I

FRN 4302, Digital Forensics Applications 1

Course Learning Outcomes for Unit I Upon completion of this unit, students should be able to:

1. Assemble an investigation process plan related to digital data. 1.1 Explain the skills, training, and education required to become a computer forensics

investigator.

3. Investigate digital forensics within virtual machines. 3.1 Explain the importance of computer forensics. 3.2 Describe the reasons for the increasing demand in computer forensic examiners. 3.3 Present statistics related to the growth of cybercrime.

Required Unit Resources Chapter 1: The Scope of Digital Forensics Unit Lesson

Types of Internet Crimes In this lesson, you will learn about the various types of internet crimes. This unit is designed to create a robust foundation of skills and knowledge around computer crimes and forensic investigations. You will learn about crimes on the internet that require the skills of network forensic investigators. You will also learn more about different types of network evidence that would be helpful in a digital forensic investigation. Let’s begin by discussing internet crime. Internet crime is any illegal activity that utilizes the internet for its perpetration (Techopedia, n.d.). There are five different types of internet crime we will explore in this lesson:

• phishing, • hacking, • virus dissemination, • logic bombs, and • denial-of-service attack.

Phishing Phishing is a method used by offenders to extract confidential information (e.g., username-password combinations and credit card numbers) of an internet user through masquerading as a legitimate enterprise. In most cases, this internet crime is conducted using email spoofing. The user receives an email with links to existing legitimate companies that appear on websites. Also, malware could install itself on a computer device and confiscate personal information. In most cases, internet criminal offenders primarily utilize social engineering to trick some internet users in downloading malware from the internet or in other ways, and users fill in private information under false pretenses (Fruhlinger, 2019). Users should look for spelling mistakes given that internet criminal offenders are not known for their spelling and grammar. Users should examine any graphics, logos, and names differences from well-known, legitimate sites. Hacking Hacking is the result of someone attempting to gain unauthorized access to a network or a computer on the network. One type of network evidence that signifies hacking and would be helpful in the digital forensic

UNIT I STUDY GUIDE Introduction to Computer Forensics

FRN 4302, Digital Forensics Applications 2

UNIT x STUDY GUIDE Title

investigation is structured query language (SQL) injection. The digital forensic investigators assess the SQL code entered into the site from the entry field (Digit, n.d.). The theft of file transfer protocol (FTP) passwords, another common technique to tamper with a website, is also investigated by forensic investigators. FTP password theft preys on passwords saved or stored on systems that are not well-protected (Digit, n.d.). Forensic investigators’ skills are also applied to detect cross- site scripting activities. Cross-site scripting is also known as XSS and is another way of circumventing a secure system (Digit, n.d.). Virus Dissemination Internet criminal offenders also use viruses to attack their victims. A virus is a computer program designed to have an adverse effect on a computer system or some internal aspect of that system. If an infected computer is on a network, then the virus will use that network to spread to other computers (Maras, 2016). Viruses are used in internet crimes to disrupt operations, alter data, or delete files, among other things (Maras, 2016). Worms Worms are different from viruses in that they do not require a host. Worms repeatedly replicate themselves until they have used up all available memory (Fraud Fighting, n.d.). Viruses spread through a network, including the internet, or using removable media devices. Internet Logic Bomb Threats Logic bombs, or slag codes, are malicious codes that are intentionally placed in a computer program or software with the intention of executing malicious activity (Fisher, 2019). The trigger for a logic bomb is a specific event or action and, in this way, it is like a virus (Fisher, 2019). Triggers can include specific times, input thresholds, or a host of other routine actions. Denial-of-Service Attacks (DoS) A DoS is an attempt to deny the use of specific services to users. DoS attacks involve flooding the attacked system with requests that exceed the system’s ability to cope (Digit, n.d.). In such attacks, servers can slow down or crash, thus denying users access to the service. Another method of inflicting a DoS attack is by directing more traffic to the site than it can cope with (Cloudflare, n.d.). In this case, a website will become unresponsive and time out, again, denying users the service. An adaptation of the DoS is the distributed denial-of-service (DDoS) attack. Here, attacks are spread across multiple geographical locations and have the same purpose as a DoS (Cloudflare, n.d.). DDoS attacks have been targeted against multinational companies, such as banks, online payment gateways, news corporations, and internet giants like Amazon and eBay.

Digital/Network Evidence for Digital Forensic Investigations Digital forensics follows the same first principles as actual forensics: transfer of objects to surfaces through contact. In digital crimes, evidence can be left behind just as in physical crimes. Digital evidence includes a digital footprint, information of time, date, and duration of a user’s activity. This can lead to certain assumptions being made as to the identity of a user (United Nations Office of Drugs and Crime [UNODC], n.d.). A digital footprint can be active or passive. An active footprint is information provided by a user that could reveal personal details, online comments, or social media activity that was intentionally left by the user. Passive footprints are made of information that was not intended to be left (UNODC, n.d.). Both active and passive digital footprints can be submitted as evidence of a crime. Digital evidence can be submitted as either direct evidence or circumstantial evidence. Before it is submitted to the court, it must be authenticated by a forensic investigator who will prove the evidence to be what is claimed of it or not (UNODC, n.d.). Digital evidence falls into three categories:

FRN 4302, Digital Forensics Applications 3

UNIT x STUDY GUIDE Title

• content generated by the user (e.g., emails, text messages, electronic documents); • content generated by a device (e.g., data logs); or • content generated by the user and device (e.g., a spreadsheet that contains a formula) (UNODC,

n.d.). Data or information may be gathered and used by digital forensic investigators to obtain intelligence, which can be introduced in a court of law as digital/network evidence (UNODC, n.d.).

Summary In this lesson, you learned about internet crimes. Some of the well-known types of internet crimes include hacking, phishing, logic bomb attacks, virus dissemination, denial-of-service (DoS) attacks, and spoofing, among others. These are some types of crimes conducted on the internet that would require the skills of a network forensic investigator. In this lesson, you also gathered details about types of network evidence that may be helpful in a digital forensics investigation. Digital evidence, either direct or circumstantial, is categorized into three groups: user-generated content, digital devices’ generated content, and content created by both computer devices and users. Computer and internet crimes are increasing all over the world. As the U.S. government works to fight and combat these internet crimes, most nations are experiencing increased cybercriminal activity. It is crucial for anyone working in the IT field to understand the concept of internet crime. Security professionals, such as forensic investigators, work to combat these crimes using different preventative technologies that will be covered in this course.

References

CloudFlare. (n.d.). What is a DDoS attack? https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/ Digit. (n.d.). The 12 types of cyber crime. https://www.digit.in/technology-guides/fasttrack-to-cyber-crime/the-

12-types-of-cyber-crime.html Fisher, T. (2020). What is a logic bomb? Lifewire. https://www.lifewire.com/what-is-a-logic-bomb-153072 Fraud Fighting. (n.d.). Virus dissemination. https://fraudfighting.org/wp-content/uploads/2017/12/Virus-

Dissemination.pdf Fruhlinger, J. (2020). What is phishing? How this cyber attack works and how to prevent it. CSO.

https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to- prevent-it.html

Maras, M. (2016). Cybercriminology. Oxford University Press. Techopedia. (n.d.). Internet crime. https://www.techopedia.com/definition/26587/Internet-crime United Nations Office of Drugs and Crime. (n.d.). Digital evidence.

https://www.unodc.org/e4j/en/cybercrime/module-4/key-issues/digital-evidence.html

FRN 4302, Digital Forensics Applications 1

Course Learning Outcomes for Unit I Upon completion of this unit, students should be able to:

1. Assemble an investigation process plan related to digital data. 1.1 Explain the skills, training, and education required to become a computer forensics

investigator.

3. Investigate digital forensics within virtual machines. 3.1 Explain the importance of computer forensics. 3.2 Describe the reasons for the increasing demand in computer forensic examiners. 3.3 Present statistics related to the growth of cybercrime.

Required Unit Resources Chapter 1: The Scope of Digital Forensics Unit Lesson

Types of Internet Crimes In this lesson, you will learn about the various types of internet crimes. This unit is designed to create a robust foundation of skills and knowledge around computer crimes and forensic investigations. You will learn about crimes on the internet that require the skills of network forensic investigators. You will also learn more about different types of network evidence that would be helpful in a digital forensic investigation. Let’s begin by discussing internet crime. Internet crime is any illegal activity that utilizes the internet for its perpetration (Techopedia, n.d.). There are five different types of internet crime we will explore in this lesson:

• phishing, • hacking, • virus dissemination, • logic bombs, and • denial-of-service attack.

Phishing Phishing is a method used by offenders to extract confidential information (e.g., username-password combinations and credit card numbers) of an internet user through masquerading as a legitimate enterprise. In most cases, this internet crime is conducted using email spoofing. The user receives an email with links to existing legitimate companies that appear on websites. Also, malware could install itself on a computer device and confiscate personal information. In most cases, internet criminal offenders primarily utilize social engineering to trick some internet users in downloading malware from the internet or in other ways, and users fill in private information under false pretenses (Fruhlinger, 2019). Users should look for spelling mistakes given that internet criminal offenders are not known for their spelling and grammar. Users should examine any graphics, logos, and names differences from well-known, legitimate sites. Hacking Hacking is the result of someone attempting to gain unauthorized access to a network or a computer on the network. One type of network evidence that signifies hacking and would be helpful in the digital forensic

UNIT I STUDY GUIDE Introduction to Computer Forensics

FRN 4302, Digital Forensics Applications 2

UNIT x STUDY GUIDE Title

investigation is structured query language (SQL) injection. The digital forensic investigators assess the SQL code entered into the site from the entry field (Digit, n.d.). The theft of file transfer protocol (FTP) passwords, another common technique to tamper with a website, is also investigated by forensic investigators. FTP password theft preys on passwords saved or stored on systems that are not well-protected (Digit, n.d.). Forensic investigators’ skills are also applied to detect cross- site scripting activities. Cross-site scripting is also known as XSS and is another way of circumventing a secure system (Digit, n.d.). Virus Dissemination Internet criminal offenders also use viruses to attack their victims. A virus is a computer program designed to have an adverse effect on a computer system or some internal aspect of that system. If an infected computer is on a network, then the virus will use that network to spread to other computers (Maras, 2016). Viruses are used in internet crimes to disrupt operations, alter data, or delete files, among other things (Maras, 2016). Worms Worms are different from viruses in that they do not require a host. Worms repeatedly replicate themselves until they have used up all available memory (Fraud Fighting, n.d.). Viruses spread through a network, including the internet, or using removable media devices. Internet Logic Bomb Threats Logic bombs, or slag codes, are malicious codes that are intentionally placed in a computer program or software with the intention of executing malicious activity (Fisher, 2019). The trigger for a logic bomb is a specific event or action and, in this way, it is like a virus (Fisher, 2019). Triggers can include specific times, input thresholds, or a host of other routine actions. Denial-of-Service Attacks (DoS) A DoS is an attempt to deny the use of specific services to users. DoS attacks involve flooding the attacked system with requests that exceed the system’s ability to cope (Digit, n.d.). In such attacks, servers can slow down or crash, thus denying users access to the service. Another method of inflicting a DoS attack is by directing more traffic to the site than it can cope with (Cloudflare, n.d.). In this case, a website will become unresponsive and time out, again, denying users the service. An adaptation of the DoS is the distributed denial-of-service (DDoS) attack. Here, attacks are spread across multiple geographical locations and have the same purpose as a DoS (Cloudflare, n.d.). DDoS attacks have been targeted against multinational companies, such as banks, online payment gateways, news corporations, and internet giants like Amazon and eBay.

Digital/Network Evidence for Digital Forensic Investigations Digital forensics follows the same first principles as actual forensics: transfer of objects to surfaces through contact. In digital crimes, evidence can be left behind just as in physical crimes. Digital evidence includes a digital footprint, information of time, date, and duration of a user’s activity. This can lead to certain assumptions being made as to the identity of a user (United Nations Office of Drugs and Crime [UNODC], n.d.). A digital footprint can be active or passive. An active footprint is information provided by a user that could reveal personal details, online comments, or social media activity that was intentionally left by the user. Passive footprints are made of information that was not intended to be left (UNODC, n.d.). Both active and passive digital footprints can be submitted as evidence of a crime. Digital evidence can be submitted as either direct evidence or circumstantial evidence. Before it is submitted to the court, it must be authenticated by a forensic investigator who will prove the evidence to be what is claimed of it or not (UNODC, n.d.). Digital evidence falls into three categories:

FRN 4302, Digital Forensics Applications 3

UNIT x STUDY GUIDE Title

• content generated by the user (e.g., emails, text messages, electronic documents); • content generated by a device (e.g., data logs); or • content generated by the user and device (e.g., a spreadsheet that contains a formula) (UNODC,

n.d.). Data or information may be gathered and used by digital forensic investigators to obtain intelligence, which can be introduced in a court of law as digital/network evidence (UNODC, n.d.).

Summary In this lesson, you learned about internet crimes. Some of the well-known types of internet crimes include hacking, phishing, logic bomb attacks, virus dissemination, denial-of-service (DoS) attacks, and spoofing, among others. These are some types of crimes conducted on the internet that would require the skills of a network forensic investigator. In this lesson, you also gathered details about types of network evidence that may be helpful in a digital forensics investigation. Digital evidence, either direct or circumstantial, is categorized into three groups: user-generated content, digital devices’ generated content, and content created by both computer devices and users. Computer and internet crimes are increasing all over the world. As the U.S. government works to fight and combat these internet crimes, most nations are experiencing increased cybercriminal activity. It is crucial for anyone working in the IT field to understand the concept of internet crime. Security professionals, such as forensic investigators, work to combat these crimes using different preventative technologies that will be covered in this course.

References

CloudFlare. (n.d.). What is a DDoS attack? https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/ Digit. (n.d.). The 12 types of cyber crime. https://www.digit.in/technology-guides/fasttrack-to-cyber-crime/the-

12-types-of-cyber-crime.html Fisher, T. (2020). What is a logic bomb? Lifewire. https://www.lifewire.com/what-is-a-logic-bomb-153072 Fraud Fighting. (n.d.). Virus dissemination. https://fraudfighting.org/wp-content/uploads/2017/12/Virus-

Dissemination.pdf Fruhlinger, J. (2020). What is phishing? How this cyber attack works and how to prevent it. CSO.

https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to- prevent-it.html

Maras, M. (2016). Cybercriminology. Oxford University Press. Techopedia. (n.d.). Internet crime. https://www.techopedia.com/definition/26587/Internet-crime United Nations Office of Drugs and Crime. (n.d.). Digital evidence.

https://www.unodc.org/e4j/en/cybercrime/module-4/key-issues/digital-evidence.html