DF ASSIGNMENT-1

PRASHANTH HARIHAR
18BBTCS088
8th SEM CSE C SEC

1. a]Discuss about Computer Forensics Software Tools

➢ Digital Forensic Tools are software applications that help to preserve,

identify, extract, and document computer evidence for law procedures.
These tools help to make the digital forensic process simple and easy.
These tools also provide complete reports for legal procedures .

➢ Digital forensics tools are either hardware or software designed to aid in

the recovery of digital evidence of cyber-attack, and preservation of data
or critical systems.

➢ One of the first MS-DOS tools used for computer investigations was
Norton Disk Edit. This tool used manual processes that required
investigators to spend considerable time on a typical 500 MB drive.

➢ Eventually, programs designed for computer forensics were developed

for DOS, Windows, Apple, NetWare, and UNIX systems.

➢ Some of these early programs could extract data from slack and free disk
space; others were capable only of retrieving deleted files.

➢ Current programs are more robust and can search for specific words or
characters, import a keyword list to search, calculate hash values, recover
deleted items, conduct physical and logical analyses, and more.
➢ One advantage of using command-line tools for an investigation is that
they require few system resources because they’re designed to run in
minimal configurations. In fact, most tools fit on bootable media (floppy
disk, USB drive, CD, or DVD). Conducting an initial inquiry or a complete
investigation with bootable media can save time and effort. Most tools
also produce a text report small enough to fit on a floppy disk.
➢ Computer Forensics Software Tools 273

➢ Some command-line forensics tools are created specifically for

DOS/Windows platforms;

➢ others are created for Macintosh and UNIX/Linux. Because there are
many different versions of UNIX and Linux, these OSs are often referred
to as *nix platforms were introduced to using some command-line tools
in Linux, such as the dd and dcfldd commands. For DOS/Windows
platforms, a number of companies, such as NTI, Digital Intelligence,
MaresWare, DataLifter, and ByteBack, are well recognized for their work
in command-line forensics tools.

➢ As software continues to evolve and investigators develop new needs,

vendors will address these needs. The tools listed in this are in no way a
complete list of tools available for DOS/Windows or *nix platforms.
➢ Some tools that are readily available in the command line are often
overlooked. For example,

➢ In Windows 2000, XP, and Vista, the Dir command shows you the file
owner if you have multiple users on the system or network. Try it by
following these steps:
➢ First, open a command prompt window. In Windows Vista, click Start,
type cmd in
➢ the Start Search text box, and then press Enter. In Windows XP, click Start,
Run, type cmd, and click OK.
➢ At the command prompt, type cd \ and press Enter to take you to the root
directory.
 ➢ Type dir /q > C:\Fileowner.txt and press Enter. In any text editor, open
Fileowner.txt to see the results. When you’re finished, exit the text editor
and close the command prompt window.

1.b] Discuss about Computer Forensics Hardware Tools.

➢ We perform hardware forensics on hardware computing devices such as

Password Cracking, Analyzing the contents of the memory, data cloning
for offline analysis, and many more.

➢ Forensic Workstations:
➢ Many computer vendors offer a wide range of forensic workstations that
you can tailor to meet your investigation needs. The more diverse your
investigation environment, the more options you need.
➢ In general, forensic workstations can be divided into the following
categories:
➢ Stationary workstation—A tower with several bays and many peripheral
devices
➢ Portable workstation—A laptop computer with a built-in LCD monitor and
almost as many bays and peripherals as a stationary workstation
➢ Lightweight workstation—Usually a laptop computer built into a carrying
case with a small selection of peripheral options
➢ When considering options to add to a basic workstation, keep in mind that
PCs have limitations on how many peripherals they can handle. The more
peripherals you add, the more potential problems you might have,
especially if you’re using an older version of Windows.
➢ If you’re operating a computer forensics lab for a police agency, you need
as many options as possible to handle any investigation. If possible, use
two or three configurations of PCs to handle diverse investigations.
➢ You should also keep a hardware inventory in addition to your software
library.
➢ In the corporate environment, however, consider streamlining your
workstation to meet the needs of only the types of systems used in your
business.
➢ Building Your Own Workstation To decide whether you want to build your
own workstation, first ask “How much do I have to spend?” Building a
forensic workstation isn’t as difficult as it sounds but can quickly become
expensive if you aren’t careful.

➢ If you have the time and skill to build your own forensic workstation, you
can customize it to your needs and save money, although you might have
trouble finding
➢ support for problems that develop. For example, peripheral devices might
conflict with one another, or components might fail. If you build your own
forensic workstation,
➢ you should be able to support the hardware. You also need to identify
what you intend to analyze. If you’re analyzing SPARC disks from
workstations in a corporate network, for example, you need to include a
SPARC drive with a write-protector on your forensic workstation.
➢ If you decide that building a forensic workstation is beyond your skills,
several vendors offer workstations designed for computer forensics, such
as the F.R.E.D. unit from Digital Intelligence or the Dual Xeon Workstation
from Forensic PC.
➢ Having a vendor-supplied workstation has its advantages. If you aren’t
skilled in computer hardware maintenance and repair having vendor
support can save you time and frustration when you have problems.
➢ Ofcourse, you can always mix and match components to get the
capabilities you need for your forensic workstation.

➢ If you don’t have the skills to build and support a PC, you might want to
consider taking an A+ certification course.
➢ Using a Write-Blocker
➢ The first item you should consider for a forensic workstation is a write-
blocker. Write blockers protect evidence disks by preventing data from
being written to them.
➢ Software and hardware write-blockers perform the same function but in
a different fashion.
➢ Software write-blockers, such as PD Block from Digital Intelligence,
typically run in a shell mode (for example, DOS). PDBlock changes
interrupt 13 of a workstation’s BIOS to prevent writing to the specified
drive.
➢ If you attempt to write data to the blocked drive, an alarm sounds,
advising that no writes have occurred. PDBlock can run only in a true DOS
mode, however, not in a Windows MS-DOS shell.
➢ With hardware write-blockers, you can connect the evidence drive to your
workstation and start the OS as usual. Hardware write-blockers are ideal
for GUI forensics tools.
➢ They prevent Windows or Linux from writing data to the blocked drive.
Hardware write-blockers act as a bridge between the suspect drive and
the forensic workstation.
➢ In the Windows environment, when a write-blocker is installed on an
attached drive, the drive appears as any other attached disk. You can
navigate to the blocked drive with any Windows application, such as
Windows Explorer, to view files or use Word to read files.
➢ When you copy data to the blocked drive or write updates to a file with
Word, Windows shows that the data copy is successful. However, the
write-blocker actually discards the written data—in other words, data is
written to null. When you restart the workstation and examine the
blocked drive, you won’t see the data or files you copied to it previously.
➢ Many vendors have developed write-blocking devices that connect to a
computer through FireWire, USB 2.0, SATA, and SCSI controllers.
 DF ASSIGNMENT-2
2 a) Illustrate how to apply Digital Forensic to social media
1. Hacking
➢ This happens when you are not able to log into your account because
someone who has broken into your account and taken complete control
over it. Facebook is the most hacked social networking site.

➢ Social media hacking usually occurs when:

➢ One does not log out from the account, especially when using a public
computer.
➢ Sharing of passwords with strangers either unintentionally, or as a result
of social engineering.
➢ Using easy to predict, or same passwords across multiple platforms.
➢ Hacking of one’s login email ID.
2. Photo Morphing
➢ Photo morphing is the use of editing to change an image/shape into
another without much difficulty. Available data shows that people share
nearly 3.2 billion images daily on social media platforms. The widespread
availability of media on social networking platforms makes it a cakewalk
for miscreants to download and misuse them.

➢ Miscreants morph the images of popular figures and upload them on

adult websites or use them for blackmailing them for sexual or financial
favors.
3. Offer & Shopping Scams
➢ Women are usually known to fall for such offer and shopping scams on
social networking platforms.

➢ For example, a miscreant uses a shopping offer to make a user click on a

link. Once clicked, it prompts the user to forward it to 20 people to avail
the coupon. However, the user does not get any coupon, but the
cybercriminal gets his/her personal information!

4. Dating Scams
➢ In such scams, the fraudster connects with the victim using a fake name
and picture. Once they befriend the victim, they move to a different
platform for further communication.

➢ Once they realize that the victim has fallen for them, they first send small
gifts like flowers and cards, and later start demanding for emergency
monetary help like recharging their phone to talk, booking flight tickets to
meet, medical reasons etc. At times, fraudsters may also record video
calls or screen, and later use them to blackmail the victim.

5. Cyberbullying
➢ Cyberbullying is an act that involves sending or publishing obscene
messages or humiliating content online, or issuing threats to commit
violent acts. It includes sending or sharing nasty or false information
about another individual for character assassination and causing
humiliation.

➢ Example: Imposters used social media platforms such as Facebook and

WhatsApp for circulating the deadly Blue Whale and Momo Challenges.
 These resulted in the death of many teenagers across the globe as they
committed suicide as a part of the challenge.

6. Link Baiting
➢ In such scams, the fraudster sends the victim a link that entices the victim
to open it. On opening, it leads to a fake landing page which prompts the
victim to enter his/her account credentials. This provides the credentials
to the cybercriminal who later uses it for illicit activities.
➢ Example: The victim gets a message: “Somebody just put up these
pictures of you drunk at this wild party! Check ’em out here!”
➢ Immediately, the victim clicks on the enclosed link, which leads to his/her
Twitter or Facebook login page. Once the victim enters his/her account
details, the cybercriminal has the password and can take total control of
the account.

2 b) Describe Indian IT Act 2008 and amendments

The proposed amendments also add that intermediaries should take all
reasonable measures to ensure accessibility of their services to all users, with a
reasonable expectation of due diligence, privacy, and transparency. Further,
intermediaries should respect the constitutional rights of all users.