← Home
Cyber Security and Digital Forensic
Unit 1 • Fundamentals

Introduction to Information Security

1.1 Basic Concept of Information Security

Information security is not just about technology; it's a multi-faceted discipline involving people, processes, and technology to protect information from unauthorized access, disruption, or destruction.

  • Cyber Security: Focuses on protecting electronic data and the systems that store/transmit it.
  • Info Security: A broader term covering data in all forms (physical, verbal, or digital).

1.2 The CIA Triad

The holy grail of security measures. Every control we implement aims to satisfy at least one of these pillars.

🤐

Confidentiality

Ensuring that sensitive information is only accessed by authorized parties.

Tools: AES Encryption, Multi-Factor Authentication (MFA), Access Control Lists (ACLs).

💎

Integrity

Protecting data from being modified or tampered with by unauthorized entities.

Tools: Hashing (SHA-256), Digital Signatures, Version Control.

Availability

Ensuring that systems and data are ready for use whenever authorized users need them.

Tools: DDoS Protection, RAID Storage, UPS Backups, Disaster Recovery Plans.

1.3 OSI Security Architecture

Defined by ITU-T Recommendation X.800, this architecture provides a systematic way of defining security requirements and characterizing which approaches can satisfy those requirements.

CategoryDetailsExamples
Security ServicesEnhances security of data processing systems.Authentication, Access Control, Non-repudiation.
Security MechanismsDesigned to detect or prevent attacks.Encipherment, Digital Signatures, Traffic Padding.
Security AttacksAny action that compromises security.Passive (Snooping) vs Active (Modification).

1.4 Private & Public Key Cryptography

Symmetric (Private) Key

One single key is used for both encryption and decryption. Both sender and receiver must possess this secret key.

  • Pros: Extremely fast, low overhead.
  • Cons: Key distribution is risky.
  • Algorithms: AES, DES, Blowfish.

Asymmetric (Public) Key

Uses a mathematically linked pair: Public Key (shared with everyone) and Private Key (kept secret).

  • Pros: No need to share secret keys; provides digital signatures.
  • Cons: Much slower than symmetric.
  • Algorithms: RSA, ECC, Diffie-Hellman.

1.5 MD5 and SHA-1

Hashing is a one-way function. It takes an input of any length and produces a fixed-length string (the "fingerprint").

MD5 (Message Digest 5)

128-bit hash. Once very popular, now cryptographically broken due to "collision" vulnerabilities (two different files producing the same hash).

SHA (Secure Hash Algorithm)

SHA-1 (160-bit) is also now considered weak. Modern standards use SHA-256 or SHA-3 for critical security applications.

Unit 2 • Network Security

Network and System Security

2.1 Types of Security Attacks

Passive Attacks

Attacker monitors transmissions without deleting or changing data.

  • Release of Content: Eavesdropping on a message.
  • Traffic Analysis: Observing frequency or patterns.

Active Attacks

Attacker modifies the data or attempts to gain unauthorized access.

  • Masquerade: Impersonating an authorized user.
  • Replay: Capturing data and re-sending it.
  • Modification: Changing portions of a message.
  • DoS: Overloading a system to crash it.

2.2 Digital Signatures

It acts like a physical signature but is mathematically unbreakable. It uses Asymmetric Cryptography to ensure:

  1. Authentication: Who sent it?
  2. Integrity: Was it changed?
  3. Non-Repudiation: The sender cannot deny sending it.
Mechanism: Sender hashes the message → encrypts hash with their Private Key → Receiver decrypts with sender's Public Key.

2.3 - 2.6 Encryption Protocols

PGP is used for email security. It provide authentication (signatures), confidentiality (encryption), and compression. It uses a "Web of Trust" model instead of a central authority.

2.4 SSL & TLS

SSL (Secure Sockets Layer) is the old standard. TLS (Transport Layer Security) is the modern, secure version. They provide security at the Transport Layer of the OSI model.

2.5 IPsec

Operates at the Network Layer. Used mainly for VPNs.

  • AH (Authentication Header): Provides integrity/auth.
  • ESP (Encapsulating Security Payload): Provides encryption.
🌎

2.6 HTTPS (Hypertext Transfer Protocol Secure)

HTTPS = HTTP + SSL/TLS. Every time you see a "lock" icon in your browser, you are using HTTPS. It encrypts all traffic between your browser and the server.

2.7 - 2.9 Malware & Firewalls

2.7 Malicious Software (Malware)

Virus: Spreads by attaching to host files.
Worm: Self-replicating, spreads via network vulnerabilities.
Trojan: Disguised as helpful software (e.g., "Free Antivirus").
Rootkit: Hides malicious activity at the deepest system layer.
Keylogger: Records every key you press (passwords!).

2.8 Firewalls

The "Security Guard" of your network. Filters traffic based on rules.

  • Packet Filtering: Inspects IP/Port only.
  • Stateful Inspection: Tracks active connections.
  • Application Level (WAF): Inspects actual data (HTTP traffic).

2.9 Proxy Servers

Acts as an intermediary. When you browse through a proxy, the website sees the proxy's IP, not yours. Great for anonymity and caching.

Unit 3 • Cyber Law

Understanding Cyber Crime

3.1 Overview of Cyber Crime

Cybercrime is any illegal activity where a computer is either the tool, the target, or both. It costs the global economy trillions of dollars annually.

3.2 Classification of Crimes

  • Against Individuals: Harassment, Cyberstalking, Bullying.
  • Against Property: Phishing, Carding, Intellectual Property Theft.
  • Against Organization: Data Breaches, Industrial Espionage.
  • Against Society: Cyber-terrorism, Cyber-obscenity.

3.4 Cyber Law: IT ACT 2008

The Information Technology (Amendment) Act, 2008 is the primary law in India for matters related to cybercrime and e-commerce.

SectionOffencePenalty
Section 65Source Document Tampering3 years / 2 Lakh fine
Section 66Hacking / Fraudulent Act3 years / 5 Lakh fine
Section 66CIdentity Theft3 years / 1 Lakh fine
Section 67Publishing Obscenity5 years (1st time)
Unit 4 • Ethical Hacking

Ethical Hacking Fundamentals

4.1 Types of Hackers

White Hat: Ethical, follows laws, hired by firms.
Black Hat: Malicious, illegal gain.
Grey Hat: Illegal entry but often for "good" intent (bug hunting without permission).

4.3 Penetration Testing

A systematic process of probing a network/system for vulnerabilities and documenting them for the owner.

4.4-4.5 The 5 Phases of Hacking

  • Reconnaissance (Footprinting): Gathering information through passive (LinkedIn, Whois) or active means.
  • Scanning: Finding open ports and vulnerabilities using tools like Nmap.
  • Gaining Access: Exploiting the holes found in the scanning phase (Metasploit).
  • Maintaining Access: Installing backdoors to ensure you can come back even if the system is patched.
  • Clearing Tracks: Deleting log files and hiding files to avoid detection.
🐧

4.6 Kali Linux

The "Swiss Army Knife" of hackers. A Debian-based OS pre-loaded with hundreds of testing tools (Wireshark, Burp Suite, Aircrack-ng).

4.7 Practical Hacking Attacks

SQL Injection

Injecting code into database queries to bypass auth or steal data.

XSS (Cross-Site Scripting)

Injecting malicious scripts into websites seen by other users.

Sniffing

Passive monitoring of network traffic using Wireshark to capture logins/packets.

Session Hijacking

Stealing a session cookie to take over a user's logged-in account.

Unit 5 • Digital Forensics

Digital Forensics Investigation

The process of identifying, preserving, analyzing, and documenting digital evidence for use in a court of law.

Locard's Exchange Principle

"Toute action laisse une trace." (Every action leaves a trace). In cyber, this refers to logs, cache, or deleted blocks.

Branches

Disk Forensics, Mobile Forensics, Network Forensics, Malware Forensics, Memory (RAM) Forensics.

5.4 Phases of Investigation

  • Identification: Recognizing what's a potential source of evidence.
  • Preservation: Ensuring data isn't modified (Write blockers!).
  • Collection: Extracting data safely.
  • Examination & Analysis: Mining for hidden files, logs, and metadata.
  • Reporting: Presenting a neutral, technical summary of facts for court.

5.5 - 5.7 Preserving & Analyzing Evidence

Chain of Custody

A paper trail that documents who had the evidence, when, where, and for what reason. If this is broken, the evidence is useless in court.

Forensic Imaging

You NEVER analyze the original drive. You create a bit-by-bit clone (Image) using a Bit-Stream Copy and work on that.

🖥️

5.7 Role of Devices

PCs store permanent logs; Routers store traffic flows; Phones store GPS and app data; Cloud servers store remote backups.

Hands-on • Lab

Practical Project Ideas

  • DDoS Anomaly Detection: Build a system to identify network deviations using statistical analysis.
  • Real-time Fraud Detection: Develop a system to flag fraudulent credit card transactions instantly.
  • Forensic Case Study: Analyze a hypothetical legal case and create a professional forensic report.
  • Mobile Extraction: Use forensic tools to extract deleted messages and call logs from a device.
  • Vulnerability Assessment: Perform an audit of your institute's WLAN/LAN and suggest security patches.