cyber security and forensic tools
TRANSCRIPT
PRESENTED BY
:--
1->ROHIT PRAKASH
2->SONU SUNALIYA
3->RAUNAK MISHRA
4->SAURABH RATHORE
Mr. PRATEEK DIWAN
What is cyber security?
Cyber security is defined as the protection of
systems, networks and data in cyberspace & is a
critical issue for all businesses.
Cyber security is also
referred to as information
technology security, focuses
on protecting computers,
networks, programs and data
from unintended or
unauthorized access,
change or destruction.
WHY IS CYBER SECURITY
IMPORTANT?Governments, military, corporations,
financial institutions, hospitals and
other businesses collect, process and
store a great deal of confidential
information on computers and
transmit that data across networks to
other computers. With the growing
volume and sophistication of cyber
attacks, ongoing attention is required
to protect sensitive business and
personal information, as well as
safeguard national security.
Cyber risks can be divided into three distinct areas:
1.Cyber crime
Conducted by individuals working alone, or in organised
groups, intent on extracting money, data or causing disruption,
cyber crime can take many forms, including the acquisition of
credit/debit card data and intellectual property, and impairing
the operations of a website or service.
2.Cyber war
A nation state conducting sabotage and espionage against
another nation in order to cause disruption or to extract data.
3.Cyber terror
An organisation, working independently of a nation state,
conducting terrorist activities through the medium of
cyberspace.
ISO 27001 and cyber security :-
As well as protecting your critical assets, customer
details and your operating systems, effective cyber
security can also help organisations win new business
by providing assurances of their commitment to cyber
security to their supply chain partners, stakeholders and
customers.
ISO 27001 is the internationally recognised best-
practice Standard for information security management.
It forms the backbone of every intelligent cyber security
risk management strategy.
Introduction to cyber criminals:-
Congruent with the rapid pace of technological change,
the world of cyber crime never stops innovating either.
Every month, Microsoft publishes a bulletin of the
vulnerabilities of its systems, an ever-growing list of
known threats, bugs and viruses.
CYBER SECURITY GLOSSARY OF
TERMS:-
• Phishing & Pharming
• Drive-by & MITM
• Active Attack
• Access
• Viruses
• Spyware/Adware
• Worms
• Trojans
ACCESS:-
Access to accounts can be enforced through
four major types of controls:
a). Mandatory Access Control (MAC) b).
Discretionary Access Control (DAC) c).
Role-Based Access Control (RBAC) d).
Rule-Based Access Control
Viruses:-
Aim:- Gain access to, steal, modify and
corrupt information and files from a targeted
computer system.
Technique:- A small piece of software
program that can replicate itself and spread
from one computer to another by attaching
itself to another computer file.
Spyware/Adware:-
Aim:- To take control of your computer
and/or to collect personal information without
your knowledge.
Technique:- By opening attachments,
clicking links or downloading infected
software, spyware/adware is installed on
your computer.
Worms:-
Aim: By exploiting weaknesses in operating
systems, worms seek to damage networks and often
deliver payloads which allow remote control of the
infected computer.
Technique: Worms are self-replicating and do not
require a program to attach themselves to. Worms
continually look for vulnerabilities and report back to
the worm author when weaknesses are discovered.
Trojans:-
Aim:- To create a ‘backdoor’ on your computer by
which information can be stolen and damage
caused.
Technique:- A software program appears to perform
one function (for example, virus removal) but
actually acts as something else.
Phishing:-
An attempt to acquire users’ information by
masquerading as a legitimate entity. Examples
include spoof emails and websites.
Pharming:-
An attack to redirect a website’s traffic to a different,
fake website, where the individuals’ information is
then compromised.
Drive-by:-
Opportunistic attacks against specific weaknesses
within a system.
MITM:-‘Man in the middle attack’ where a middleman
impersonates each endpoint and is thus able to
manipulate both victims.
ACTIVE ATTACK:-
An active attack is a network exploit in which a hacker
attempts to make changes to data on the target or data
en route to the target.
Types of active attacks:-
Masquerade attack:- The intruder pretends to be a
particular user of a system to gain access or to gain greater
privileges than they are authorized for.
Session replay attack:- A hacker steals an authorized
user’s log in information by stealing the session ID.
Message modification attack:- An intruder alters packet
header addresses to direct a message to a different
destination or modify the data on a target machine.
FORENSIC TOOLS:-
Digital forensics (sometimes known as digital forensic
science) is a branch of forensic science encompassing
the recovery and investigation of material found in
digital devices, often in relation to computer crime.
The term digital forensics was originally used as a
synonym for computer forensics but has expanded to
cover investigation of all devices capable of storing
digital data.
Forensic process:-
A digital forensic investigation commonly
consists of 3 stages:-
*acquisition or imaging of exhibits
*analysis
* reporting.
Ideally acquisition involves capturing an image
of the computer's volatile memory (RAM) and
creating an exact sector level duplicate (or
"forensic duplicate") of the media, often using a
write blocking device to prevent modification of
the original.
TOOLS:-
Some Forensic Tools are as follows:-
01. SANS SIFT 11. DEFT
12. Xplico
13. LastActivityView
14. DSi USB Write
Blocker
15. Mandiant RedLine
16. PlainSight
17. HxD
18. HELIX3 Free
19.Paladin Forensic Suite
20. USB Historian
02. Pro Discover Basic
03.. Volatility
04 The Sleuth Kit (+Autopsy)
05. FTK Imager
06. Linux ‘dd’
07. CAINE
08. Oxygen Forensic Suite 2013
Standard
09. Free Hex Editor Neo
10. Bulk Extractor
