Content is user-generated and unverified.

AKTU B.Tech Cyber Crime & Security - Complete Study Notes

UNIT 1: INTRODUCTION TO CYBER CRIME

1.1 Cybercrime - Definition and Origins

Definition: Cybercrime refers to criminal activities carried out using computers, networks, or digital devices as tools or targets.

Origins:

Term emerged in the 1990s with widespread internet adoption
Combination of "cyber" (relating to computers/internet) and "crime"
Information Security evolved to protect digital assets

1.2 Who are Cybercriminals?

Types of Cybercriminals:

Script Kiddies: Inexperienced hackers using existing tools
Hacktivists: Politically motivated attackers
Organized Crime Groups: Professional criminal organizations
State-sponsored Hackers: Government-backed cyber warriors
Insider Threats: Malicious employees or contractors

1.3 Classifications of Cybercrimes

Based on Target:

Against Individuals: Identity theft, harassment, fraud
Against Organizations: Data breaches, industrial espionage
Against Government: Cyber terrorism, state secrets theft

Based on Nature:

Financial Crimes: Credit card fraud, banking theft
Data Crimes: Data theft, privacy violations
Infrastructure Attacks: Critical system disruption

1.4 Global Perspective on Cybercrimes

Key Statistics:

Billions of dollars lost annually worldwide
Increasing frequency and sophistication
Cross-border nature makes prosecution difficult
Major incidents: Equifax breach, WannaCry ransomware

1.5 Cybercrime Era: Survival Mantra for Netizens

Do's:

Use strong, unique passwords
Keep software updated
Use antivirus protection
Be cautious with emails and links
Regular data backups

Don'ts:

Don't share personal information online
Don't use public Wi-Fi for sensitive activities
Don't click suspicious links
Don't ignore security warnings

1.6 Cyber Offenses: How Criminals Plan Attacks

Attack Planning Process:

Reconnaissance: Gathering target information
Weaponization: Creating attack tools
Delivery: Transmitting attack payload
Exploitation: Executing the attack
Installation: Establishing persistence
Command & Control: Maintaining access
Actions: Achieving objectives

1.7 Social Engineering

Definition: Psychological manipulation to trick people into revealing confidential information.

Types:

Phishing: Fraudulent emails/messages
Pretexting: Creating false scenarios
Baiting: Offering something enticing
Tailgating: Following authorized personnel

Prevention:

Employee awareness training
Verification procedures
Security policies

1.8 Cyber Stalking

Definition: Using digital platforms to harass, threaten, or monitor someone.

Methods:

Social media monitoring
Email harassment
GPS tracking
Identity impersonation

Safety Measures:

Privacy settings adjustment
Blocking suspicious accounts
Reporting to authorities
Digital evidence preservation

1.9 Cybercafe and Cybercrimes

Risks:

Unsecured networks
Keyloggers on public computers
Lack of privacy
Malware infections

Safety Measures:

Avoid sensitive transactions
Use virtual keyboards
Clear browser data
Use personal devices when possible

1.10 Botnets: The Fuel for Cybercrime

Definition: Network of compromised computers controlled remotely.

Uses:

DDoS attacks
Spam distribution
Cryptocurrency mining
Data theft

Prevention:

Regular system updates
Antivirus software
Network monitoring
Firewall protection

1.11 Attack Vector

Definition: Method used by attackers to gain unauthorized access.

Common Vectors:

Email attachments
Malicious websites
USB devices
Network vulnerabilities
Social engineering

UNIT 2: MOBILE AND WIRELESS DEVICES

2.1 Introduction to Mobile Security

Key Concepts:

Mobile devices are now primary computing platforms
Unique security challenges compared to traditional computers
Increasing target for cybercriminals

2.2 Proliferation of Mobile and Wireless Devices

Statistics:

Billions of mobile devices worldwide
IoT device explosion
BYOD (Bring Your Own Device) policies
5G network expansion

2.3 Trends in Mobility

Current Trends:

Cloud-based mobile applications
Mobile payment systems
Augmented Reality (AR) apps
Wearable technology integration
Edge computing on mobile devices

2.4 Credit Card Frauds in Mobile Era

Common Frauds:

Card Skimming: Stealing card data through devices
Mobile App Fraud: Malicious payment apps
SIM Swapping: Taking control of phone numbers
Fake Mobile Banking: Fraudulent banking apps

Prevention:

Use official app stores
Enable two-factor authentication
Monitor account statements
Use secure payment methods

2.5 Security Challenges Posed by Mobile Devices

Major Challenges:

Limited Security Features: Compared to desktop systems
App Vulnerabilities: Malicious or poorly coded apps
Data Leakage: Sensitive information exposure
Device Loss/Theft: Physical security risks
Unsecured Networks: Public Wi-Fi risks

2.6 Registry Settings for Mobile Devices

Android Registry (System Properties):

Device configuration settings
Security policy enforcement
App permission management
Network configuration

iOS Configuration:

Profile-based management
Restriction settings
Security policies
Enterprise configurations

2.7 Authentication Service Security

Methods:

Biometric Authentication: Fingerprint, face, voice
Multi-factor Authentication: Something you know/have/are
Token-based Authentication: Hardware/software tokens
Certificate-based Authentication: Digital certificates

Best Practices:

Strong password policies
Regular credential rotation
Secure token storage
Biometric backup methods

2.8 Attacks on Mobile/Cell Phones

Common Attacks:

Malware: Viruses, trojans, spyware
SMS Phishing (Smishing): Fraudulent text messages
Voice Phishing (Vishing): Fraudulent phone calls
App-based Attacks: Malicious applications
Network Attacks: Man-in-the-middle, evil twin

Prevention:

Install apps from trusted sources
Keep OS updated
Use mobile security software
Be cautious with public Wi-Fi

2.9 Mobile Devices: Security Implications for Organizations

Organizational Risks:

Data Breaches: Sensitive corporate data exposure
Compliance Issues: Regulatory requirement violations
Network Security: Corporate network compromise
Intellectual Property Theft: Trade secret exposure

Mitigation Strategies:

Mobile Device Management (MDM)
Application wrapping
Data encryption
Remote wipe capabilities

2.10 Organizational Measures for Handling Mobile Devices

Key Measures:

Device Inventory: Track all organizational devices
Security Policies: Clear usage guidelines
Regular Audits: Compliance checking
Employee Training: Security awareness programs
Incident Response: Breach response procedures

2.11 Organizational Security Policies in Mobile Computing Era

Policy Components:

Acceptable Use Policy: Defines proper device usage
Data Classification: Categorizes information sensitivity
Access Control: Defines who can access what
Incident Reporting: Procedures for security events
Compliance Requirements: Regulatory obligations

Implementation:

Regular policy updates
Employee acknowledgment
Monitoring and enforcement
Violation consequences

UNIT 3: TOOLS AND METHODS USED IN CYBERCRIME

3.1 Introduction to Cybercrime Tools

Overview: Cybercriminals use various sophisticated tools and techniques to carry out attacks.

3.2 Proxy Servers and Anonymizers

Definition: Tools that hide the attacker's real IP address and location.

Types:

HTTP Proxies: Web traffic routing
SOCKS Proxies: General network traffic
VPN Services: Virtual private networks
Tor Network: Onion routing for anonymity

Uses by Criminals:

Hide identity during attacks
Bypass geographic restrictions
Avoid law enforcement tracking

Legitimate Uses:

Privacy protection
Bypassing censorship
Corporate security

3.3 Phishing

Definition: Fraudulent attempt to obtain sensitive information by disguising as trustworthy entity.

Types:

Email Phishing: Fraudulent emails
Spear Phishing: Targeted attacks
Whaling: Targeting high-profile individuals
Smishing: SMS phishing
Vishing: Voice phishing

Prevention:

Email filtering
User awareness training
Multi-factor authentication
Verification procedures

3.4 Password Cracking

Definition: Process of recovering passwords from stored locations or network transmissions.

Methods:

Dictionary Attack: Using common passwords
Brute Force: Trying all combinations
Rainbow Tables: Pre-computed hash tables
Social Engineering: Psychological manipulation

Tools:

John the Ripper
Hashcat
Hydra
Aircrack-ng

Prevention:

Strong password policies
Password hashing with salt
Account lockout mechanisms
Multi-factor authentication

3.5 Keyloggers and Spywares

Keyloggers:

Hardware Keyloggers: Physical devices
Software Keyloggers: Malicious programs
Kernel Keyloggers: Operating system level
Web-based Keyloggers: Browser-based

Spyware:

Adware: Displays unwanted advertisements
System Monitors: Track system activities
Trojans: Disguised malicious software
Rootkits: Hide malicious activities

Prevention:

Antivirus software
Regular system scans
Firewall protection
Safe browsing habits

3.6 Virus and Worms

Computer Virus:

Definition: Malicious code that replicates by attaching to other programs
Types: Boot sector, file infector, macro viruses
Characteristics: Requires host file, user action to spread

Computer Worms:

Definition: Self-replicating malware that spreads across networks
Types: Email worms, network worms, removable media worms
Characteristics: Self-propagating, no host file needed

Prevention:

Antivirus software
Regular updates
Email filtering
Network segmentation

3.7 Trojan Horses and Backdoors

Trojan Horses:

Definition: Malicious software disguised as legitimate programs
Types: Banking trojans, RATs (Remote Access Trojans), downloader trojans
Characteristics: Appears harmless, performs malicious actions

Backdoors:

Definition: Secret entry point into systems
Types: Hardware backdoors, software backdoors, web backdoors
Purpose: Maintain unauthorized access

Prevention:

Software verification
Code review
Access monitoring
Regular security audits

3.8 Steganography

Definition: Hiding information within other non-secret data or media.

Methods:

LSB (Least Significant Bit): Hiding data in image pixels
Text Steganography: Hiding messages in text
Audio Steganography: Embedding data in sound files
Video Steganography: Concealing data in video streams

Detection:

Steganalysis tools
Statistical analysis
File size analysis
Checksum verification

3.9 DoS and DDoS Attacks

Denial of Service (DoS):

Definition: Attack that makes services unavailable to users
Types: Bandwidth attacks, protocol attacks, application attacks
Single source attack

Distributed Denial of Service (DDoS):

Definition: DoS attack from multiple sources
Amplification: Using botnets or reflection attacks
More difficult to defend against

Prevention:

Traffic filtering
Rate limiting
Load balancing
DDoS protection services

3.10 SQL Injection

Definition: Inserting malicious SQL code into application queries.

Types:

Classic SQL Injection: Direct code injection
Blind SQL Injection: Inferring database structure
Time-based SQL Injection: Using time delays
Union-based SQL Injection: Combining queries

Prevention:

Parameterized queries
Input validation
Stored procedures
Web application firewalls

3.11 Buffer Overflow

Definition: Writing more data to a buffer than it can hold.

Types:

Stack Overflow: Overflowing stack memory
Heap Overflow: Overflowing heap memory
Format String Attacks: Exploiting format functions

Prevention:

Input validation
Safe programming practices
Address space layout randomization
Stack canaries

3.12 Attacks on Wireless Networks

Common Attacks:

WEP/WPA Cracking: Breaking encryption
Evil Twin: Fake access points
Deauthentication: Forcing disconnections
Packet Sniffing: Intercepting traffic
Rogue Access Points: Unauthorized APs

Prevention:

Strong encryption (WPA3)
Network monitoring
Access control
Regular security audits

3.13 Identity Theft

Definition: Stealing personal information to impersonate someone.

Methods:

Phishing: Fraudulent communications
Skimming: Stealing card data
Dumpster Diving: Searching through trash
Social Engineering: Manipulating people

Prevention:

Personal information protection
Regular credit monitoring
Secure document disposal
Identity monitoring services

UNIT 4: UNDERSTANDING COMPUTER FORENSICS

4.1 Introduction to Computer Forensics

Definition: Scientific examination and analysis of digital evidence from computer systems and networks.

Objectives:

Identify and preserve digital evidence
Analyze and interpret findings
Present evidence in legal proceedings
Maintain chain of custody

4.2 Digital Forensics Science

Scientific Principles:

Reproducibility: Results can be replicated
Reliability: Methods are dependable
Validity: Evidence accurately represents facts
Peer Review: Methods are scientifically accepted

Standards:

ISO 27037: Guidelines for digital evidence
NIST SP 800-86: Guide to computer forensics
RFC 3227: Evidence collection guidelines

4.3 Need for Computer Forensics

Legal Requirements:

Criminal investigations
Civil litigation
Regulatory compliance
Internal investigations

Business Needs:

Incident response
Data breach investigation
Employee misconduct
Intellectual property theft

4.4 Cyber Forensics and Digital Evidence

Types of Digital Evidence:

Volatile Data: RAM, cache, network connections
Non-volatile Data: Hard drives, removable media
Network Data: Log files, packet captures
Mobile Data: Call logs, text messages, app data

Evidence Characteristics:

Admissibility: Legally acceptable
Authenticity: Genuine and unaltered
Completeness: All relevant evidence collected
Reliability: Dependable and accurate

4.5 Forensics Analysis of Email

Email Components:

Header Information: Sender, recipient, routing
Message Body: Content and attachments
Metadata: Hidden information
Server Logs: Email server records

Analysis Techniques:

Header analysis for source identification
Attachment examination
Timeline reconstruction
Communication pattern analysis

4.6 Digital Forensics Life Cycle

Phases:

Identification: Recognizing potential evidence
Preservation: Protecting evidence from alteration
Collection: Acquiring evidence systematically
Examination: Processing collected data
Analysis: Interpreting examination results
Presentation: Reporting findings

4.7 Chain of Custody Concept

Definition: Documented process tracking evidence handling from collection to presentation.

Components:

Who: Personnel handling evidence
What: Description of evidence
When: Date and time of handling
Where: Location of evidence
Why: Reason for handling

Importance:

Ensures evidence integrity
Prevents tampering
Maintains legal admissibility
Establishes accountability

4.8 Network Forensics

Definition: Monitoring and analyzing network traffic to gather evidence.

Tools:

Wireshark: Packet analysis
Tcpdump: Command-line packet capture
Snort: Intrusion detection
NetWitness: Network analysis platform

Challenges:

High-speed networks
Encrypted traffic
Data volume
Real-time requirements

4.9 Approaching Computer Forensics Investigation

Preparation Phase:

Legal authorization
Tool preparation
Team assembly
Initial assessment

Investigation Process:

Scene documentation
Evidence acquisition
Forensic imaging
Analysis and reporting

Best Practices:

Maintain detailed documentation
Use validated tools
Follow established procedures
Ensure evidence integrity

4.10 Forensics and Social Networking Sites

Evidence Sources:

Profile Information: Personal details, photos
Communications: Messages, posts, comments
Activity Logs: Login times, locations
Connections: Friends, followers, groups

Security/Privacy Threats:

Data Exposure: Personal information leakage
Impersonation: Fake profiles
Cyberbullying: Online harassment
Social Engineering: Manipulation through social media

4.11 Challenges in Computer Forensics

Technical Challenges:

Encryption: Protecting data from analysis
Anti-forensics: Techniques to hide evidence
Cloud Computing: Data distributed across servers
Mobile Devices: Diverse platforms and formats

Legal Challenges:

Jurisdiction: Cross-border investigations
Privacy Laws: Balancing investigation needs
Evidence Standards: Meeting legal requirements
Expert Testimony: Explaining technical concepts

Organizational Challenges:

Resource Constraints: Limited tools and personnel
Training: Keeping skills current
Tool Validation: Ensuring reliability
Quality Assurance: Maintaining standards

UNIT 5: SECURITY POLICIES AND CYBER LAWS

5.1 Need for Information Security Policy

Definition: Formal document outlining organization's approach to information security.

Purposes:

Risk Management: Identifying and mitigating threats
Compliance: Meeting legal and regulatory requirements
Standardization: Consistent security practices
Awareness: Educating employees about security

Benefits:

Reduced security incidents
Improved compliance
Clear responsibilities
Better risk management

5.2 Components of Security Policy

Key Elements:

Purpose and Scope: What and whom the policy covers
Roles and Responsibilities: Who is responsible for what
Access Control: Who can access what resources
Incident Response: How to handle security incidents
Monitoring and Auditing: How compliance is checked

Policy Types:

Acceptable Use Policy: Proper system usage
Password Policy: Password requirements
Data Classification: Information sensitivity levels
Remote Access Policy: Working from external locations

5.3 Introduction to Indian Cyber Law

Information Technology Act, 2000:

India's primary cyber law
Covers digital signatures, electronic commerce
Defines cyber crimes and penalties
Amended in 2008 for broader coverage

Key Provisions:

Digital signatures legal validity
Electronic record admissibility
Cyber crime definitions
Penalties and enforcement

5.4 Digital Personal Data Protection Act 2023

Objective: Protect personal data of individuals in digital format.

Key Principles:

Consent: Data processing requires consent
- Purpose Limitation: Data used only for stated purposes
Data Minimization: Collect only necessary data
Storage Limitation: Retain data only as needed
Transparency: Clear information about data processing

Rights of Data Principals:

Right to access personal data
Right to correction and erasure
Right to data portability
Right to grievance redressal

Obligations of Data Fiduciaries:

Implement appropriate security measures
Conduct privacy impact assessments
Appoint data protection officers
Report data breaches

5.5 Scope of Digital Personal Data Protection Act

Applicability:

All digital personal data processing
Both automated and non-automated processing
Government and private entities
Cross-border data transfers

Exemptions:

Personal or household activities
Publicly available information
Research and journalism (with conditions)
National security (with safeguards)

5.6 Intellectual Property Issues

Types of Intellectual Property:

Copyright: Original works of authorship
Patents: Inventions and innovations
Trademarks: Brand names and logos
Trade Secrets: Confidential business information

Cyber-related IP Issues:

Software Piracy: Unauthorized copying
Domain Name Disputes: Cybersquatting
Digital Copyright Infringement: Unauthorized distribution
Trade Secret Theft: Industrial espionage

5.7 Overview of IP-Related Cyber Crimes

Common Violations:

Software Piracy: Illegal copying and distribution
Copyright Infringement: Unauthorized use of copyrighted material
Trademark Violations: Unauthorized use of trademarks
Trade Secret Theft: Stealing confidential information

Prevention Measures:

Digital Rights Management (DRM): Protecting digital content
Licensing Agreements: Legal use frameworks
Monitoring Systems: Detecting unauthorized use
Legal Enforcement: Pursuing violations

5.8 Cyber Law Enforcement

Enforcement Agencies:

Police: First responders to cyber crimes
CBI: Central Bureau of Investigation
NIA: National Investigation Agency
CERT-In: Computer Emergency Response Team

Challenges:

Technical expertise requirements
Cross-border nature of cyber crimes
Rapid technological changes
Evidence preservation and analysis

5.9 International Cyber Law

Key Agreements:

Budapest Convention: International cooperation
UN Cybercrime Convention: Global framework
Bilateral Treaties: Country-to-country agreements
Regional Agreements: Continental cooperation

Challenges:

Jurisdictional issues
Different legal systems
Varying definitions of cyber crimes
Diplomatic considerations

EXAM TIPS AND KEY POINTS

Important Topics for Exams

Cybercrime Classifications: Know types and examples
Social Engineering: Understand techniques and prevention
Mobile Security: Challenges and organizational measures
Forensics Life Cycle: Remember all phases
Digital Evidence: Types and characteristics
Indian Cyber Laws: IT Act 2000, DPDP Act 2023
Attack Vectors: Common methods and prevention

Key Definitions to Remember

Cybercrime
Digital Forensics
Chain of Custody
Social Engineering
Botnet
Phishing
DDoS
Information Security Policy

Common Exam Questions

Explain the digital forensics life cycle
Classify cybercrimes with examples
Describe social engineering techniques
Discuss mobile security challenges
Explain the need for security policies
Describe the scope of DPDP Act 2023
Explain different types of cyber attacks

Study Strategy

Focus on definitions and classifications
Understand processes and life cycles
Remember advantages/disadvantages
Know prevention and safety measures
Practice with previous year questions
Create mind maps for complex topics

Safety Measures Summary

Personal Safety:

Strong passwords
Software updates
Antivirus protection
Cautious online behavior
Regular backups

Organizational Safety:

Security policies
Employee training
Incident response plans
Regular audits
Compliance monitoring

Content is user-generated and unverified.