26
ASCL Certified Cyber Crime Investigator CCI+
ASCLCertifiedCyberCrimeInvestigator
CCI+
2
Weliveinaworldwhereeverythingseemstobegettinghacked-notjustlaptops,smartphones&websitesbutalsocars,aeroplanes,ships,drones,selfaimingrifles,ships,CCTVcameras,medicaldevices,
bitcoinwallets,smart-watchesandmore...
3
TableofContents1.Introduction.....................................................................................................................................42.TheCCI+program..........................................................................................................................53.CCI+Modules...................................................................................................................................74.ModesoftheCCI+Program.......................................................................................................95.CCI+Activities...............................................................................................................................106.ASCLDigitalLearningPlatform.............................................................................................127.GradingSystem.............................................................................................................................148.AboutAsianSchoolofCyberLaws.......................................................................................159.ContactUs.......................................................................................................................................16Annexure1:SkillsofaCyberCrimeInvestigator...............................................................17Annexure2:DetailsoftheCCI+modules...............................................................................18
4
1.IntroductionThefaceofhackingandcybercrimeischangingbytheday.Inthe“goodolddays”,themotivebehindcyberattackswasapparent–money,espionageorpolitics.ButattackstargetingSonyPicturesEntertainment,theHackingTeamandAshleyMadisondonotshowsuchamotive.HackingTeamisanItaliancompanythatsells"offensiveintrusion&surveillancecapabilities"and"remotecontrolsystems"thatenablegovernmentsandcorporationstomonitorthecommunicationsofinternetusers,deciphertheirencryptedfilesandemails,recordSkypeandotherVOIPcommunications,andremotelyactivatemicrophonesandcameraontargetcomputers.InJuly2015,theHackingTeamsystemswerebreachedand400GBofdata-internale-mails,invoices,andsourcecode-wereleakedtotheworld.InNovember2014,GuardiansofPeace,ahackergroup,breachedthesystemsoffilmstudioSonyPicturesEntertainmentandleakedgigabytesofdataincludingpersonalinformationaboutSonyPicturesemployeesandtheirfamilies,emailsbetweenemployees,informationaboutexecutivesalariesatthecompanyandcopiesofunreleasedSonyfilms.Thereasonbehindtheattack?SonydidnotdropitsfilmTheInterview,acomedyaboutaplottoassassinateNorthKoreanleaderKimJong-un.AshleyMadisonisacommercialwebsitethatenabledextramaritalaffairs.Itstagline–“Lifeisshort.Haveanaffair”.InJuly2015,TheImpactTeamhackedintotheAshleyMadisonsystemsandleakedgigabytesofdata,includinguserdetails.Thereasonbehindtheattack?AshleyMadison’spolicyofnotdeletingusers'personalinformation–includingrealnames,homeaddresses,searchhistoryandcreditcardtransactionrecords.ThebreachandsubsequentdataleakagehasbeenlinkedtosuicidesofsomeAshleyMadisonusers.ThelatestcyberattackstograbglobalheadlinesinvolvehackingtheInternetofThings-Airplanes,ATMmachines,Babymonitors,Biometricdevices,Bitcoinwallets,Cars,CCTVcameras,Drones,Gamingconsoles,Healthtrackers,Medicaldevices,Powerplants,Selfaimingrifles,Smart-watches,Smartphones&more.Inahighlypublicisedevent,twosecurityresearchers“hacked”aJeepCherokeeremotely,usingthecar'sentertainmentsystem,whichconnectedtothemobiledatanetwork.ThisledtoFiatChryslerrecalling1.4millionvehiclesintheUS.TheInternetisincreasinglybeingusedbycriminalorganizations.OneofthemostinfamousexamplesisSilkRoad-anonlineblackmarketbestknownforsellingillegaldrugs.Sinceitoperatedasa“Torhiddenservice”,onlineuserswereabletobrowseitanonymously.SilkRoadisbelievedtohavegeneratedrevenuesofoverabilliondollarsbyfacilitatingtransactionsindrugs,stolencreditcarddetailsandevenmurder-for-hire!SilkRoadfounderRossWilliamUlbrichtwasprosecutedandin2015sentencedtolifeinprisonwithoutpossibilityofparole.
5
2.TheCCI+programTheASCLCertifiedCyberCrimeInvestigatorcoursepreparesyoutohandlecasesinvolvingdigitalevidenceandcybertrails.CyberCrimeInvestigatorsareanintegralpartof
ü InformationSecurityteams,ü IncidentResponseteams,ü FraudControlteams.
Theseteamsarecrucialin:
• eCommercecompanies,• auditfirms,• banks,• ITcompanies,• Governmentagenciesand• manufacturers
CyberCrimeInvestigatorsarealsorequiredby:
• police,• enforcementand• militaryagencies
EligibilityGraduateinanydiscipline.CoursewareCourseware&referencematerialisprovidedinprintedandelectronicform.MentorsupportEachstudentisallottedamentorforguidancethroughthecourse.RealWorldCaseStudiesThecoursefeaturesseveralrealworldcasestudiesandsimulations.
6
TheWildlifeCrimeControlBureau,NewDelhirecentlyannouncedvacancyforacybercrimespecialist.Thejobprofileincludes“webpatrollingfordetectionof
scheduledwildlifearticlesonsaleonInternet”.
7
3.CCI+Modules
1. CyberCrime-GlobalScenario
2. WebTechnologies
3. WebProgramming
4. WebHacking&Investigation
5. SuspectInterviewing
6. Documentation&LegalIssues
7. Phishing
8. VirtualPaymentSystems
9. InvestigatingFinancialCrimes
10. ForensicAccounting
11. FraudInvestigation
12. BitcoinForensics
13. Malware
14. DarkWeb
15. EmailInvestigation
16. InvestigatingServerLogs
17. BrowserForensics
18. Socialmediaforensics
19. Googleecosystem&forensics
20. ForensicTechnologies
21. CyberSecurityFundamentals
22. Cryptography&Steganography
23. PasswordForensics
24. RealWorldCaseStudies
8
TheASCLCertifiedCyberCrimeInvestigatorprogramwaslaunchedinFebruary2002.Inthelast14yearsithas
beencompletedby1000sofparticipants.
TheseincludePoliceOfficers,Lawyers,ITprofessionals,Charteredaccountants,CompanySecretaries,
Tax&otherGovernmentofficials,Militarypersonnel,ManagementProfessionals,CommerceGraduatesandstudents.
9
4.ModesoftheCCI+ProgramCustombatchesavailableonlyforcorporates,policedepartmentsandcolleges.
10
5.CCI+ActivitiesThiscourseisdividedinto24modules.Eachmodulefeaturesmultipleactivities,whichcouldbe:
o ASCLCaseFiles
o Bestpractices
o BookExtracts
o CaseStudies
o Checklists
o COINresource
o Documents
o eBooks
o Forms
o Guidelines
o Handbooks
o Presentations
o ResearchReports
o ResourceGuides
o SpecialReports
o StandardOperatingProcedures
o Templates
o Videos
o Worksheets
11
CollaborativeOnlineInvestigationNetwork(COIN)isaninteractiveplatformempoweringtheworld'senforcementagencies
totacklecybercrime&othercasesinvolvingdigitalevidence.
CCI+studentsgeta1-yearLevel3COINmembership(valuedatRs.12,000).
12
6.ASCLDigitalLearningPlatform
Viewthemodules,totalactivitiesandcompletedactivitiesinthedashboard.
13
ActivitiesmarkedasCompletedbyyoushowingreen.
ActivitiesnotmarkedasCompletedbyyoushowinblue.
Viewyourprogressineachmodule.
14
7.GradingSystemThegradingsystemforcasestudies,researchprojectandpresentation:GradeA
Excellentperformanceinmasteringofthesubject.Achievementofsuperiorquality.
GradeB
Goodperformancebeyondtheusualrequirementsofthecourse.Achievementofhighquality.
GradeC
Performanceofasatisfactorynature.Achievementdemonstratinganunderstandingofthesubjectsufficientforcontinuedstudyinthediscipline.
GradeD
Minimallyacceptableperformance.Achievementdemonstratingbelowaverageunderstandingofthebasicelementsofthecourse.
GradeF
Achievementatalevelinsufficienttodemonstrateunderstandingofthebasicelementsofthecourse.
15
8.AboutAsianSchoolofCyberLawsBornin1999,AsianSchoolofCyberLawsisaglobalpioneerincyberlaw&cybercrimeinvestigation.WeworkwithGovernments,Corporates,andEnforcement&Militaryagenciesacrosstheworld.WehaveassistedtheGovernmentofIndiainframingdraftrulesandregulationsundertheInformationTechnologyAct.ASCLComputerCrime&AbuseReport(India)istheonlystudyofitskindquotedbytheUnitedNationsinitsE-commerce&DevelopmentReport(2003).WehaveconductedtrainingprogramsonCyberCrimeInvestigation,IncidentResponseandCyberForensicsforseniorGovernmentandPoliceofficialsandcorporatesponsoredprofessionalsfromMalaysia,Japan,SouthKorea,China,Singapore,Malaysia,HongKong,Mauritius,Nepal,UAE,Philippines,USA,UK,ThailandandGhana.WewerepartoftheOrganizingCommitteefortheWorldCongressonInformaticsandLawatSpain(2002),Cuba(2003)andPeru(2004).WemaintaintheGlobalCyberLawDatabase,anonlinerepositoryofcyberrelatedlawsofmajorcountriesaroundtheglobe.LawenforcementpersonnelinIndiaandabroadextensivelyuseourCyberCrimeInvestigationManual.Thiswasoneofthefirstofitskindmanualsintheworld.TimesofIndia(theworld'slargestsellingEnglishnewspaper)hasreferredtoitasabibleforCyberCrimeInvestigators.WehaveconductedtrainingprogramsforvariousnationallevelGovernmentbodiesincludingNationalAcademyofDirectTaxes,NationalPoliceAcademy,NationalInstituteofBankManagement,NationalInsuranceAcademy,VaikunthMehtaNationalInstituteofCooperativeManagementandSecurities&ExchangeBoardofIndia(SEBI).WehaveassistedtheIndianArmy,variousbranchesoftheIndianpoliceandtheCentralBureauofInvestigationinmattersrelatingtocyberinvestigation.In2015,weco-organizedthec4ConferenceonCyberCrimeControl,2015alongwiththeHomeDepartment,Govt.ofMaharashtra,MumbaiPoliceandIITBombay.ThisconferencewasinauguratedbytheHon’bleChiefMinisterofMaharashtraon27thJuly,2015.WehavebuilttheCollaborativeOnlineInvestigationNetwork(COIN)-aninteractiveplatformempoweringtheworld'senforcementagenciestotacklecybercrime&othercasesinvolvingdigitalevidence.COINwaslaunchedbyShriDevendraFadnavis,Hon'bleChiefMinisterofMaharashtraon27thJuly,2015atthec4ConferenceonCyberCrimeControl,2015atMumbai.
16
9.ContactUsAsianSchoolofCyberLaws,#410,SupremeHeadquarters,Mumbai-BangaloreHighway,NearAudiShowroom,Baner,Pune-411045(INDIA)Phone:(91)9225548601Phone:(91)9225548602Email:[email protected]:www.asianlaws.org
17
Annexure1:SkillsofaCyberCrimeInvestigatorEssentialskillsforacybercrimeinvestigator:
1. BasicWebProgrammingskills.
2. WorkingknowledgeofWebTechnologies.
3. StrongworkingknowledgeofWebHacking.
4. Effectivesuspectinterviewingskills.
5. Thoroughunderstandingofdocumentation.
6. Soundknowledgeoftherelevantlaw.
7. Practicalknowledgeofphishingtools,techniquesandcounter-measures.
8. StrongknowledgeoftheworkingofVirtualPaymentSystems.
9. Understandingoffinancialinstrumentsandconcepts.
10. Basicunderstandingofforensicaccounting.
11. PracticalknowledgeofFraudInvestigation.
12. PracticalknowledgeofinvestigatingBitcoin&othercrypto-currencies.
13. Strongunderstandingofmalwareincidentprevention&response.
14. ThoroughpracticalknowledgeoftheDarkWeb.
15. Strongpracticalknowledgeofemailinvestigation.
16. ThoroughpracticalknowledgeofServerLoganalysis.
17. Strongpracticalknowledgeofbrowserforensics.
18. ThoroughunderstandingofSocialMediaForensics.
19. ThoroughunderstandingoftheGoogleEcosystem&itsForensics.
20. Strongworkingknowledgeofforensictechnologies.
21. UnderstandingoftheISO/IEC27037standard.
22. Basicworkingknowledgeofcybersecurity.
23. WorkingknowledgeCryptography&Steganography.
24. Strongpracticalknowledgeofpasswordrecovery&forensics.
25. Updatedknowledgeofthelatestcyberattacksaroundtheworld.
TheCCI+courseensuresthatyoudeveloptheseskills.
18
Annexure2:DetailsoftheCCI+modules1.CyberCrime-GlobalScenarioItissaidthatthosewhodonotlearnfromhistoryarecondemnedtorepeatit.Thismoduletracesthemajorcyberattacksincludingthe2007cyberattacksonEstonia,2010cyberattacksonMyanmar,2010Japan-SouthKoreacyberwarfare,2013Singaporecyberattacks,cyberattacksduringtheRusso-GeorgianWartheSonyPicturesEntertainmenthackandmore.ThemodulealsoexaminesconceptsofAdvancedpersistentthreats,Cyberattack,Cyber-collection,Cyberterrorism,Cyberwarfare,Hacktivism,InformationOperationsCondition,cyberattackthreattrends,Network-centricwarfare,NetworkedswarmingwarfareandWebbrigades.Thismodulealsoprofilesorganizations&groupslikeAnonymous,ChaosComputerClub,CultoftheDeadCow,DataInterceptTechnologyUnit,HackingTeam,L0pht,LegionofDoom,LulzSec,MastersofDeception,Milw0rm,PLAUnit61398,Room641A,SyrianElectronicArmy,TailoredAccessOperationsandUnit8200.CyberCrime-GlobalScenarioalsolooksintothekeydevelopments,changesandemergingthreatsincybercrimefromaEuropeanperspective.ThemoduleconcludeswithalookattheevolutionofRussian-speakingCyberMarketinthePost-SovietEraandthemobilecybercriminalundergroundmarketinChina.2.WebProgrammingFromthe1990supto2010,acybercrimeinvestigator’sjobrevolvedheavilyarounddiskandnetworkforensics.Thelastseveralyearshaveseenahugesurgeinecommerceandsmartphoneusage.Andwherethemoneygoes,crimefollows.Themassiveincreaseinwebhackinghasmadeitnecessaryforacybercrimeinvestigatortounderstandthebasicsofwebprogramming–HTML,PHPandMySQL.HTML(HypertextMarkupLanguage)isthelanguageusingwhichmostwebpagesarecreated.AllInternetbrowsersarecapableofunderstandingHTMLcommands.PHPisaverypopular,powerfulandeasytousescriptinglanguage.SomeofthebiggestwebsitesintheworldrunonPHP.MySQListheworld’smostpopularopen-sourcedatabaseanditpowerssomeofthemostpopularwebsitesintheworld.ThismodulecoverswebprogrammingandintroducesstudentstoXAMPP-themostpopularPHPdevelopmentenvironment.XAMPPisfree,availableforWindows,LinuxorMacandmakesiteasytoruninteractivewebsitesonyourlaptop.
19
Thismodulealsoexaminesreal-worldcodes–includingaveryinsecureloginsystem(withnoinputsanitization)andanotsoinsecureloginsystem(withsomeinputsanitization).Thishelpsstudentsunderstandtheprogrammingerrorsthatleadtowebsitesgettinghacked.3.WebTechnologiesConsideringthemagnitudeandimpactofwebattacks,itisnecessaryforacybercrimeinvestigatortounderstandsomeofthetechnologiesthatruntheInternetandtheWorldWideWeb.ThismodulebeginswithbasicconceptssuchasIPaddresses,theDomainNameSystemandwebsitecreation&hosting.Themodulemovesontopracticalactivitiesincludinghostingadomain,creatingSFTPusers,settingupcustomMXrecords,settingup,configuring&administeringprivateemailaccounts,MySQLdatabasesandVirtualPrivateServers.ThemodulealsocoversconfiguringSSLforsecurewebsites.Themodulethenmovesontoinstalling,configuring&deployingWordPress-thepopularopen-sourcewebsoftwareusedtocreatewebsites,blogs,andapps.Themodulealsocoversinstalling,configuring&deployingZenCart-afree,user-friendly,opensourceshoppingcartsoftware.TheWebTechnologiesmodulealsoteachesstudentshowtodeploycloudinfrastructure.4.WebHacking&InvestigationSinceamajorityofcybercrimecasesinvolveweb-hackingorweb-attacks,itisessentialforcybercrimeinvestigatorstohaveastrongknowledgeofthetechniquesandtoolsofwebhacking.ThemoduleonWebHacking&InvestigationfocusesprimarilyonsimulatedcasestudiesadaptedfromactualcasesinvestigatedbytheAsianSchoolofCyberLawsteam.TheseASCLCaseFilesrelatetocasesinvolvingFootprinting,BypassingAuthorizationSchema,SQLinjection,CrossSiteScripting(XSS),BrokenAuthentication,SessionHijacking,UnvalidatedRedirects&Forwards,andCrossSiteRequestForgery(CSRF).ThemodulealsocoverstheOWASPTestingGuide-anauthoritativeresourceforWebApplicationSecurityTesting.Thismodulealsolooksatsomeonlinetoolsfordomainandwebanalysis.
20
5.SuspectInterviewingEffectivesuspectinterviewingisanessentialskillforcybercrimeinvestigators.Thismodulebeginswiththedifferencebetweenaninterrogationandaninterview.Itmovesontopreparingforandconductingasuspectinterview.Themodulealsoteachesstudentshowtodetectdeception,documentaninterviewandgetanadmissionfromasuspect.ThemodulealsointroducesstudentstotheUSFBI’sinterviewprotocoltoassistthemindocumentingthecriticalissuesregardingasuspect'sstateofmindatthetimeoftheoffenseandtheconfession.Themodulealsoteachesstudentshowtoconductaninquiryinanorganisation.6.Documentation&LegalIssuesEventhebestinvestigationisworthlessifitisnotsupportedbyaccurateandrelevantdocumentationmadeincompliancewiththelaw.Thismodulecoverscomputerevidenceassessment&digitalforensicdocumentationissuesaswellastherelevantlegalissuesinIndia(usingtheCOINSectionFinder).Itcoversthe7formsprovidedbytheNationalCrimeRecordsBureau,India(includingFirstInformationReport)ItalsoprovidessampleDigitalForensicsAnalysisReport,RequestforServiceForms,Worksheets,ConsenttoSearch.ThemodulealsofeaturesSWGDEBestPracticesforComputerForensics&MobilePhoneForensicsandModelStandardOperationProceduresforComputerForensics.7.PhishingPhishingisoneofthemostpopulartechniquesamongsthackersandfinancialcybercriminals.Thismakesitimportantforacybercrimeinvestigatortounderstandphishingtools,techniquesandcounter-measures.ThismodulebeginswiththevarioustypesofphishingsuchasClonePhishing,SpearPhishing,PhonePhishing,Pharming,Phishingwithmalware&more.ThemodulethenmovesontoPhishingtechniquessuchasEmailSpoofing,WebSpoofing,DNScachepoisoningandDomainhijacking.ThemodulealsocoversPhishingcountermeasuressuchasSenderPolicyFrameworkandDomainKeysIdentifiedMail.
21
8.VirtualPaymentSystemsVirtualPaymentSystemshavetakentheglobalmoneymarketsbystorm.Acybercrimeinvestigatormusthaveastrongunderstandingofhowthesesystemswork.Thismodulecovers30+conceptsincludingAlternativePayments,AutomatedClearingHouse,CreditCards,Cryptocurrency,DebitCards,DigitalCurrency,DigitalWallets,ElectronicFundTransfer,PaymentGateways,RTGS,SWIFT,StoredValueCardsandmore.ThemodulealsocoversATMCardSkimming&PINCapturingandBestPracticesforPreventingCardTrapping.9.InvestigatingFinancialCrimesFinancialcrimesaresomeofthemostinterestingcasesthatcybercrimeinvestigatorsarecalledupontosolve.Thismodulebeginswithfinancialinstrumentssuchasshares,debtinstruments,derivatives,futures,hedging,options,swaps,depositoryreceiptsandmore.Thismodulethenmovesontomorethan30typesoffinancialcrimeincludingadvance-feescam,bankfrauds&carding,chargebackfraud,checkwashing,checkfraud,creditcardfraud,identitytheft,insidertrading,insurancefraud,mortgagefraud,ponzischemes,securitiesfraud,skimming,wirelessidentitytheftandmore.ThismodulecoverscasestudiesinFinancialCrimeincludingtheEnronscandal,FodderScam,Guinnessshare-tradingfraud,HarshadMehta's1992securitiesscam,MadoffinvestmentscandalandtheSatyamscandal.10.ForensicAccountingForensicAccountantsarecalleduponincasesinvolvingeconomicdamagescalculations,bankruptcy,securitiesfraud,taxfraud,moneylaundering,businessvaluationande-discovery.Itisimportantforacybercrimeinvestigatortohaveabasicunderstandingofforensicaccounting.Thismodulebeginswithmorethan40financialconceptslikebalancesheets,bookvalue,cashflowstatement,assets&liabilities,depreciation,EBIT,EBITDA,goodwill,trialbalanceandmore.Thismodulealsocoversconceptslikebanksecrecy,bankinginSwitzerland,Benford'slaw,dataanalysistechniquesforfrauddetection,moneylaundering,offshorebanking,shellcorporations&more.
22
11.FraudInvestigationManytimesacybercrimeinvestigatoriscalledupontohandlefraudinvestigations.Thismoduleusescasestudies&checkliststoexplainFraud(itsextent,patternsandcauses),FraudRiskAssessment&Management,FraudPrevention,Detection&Reporting,Themodulealsodiscussesinternalcontrols,PublicInterestDisclosures,MethodsofBriberyandBriberyRiskAssessment.ThemodulealsocoverstheForeignCorruptPracticesAct(FCPA),aUSlawforcombatingcorruptionaroundtheglobeandtheUKBriberyActwhichcreatesoffencesofofferingorreceivingbribes,briberyofforeignpublicofficialsandoffailuretopreventabribebeingpaidonanorganisation'sbehalf.12.BitcoinForensicsBitcoinis,withoutdoubt,themostfamouscrypto-currency.ItgainedalotofnotorietyduringthecrackdownonSilkRoad,anundergroundonlinemarketplacetradingindrugs,stolenfinancialinformation,weapons&more.Consideringtheuseofbitcoin(andothercryptocurrencies)bycriminals,astrongunderstandingofbitcoinforensicsisessentialforcybercrimeinvestigators.ThismodulestartswithatechnicalanalysisofthearchitectureandoperationoftheBitcoindigitalcurrency.Itthenmovesontoblockchain.infowhichcanbeusedforviewingthelatestbitcointransactions,mostpopularaddressesandmore.ThenextpracticalfocusesonusingBitIodinetofindtransactionsbetweentwoaddressesortwoclusters,address-to-clusterandcluster-to-address,gettingalistofaddressesthatsent/receivedBitcointo/fromaparticularaddressandvisualizingclusterscontrolledbythesameuserorentity,filteringbyamountandtime.Themodulealsolooksatvirtualcurrenciesfromananti-moneylaunderingand“counteringthefinancingofterrorism”pointofview.13.MalwareThismoduleexploresmorethan40malwarerelatedtermsandconceptsincludingadware,backdoor,blendedthreats,browserhijacking,chargeware,codeinjection,computerworms,crimeware,formgrabbing,logicbomb,malvertising,mobilecode,polymorphiccode,roguesecuritysoftware,rootkit,spyware,zerodayandmore.
23
Themodulealsofocusesonmalwareincidentpreventionandmalwareincidentresponse.Thismodulealsodiscussessomeonlinetoolsformalwareanalysis.14.DarkWebTheWorldWideWebthatthevastmajorityofnetizensuseisalsoreferredtoastheclearnet–sinceitprimarilyisunencryptedinnature.Thenthereisthedeepweb–thepartoftheclearnet,whichisnotindexedbysearchengines.Deepwebincludesdatastoredinpassword-protectedpagesanddatabases.Thedarkwebisasmallpartofthedeepweb.Thedeepwebconsistsofdarknetsincludingpeer-to-peernetworks,Freenet,I2P,andTor.TheTordarkwebisalsocalledonionland,sinceitstopleveldomainsuffixis.onionanditusesthetrafficanonymizationtechniqueofonionrouting.Consideringthepopularityofthedarkwebamongsttheorganizedcriminalsgroups,acybercrimeinvestigatormusthaveathoroughworkingknowledgeofthedarkweb.Thismodulebeginswiththeterminologyandjargonofthedarkweb.Itthenmovesontorelevanttechnologieslikeairdrop,alternateDNSroot,anonymousp2p,anonymousremailer,B.A.T.M.A.N,bitmessage,distributedhashtables,freenet,garlicrouting,Toranditshiddenservices,shellcode,Tails,Toxandmore.TheDarkWebmodulethenmovesontodarkwebmarket-places(likeAgora,Alphabay,AssassinationMarkets,SilkRoad)andtopleveldomains(like.bit,.onionand.tor).15.EmailInvestigationDespitethepopularityofinstantmessengers(suchasWhatsapp)andsocialmedia,emailremainsoneofthemostpopularmethodsofonlinecommunicationintheworld.Thismakesitessentialforacybercrimeinvestigatortohaveastrongknowledgeofemailtracking&tracing.Thismodulebeginswiththecomponents,protocols&formatsofemailsandthenmovesontoemailheaderanalysis&emailaccounttracking.ThemodulealsofeaturesanemailcrimerelatedcasestudyfromAsianSchoolofCyberLaws.ThemodulealsocoversCommonInternetMessageHeaders,relevantCOINchecklistsandvariousonlinetoolsforemailinvestigation.
24
16.InvestigatingServerLogsInalargenumberofcybercrimecases,theinvestigationbeginswithananalysisofserverlogs.Itisessentialforacybercrimeinvestigatortohaveasoundworkingknowledgeofserverloganalysis.ThismodulebeginswithadetailedanalysisofFTPserverlogandWebserverloganalysis.ThemodulealsofeaturestwoASCLCaseFiles-CyberSabotageandWebDefacement.17.BrowserForensicsInmanycasesofcybercrime,valuableevidencecanbeobtainedfromwebbrowsers.Thismakesitimportantforacybercrimeinvestigatortohaveastrongpracticalknowledgeofbrowserforensics.Theseevidencepointsincludehistory,bookmarks,creditcardinformation&contactinformationstoredinautofill,savedpasswords,filesinthedownloadlocation.Browserforensicsalsoinvolvesanalysisofcloudprintersandotherconnecteddevices,extensions,cookiesandsitedata,locationsettingsandexceptions,mediasettings(likecameraandmicrophonepermissions)&exceptions,unsandboxedplug-inaccess&exceptions,automaticdownloadsandexceptionsandmore.ThismodulefeaturesCOINcheckpoints,info-blocksandwarningsforforensicsonthemostpopularweb-browsers-GoogleChrome,MozillaFirefoxandSafari.18.SocialmediaforensicsIt’sprobablynotincorrecttosaythatalmosteveryInternetuserispartofatleastonesocialmediaplatform.Thismakessocialmediaforensicsandessentialskillforacybercrimeinvestigator.ThismodulefeaturesCOINcheckpoints,info-blocksandwarningsforforensicsofpopularsocialmediaplatformslikeFacebook,Instagram,LinkedIn,Pinterest,Twitter,Snapchat,WeChatandTumblr.19.Googleecosystem&forensicsGoogleisn’tjustasearchengineanymore.TheGoogleecosystemisallaroundus–Gmail,YouTube,Googlegroups,Googlesites,Googleplus,Googlekeepandsomuchmore.ThismakesGoogleforensicsamusthaveskillforcybercrimeinvestigators.ThismodulefeaturesCOINcheckpoints,info-blocksandwarningsforforensicsofGoogleHistory,GoogleDashboard,GoogleBookmarks,YouTube,Locationreporting&history,GoogleCalendar,GoogleCloudPrint,GoogleDrive,GoogleSites,GoogleKeep,GoogleGroupsandGooglePlus.
25
20.ForensicTechnologiesItisessentialforacybercrimeinvestigatortohaveastrongworkingknowledgeofforensictechnologiesandcyberforensicconcepts.Thismodulebeginswitha40-minutevideoexplainingthetechnicalconceptsofcyberforensics.ThismodulealsofeaturesCOINcheckpoints,info-blocksandwarningsforcomputerforensics,phoneforensics,portableGPSforensicsandmacforensics.ThehighlightofthismoduleisthecoverageofISO/IEC27037-themostimportantglobalstandardforidentification,collection,acquisitionandpreservationofpotentialdigitalevidence.ThisisdonethroughCOINcheckpoints,info-blocksandwarnings.21.CyberSecurityAbasicworkingknowledgeofcybersecurityisessentialforeveryoneandmoresoforcybercrimeinvestigators.Thismoduleintroducesthe9aspectsofinformationsecurity.ItthenmovesontothebasicsofApplicationSecurity,CloudComputingSecurity,ComputerSecurity,CyberSecurityStandards,DataSecurity,DatabaseSecurity,InformationSecurity,InternetSecurity,MobileSecurity,andNetworkSecurity.Themodulealsocoversstrategiesofaworld-classCybersecurityOperationsCenter.22.Cryptography&SteganographyManypeopleusecryptographyandsteganography.Andtheseincludecriminalsandterrorists.Henceaworkingknowledgeoftheseisusefulforcybercrimeinvestigators.Thismoduleintroduceshowcryptographyworksanddiscussesconceptssuchaskeys,symmetriccryptography,asymmetriccryptography,hashfunctions,digitalsignaturesanddigitalsignaturecertificates.Italsolooksatpracticalissuessuchasobtainingadigitalsignaturecertificate,digitallysigningemailsanddigitallysigningworddocuments.ThismodulealsoanalysesaDigitalSignatureFraudcasefromtheASCLCaseFiles.ThismoduleintroducestheconceptofSteganographyandSteganalysisandfeatures3toolsforsteganography–Camouflage,SNOWandS-tools.
26
23.PasswordForensicsInmanycasesitisfoundthatpotentialevidenceislockedupinpasswordprotectedfiles.Thismakesitessentialforcybercrimeinvestigatorstohaveastrongpracticalknowledgeofpasswordrecovery&forensics.Thismodulefocusesonbreakingfile&operatingsystempasswordsandbreakingencryption&hashes.ThismodulediscussespasswordrecoverytechniquesincludingInstantPasswordExtraction,"Fake"PasswordCreation,ResettingthePassword,BruteForceAttack,DictionaryAttack,KnownPlainTextAttackandGuaranteedRecovery.ItalsodiscussessomeofthepopularonlineandofflinepasswordrecoverytoolsfromElcomsoft,Passwareandothers.ThismodulealsofeaturesthePasswordMeterfortestingthestrengthofpasswords.24.RealWorldCaseStudiesThisisadynamicmodulethatisprimarilydeliveredthroughcasestudiesfromtheASCLCaseFilesaswellasthrough“virtualcoffeesessions”whichdiscussthelatestcybercrimecasesfromaroundtheworld.
