← Home
Cyber Security & Digital Forensics (GTU 4361601)
Unit 1

1.1 Basic Concept of Information Security

Information Security (InfoSec) is about protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. It's not just about computers; it's about keeping data safe wherever it is.

Example: Think of it like a bank vault. The vault (security) protects the money (information) from robbers (unauthorized access).

1.2 The CIA Triad

Confidentiality

Only authorized people can see the data. (Encryption, Passwords).

Integrity

Data hasn't been changed improperly. (Checksums, Hashes).

Availability

Data is accessible when needed. (Backups, Redundant servers).

1.3 OSI Security Architecture

A framework that provides a systematic way of defining security requirements. It has three main parts:

  • Security Attacks: Any action that compromises information security (Passive vs Active).
  • Security Mechanisms: Tools to detect/prevent attacks (Encryption, Digital Signatures).
  • Security Services: Services that enhance security (Authentication, Access Control).

1.4 Private & Public Key Cryptography

Feature Symmetric (Private Key) Asymmetric (Public Key)
Keys One shared key for locking & unlocking. Two keys: Public to encryption, Private to decrypt.
Speed Faster. Slower (complex math).
Example DES, AES. RSA, ECC.

1.5 Hashing & Message Digest 5

Hashing creates a unique "fingerprint" of data. If the data changes even slightly, the hash changes completely. It's a one-way function.

MD5 (Message Digest 5): Produces a 128-bit hash value. Now considered broken for crypto security but good for file integrity checks.
SHA (Secure Hash Algorithm): SHA-1 (160-bit), SHA-256 (256-bit). More secure than MD5.
Unit 2

2.1 Types of Attacks

Passive Attacks

Monitoring without affecting systems. E.g., Traffic Analysis, Snooping.

Active Attacks

Modifying data or harm system. E.g., Masquerade (Spoofing), Replay, DoS, Modification.

2.2 Digital Signatures

A mathematical scheme for demonstrating the authenticity of a digital message or document. Ideally, it gives:

  • Authentication: Sender is who they say they are.
  • Non-repudiation: Sender cannot deny having sent the message.
  • Integrity: Message wasn't altered.

2.3 Pretty Good Privacy (PGP)

A data encryption and decryption program that provides cryptographic privacy and authentication for data communication. Used often for signing, encrypting, and decrypting emails.

2.4 SSL and TLS

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols for establishing authenticated and encrypted links between networked computers (e.g., Browser and Server).

Handshake: The process at the start of the session where client and server agree on keys and encryption methods.

2.5 IPsec (Internet Protocol Security)

A suite of protocols that secures IP communications by authenticating and encrypting each IP packet of a communication session. Commonly used in VPNs.

2.7 Types of Malware

VirusAttaches to clean files and spreads. Needs host.
WormStandalone malware that replicates itself to spread to other computers.
TrojanDisguises itself as legitimate software.
RootkitHides deep in OS to permit admin access.
KeyloggerRecords keystrokes to steal passwords.

2.8 Firewalls

A network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies.

  • Packet Filtering: Inspects packets based on IP/Port.
  • Proxy Service: Acts as a gateway between users and the internet.
  • Stateful Inspection: Tracks the operating state of active connections.
Unit 3

3.1 & 3.2 Cybercrime Classification

Property Crimes

Credit Card Fraud, Software Piracy, Copyright Infringement.

Individual Crimes

Cyber Stalking, Phishing, Defamation, Email Spoofing.

Organizational Crimes

DoS/DDoS (flooding network), Logic Bomb (code triggered by event), Salami Attack (stealing tiny amounts).

3.3 Challenges in Prevention

Anonymity of attackers, Cross-border jurisdiction issues, Fast-evolving nature of attacks, Lack of awareness among users.

3.4 IT Act 2008 (Key Sections)

  • Section 65: Tampering with computer source documents.
  • Section 66: Hacking with computer system.
  • Section 66C: Identity Theft.
  • Section 67: Publishing obscene information in electronic form.
Unit 4

Information Gathering & Hacking

Ethical Hacking (White Hat): Authorized practice of bypassing system security to identify potential data breaches and threats in a network.

Hacking Terminologies:

  • Vulnerability: Weakness in the system.
  • Exploit: Code that takes advantage of vulnerability.
  • 0-Day: Vulnerability known to hacker but not vendor.

4.4 Five Phases of Hacking

  1. Reconnaissance: Gathering info (Active/Passive).
  2. Scanning: Examining network (Port scan, Vuln scan).
  3. Gaining Access: Actual hacking/exploiting.
  4. Maintaining Access: Installing backdoors/rootkits.
  5. Clearing Tracks: Deleting logs to hide presence.

4.6 Kali Linux

A Debian-based Linux distribution designed for digital forensics and penetration testing. Comes pre-installed with tools like Nmap, Wireshark, Metasploit.

4.8 Scanning & 4.10 Sniffing

Port Scanning

Probing a server or host for open ports (like knocking on doors to see which are open). Tool: Nmap.

Sniffing

Capturing and monitoring data packets flowing across a network. can steal passwords if not encrypted. Tool: Wireshark.

Unit 5

5.2 Locard's Principle

"Every contact leaves a trace." In digital world: Any interaction with a computer system leaves digital artifacts (logs, timestamps, cache).

5.4 Investigation Phases

  1. Identification: Detecting the incident and scope.
  2. Preservation: Securing data so it doesn't change (Imaging).
  3. Analysis: Examining data to find evidence.
  4. Documentation: Creating detailed reports.
  5. Presentation: Presenting findings in court/management.

5.5 Preserving Evidence

Chain of Custody

A document tracking "who touched the evidence, when, and why" from collection to court.

Write Blockers

Hardware/Software that prevents accidental modification of the original drive during imaging.

Hashing

Calculating hash of original and copy to prove they are identical.