Cyber Crime Investigation

By Sunny Vaghela sunny@techdefence.com

Session Flow Information Gathering- Definition Initial Info gathering of websites. Info Gathering using search engine , blogs & forums. Info gathering using job, matrimonial websites. Investigating Emails Ahmedabad Serial Blasts Terror Mail Case Study Investigating Phishing Frauds Investigating Carding Cases Investigating Data Theft Cases

Why Information Gathering? Information Gathering criminal. can reveal online footprints of

Information Gathering can help investigator to profile criminals

Information Gathering of websites Whois Information Owner of website. Email id used to register domain. Domain registrar. Domain name server information. Releted websites.

Whois Whois is query to database to get following information. 1.Owner of website. 2.Email id used to register domain. 3.Domain registrar. 4. Domain name server information. 5. Releted websites.

Reverse IP Mapping Reverse IP will give number of websites hosted on same server. If one website is vulnerable on the server then hacker can easily root the server. Domainbyip.com

Trace Route Trace Route

Info. Gathering using Search Engine Search engines are efficient mediums to get specific results according to your requirements. Google & yahoo search engine gives best results out of all.

Info. Gathering using Search Engine

This type of search engines retrieves results from different search engine & make relation or connections between those results.

Info. Gathering using Search Engine Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them.

Maltego

Maltego

Information gathering Almost 80% internet users use blogs/forums for knowledge sharing purpose. Information gathering from specific blog will also helpful in investigations. Information gathering from Social Networking websites can also reveal personal info about suspect. Many websites stored email id lists for newsletters. these email ids can also be retrieved using email spiders.

Savitabhabhi.com Cyber Pornography Case Demo

Investigating Emails Every Email has header information. Analyzing Full header of an email can reveal.. IP address of sender, Intermediate mail servers, Message ID of an email, Destination mail server information

Email Investigation Demo

Ahmedabad Serial Bomb Blasts Terror Mails

Four emails have been sent before the ahmedabad-delhi blasts. Modus Operandi was same in all the emails. Unsecured Wi-Fi routers of innocent people have been misused.

Ahmedabad Serial Blasts Terror Mail Case Demo

Phishing Frauds In the cyber-world phishing is a form of illegal act whereby

fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or instantaneous communication.

Modus Operandi
Fraudsters make spoof websites. Fraudsters then send an email stating that they are upgrading servers & need password for verification. When victim click on the link, he/she will be redirected to some other website. Money has been transferred from victims account to fraudsters account.

Modus Operandi

Investigation Steps
Investigator should trace Email using Headers. As it is going to be Spoof Mail in every case, Investigator should gather information about hosting server from which it is originated. Contacting Hosting Server with Message ID & Headers for Real IP Address. Asking for Domain names registered within specific time duration during which this incident reported. Credit Card or Paypal account or any other online payment account which was used for transaction.

Investigation Steps
Bank Statement with online banking A/C Access log which gives IP address of the culprit. Beneficiary Bank account statement. Beneficiary Bank account Access Log.

Phishing

Phishing Case Study

Data Theft
Most of the corporate stores their sensitive business information like client databases, email lists, invoices transaction receipts in their computer systems or dedicated servers. These information is targeted by employees, rivals & criminals.

Modus Operandi
Most of the times, the criminal is an employee of company, he would usually have direct or indirect access to data. he would steal the data, hide it or either sell it to business rivals. If criminal is not an employee of company, he would use social engineering techniques to hack into victims account/servers to steal source code/data. he would then contact potential buyers to sell the information. Sometimes people hire professional hackers to get target companys sensitive information

Investigation Methodologies
Investigator should ask victim about reasonable suspicion about person. Investigator should question suspect with conventional investigation techniques. Investigator should analyse server/computers application, security logs. If IDS( Intrusion Detection System) is installed in company then investigator should find out IP addresses from LOG of IDS.

Investigation Methodologies
Investigator should seize all the storage media, pen drives, ipods, and memory cards during raid at place of offence. Investigator should analyse storage media using forensics tools.

Data Theft Case Study

Florida(USA) based Firm has registered crime stating that Ahmedabad based BPO had theft database from their server & illegally selling to companys clients & competitors . They also claimed that IT company owner had taken this step in response to cancellation of business contract of development & maintenance of the companys one of the portals. Investigation revealed that he sold data to more than 20 clients in US

Data Theft Case Demo

Common reason found

Rationalization

Incentive

Opportunity

Rationalization
Employee justifies fraud using some common reasons. they owe me, I earned it. I need more than what they do. its only fair, the whole system is corrupted. god will forgive me. Hardest to control such rationalization among them

Incentive
Incentive or pressure can be real or imagined. Due to addiction like alcohols & illegal drugs. Financial Debts. Family Problems. Solution EAP Employee assistance plan

Opportunity
Perception is biggest drawback before committing crime. Wrong Belief that nobody can catch them. Solution: Employee background checks. Internal & External Audits. 90% of trusted employee only commit crimes.

TechDefence
TechDefence Services Cyber Crime Investigation Cyber Forensics Network Penetration Testing Web Vulnerability Assessment & Penetration Testing TechDefence Solutions Secure Web Development Security Product Development TechDefence Global Presence India Offices: Ahmedabad, V.V.Nagar, Nasik, Pune,Hyderabad International Offices: Mauritius,Autralia

Clientele
Private Sector VAPT Computer Clinic - Mauritius Multievents Ltd - Mauritius Noble Ventures USA Future Group Govt Sector Crime Branch, Ahmedabad Crime Branch,Nashik URICM, Gandhi Nagar

Clientele
Colleges Training More than 120 Colleges across india have participated in our Training. BFSI Sector Training 11 Urban Co-operative banks of Ahmedabad. Corporate Training YAHOO!,Google,K7 Antivirus, ZOHO, KPMG, HCL, TCS, Infosys, Delloitte ,ISACA,Temenos.

TCEH TechDefence Certified Ethical Hacker TechDefence Certified Cyber Security Expert
A Certified Hands on Training Program on Ethical Hacking, Information Security , Cyber Crime Investigation & Forensics. More than 30 Educational Institutes & 11 Banks across India have already undergone these training program. Cyber Crime Branch, Crime Branch Ahmedabad has also undergone this program.

Contents
Ethical Hacking Hacking & Hackers. IP addresses. Information gathering Scanning Virus, Worms, Trojans & Backdoors Mobile Hacking SMS & Call forging Email, Password, Website Hacking Sniffers & IDS Firewalls Wireless hacking

Contents
Website Hacking & Security Vulnerability Assessment & Penetration Testing SQL Injection Attacks Cross Site Scripting Attacks Local File Inclusion Attacks Remote File Inclusion Attacks Penetration testing methodologies Reverse Engineering

Contents
Mobile & Wireless Hacking Mobile Hacking & Security SMS Forging & Countermeasures Call Forging & Countermeasures Wireless Hacking & Security

Contents
Cyber Crime Investigation Types of Cyber Crimes Investigation Methodologies Email Tracing Ahmedabad Blast Terror Email Case Study Mumbai Blast Case Study Espionage Crimes Data Theft Phishing Crimes Credit Card Frauds Digital Signature Crimes

Course Duration & Benefits

Course Duration 1-2 Months. Course Material & 10 Cds. Course Benefits Live Demonstration of Hacking Techniques & tools Live Investigation Demonstration of Cases Solved by Sunny Vaghela. Hands on Practice Sessions. Personal Interaction with Sunny Vaghela. 100% Placement Assistance.

Internship Benefits
TechDefence in association with Innoventa Technologies Offering Internships/Projects to last year degree/diploma students Projects to offer HIDS (Host based Intrusion Detection System). Cyber Caf Monitoring System. File Encrypter. Online VAPT Scanner. Online Multi Antivirus Scanner.

TechDefence Partners Benefits

Internship Benefits For Students. Career Opportunities Ethical Hacker . Cyber Crime Investigator . Cyber Forensics Investigator . Web Developer . Network Security Administrator . IT Security Consultant . Web Security Auditor . ISS Auditor . Quality Tester Penetration Tester

Contents

For Registration you can contact Mobile : +91- 9898493002 , +91 9428014564 Website: www.techdefence.com www.sunnyvaghela.com

Thank You sunny@sunnyvaghela.com