TABLE OF CONTENTS
1. TYPES OF CYBER CRIMES ...... 11
1. FINANCIAL CRIMES ...... 12 2. CYBER PORNOGRAPHY ...... 13 3. SALE OF ILLEGAL ARTICLES ...... 14 4. ONLINE GAMBLING ...... 14 5. INTELLECTUAL PROPERTY CRIMES ...... 15 6. EMAIL SPOOFING ...... 15 7. FORGERY ...... 16 8. CYBER DEFAMATION ...... 16 9. CYBER STALKING ...... 17 10. WEB DEFACEMENT ...... 18 11. EMAIL BOMBING...... 19 12. DATA DIDDLING ...... 20 13. SALAMI ATTACKS ...... 20 14. DENIAL OF SERVICE ATTACKS ...... 21 15. VIRUS / WORM ATTACKS ...... 22 16. TROJANS AND KEYLOGGERS ...... 24 17. INTERNET TIME THEFT ...... 25 18. WEB JACKING ...... 25 19. EMAIL FRAUDS ...... 27 20. CYBER TERRORISM ...... 29 21. USE OF ENCRYPTION BY TERRORISTS ...... 32 2. HACKER METHODOLOGY ...... 36
1. FOOTPRINTING ...... 36 2. ANALYZING THE ROBOTS.TXT FILE ...... 39 3. WEB CRAWLING ...... 40 4. PORT SCANNING ...... 40 5. COOKIE MANIPULATION ...... 41 6. ESHOPLIFTING ...... 44 7. WEB DEFACEMENT ...... 45 8. USING GOOGLE AS A HACKING TOOL ...... 46 9. PACKET SNIFFING ...... 50 2
3. TROJANS ...... 51
1. INTRODUCTION TO TROJANS ...... 51 2. TYPES OF TROJANS ...... 52 3. MANIPULATING WINDOWS SUFFIXES ...... 54 4. MIMICKING FILE NAMES ...... 57 5. WRAPPER TOOLS ...... 60 6. TROJANING SOFTWARE DISTRIBUTION SITES ...... 63 7. POISONING THE SOURCE ...... 65 8. EASTER EGGS ...... 67 9. TROJAN RELATED CASES ...... 68 4. COMPUTER WORMS ...... 72
1. INTRODUCTION ...... 72 2. A BRIEF HISTORY OF WORMS ...... 74 5. COMPUTER VIRUSES ...... 79 6. CYBER CRIMES HIT LIST ...... 81 7. INTRODUCTION TO CYBER CRIME INVESTIGATION ...... 88
1. EXTERNAL EXAMINATION ...... 89 2. CONFISCATION AND SEIZURE ...... 90 2.1 When to confiscate ...... 90 2.2 What to confiscate ...... 91 2.3 Transporting confiscated material ...... 93 2.4 Chain of custody form ...... 95 3. WHOIS SEARCH ...... 98 4. DNS LOOKUP ...... 107 5. TRACEROUTE ...... 108 6. IP TRACING ...... 109 7. INVESTIGATING SERVER LOGS ...... 109 8. EMAIL TRACKING AND TRACING ...... 111 9. RECOVERING DELETED EVIDENCE ...... 111 10. PASSWORD BREAKING...... 111 11. HANDLING ENCRYPTED FILES ...... 112 3
12. HANDLING STEGANOGRAPHY ...... 112 13. HANDLING HIDDEN DATA ...... 114 14. USING KEYLOGGERS FOR INVESTIGATION ...... 116 15. SEARCHING FOR KEYWORDS ...... 117
8. INVESTIGATING EMAILS ...... 118
1. ANALYSIS OF THE GMAIL HEADER ...... 118 2. ANALYSIS OF THE REDIFFMAIL HEADER ...... 124 3. ANALYSIS OF THE YAHOO HEADER ...... 130 4. ANALYSIS OF EMAIL SENT FROM THUNDERBIRD CLIENT ...... 135 5. ONLINE EMAIL HEADER ANALYSIS TOOLS ...... 143 6. TRACKING EMAIL ACCOUNTS ...... 148 STEP BY STEP GUIDE TO USING READNOTIFY ...... 153 7. CASE STUDY ...... 169
9. INVESTIGATING SERVER LOGS ...... 174
1. FTP SERVER LOGS ...... 174 1.1 Connecting to a closed FTP server ...... 174 1.2 FTP server is started up ...... 176 1.3 Password cracking attempt ...... 176 1.4 Logging onto an FTP Server ...... 180 1.5 Attempting to connect from a banned IP ...... 184 1.6 Attempting to upload a banned file ...... 187 1.7 Uploading a file ...... 189 1.8 Renaming a file ...... 193 1.9 Deleting a file ...... 196 1.10 Downloading a file ...... 198 1.11 Creating a directory ...... 201 1.12 Deleting a directory ...... 203 1.13 Making a directory writable by public ...... 205 1.14 List of raw FTP commands ...... 207 1.15 FTP Status and Error Codes ...... 212 2. WEB SERVER LOGS ...... 216
4
10. CYBER FORENSICS ...... 219
1. INTRODUCTION ...... 219 2. KEY TERMS ...... 221 3. ASCL BEST PRACTICES FOR CYBER FORENSICS ...... 224 3.1 Guidelines for Evidence collection ...... 224 3.2 Guidelines for Evidence archival ...... 226 3.3 Guidelines for Hard disk examination ...... 227 3.4 Guidelines for USB drive / floppy disk examination ...... 228 3.5 Using Forensic software ...... 228 11. PASSWORD BREAKING ...... 229
1. BREAKING FILE PASSWORDS ...... 229 1.1 Using Advanced Office Password Recovery software ...... 229 1.2 Using Encryption Analyzer ...... 236 1.3 Using Passware Kit Enterprise ...... 239 1.4 Using EDPR ...... 240 1.5 Using Decryptum ...... 242 2. BREAKING OPERATING SYSTEM PASSWORDS ...... 246 3. HANDLING ENCRYPTED FILES ...... 250 3.1 How cryptography works ...... 251 3.2 Keys ...... 252 3.3 Symmetric Cryptography ...... 254 3.4 Asymmetric Cryptography ...... 255 3.5 Hash function ...... 256 3.6 Digital Signatures ...... 257 3.7 Using PGP ...... 259 3.8 Using EDPR to crack PGP passwords ...... 263 3.9 Using MD5 hashes to protect passwords ...... 264 3.10 Using EDPR to crack MD5 hashes ...... 266 3.11 Using Cain &