Chapter 20 - 01 - Understand the Fundamentals of Computer Forensics PDF
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Digital Forensic Spring 2024 CM 4041 PDF
- Computer Forensics Investigation Team PDF
- Certified Cybersecurity Technician Computer Forensics PDF Exam 212-82
- Chapter 20 - 03 - Identify the Roles and Responsibilities Of a Forensic Investigator PDF
- Computer Forensics Fundamentals PDF
- SEC524 Computer and Network Forensics Lectures 03 and 04 PDF
Summary
This chapter introduces the fundamentals of computer forensics, focusing on different types of cybercrimes such as internal and external attacks. It discusses the tools used in cybercrimes, the targets, and the impacts on organizations.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Computer Forensics Types of Cybercrimes @ Cybercrime is defined as any illegal act involving Q a computing device, network, i...
Certified Cybersecurity Technician Exam 212-82 Computer Forensics Types of Cybercrimes @ Cybercrime is defined as any illegal act involving Q a computing device, network, its systems, or its applications Cyberxcrime can be categorized into two Cybezxcrime types based on the line of attack Internal/Insider Attack External Attack Q Itis an attack performed on a corporate OQO This type of attack occurs when an network or on a single computer by an attacker from outside the organization entrusted person (insider) who has tries to gain unauthorized access to its authorized access to the network computing systems or informational assets O Such insiders can be former or current employees, business partners, or O These attackers exploit security contractors loopholes or use social engineering techniques to infiltrate the network Types of Cybercrimes Cybercrime refers to “any illegal act that involves a computer, its systems, or its applications.” Once investigators start investigating a crime scene, they must remember that cybercrimes are mostly intentional in nature. The type of cybercrime committed depends on the tools of the crime and its target. The tools of the crime refer to various hacking tools used to commit the crime. They include the computer or workstation used for the crime and the associated software and hardware. When possible, forensic investigators usually take the available tools into custody to use them as evidence. The target of the crime refers to the victim, which can be a corporate organization, website, consulting agency, or a government body. Targets can also mean a virtual environment that can act as digital evidence because of an incident that occurred on it. A system becomes the target for reasons such as stealing, modifying, or destroying data; unauthorized access; a Denial-of- Service attack; or a Man-in-the-Middle attack. Based on the line of attack, cybercrimes can be classified as internal/insider attacks and external attacks. = Internal/Insider attacks These attacks originate from people within the organization such as disgruntled employees, current or terminated employees, business associates, contractors, and/or undertrained staff. These insiders have legitimate access to computer systems and the organization’s data and use such access negatively to harm the organization. As they occur within the organizational network and utilize authorized access, insider attacks can be quite difficult to detect. Examples of internal attacks include espionage, theft of intellectual property, manipulation of records, and Trojan horse attack. Module 20 Page 2172 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics External attacks External attacks refer to attacks that originate from outside sources. Such attacks occur when the information security policies and procedures are inadequate. Attackers from outside the organization attempt to gain unauthorized access to the organization's computing systems, network, or informational assets. External attacks are often performed by cybercriminals and hackers who target protected corporate information by either exploiting security vulnerabilities or using other social engineering techniques. Examples of external attacks include SQL attack, brute-force cracking, identity theft, phishing/spoofing, denial of service attack, cyber defamation etc. Cybercriminals can launch external attacks on any corporate network with various goals and objectives. They might manipulate or destroy confidential information, sabotage systems, steal credentials of trusted users, or demand ransoms. This can severely disrupt business continuity, tarnish the market reputation of the organization, and cause loss of data and financial resources. Module 20 Page 2173 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics Examples of Cybercrimes. Espionage. Phishing/Spoofing z2 Intellectual Property Theft 8 Privilege Privilege Escalation Attacks. Data Manipulation ‘ Denial of Service Attack. Trojan Horse Attack. Cyber Defamation. Structured Query Language Attack. Cyberterrorism ‘ Brute-force Attack ‘ Cyberwarfare Examples of Cybercrimes Espionage: Corporate espionage is a central threat to organizations, as competitors often aim to attempt to secure sensitive data through open source intelligence gathering. Through this approach, competitors can launch similar products in the market, alter prices, and generally undermine the market position of a target organization. Intellectual property theft: It is the process of stealing trade secrets, copyrights, or patent rights of an asset or a material belonging to individuals or entities. The stolen property is generally handed over to rivals or other competitors, resulting in huge losses to the organization that developed or owned it. Data manipulation: It is a malicious activity in which attackers modify, change, or alter valuable digital content or sensitive data during transmission, instead of directly stealing the data from the company. Data-manipulation attacks can lead to the loss of trust and integrity. Trojan horse attack: A computer Trojan is a program in which malicious or harmful code is contained inside an apparently harmless program or data, which can later gain control and cause damage, such as ruining the file allocation table on your hard disk. Attackers use computer Trojans to trick the victim into performing a predefined action. Trojans are activated upon users’ specific predefined actions such as unintentionally installing a malicious software, clicking on a malicious link, etc., and upon activation, they can grant attackers unrestricted access to all the data stored on the compromised information system and potentially cause severe damage. Module 20 Page 2174 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics = Structured query language attack: SQL injection/attack is a technique used to take advantage of unsanitized input vulnerabilities to pass SQL commands through a web application for execution by a backend database. In this technique, the attacker injects malicious SQL queries into the user input from either to gain unauthorized access to a database or to retrieve information directly from the database. = Brute-force attack: It is the process of using a software tool or script to guess the login credentials or keys or discover hidden applications or webpages through a trial-and- error method. A brute-force attack is performed by attempting all possible combinations of usernames and passwords to determine valid credentials. * Phishing/spoofing: Phishing is a technique in which an attacker sends an email or provides a link falsely claiming to be from a legitimate site to acquire a user’s personal or account information. = Privilege escalation attacks: Privileges are a security role assigned to users for using specific programs, features, OSs, functions, files, or codes, etc., to limit their access by different types of users. If a user is assigned more privileges, he/she can modify or interact with more restricted parts of the system or application than less privileged users. Attackers initially gain system access with low privilege and then try to gain more privileges to perform activities restricted from less privileged users = Denial of service attack: A DoS attack is an attack on a computer or network that reduces, restricts, or prevents access to system resources for legitimate users. In a DoS attack, attackers flood a victim’s system with nonlegitimate service requests or traffic to overload its resources and bring down the system, leading to the unavailability of the victim’s website or at least significantly reducing the victim’s system or network performance. = Cyber defamation: It an offensive activity wherein a computer or device connected to the web is employed as a tool or source point to damage the reputation of an organization or individual. Sending defamatory emails or posting defamatory statements on social media can damage the reputation of the target organization or entity to a great extent. = Cyberterrorism: It involves the use of the Internet or web resources for threatening, intimidating, or performing violent activities to gain ideological or political advantages over individuals or groups. It can be performed using computer worms, viruses, malicious scripts, or malicious tools with a personal agenda. = Cyberwarfare: Libicki defines cyber warfare as the use of information systems against the virtual personas of individuals or groups. It is the broadest of all information warfare. It includes information terrorism, semantic attacks (similar to Hacker warfare, but instead of harming a system, it takes over the system while maintaining the perception that it is operating correctly), and simula-warfare (simulated war, for example, acquiring weapons for mere demonstration rather than actual use). Module 20 Page 2175 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics Impact of Cybercrimes at the Organizational. : Loss of confidentiality, integrity and availability of information Level stored in organizational systems Theft of sensitive data 03 Sudden disruption of business activities 04 Loss of customer and stakeholder trust 05 Substantial reputational damage 06 Huge financial losses 07 Penalties arising from the failure to comply with regulations Copyright © by EC-{ cll. Bll. All Rights Reserved. Reserved, ReproductionIsis Strictly Prohibited. Prohibited Impact of Cybercrimes at the Organizational Level Most businesses are reliant on the Internet and digital economy today, which has also led to their phenomenal growth on a global scale. However, such complete digitalization of business processes also poses new cybersecurity risks and threats. New methods of cyberattacks and inadequate cybersecurity protocols have resulted in massive data breaches in organizations in recent times. The major consequences of cybercrimes in organizations include theft of sensitive information, disruption of normal business operations, and substantial reputational damage. These breaches further lead to the loss of confidentiality, integrity, and availability of information stored in organizational systems as well as the loss of customer and stakeholder trust. The nature of cybercrime is evolving with malicious insider attacks and increased phishing attempts with maximum organizational impact. With the growing number of security breaches, the cost associated with the mitigation of cyberattacks is also rising. With such an ever-expanding threat landscape, organizations need to take appropriate measures for the investigation, containment, and eradication of cyber threats. They must also make targeted investments to strengthen their IT security framework in compliance with the relevant policies, standards, and regulations. Module 20 Page 2176 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.