PRELIM Flashcards
tools and techniques that frustrate forensic tools, investigations,
and investigators
ANTI FORENSICS
a model that enables customers to be in control of their
computing resource needs and add computing resources as they
wish through a highly automated and responsive set of processes.
CLOUD COMPUTING
any device capable of performing logical, arithmetic, routing, or
storage facility, or equipment or communications facility or
equipment directly to or operating in conjunction with such
device
COMPUTER
-
any representation of facts, information, or concepts in
a local computer system or online
COMPUTER DATA
refers to any device or group of interconnected or related devices, one or more of which, pursuant to a
program, performs automated processing data
COMPUTER SYSTEM
application of scientific principles to the process of discovering information from a digital device
DIGITAL FORENSICS
stores and provides relatively quick access to large amounts of data on an electromagnetically charged surface
HARD DISK/ DISK DRIVE/HARD DRIVE/HARD DISK DRIVE
physical components of a computer
HARDWARE
involves the application of scientific principles to the process of discovering information from mobile devices which include cell phones, smartphones, and table devices.
MOBILE FORENSICS
involves capturing, recording, and analysis of network events to discover source of security attack
NETWORK FORENSICS
a set of instructions compiled into a program that performs a particular task
SOFTWARE
criminal act committed via computer
Computer Crime
criminal activities in which a
computer was peripherally/incidentally involved
Computer Related Crime
a criminal activity which has been committed through, or facilitated by the Internet.
Cybercrime
any criminal activity which involves the
unauthorized access, dissemination, manipulation, destruction, or corruption of electronically stored data
Digital Crime
application of investigation and analysis techniques to gather
and preserve evidence from a particular computing device in a
way that is suitable for presentation in a court of law
COMPUTER FORENSICS
Computer Forensic is concerns in the process of
a. obtaining
b. processing and analyzing
c. storing digital information
for criminal, civil and administrative cases
USES OF COMPUTER FORENSICS IN LAW ENFORCEMENT
- recovering deleted files
- searching unallocated space
- tracing artifacts
- processing hidden files
- running a string
search
COMPUTER FORENSICS ASSISTANCE TO HUMAN RESOURCES /
EMPLOYMENT PROCEEDINGS
employer safeguard program
COMPUTER FORENSICS SERVICES
- data seizure
- data duplication/preservation
- data recovery
- document searches
- media conversion
- expert witness services
- Computer evidence service options
- Other miscellaneous services
data duplication/preservation
- When one party must seize data from another, two concerns must be
addressed:
a. the data must not be altered in any way
b. the seizure must not put an undue burden on the
responding party
Computer evidence service options
- various levels of service, each designed to suit your individual
investigative needs
a. Standard service
b. On site service
c. Emergency service
d. Priority service
e. Weekend service
Other miscellaneous services
- On-site seizure of computer data in criminal investigations
- Analysis of computers and data in civil litigations
- On-site seizure of computer data in civil litigations
- Analysis of company computers to determine employee activity
- Assistance in preparing electronic discovery requests
- Reporting in a comprehensive and readily understandable manner
- Court-recognized computer expert witness testimony
- Computer forensics on both PC and Mac platforms
- Fast turnaround time.
BENEFITS OF PROFESSIONAL
FORENSIC METHODOLOGY
- No possible evidence is damaged, destroyed, or otherwise compromised by the procedures used to investigate the computer.
- No possible computer virus is introduced to a subject computer during the analysis process.
- Extracted and possibly relevant evidence is properly handled and protected from later mechanical or electromagnetic damage.
- A continuing chain of custody is established and maintained.
- Business operations are affected for a limited amount of time, if at all.
- Any client attorney information that is inadvertently acquired
during a forensic exploration is ethically and legally respected
and not divulged
STEPS TAKEN BY COMPUTER FORENSICS SPECIALISTS
- protect
- discover
- recover
- reveal
- access
- analyze
- print out
- provide
CHALLENGES FACED BY INVESTIGATORS OF ELECTRONIC EVIDENCE
- evidence may be difficult to detect
- degree of anonymity
- electronic evidence are quite fragile
- global nature of evidence
CYBERCRIME CLASSIFICATIONS
(Inside or OUtside)
- Against Individuals
- Against Property
- Against Organizations
- Against Society
Against Individuals
- e-mail spoofing,
- spamming,
- cyber defamation,
- cyber harassment and cyberstalking.
which the e-mail header is forged so that the mail appears to originate from one source but actually has been sent from another source.
e-mail spoofing
sending multiple copies of unsolicited mails or mass e-mails such as chain letters.
Spamming
This occurs when defamation takes place with the help of computers and/or the Internet
Cyber Defamation
following an individual’s activity over internet
Cyber Harassments and Cyber Stalking
Against Property
- credit card frauds
- internet time theft
- intellectual property crimes.
the usage of the Internet hours by an unauthorized person which is actually paid by another person
internet time theft
intellectual property crimes - includes the following:
- Software piracy
- Copyright infringement
- Trademark violations
- Theft of computer source code
Illegal copying of programs, distribution of copies of software.
Software piracy
Using copyrighted material without proper permission
Copyright infringement
Using trademarks and associated rights without permission of the actual holder.
Trademarks violations
Stealing, destroying, or misusing the source code of a computer.
Theft of computer source code
Against Organizations
- unauthorized accessing of computer 2. denial of service
- computer contamination/virus attack
- e-mail bombing
- salami attack
- logic bomb
- trojan horse
- data diddling.
Accessing the computer/network without permission from the owner
Unauthorized accessing of computer
The criminal reads or copies confidential or proprietary information, but the data is neither deleted nor changed
Computer voyeur
When Internet server is flooded with continuous bogus requests so as to denying legitimate users to use the server or to crash the server.
Denial of service
a computer program that can infect other programs with virus
Computer contamination / Virus attack
sending large number of mails to the individual or company or mail servers ultimately resulting into crashing
e-mail bombing
financial crimes committed when negligible amounts are removed and accumulated into something larger
Salami attack
an event dependent program designated to crash the computer
Logic bomb
a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious
Trojan horse
altering of raw data before it is processed by a computer and then changing it back after the process was completed
Data diddling
Against Society
- Forgery
- Cyber Terrorism
- Web Jacking
hackers gain access and control over a website of another even changing the content of website
Web Jacking
no physical or geographic boundaries
cybercrime
committed in a certain place to a certain
target / victim at a time
traditional crime
Reasons why cybercrimes continue to exist despite creation of anti
cybercrime laws:
- Inherent vulnerability of computer networks/ internet.
- The enormous number of computers connected to the internet
gives cybercriminals a wide array of target.
3.The internet is an effective medium for running automated systems, thus leading to automation of illegal internet activity. - The unregulated nature of the internet.
- Overwhelming impact of advancements in technology.
- Anonymity in the virtual world
- Different cybercrime laws of different countries
- Existence of different social engineering techniques
TYPES OF HACKING
A. Ethical Hacking
B. Unethical Hacking
- used to identify vulnerabilities and secure systems
- simulation of real-world attacks to fix security flaws
- conducted within legal and ethical boundaries
Ethical Hacking
- violation of ethical standards and regulations
- unauthorized access to sensitive information, disrupt operations,
or cause harm
Unethical Hacking
Phases of Unethical Hacking
- Performing Reconnaissance Reconnaissance (pre-attack phase)
- Scanning and Enumeration
- Gaining Access
- Escalation of Privilege
- Maintaining Access
- Covering Tracks and Planting Backdoors
Some Techniques for Reconnaissance:
a. Dumpster Diving
b. War Driving
c. Sniffing
d. Social Engineering
systematic attempt to locate, gather, identify, and record
information about the target
Performing Reconnaissance (pre-attack phase)
probing a target network/system to
identify potential vulnerabilities
Scanning
gathering information about the target system or network
Enumeration
aim is to become system administrator & have full access and control
Escalation of Privilege
pull down the password file or steal other passwords so that they can
access other user’s accounts
Maintaining Access
set of tools used to help the attacker maintain his access to the system and use it for malicious purposes
rootkits
a. Using rootkits or other tools to cover their tracks
b. Hunt down log files and attempt to alter or erase them
c. Utilize file hiding techniques, such as hidden directories, hidden attributes, and alternate data streams (ADS)
d.Creation of backdoors to reenter the computer at will
e. Insertion of programs or malicious codes for future activation in hidden
files/directories botnet & zombie
Covering Tracks and Planting Backdoors
Identity Theft and Identity Fraud
Criminal Acts Facilitated by Identity Theft / Fraud:
1.Money Laundering
2.Drug trafficking
3.Alien Smuggling
4.Weapon Smuggling
5.Extortion
6.Misappropriation of Funds
7.Embezzlement and other financial crime
Types of Identity Theft and Identity Fraud
- Assumption of Identity
- Theft for Employment
- Reverse Criminal Record Identity Theft
- Virtual Identity Theft / Fraud
- Credit Identity Theft / Fraud
- rarest form of identity theft/fraud
- occurs when an individual simply assumes the identity of his/her
victim, including all aspects of the victim’s life
Types of Identity Theft and Identity Fraud
- fraudulent use of stolen or fictitious personal information to obtain employment
- common to illegal immigrants
Theft for Employment
occurs when a criminal uses a victim’s identity, not to engage in criminal activity, but to seek employment
Reverse Criminal Record Identity Theft
- use of personal, professional, or other dimensions of identity toward the development of a fraudulent virtual personality
- often used for online dating, role playing, and accessing deviant
sites or locations containing questionable content and are used by
individuals to explore forbidden areas or to satisfy their curiosity behind a veil of anonymity
Virtual Identity Theft / Fraud
- most common and most feared type
-use of stolen personal and financial information to facilitate the
creation of fraudulent accounts
Credit Identity Theft / Fraud
illegal use of a stolen credit card
credit card fraud
Other Classifications of Identity Fraud
- Financial Identity Theft
- Criminal Identity Theft
- Identity Cloning
- Business / Commercial Identity Theft
identity = gain financial transactions
Financial Identity Theft
identity = committing crimes usually cybercrimes
Criminal Identity Theft
-offender assumes the identity of the victim in his or her daily life
Identity Cloning
use of another business’ or organization’s name to obtain credit,
funds, goods, or services
Business / Commercial Identity Theft
Victimology
Susceptible victims of Identity Theft/Fraud include but are not
limited to the following:
1.Smartphone owners who fail to safeguard their devices with passwords
2.People who publicly share personal information in social networking sites
3.People who are usually using services of online banking, online
communication, and online shopping
4.People / companies who experienced data breaches
CATEGORIES OF TECHNIQUES EMPLOYED BY IDENTITY
A. physical
B. virtual
Physical Methods of Identity Theft
- Mail Theft
- Dumpster Diving
- Theft of Computers
- Bag Operations
- Child Identity Theft
- Insiders
- Fraudulent / Fictitious Companies
- Card Skimming, ATM Manipulation, and Fraudulent Machines
retrieving info from unsecured mail boxes
Mail Theft
- surreptitious entry into hotel rooms to steal, photograph, or photocopy
documents, or copy magnetic media, or download information for a laptop
computer and is made easier with the availability of mass storage
removable media
Bag Operations
- stealing their children’s identities for employment, evasion of
authorities, financial gain and credit
- Child Identity Theft
- reading and recording of personal information encoded on the
magnetic strip of an automated teller machine or credit card
Card Skimming, ATM Manipulation, and Fraudulent Machines
VIRTUAL OR INTERNET FACILITATED METHODS
- Phishing
2.Spyware and Crimeware
3.Keyloggers and Password Stealers - Trojans horse or Trojan
- malware that is often disguised as legitimate software
Trojans horse or Trojan
devices or software programs which record the input activity of a
computer or system
Keyloggers
type of computer virus that infects your machine, records all of your user
passwords and then emails them to a remote user
Password Stealers
a browser based software designed to capture and transmit
privacy sensitive information to third parties without the knowledge and
consent of the user
Spyware
is a spyware created or employed specifically to facilitate identity theft or other economically motivated crime.
Crimeware
provide mechanism for cybercriminals to change website IP addresses repeatedly without affecting the domain name
Botnets
e-mail = recipient for his/ her assistance in claiming “found” money
Advance fee Fraud / 419 Fraud
malicious programs which redirect user’s network traffic to undesired sites
Redirectors
redirects the connection between IP address and its target service
and is accomplished when the link is altered so that consumers are unwittingly redirected to a mirror site
B. Pharming
company trademarks and logos
A. Spoofing
solicitation of information via e mail or directing individuals to
fake websites
Phishing
CATEGORIES OF PHISHING ATTACKS
A. Spoofing
B. Pharming
C. Redirectors
D. Advance fee Fraud / 419 Fraud
E. Botnets
