Вы находитесь на странице: 1из 47
Cyber Crime Investigation By Sunny Vaghela sunny@techdefence.com
Cyber Crime Investigation
By
Sunny Vaghela
sunny@techdefence.com
Session Flow • Information Gathering- Definition • Initial Info gathering of websites. • Info Gathering
Session Flow
• Information Gathering- Definition
• Initial Info gathering of websites.
• Info Gathering using search engine , blogs & forums.
• Info gathering using job, matrimonial websites.
• Investigating Emails
• Ahmedabad Serial Blasts Terror Mail Case Study
• Investigating Phishing Frauds
• Investigating “Carding” Cases
• Investigating Data Theft Cases
Why Information Gathering? • Information Gathering criminal. can reveal online footprints of • Information
Why Information Gathering?
• Information Gathering
criminal.
can reveal online footprints of
• Information Gathering can help investigator to profile
criminals
Information Gathering of websites • Whois Information •Owner of website. •Email id used to register
Information Gathering of websites
• Whois Information
•Owner of website.
•Email id used to register domain.
•Domain registrar.
• Domain name server information.
• Releted websites.
Whois Whois is query to database to get following information. 1.Owner of website. 2.Email id
Whois
Whois is query to database to get following information.
1.Owner of website.
2.Email id used to register domain.
3.Domain registrar.
4. Domain name server information.
5. Releted websites.
Reverse IP Mapping • Reverse IP will give number of websites hosted on same server.
Reverse IP Mapping
• Reverse IP will give number of websites hosted on same
server.
•If one website is vulnerable on the server then hacker can
easily root the server.
• Domainbyip.com
Trace Route • Trace Route
Trace Route
• Trace Route
Info. Gathering using Search Engine • Search engines are efficient mediums to get specific results
Info. Gathering using Search Engine
• Search
engines
are
efficient
mediums
to
get
specific
results according to your requirements.
•Google & yahoo search engine gives best results out of all.
Info. Gathering using Search Engine • This type of search engines retrieves results from different
Info. Gathering using Search Engine
• This type of search engines retrieves results from different
search engine & make relation or connections between
those results.
Info. Gathering using Search Engine • Maltego is an open source intelligence and forensics application.
Info. Gathering using Search Engine
• Maltego
is
an
open
source
intelligence
and
forensics
application.
• It allows for the mining and gathering of information as
well as the representation of this information in a
meaningful way.
• Coupled with its graphing libraries, Maltego, allows you to
identify key relationships between information and identify
previously unknown relationships between them.
Maltego •
Maltego
Maltego •
Maltego
Information gathering •Almost 80% internet users use blogs/forums for knowledge sharing purpose. •Information
Information gathering
•Almost
80%
internet
users
use
blogs/forums
for
knowledge sharing purpose.
•Information gathering from specific blog will also helpful in
investigations.
• Information gathering from Social Networking websites
can also reveal personal info about suspect.
• Many websites stored email id lists for newsletters. these
email ids can also be retrieved using email spiders.
Savitabhabhi.com Cyber Pornography Case Demo
Savitabhabhi.com Cyber Pornography Case Demo
Investigating Emails • Every Email has header information. • Analyzing Full header of an email
Investigating Emails
• Every Email has header information.
• Analyzing Full header of an email can reveal
• IP address of sender,
• Intermediate mail servers,
• Message ID of an email,
• Destination mail server information
Email Investigation Demo
Email Investigation Demo
Ahmedabad Serial Bomb Blasts Terror Mails • Four emails have been sent before the ahmedabad-delhi
Ahmedabad Serial Bomb Blasts Terror Mails
• Four emails have been sent before the ahmedabad-delhi
blasts.
• Modus Operandi was same in all the emails.
• Unsecured Wi-Fi routers of innocent people have been
misused.
Ahmedabad Serial Blasts Terror Mail Case Demo
Ahmedabad Serial Blasts Terror Mail Case Demo
Phishing Frauds • In the cyber-world phishing is a form of illegal act whereby fraudulently
Phishing Frauds
• In the cyber-world phishing is a form of illegal act whereby
fraudulently sensitive information is acquired, such as
passwords and credit card details, by a person/entity
masquerading as a trustworthy person or business in an
apparently official electronic communication, such as an e-mail
or instantaneous communication.
Modus Operandi • Fraudsters make spoof websites. • Fraudsters then send an email stating that
Modus Operandi
• Fraudsters make spoof websites.
• Fraudsters then send an email stating that they are upgrading
servers & need password for verification.
• When victim click on the link, he/she will be redirected to some
other website.
• Money has been transferred from victim’s account to fraudster’s
account.
Modus Operandi
Modus Operandi
Investigation Steps • Investigator should trace Email using Headers. • As it is going to
Investigation Steps
• Investigator should trace Email using Headers.
• As it is going to be Spoof Mail in every case, Investigator should
gather information about hosting server from which it is originated.
• Contacting Hosting Server with Message ID & Headers for Real IP
Address.
• Asking for Domain names registered within specific time duration
during which this incident reported.
• Credit Card or Paypal account or any other online payment account
which was used for transaction.
Investigation Steps • Bank Statement with online banking A/C Access log which gives IP address
Investigation Steps
• Bank Statement with online banking A/C Access log which gives IP
address of the culprit.
• Beneficiary Bank account statement.
• Beneficiary Bank account Access Log.
Phishing Phishing Case Study
Phishing
Phishing Case Study
Data Theft • Most of the corporate stores their sensitive business information like client databases,
Data Theft
• Most of the corporate stores their sensitive business
information like client databases, email lists, invoices transaction
receipts in their computer systems or dedicated servers.
• These information is targeted by employees, rivals & criminals.
Modus Operandi • Most of the times, the criminal is an employee of company, he
Modus Operandi
• Most of the times, the criminal is an employee of company, he
would usually have direct or indirect access to data. he would
steal the data, hide it or either sell it to business rivals.
• If criminal is not an employee of company, he would use social
engineering techniques to hack into victim’s account/servers to
steal source code/data. he would then contact potential buyers
to sell the information.
• Sometimes people hire professional hackers to get target
company’s sensitive information
Investigation Methodologies • Investigator about person. should ask victim about reasonable suspicion •
Investigation Methodologies
• Investigator
about person.
should
ask
victim
about
reasonable
suspicion
• Investigator
should
question
suspect
with
conventional
investigation techniques.
• Investigator
security logs.
should
analyse
server/computer’s
application,
• If IDS( Intrusion Detection System) is installed in company then
investigator should find out IP addresses from LOG of IDS.
Investigation Methodologies • Investigator should seize all the storage media, pen drives, ipods, and memory
Investigation Methodologies
• Investigator should seize all the storage media, pen drives,
ipods, and memory cards during raid at place of offence.
• Investigator should analyse storage media using forensics tools.
Data Theft Case Study • Florida(USA) based Firm has registered crime stating that Ahmedabad based
Data Theft Case Study
• Florida(USA) based Firm has registered crime stating that
Ahmedabad based BPO had theft database from their server &
illegally selling to company’s clients & competitors .
• They also claimed that IT company owner had taken this step in
response to cancellation of business contract of development &
maintenance of the company’s one of the portals.
• Investigation revealed that he sold data to more than 20 clients
in US
Data Theft Case Demo
Data Theft Case Demo
Common reason found • Rationalization Incentive Opportunity
Common reason found
Rationalization
Incentive
Opportunity
Rationalization • Employee justifies fraud using some common reasons. • “they owe me, I earned
Rationalization
• Employee justifies fraud using some common reasons.
• “they owe me, I earned it”.
• “I need more than what they do”.
• “its only fair, the whole system is corrupted”.
• “god will forgive me”.
• Hardest to control such rationalization among them
Incentive • Incentive or pressure can be real or imagined. • Due to addiction like
Incentive
• Incentive or pressure can be real or imagined.
• Due to addiction like alcohols & illegal drugs.
• Financial Debts.
• Family Problems.
• Solution – EAP – Employee assistance plan
Opportunity • Perception is biggest drawback before committing crime. • Wrong Belief that nobody can
Opportunity
• Perception is biggest drawback before committing crime.
• Wrong Belief that nobody can catch them.
• Solution: Employee background checks.
Internal & External Audits.
• 90% of trusted employee only commit crimes.
TechDefence TechDefence Services • Cyber Crime Investigation • Cyber Forensics • Network Penetration Testing
TechDefence
TechDefence Services
• Cyber Crime Investigation
• Cyber Forensics
• Network Penetration Testing
• Web Vulnerability Assessment & Penetration Testing
TechDefence Solutions
• Secure Web Development
• Security Product Development
TechDefence Global Presence
• India Offices: Ahmedabad, V.V.Nagar, Nasik, Pune,Hyderabad
• International Offices: Mauritius,Autralia
Clientele Private Sector – VAPT • Computer Clinic - Mauritius • Multievents Ltd - Mauritius
Clientele
Private Sector – VAPT
• Computer Clinic - Mauritius
• Multievents Ltd - Mauritius
• Noble Ventures – USA
• Future Group
Govt Sector
• Crime Branch, Ahmedabad
• Crime Branch,Nashik
• URICM, Gandhi Nagar
Clientele Colleges – Training • More than 120 Colleges across india have participated in our
Clientele
Colleges – Training
• More than 120 Colleges across india have participated in our
Training.
BFSI Sector – Training
• 11 Urban Co-operative banks of Ahmedabad.
Corporate – Training
• YAHOO!,Google,K7 Antivirus, ZOHO, KPMG, HCL, TCS, Infosys,
Delloitte ,ISACA,Temenos.
TCEH TechDefence Certified Ethical Hacker TechDefence Certified Cyber Security Expert • A Certified Hands on
TCEH
TechDefence Certified Ethical Hacker
TechDefence Certified Cyber Security Expert
• A
Certified
Hands
on
Training
Program
on
Ethical
Hacking,
Information Security , Cyber Crime Investigation & Forensics.
• More than 30 Educational Institutes & 11 Banks across India have
already undergone these training program.
• Cyber Crime Branch, Crime Branch Ahmedabad has also undergone
this program.
Contents Ethical Hacking • Hacking & Hackers. • IP addresses. • Information gathering • Scanning
Contents
Ethical Hacking
• Hacking & Hackers.
• IP addresses.
• Information gathering
• Scanning
• Virus, Worms, Trojans & Backdoors
• Mobile Hacking – SMS & Call forging
• Email, Password, Website Hacking
• Sniffers & IDS
• Firewalls
• Wireless hacking
Contents Website Hacking & Security • Vulnerability Assessment & Penetration Testing • SQL Injection
Contents
Website Hacking & Security
• Vulnerability Assessment & Penetration Testing
• SQL Injection Attacks
• Cross Site Scripting Attacks
• Local File Inclusion Attacks
• Remote File Inclusion Attacks
• Penetration testing methodologies
• Reverse Engineering
Contents Mobile & Wireless Hacking • Mobile Hacking & Security • SMS Forging & Countermeasures
Contents
Mobile & Wireless Hacking
• Mobile Hacking & Security
• SMS Forging & Countermeasures
• Call Forging & Countermeasures
• Wireless Hacking & Security
Contents Cyber Crime Investigation • Types of Cyber Crimes • Investigation Methodologies • Email Tracing
Contents
Cyber Crime Investigation
• Types of Cyber Crimes
• Investigation Methodologies
• Email Tracing
• Ahmedabad Blast Terror Email Case Study
• Mumbai Blast Case Study
• Espionage Crimes
• Data Theft
• Phishing Crimes
• Credit Card Frauds
• Digital Signature Crimes
Course Duration & Benefits Course Duration • 1-2 Months. • Course Material & 10 Cds.
Course Duration & Benefits
Course Duration
• 1-2 Months.
• Course Material & 10 Cds.
Course Benefits
•Live Demonstration of Hacking Techniques & tools
• Live Investigation Demonstration of Cases Solved by Sunny Vaghela.
• Hands on Practice Sessions.
• Personal Interaction with Sunny Vaghela.
• 100% Placement Assistance.
Internship Benefits TechDefence in association with Innoventa Technologies Offering Internships/Projects to last year
Internship Benefits
TechDefence in association with Innoventa Technologies Offering
Internships/Projects to last year degree/diploma students
Projects to offer
• HIDS (Host based Intrusion Detection System).
• Cyber Café Monitoring System.
• File Encrypter.
• Online VAPT Scanner.
• Online Multi Antivirus Scanner.
TechDefence Partners Benefits Internship Benefits For Students. Career Opportunities • Ethical Hacker . • Cyber
TechDefence Partners Benefits
Internship Benefits For Students.
Career Opportunities
• Ethical Hacker .
• Cyber Crime Investigator .
• Cyber Forensics Investigator .
• Web Developer .
• Network Security Administrator .
• IT Security Consultant .
• Web Security Auditor .
• ISS Auditor .
• Quality Tester
• Penetration Tester
Contents • For Registration you can contact Mobile : +91- 9898493002 , +91 9428014564 Website:
Contents
• For Registration you can contact
Mobile : +91- 9898493002 , +91 9428014564
Website: www.techdefence.com
www.sunnyvaghela.com
Thank You sunny@sunnyvaghela.com
Thank You
sunny@sunnyvaghela.com