Please enable JavaScript.
Coggle requires JavaScript to display documents.
Cyber Crimes (Forms (DDoS, Hacker, Backdoor, Virus, Worm, Internal and…
Cyber Crimes
Forms
DDoS
Hacker
Backdoor
Virus
Worm
Internal and External info Leakage
Trojan Horse
Characteristics
Complex and Diverse Motives
Transnational
Professional means
Many members and lowering ages
Covert Forms
Huge Potential Damage
Motives
Profit
Political Action
Ignorance
Revenge
Prestige
Trick
Digital Evidence
Source
Communication Technology
Broadcast, TV, films
Computer and Network
System audit trails
IDS, firewall, FTP, website, and antivirus software logs
System audit trails
E-mail
Temporary files or hidden files in an operating system and database
Swap partitions on hard disk drives
Script files implementing specific functions
Bookmarks, browsing history or session logs, real-time chat history
Characteristics
High Tech
Diverse
Shapeless
Dynamic and vivid
Fabricated
Vulnerable and fragile
Forms: text, graphs, images, animations, audio, videos
Digital Forensics
Principles
Integrity
Continuty
Comprehensive
Timeless
Legtimacy
Process
4- Verify Evidence
Standards
Objectivity / Authenticity
Legitimacy
Relevance
Principles
Supervision by: Investigator "Signature", public "Fairness & Justice"
Independence
Legitimacy of: behavior "No Change Overtime" & Status "Multiple backups"
5- Analyze Evidence: Check Relevant Events: logs, Reverse Eng
3- Preserve Evidence
Asymmetric encryption / Digital Certificate
Digital envelope
Symmetric encryption
Timestamp
Digital Signature
6- Trace:
Link Test, Packet Recording, Packet Marking, Spam Tracing
Logs, Trapping, Capture, ping, traceroute, netstat, nslookup
2- Obtain Evidence
Related Technologies
Chip Forensic: Joint Test Action Group Analysis (TAP), Dynamic Simulation
Log Forensics
Data Analysis Forensic: Sleuth "Data Association"
HoneyPot
PCAP: TCPdump, Wireshark, sniffers, Argus
Data mining
Covert code Forensics
IoT Forensics
Cloud Forensics
SCA Side-Channel Attack Forensics
HW Tools
HD Duplicator
HD Read Only Lock
All-in-one Forensic Appliance
Forensic Tower
Media Repair Device
Software Tools
dtSearch - Text Search Tool
Ghost - Disk bit-for-bit image
CD-R Diagnostics
Disk Erasing Tool
Encase - Data/Disk Browsing
Hetman Uneraser - Anti deletion tool
Thumbs Plus - Image Check
7- Present Evidence: Mark the extraction time, place, device, extractor, witness
1- Protect the Scene
Phases
1- Physical Evidence Collection
2- Information Discovery
Forms
Use of Computers to store info related to criminal activities
Use Computers to launch Criminal Activities