Session Flow Information Gathering- Definition Initial Info gathering of websites. Info Gathering using search engine , blogs & forums. Info gathering using job, matrimonial websites. Investigating Emails Ahmedabad Serial Blasts Terror Mail Case Study Investigating Phishing Frauds Investigating Carding Cases Investigating Data Theft Cases
Why Information Gathering? Information Gathering criminal. can reveal online footprints of
Information Gathering of websites Whois Information Owner of website. Email id used to register domain. Domain registrar. Domain name server information. Releted websites.
Whois Whois is query to database to get following information. 1.Owner of website. 2.Email id used to register domain. 3.Domain registrar. 4. Domain name server information. 5. Releted websites.
Reverse IP Mapping Reverse IP will give number of websites hosted on same server. If one website is vulnerable on the server then hacker can easily root the server. Domainbyip.com
Info. Gathering using Search Engine Search engines are efficient mediums to get specific results according to your requirements. Google & yahoo search engine gives best results out of all.
This type of search engines retrieves results from different search engine & make relation or connections between those results.
Info. Gathering using Search Engine Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them.
Maltego
Maltego
Information gathering Almost 80% internet users use blogs/forums for knowledge sharing purpose. Information gathering from specific blog will also helpful in investigations. Information gathering from Social Networking websites can also reveal personal info about suspect. Many websites stored email id lists for newsletters. these email ids can also be retrieved using email spiders.
Investigating Emails Every Email has header information. Analyzing Full header of an email can reveal.. IP address of sender, Intermediate mail servers, Message ID of an email, Destination mail server information
Four emails have been sent before the ahmedabad-delhi blasts. Modus Operandi was same in all the emails. Unsecured Wi-Fi routers of innocent people have been misused.
Modus Operandi
Fraudsters make spoof websites. Fraudsters then send an email stating that they are upgrading servers & need password for verification. When victim click on the link, he/she will be redirected to some other website. Money has been transferred from victims account to fraudsters account.
Modus Operandi
Investigation Steps
Investigator should trace Email using Headers. As it is going to be Spoof Mail in every case, Investigator should gather information about hosting server from which it is originated. Contacting Hosting Server with Message ID & Headers for Real IP Address. Asking for Domain names registered within specific time duration during which this incident reported. Credit Card or Paypal account or any other online payment account which was used for transaction.
Investigation Steps
Bank Statement with online banking A/C Access log which gives IP address of the culprit. Beneficiary Bank account statement. Beneficiary Bank account Access Log.
Phishing
Data Theft
Most of the corporate stores their sensitive business information like client databases, email lists, invoices transaction receipts in their computer systems or dedicated servers. These information is targeted by employees, rivals & criminals.
Modus Operandi
Most of the times, the criminal is an employee of company, he would usually have direct or indirect access to data. he would steal the data, hide it or either sell it to business rivals. If criminal is not an employee of company, he would use social engineering techniques to hack into victims account/servers to steal source code/data. he would then contact potential buyers to sell the information. Sometimes people hire professional hackers to get target companys sensitive information
Investigation Methodologies
Investigator should ask victim about reasonable suspicion about person. Investigator should question suspect with conventional investigation techniques. Investigator should analyse server/computers application, security logs. If IDS( Intrusion Detection System) is installed in company then investigator should find out IP addresses from LOG of IDS.
Investigation Methodologies
Investigator should seize all the storage media, pen drives, ipods, and memory cards during raid at place of offence. Investigator should analyse storage media using forensics tools.
Rationalization
Incentive
Opportunity
Rationalization
Employee justifies fraud using some common reasons. they owe me, I earned it. I need more than what they do. its only fair, the whole system is corrupted. god will forgive me. Hardest to control such rationalization among them
Incentive
Incentive or pressure can be real or imagined. Due to addiction like alcohols & illegal drugs. Financial Debts. Family Problems. Solution EAP Employee assistance plan
Opportunity
Perception is biggest drawback before committing crime. Wrong Belief that nobody can catch them. Solution: Employee background checks. Internal & External Audits. 90% of trusted employee only commit crimes.
TechDefence
TechDefence Services Cyber Crime Investigation Cyber Forensics Network Penetration Testing Web Vulnerability Assessment & Penetration Testing TechDefence Solutions Secure Web Development Security Product Development TechDefence Global Presence India Offices: Ahmedabad, V.V.Nagar, Nasik, Pune,Hyderabad International Offices: Mauritius,Autralia
Clientele
Private Sector VAPT Computer Clinic - Mauritius Multievents Ltd - Mauritius Noble Ventures USA Future Group Govt Sector Crime Branch, Ahmedabad Crime Branch,Nashik URICM, Gandhi Nagar
Clientele
Colleges Training More than 120 Colleges across india have participated in our Training. BFSI Sector Training 11 Urban Co-operative banks of Ahmedabad. Corporate Training YAHOO!,Google,K7 Antivirus, ZOHO, KPMG, HCL, TCS, Infosys, Delloitte ,ISACA,Temenos.
TCEH TechDefence Certified Ethical Hacker TechDefence Certified Cyber Security Expert
A Certified Hands on Training Program on Ethical Hacking, Information Security , Cyber Crime Investigation & Forensics. More than 30 Educational Institutes & 11 Banks across India have already undergone these training program. Cyber Crime Branch, Crime Branch Ahmedabad has also undergone this program.
Contents
Ethical Hacking Hacking & Hackers. IP addresses. Information gathering Scanning Virus, Worms, Trojans & Backdoors Mobile Hacking SMS & Call forging Email, Password, Website Hacking Sniffers & IDS Firewalls Wireless hacking
Contents
Website Hacking & Security Vulnerability Assessment & Penetration Testing SQL Injection Attacks Cross Site Scripting Attacks Local File Inclusion Attacks Remote File Inclusion Attacks Penetration testing methodologies Reverse Engineering
Contents
Mobile & Wireless Hacking Mobile Hacking & Security SMS Forging & Countermeasures Call Forging & Countermeasures Wireless Hacking & Security
Contents
Cyber Crime Investigation Types of Cyber Crimes Investigation Methodologies Email Tracing Ahmedabad Blast Terror Email Case Study Mumbai Blast Case Study Espionage Crimes Data Theft Phishing Crimes Credit Card Frauds Digital Signature Crimes
Internship Benefits
TechDefence in association with Innoventa Technologies Offering Internships/Projects to last year degree/diploma students Projects to offer HIDS (Host based Intrusion Detection System). Cyber Caf Monitoring System. File Encrypter. Online VAPT Scanner. Online Multi Antivirus Scanner.
Contents
For Registration you can contact Mobile : +91- 9898493002 , +91 9428014564 Website: www.techdefence.com www.sunnyvaghela.com