Session on Forensics and Cloud Computing at GFSU 15th Nov, 2017.

1. IT for Forensic
-By Mitesh Katira,
APMH & Associates LLP,
Forensic on IT
Digital Forensics

3. Penetration of Digitization – From
Laptop to Smart Phone
Penetration of Digitization – From
Laptop to Smart Phone

4. Transformation from EDGE(1G) to (4G)

5. Importance of Social Media

6. Importance of Communication

7. Credit / Debit Card Details Compromised
• Recently 3.2 million Debit Card details were compromised, 2.6 million are said
to be on the Visa and Master-Card platform and 600,000 on the RuPay
platform. The worst-hit of the card-issuing banks are State Bank of India.
• The breach is said to have originated in malware introduced in systems of
Hitachi Payment Services, enabling fraudsters to steal information allowing
them to steal funds. Hitachi, which provides ATM, point of sale (PoS) and other
services, couldn't be reached.
• A forensic audit has now been ordered by Payments Council of India on Indian
bank servers and systems to detect the origin of frauds that might have hit
customer accounts.
• NPCI Managing Director AP Hota said: "We have received complaints from
banks about debit cards being used in China which aroused suspicion.“
• Several victims have reported unauthorised usage from locations in China.
Read more at:
http://economictimes.indiatimes.com/articleshow/54945561.cms?utm_source
=contentofinterest&utm_medium=text&utm_campaign=cppst

8. Kaspersky Lab Research
• 52 per cent of internet users who have lost their money to cyber
criminals have got only some, or none, of their stolen funds back.
• On an Average user Loses $476 Per Attack, Only 1/10th People
Surveyed who lost more than $5000.
• 81% of Internet Users Conduct Financial Operations Online, Just
under Half (44%) Store Financial Data on Connected Devices.
• 45% Assume that Bank shall Reimburse, but Actual Survey Says 52%
of them haven’t Received all their Stolen Money.
Read more at:
http://economictimes.indiatimes.com/articleshow/56807388.cms?utm_source=contentofinterest&
utm_medium=text&utm_campaign=cppst

9. Spoofing banks websites
• Identical Website as the same of Bank
• Customer Logins into his account with Credential assuming it as
Bank’s website, then initiates transaction, generates OTP.
• At the Same time, the Attacker enters the same details given by you
on the Original Bank Website, Initiates the Transaction, and also
gets the OTP which Customer enters on Fake Website.
• After OTP they Fake Website Shows Wrong Credential, But fact is
that the Attackers has transferred the Funds from your Account.

10. Modi App hacked by Javed Khatri, 22-year old
• Narendra Modi wanted the nation to use his app which offered a survey containing 10 questions. The review was to
determine if the citizens of India were likely to support demonetisation or not.
• Amidst the hustle-bustle of the payday, on December 1, a 22-year-old hacker cracked the Narendra Modi app.
According to a YourStory report, hacker Javed Khatri claimed that he was able to hack the app.
• He was able to access private data of any user on the app. The data includes phone number, email, name, location,
interests, last seen etc. He successfully managed to extract the personal phone numbers and email ids of ministers
like Smriti Irani.
• Not only that, he can make any user on the platform follow any other user on the platform. This is just the summary
of this huge security loophole which he wanted to report. The privacy of more than seven million users is at stake if
this gets ignored.
• He did not want to cause any harm but wanted to demonstrate how poor
the security of the app is. He even mentioned it was easy for him to hack
the app.
• http://indiatoday.intoday.in/story/security-22-year-old-hacks-modi-app-
private-data-7-million/1/825661.html

11. Screen shot – 1
Jubin Mehta
Screen Shots of Modi App Hacked

12. Screen shot – 2
Jintendra Singh

13. Screen shot – 3
Smriti Irani

14. Technology Risk
• Hard Disk
• A Hard Disk can be recovered even after it is formatted, In order to delete all the
data permanently, HDD should be formatted for minimum of 7 Times
• Data Security
• Data security is a very important Drawback due it Lack of Awareness of IT.
• Data is on Cloud and hence can be accessed from anywhere anytime just by knowing
a password, In that case password is the key to ones whole organization
• Password Selection and Management
• Password should not be name, mobile number, Dad’s name, etc
• Most commonly used passwords are : Name, Number, 123456789, password, admin,
name@123, etc.
• A strong Password is created with Alphabets(Both Capital and small), Numbers,
Special Characters and it should be at least 8 characters long.

15. Google Accounts Hacking
• Experts are also seeing a shift in the strategy of hackers, who are now targeting mobile devices in
order to obtain the sensitive information that is stored on them. Israeli cyber security firm
Checkpoint said that its security researchers have revealed a new variant of Android malware,
breaching the security of more than one million Google accounts.
• The new malware campaign, named Gooligan, roots Android devices and steals email addresses
and authentication tokens stored on them. With this information, attackers can access users’
sensitive data from Gmail, Google Photos, Google Docs, Google Play and Google Drive, according
to Check Point.
• “This theft of over a million Google account details is very alarming and represents the next stage
of cyber- attacks,” said Michael Shaulov, Check Point’s head of mobile products in a statement.
• Check Point’s Mobile Research Team first encountered Gooligan’s code in the malicious SnapPea
app last year.
• In August 2016, the malware reappeared with a new variant and has since infected at least 13,000
devices per day. About 40 per cent of these devices are located in Asia and about 12 per cent are
in Europe

16. Detection
Solution
Prevention

17. Tools for Forensics
• WIFIKEYVIEW
• WIFIKEYVIEW enables the view of all the WIFI connected to the Device currently and
also in past,
• It shows the Passwords and keys to all the WiFi connected to the device at any time.
• USB Deview
• USBDeview is a small utility that lists all USB devices that currently connected to your
computer, as well as all USB devices that you previously used.
• For each USB device, extended information is displayed: Device name/description,
device type, serial number (for mass storage devices), the date/time that device was
added, VendorID, ProductID, and more...
• USBDeview also allows you to uninstall USB devices that you previously used,
disconnect USB devices that are currently connected to your computer, as well as to
disable and enable USB devices.
• You can also use USBDeview on a remote computer, as long as you login to that
computer with admin user.

18. MYIP.IS

19. Who.is Domain

20. Crazycall.net

21. • Winhex
• Clone the disk for official forensic

24. • Virus Total
• Website for scanning a particular file for the virus

25. • Recuva
• Recover the data which is deleted

26. • Spice works
• Scan the complete systems

27. • Andriller Cellebrite
• Android Forensic Software name

28. Cloud Computing
• Storage at external location
• Processing from the external place (Devise agnostic)
• From anywhere (location agnostic)
• Pooling of resource
• At generally on “Pay as You Go” Model
• Building a niche for management of infrastructure

29. Concept of DDoss / BotNet Attacks

30. Bots can easily attack a website if the hosting is on
unsecure/less secure Hosting Server
Website
Bots Hosting
DDOS attacks ping the Web address multiple times in
second, data transmission increases between 10-100
times depending on no. of Bots
Case Study : On Botnets

31. As the BotNets are Blocked on CloudFlare the
connecton to the web will be more secure
Website
Bots Hosting
Cloud Flare
Bots can easily attack a website if the hosting is on
unsecure/less secure Hosting Server
CloudFlare is a tool with a high level of Security when
prevents the BotNet Attacks, an also warns if some
exceptions noticed
Case Study : On Botnets (Cont’d…)

32. Concept of Ransomeware Attack
An E-mail is Received with an attachment which is
deemed to be a Normal Mail
But the attachment may be
stegnographed which means an
attachment displays ‘X’ but contains
‘Y’
Incase of Ransome ware Virus, ‘Y’ is an
application which may run in Background and
Break all security of the computer, The
Attacker can now Control your system. Eg:
Auto Pilot Mode.
This Ransom ware attacks the files and changes the Extentions to un-openable
extentions, for which attacker would ask for Ransom in Bit Coins to Repair that
file back
Frequently used
Extentions are ‘.locky’
and ‘.zepto’

33. Case Study 2 : On Ransome ware
Remove the System from your server network. As the
Ransome virus may attack the server and damage the
files there too
Do not Panic and format the hard drive /
Computer
By fetching the Previous to the Last Version of Affected
files, We can get the data of the files with minimal data
loss
This can be done using Hiren Boot and some other
Softwares or Processes
Previous to Last version of Files may be recovered and
you may get your data by Recovery from below
softwares.
Formatting by clear the
cache from which we
wouldn’t be able to
Recover Previous
Versions

34. Gmail Access History

35. Gmail Access History (Cont’d…)

37. Some Analytics on BITCOIN
• Bitcoin dropped below $7,000 on Friday to trade more than 5 percent down on the day, having fallen by well
over $1,000 since hitting an all-time high.
• Bitcoin dropped to $6,800 on the Luxembourg-based Bitstamp exchange by 1200 GMT, before recovering a
little to $6,870 just over 20 minutes later.
• On Wednesday around 1800 GMT, it had touched $7,888 after a software upgrade planned for next week
that could have split the cryptocurrency in two was suspended.
• As bitcoin fell, Bitcoin Cash - a clone of the original that was generated from another split on Aug.1 - surged,
trading up as much as 35 percent on the day at around $850, according to industry website Coinmarketcap.
• Despite losing almost 7 percent this week, bitcoin is still up more than 600 percent so far this year.
Read more at:
//economictimes.indiatimes.com/articleshow/61596454.cms?utm_source=contentofinterest&utm_medium=t
ext&utm_campaign=cppst

38. Bitcoin (Cont’d…)

39. Has your bank account been debited for a transaction
you haven't done? Here's what to do
Banking fraud is becoming all too common in India. With Prime Minister Narendra Modi pushing for a less cash
economy, it becomes all the more important to fix the problem of digital frauds.
Keeping this in mind and seeing a rise in customer complaints regarding unauthorised electronic transactions,
the Reserve Bank of India (RBI), in July, released new rules which makes it safer for customers to transact electronically.
On July 6, 2017, the RBI issued a notification, Customer protection - limited liability of customers in
unauthorised electronic banking transactions. The good news is that the onus is on the banks to prove that a fraud has
taken place, but customers should inform the bank as soon as possible to avoid being penalised.

40. What Banks have to do?
No Facility of electronic transactions, if
Mobile Numbers Not Provided
Notify the bank as soon as Possible, of
unauthorised electronic transaction
Zero Liability of the Customer
when :
SMS & E-mail Alerts
Negligence from Bank’s End
Technical Glitch at Bank’s End where
Customer Details are Compromised
Fraudulent Activities where Customer Details
are given away
Third-Party Breach, where Neither Bank nor
Customer is at Fault

41. Liability of a Customer?
Now if the bank is at fault, you do not pay, but if the fraud or wrongful debit has happened because
of your negligence, then you will have to bear the brunt. This could happen if you mentioned your PIN number
or password in passing or left it lying around and someone used it without your knowledge. The good news is
that even though this transaction has happened due to your negligence, if you report it to the bank before
seven working days (and after three days) from receiving the debit message, the RBI notification says that the
per transaction liability of the customer will be limited to the transaction value or an amount set by the central
bank, whichever is lower.
And if you take more than seven days, "the customer liability shall be determined as per the
bank's Board approved policy," says the RBI notification.

42. How long will it take for the reversal?
Banks have to credit or reverse the unauthorised electronic transaction to the customer's account
within 10 working days from the date of notification by the customer. And once reported, in case of debit card
or bank account fraud, the bank should ensure that the customer does not suffer loss of interest. If the
transaction has happened on a credit card, the customer should not have to additional burden of interest. If
the transaction has happened on a credit card, the customer should not have to additional burden of interest.
Also, once reported, banks have to resolve the case within 90 days from the date of receipt of the
complaint.
What should you do?
Banking frauds are on the rise and RBI has released data in March of this year which corroborates this
fact. In total there were 3,870 cases of fraud worth Rs 17,750 crore. Our lives will only get more reliant on
technology and tricksters will only come up with more innovative ways to steal our hard earned money. So,
take the necessary precautions and do not give out your bank or credit card details to anyone who you do not
trust and - we cannot stress this fact enough - inform the bank as soon you get to know of a wrongful
transaction in your account.
Read more at:
//economictimes.indiatimes.com/articleshow/61577976.cms?utm_source=contentofinterest&utm_medium=t
ext&utm_campaign=cppst

44. For Further Details :
Contact No. : +91-9833777556
E-mail : mitesh@apmh.in