Cybercrimes refers to “any illegal act that involves a computer, its systems, or its applications.” Once investigators start investigating a criminal offense scene, they need to remember that under computer forensics, Cybercrimes are most frequently intentional and not accidental. the sort of a Cybercrime depends on the tools of the crime and its target.
The tools of the crime ask various hacking tools wont to commit the crime. They include the pc or workstation used for the crime including hardware like the keyboard, the mouse, and therefore the monitor. Forensic investigators usually take all such tools into custody to use them as evidence.
The target of the crime refers to the victim, which may be corporate organizations, websites, consulting agencies, and government bodies. Targets also can include the virtual environment which will act as digital evidence on account of an event , A system becomes the target for reasons like stealing, modifying or destroying the data; Trojan attacks; unauthorized access; a Denial of Service attack (DoS); or a person within the Middle attack (MITM).
Related Product : Computer Hacking Forensic Investigator
Based on the road of attack, Cybercrimes are often classified as internal attacks and external attacks.
1. Internal Attacks:
Insider attacks, considered as a primary threat, ask attacks by disgruntled individuals working within the same firm or same household because the victim. The attackers have legitimate access to the system, and have specific goals and objectives. this sort of attack are often extremely
difficult to detect or protect against because the attackers are conscious of the loopholes, vulnerabilities and security settings of a firm.
An insider attack can affect all components of computer security, impact availability by overloading the system’s processing or storage capacity, or cause the system to crash also as cost the corporate many dollars.
Examples of internal attacks include espionage, theft of property , manipulation of records, and computer virus attack.
2. External Attacks:
External attacks originate from outside of a corporation or are often remote in nature. Such attacks occur when there are inadequate information security policies and procedures. consistent with various security reports, on the average , a corporation becomes the target of intrusions every quarter-hour from an external source. thanks to such numerous attempts, it’s difficult to trace down and prosecute the suspect of an external attack. The suspect could also be operating from a machine that’s across the planet .
Attackers use the system as a tool to crack passwords; escalate privileges; launch Trojans, worms, and botnets; and have interaction in e-mail snooping and phishing.
Also Read : Understand the Computer forensics and It’s Objectives
Examples of external attacks include SQL attack, bruteforce cracking, fraud , phishing/spoofing, denial of service attack, and cyber defamation.
The Case 1 :
One of the workers made the Chief Information Security Officer (CISO) of a search company conscious of unusual activity. A researcher was observed running a bit of software, which they later determined to be a known hacker tool from his laptop pc . All the workers saw was a black screen with lines of white text scrolling during a rapid fashion. As all the computers used Windows operating systems and were locked down, a black screen with scrolling white text appeared peculiar to the reporter. He decided to report it. The CISO of the corporation contacted forensic team to research .
The Investigation 1 :
The forensic team performed covert forensic imaging and examination of the suspect’s laptop and desktop computers. The examination revealed several interesting facts. The suspect cracked the ‘local’ admire password on both of his computers and installed a key logger on all . this is often to understand if someone became suspicious and accessed his computer while he was away. He would catch anyone trying to place any sort of monitoring software on either one among his computers. For this purpose, he deployed a potent detection mechanism to alert him if he was under investigation. In his laptop, the suspect installed various hacker tools (network sniffers, password crackers, network vulnerability scanners, etc.) additionally to data scrubber software. Initially, the laptop revealed no evidence of wrongdoing thanks to the presence of a knowledge scrubber, which he used periodically to wash his disk drive . Later, the forensic team collected the network traffic and analyzed the logs, the reality was finally revealed: he had successfully
compromised the whole network and cracked all other researcher’s passwords. He would periodically log in to the server, access other researcher’s data and download it to his laptop to require it home. He would then remove the info from his laptop and run scrubber software to eliminate any evidence that other scientists’ data were ever present on his disk drive .
The Result 1 :
The takeover target maintained it to be confidential.
The Case 2 :
ABC Bank (ABC) identified unauthorized wire transfers from their environment. They needed to understand when and the way it happened quickly, so as to mitigate future attacks and notify affected customers. ABC engaged the Solutionary Security Engineering Research Team (SERI) to supply on-demand critical incident response services.
The Investigation 2 :
SERT identified and provided an inventory of compromise indicators to ABC and assisted with investigations of their network infrastructure to spot additional unauthorized remote administration or other attacker tools. Because the attacker used the cloud to mask the attack, SERT wrote special tools to research the multi-host command and control the attacker used. While reverse engineering malware identified during the attack, SERI experts pieced together the precise methods the attacker wont to obtain an initial foothold into the ABC protected network, Analysis revealed not only findings from the present incident, but also aspects of security and process recommendations ABC should consider improving to stop and detect future attacks. during this case, SERI also found a SQL injection attack within a cloud application employed by ABC Bank that allowed controls to be bypassed.
The Result 2 :
ABC could quickly notify only those customers suffering from the attacks, avoiding the necessity for a broader public disclosure of the incident. Doing so reduced the general cost of the incident and helped to preserve ABCs reputation with customers not affected. It also helped to stop additional fraudulent wire transfers from occurring.
Questions related to this topic
- What are the main threats to the computer make a list?
- What kind of computer threat hides inside of an application?
- What are computer security threats?
- What security threats do you face in your everyday computer usage?
- What are the types of Cybercrimes?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com