES USING GRID 1.ZIPPED FILE SUBMISSION 2. SERVER RECEIVES AND DISTRIBUTES TO GRID CLIENTS 3. CLIENTS COMPUTES AND SEND RESULTS TO SERVER 4. GRID SERVER SENDS RESULTS OVER INTERNET ISSUE #3 : ISSUE #3 However, the case took a twist when it came to light that the doctor’s 13-year-old son and 15 year old nephew had also been using the doctor’s account. Who was at the keyboard then? WHO’S AT THE KEYBOARD? : WHO’S AT THE KEYBOARD? BIOMETRICS A software driver associated with the keyboard records the user’s rhythm in typing. These rhythms are then used to generate a profile of the authentic user. WHO’S AT THE KEYBOARD? : WHO’S AT THE KEYBOARD? FORENSIC STYLISTICS A qualitative approach to authorship assesses errors and “idiosyncrasies” based on the examiner’s experience. This approach could be quantified through Databasing. WHO’S AT THE KEYBOARD? : WHO’S AT THE KEYBOARD? STYLOMETRY It is quantitative and computational method, focusing on readily computable and countable language features, e.g. word length, phrase length, sentence length, vocabulary frequency, distribution of words of different lengths. REAL CYBER FORENSIC CHALLENGE IS YET TO COME.. : REAL CYBER FORENSIC CHALLENGE IS YET TO COME.. …. GOA’s SKYBUS MISHAP : GOA’s SKYBUS MISHAP Konkan Railway Corporation Ltd's Skybus Metro dashed against a pole on the track during its trial run at Madgoan in Goa. "The skybus should have approached the station at the speed of 20 kmph. However, it was driving at 50 kmph. The sudden jerk after it hit the pole caused one person standing at the door, to fall off and two others to suffer major injuries." QUESTIONS BEING ASKED : QUESTIONS BEING ASKED Had the SKYBUS been tested sufficiently and should this controller bug have been found out during testing? WHO developed the control system software? Who carried out the design and who carried out the design approval?