SlideShare a Scribd company logo

Presentation cyber forensics & ethical hacking

Download as PPTX, PDF
A
Ambuj Kumar

basics of forensic and hacking

Technology
1 of 85
CYBER FORENSICS
Who am I ? Ambuj Kumar Cyber Security Analyst Received hall of fame from Practo, eur.nl, HackerEarth, Maastricht University, Govt of India. Winner of Hackathon.
Topics  Cyber Forensics Fundamentals & Process  Acquisition & Duplication  Hashing & Write Protection  Analyzing & Investigating Deleted Data  Security operation ceter  Malicious file  Facebook crime
WHAT IS CYBER FORENSICS? Cyber forensics is an electronic discovery technique used to determine and reveal technical criminal evidence. Cyber forensics involves the  Collection- What needs to be investigated.  Preservation  Analysis  Documentation and  Presentation of computer evidence stored on a computer.
Cyber Forensic Process
Cyber forensic Forensics Goals • Finding legal evidence in computing devices and preserving its integrity in a way that is deemed admissible in a court of law. • Preserving and recovering evidence following court- accepted technical procedures. • Identifying data leaks within an organization. • Accessing possible damage occurring during a data breach.
Cybercrime Attack Mode • Insider attacks(most dangerous) • External attacks
How Are Computers Used in Cybercrimes? • A computing device is used as a weapon to commit a crime. • Example: Launching denial-of-service (DoS) attacks or sending • Ransomware • Gaining unauthorized access
Forensics Investigation Types • Public investigations(Public investigations involve law enforcement agencies and are conducted according to country or state law) • Private (corporate) sector investigations (Private investigations are usually conducted by enterprises to investigate policy violations, litigation dispute, wrongful termination, or leaking of enterprise secrets )
Digital Evidence Types • User-created data includes anything created by a user (human) • using a digital device. It includes the following and more: • Text files (e.g. MS Office documents, IM chat, bookmarks), • spreadsheets, database, and any text stored in digital format, • Audio and video files, • Digital images, • Webcam recordings (digital photos and videos), • Address book and calendar,
• Hidden and encrypted files (including zipped folders) created by the computer user, • Previous backups (including both cloud storage backups and offline backups like CD/DVDs and tapes), • Account details (username, picture, password), • E-mail messages and attachments (both online and client e- mails as Outlook), • Web pages, social media accounts, cloud storage, and any online accounts created by the user.
Challenge of Acquiring Digital Evidence • computer with a password, access card, or dongle. • Digital steganography techniques to conceal incriminating data in images, videos, audio files, file systems, and in plain sight (e.g. Within MS Word document). • Encryption techniques to obscure data, making it unreadable without the password.
• Full disk encryption (FDE) including system partition (e.g. BitLocker drive encryption). • Strong passwords to protect system/volume; cracking them is very time consuming and expensive. • File renaming and changing their extensions (e.g., changing DOCX into DLL, which is a known Windows system file type)
• Attempts to destroy evidence through wiping the hard drive • securely using various software tools and techniques. • Removing history from the web browser upon exit and disabling
• Physically damaged digital media; for example, we cannot retrieve • deleted files from a failed HDD before repairing it. • Sensitivity of digital evidence; if not handled carefully it might be destroyed. Heat, cold, moisture, magnetic fields, and even just dropping the media device can destroy it. • Easy alteration of digital evidence; for instance, if a computer is ON, you must leave it ON and acquire its volatile memory (if possible), but if the computer is OFF, leave it OFF to avoid changing any data.
• Cybercrimes can cross boarders easily through the Internet, making the lack of cyberlaw standardization a major issue in this domain. • USB thumb drive that belongs to a suspect, but the data inside it is fully encrypted and protected with a password, the suspect can deny its ownership of this thumb, making the decryption process very difficult to achieve without the correct password/key file.
Who Should Collect Digital Evidence? • Analytical thinking: This includes the ability to make correlations between different events/facts when investigating a crime. • Solid background in IT knowledge: This includes wide knowledge about different IT technologies, hardware devices, operating systems, and applications. This does not mean that an investigator should know how each technology works in detail.
• Hacking skills: To solve a crime, you should think like a hacker. Knowing attack techniques and cybersecurity concepts is essential for a successful investigation. • Understanding of legal issues concerning digital crime investigations. • Excellent knowledge of technical skills related to digital
• forensics like data recovery and acquisition and writing technical reports. • Online searching skills and ability to gather information from publicly available sources (i.e., OSINT).
FIRST RESPONDENT TEAM The first responder is the first person to encounter a crime scene. A first responder has the expertise and skill to deal with the incident. The first responder may be an officer, security personnel, or a member of the IT staff or incident response team. Roles of First Respondent Team: 1. Identifying the crime scene 2. Protecting the crime scene 3. Preserving temporary and fragile evidence
First Responder Toolkit • Crime scene tape. • Stick-on labels and ties. • Color marker pens. • Notepad. • Gloves. • Magnifying glass. • Flashlight.
• Sealable bags of mixed size; should be antistatic bags to preserve evidence integrity. • Camera (can capture both video and images and must be configured to show the date/time when the capture happens). • Radio frequency-shielding material to prevent some types of seized devices (e.g., smartphones and tablets with SIM cards) from receiving calls or messages (also known as a Faraday shielding bag). This bag will also protect evidence against • Bootable CDs.
• Lightning strikes and electrostatic discharges. • Chain of custody forms. • Secure sanitized external hard drive to store image of any digital exhibits. • USB hub.
Locations of Electronic Evidence • Desktops • Laptops • Tablets • Servers and RAIDs • Network devices like hubs, switches, modems, routers, and wireless access points • Internet-enabled devices used in home automation (e.g., AC and smart refrigerator)
• IoT devices • DVRs and surveillance systems • MP3 players • GPS devices • Smartphones
• Game stations (Xbox, PlayStation, etc.) • Digital cameras • Smart cards • Pagers • Digital voice recorders • External hard drives • Flash/thumb drives • Printers • Scanners
Chain of Custody • What is the digital evidence? (E.g., describe the acquired digital evidence.) • Where was the digital evidence found? (E.g., computer, tablet, cell phone, etc.; also to be included is the state of the computing device upon acquiring the digital evidence–ON or OFF?)
• How was the digital evidence acquired? (E.g., tools used; you also need to mention the steps taken to preserve the integrity of evidence during the acquisition phase.) • When was the digital evidence accessed, by whom and for what reason? • How was the digital evidence used during the investigation?
• How was the digital evidence transported, preserved, and handled? • How was the digital evidence examined? (E.g., any tools and techniques used.)
Sample Chain of Custody Form
Chain of custody
Acquisition & Duplication Acquisition • Acquisition is the process of collecting digital evidence from an electronic media.
Duplication • A forensic duplication is an accurate copy of data that is created with the goal of being admissible as evidence in legal proceedings. • We define forensic duplication as an image of every accessible bit from the source medium.
Types of Duplication 1. Simple duplication • Copy selected data; file, folder, partition. 2. Forensic duplication • Every bit on the source is retained • Including deleted files
Duplication/Cloning FtkImager • https://accessdata.com/product- download/ftk-imager-version-4-5
Hashing & Write Protection Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hash value generation in digital forensic: • Generally, hash value is used to check the integrity of any data file but, in digital forensic it is used to check the integrity of evidence disk data. • The image of a disk is created in digital forensic for analysis so, it is necessary the image have exactly or replica of evidence disk. • The hash value generated during imaging should match when that image of evidence disk is extracted for detail analysis. In digital forensic hash value is generated for whole disk data not only single or multiple files.
Hashes • MD5: 464668D58274A7840E264E8739884247 • SHA-1: 4698215F643BECFF6C6F3D2BF447ACE0C067149E • SHA-256: F2ADD4D612E23C9B18B0166BBDE1DB839BFB8A376ED01E32 FADB03A0D1B720C7 • SHA-384: 2707F06FE57800134129D8E10BBE08E2FEB622B76537A7C42 95802FBB94755BBEE814B101ED18CC2D0126BD66E5D77B6
• SHA-512: C526BC709E2C771F9EC039C25965C91EAA3451A8CB43651A 4CD813F338235F495D37891DD25FE456FE2A8CA894576293 78BE63FB3A9A5AD54D9E11E4272D60C • RIPEMD-128: A868B98EAEC84891A7B7BA620EDDE621 • TIGER: F31A22CEED5848E69316649D4BAFBE8F9274DED53E25C02D • PANAMA: 7E703B1798A26A0AF21ECD661CBADB9C72B419455814CA7B 82E29EE0C03FA493
Hash myfiles • https://www.nirsoft.net/utils/hash_m y_files.html
Write Protection: Write protection is any physical mechanism that prevents modification or erasure of valuable data on a device.
Write protection
Analyzing & Investigating Deleted Data Data recovery is the extraction of data from damaged evidence sources in a forensically sound manner. This method of recovering data means that any evidence resulting from it can later be relied on in a court of law. Tools for recovering deleted Data:  Disk Drill  Recuva  MiniTool Power Data Recovery  Lazesoft
• https://www.cleverfiles.com/disk- drill-windows.html Disk Drill
Faraday bag
Faraday bag
HONEY POT • It can be used to detect attacks or deflect them from a legitimate target.
What is Deception technology?  Deception technology has evolved from honeypots to more sophisticated systems that can track intruders' movements. The technology has been commercialized over the last few years as a separate product line  Today's deception technology is more focused on Active Directory, where it can create a perceived AD environment, "This allows it to capture each and every step an attacker is taking in real time.
• Another advantage of newer deception technology is that it helps in detection of lateral movement of hackers and intruders long before an attack takes place.
Pentbox • https://github.com/H4CK3RT3CH/pen tbox-1.8
Red team • Red teams often consist of independent ethical hackers who evaluate system security in an objective manner.
Red team works • Penetration testing • Social engineering • Phishing
Blue Team • Blue teams use a variety of methods and tools as countermeasures to protect a network from cyber attacks.
Blue team work • Implementing SIEM solutions • Ensuring firewall access controls are properly configured • Deploying IDS and IPS software as a detective and preventive security control.
• Using vulnerability scanning software on a regular basis. • Securing systems by using antivirus or anti-malware software. • Segregating networks and ensure they are configured correctly.
SIEM • Security information and event management solution supports threat detection, compliance and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources.
SIEM Technology
Tools • Splunk Enterprise Security • IBM Qradar • AlienVault
Firewall • Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
IDS • Intrusion Detection System (IDS) is a network security technology originally built for detecting vulnerability
Tools
Intrusion detection system • May use signature based technique • Snort network intrusion detection system(NIDS) • Available for windows as well as Linux
IPS • An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats
Difference
Windows Log Analysis • In an event of a forensic investigation, Windows Event Logs serve as the primary source of evidence as the operating system logs every system activity. Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artefacts. The information that needs to be logged depends upon the audit features that are turned on which means that the event logs can be turned off with the administrative privileges. From the forensic point of view, the Event Logs catch a lot of data.
• The Windows Event Logs are used in forensics to reconstruct a timeline of events. • The main three components of event logs are: – Application – System – Security • On Windows Operating System, Logs are saved in root location %System32%winevtLogs. • When Maximum Log size is reached: – Oldest Events are Overwritten – Archive the Logs when full – If do not wish to overwrite the events, clear logs manually
The type of events that are recorded can be any occurrence that affects the system: • An Incorrect Login Attempt, • A Hack, Breach, System Settings Modification, • An Application Failure, • System Failure etc. All these events are logged in the “%System32%/Winevt/Log”.
Full Event Log View • https://www.nirsoft.net/utils/full_event_log_view.html#: ~:text=FullEventLogView%20is%20a%20simple%20tool, network%2C%20and%20events%20stored%20in%20.
Kali Linux • https://www.kali.org/downloads/
Linux Log analysis
Kali Linux Password Reset 1. Boot your Kali system and let the GNU Grub page will appear. 2. On the GNU GRUB page select the * Advanced options for Kali GNU/Linux option by down arrow key and press enter. 3. Now simply select the second one Recovery mode option and press E key to go to recovery mode of Kali Linux. 4. To modify it just change read-only mode (ro) to rw (write mode) and add init=/bin/bash like below screenshot then press F10 to reboot the Kali Linux. 5. After rebooting the Kali Linux system, it will bring you the bellow screen to reset Kali Linux password.
• To reset root password of Kali Linux system, simply type “passwd ” and hit the enter. Then type the new password twice for the root user. After successfully resetting Kali Linux lost password, you will see the succeed message*password update successfully*. Well reboot the system with reboot –f and log in with a newly changed password of root user.
Investigation of fake IP
Analyzing malicious File
Presentation cyber forensics & ethical hacking

Recommended

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensicsChaitanya Dhareshwar
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 

Recommended

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensicsChaitanya Dhareshwar
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detectionVikrant Arya
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Encase Forensic
Encase ForensicEncase Forensic
Encase ForensicMegha Sahu
 
Computer forensic
Computer forensicComputer forensic
Computer forensicbhavithd
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniDr Raghu Khimani
 

More Related Content

What's hot

Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detectionVikrant Arya
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Encase Forensic
Encase ForensicEncase Forensic
Encase ForensicMegha Sahu
 
Computer forensic
Computer forensicComputer forensic
Computer forensicbhavithd
 

What's hot (20)

Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_system
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detection
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 

Similar to Presentation cyber forensics & ethical hacking

mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniDr Raghu Khimani
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collectiongagan deep
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxgouriuplenchwar63
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptxKomalNagre4
 
Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenMarc Hullegie
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 

Similar to Presentation cyber forensics & ethical hacking (20)

mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
File000117
File000117File000117
File000117
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
css ppt.ppt
css ppt.pptcss ppt.ppt
css ppt.ppt
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Sujit
SujitSujit
Sujit
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
 
Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuven
 
Computer Forensics Bootcamp
Computer Forensics BootcampComputer Forensics Bootcamp
Computer Forensics Bootcamp
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

Presentation cyber forensics & ethical hacking

  • 2. Who am I ? Ambuj Kumar Cyber Security Analyst Received hall of fame from Practo, eur.nl, HackerEarth, Maastricht University, Govt of India. Winner of Hackathon.
  • 3. Topics  Cyber Forensics Fundamentals & Process  Acquisition & Duplication  Hashing & Write Protection  Analyzing & Investigating Deleted Data  Security operation ceter  Malicious file  Facebook crime
  • 4. WHAT IS CYBER FORENSICS? Cyber forensics is an electronic discovery technique used to determine and reveal technical criminal evidence. Cyber forensics involves the  Collection- What needs to be investigated.  Preservation  Analysis  Documentation and  Presentation of computer evidence stored on a computer.
  • 6. Cyber forensic Forensics Goals • Finding legal evidence in computing devices and preserving its integrity in a way that is deemed admissible in a court of law. • Preserving and recovering evidence following court- accepted technical procedures. • Identifying data leaks within an organization. • Accessing possible damage occurring during a data breach.
  • 7. Cybercrime Attack Mode • Insider attacks(most dangerous) • External attacks
  • 8. How Are Computers Used in Cybercrimes? • A computing device is used as a weapon to commit a crime. • Example: Launching denial-of-service (DoS) attacks or sending • Ransomware • Gaining unauthorized access
  • 9. Forensics Investigation Types • Public investigations(Public investigations involve law enforcement agencies and are conducted according to country or state law) • Private (corporate) sector investigations (Private investigations are usually conducted by enterprises to investigate policy violations, litigation dispute, wrongful termination, or leaking of enterprise secrets )
  • 10. Digital Evidence Types • User-created data includes anything created by a user (human) • using a digital device. It includes the following and more: • Text files (e.g. MS Office documents, IM chat, bookmarks), • spreadsheets, database, and any text stored in digital format, • Audio and video files, • Digital images, • Webcam recordings (digital photos and videos), • Address book and calendar,
  • 11. • Hidden and encrypted files (including zipped folders) created by the computer user, • Previous backups (including both cloud storage backups and offline backups like CD/DVDs and tapes), • Account details (username, picture, password), • E-mail messages and attachments (both online and client e- mails as Outlook), • Web pages, social media accounts, cloud storage, and any online accounts created by the user.
  • 12. Challenge of Acquiring Digital Evidence • computer with a password, access card, or dongle. • Digital steganography techniques to conceal incriminating data in images, videos, audio files, file systems, and in plain sight (e.g. Within MS Word document). • Encryption techniques to obscure data, making it unreadable without the password.
  • 13. • Full disk encryption (FDE) including system partition (e.g. BitLocker drive encryption). • Strong passwords to protect system/volume; cracking them is very time consuming and expensive. • File renaming and changing their extensions (e.g., changing DOCX into DLL, which is a known Windows system file type)
  • 14. • Attempts to destroy evidence through wiping the hard drive • securely using various software tools and techniques. • Removing history from the web browser upon exit and disabling
  • 15. • Physically damaged digital media; for example, we cannot retrieve • deleted files from a failed HDD before repairing it. • Sensitivity of digital evidence; if not handled carefully it might be destroyed. Heat, cold, moisture, magnetic fields, and even just dropping the media device can destroy it. • Easy alteration of digital evidence; for instance, if a computer is ON, you must leave it ON and acquire its volatile memory (if possible), but if the computer is OFF, leave it OFF to avoid changing any data.
  • 16. • Cybercrimes can cross boarders easily through the Internet, making the lack of cyberlaw standardization a major issue in this domain. • USB thumb drive that belongs to a suspect, but the data inside it is fully encrypted and protected with a password, the suspect can deny its ownership of this thumb, making the decryption process very difficult to achieve without the correct password/key file.
  • 17. Who Should Collect Digital Evidence? • Analytical thinking: This includes the ability to make correlations between different events/facts when investigating a crime. • Solid background in IT knowledge: This includes wide knowledge about different IT technologies, hardware devices, operating systems, and applications. This does not mean that an investigator should know how each technology works in detail.
  • 18. • Hacking skills: To solve a crime, you should think like a hacker. Knowing attack techniques and cybersecurity concepts is essential for a successful investigation. • Understanding of legal issues concerning digital crime investigations. • Excellent knowledge of technical skills related to digital
  • 19. • forensics like data recovery and acquisition and writing technical reports. • Online searching skills and ability to gather information from publicly available sources (i.e., OSINT).
  • 20. FIRST RESPONDENT TEAM The first responder is the first person to encounter a crime scene. A first responder has the expertise and skill to deal with the incident. The first responder may be an officer, security personnel, or a member of the IT staff or incident response team. Roles of First Respondent Team: 1. Identifying the crime scene 2. Protecting the crime scene 3. Preserving temporary and fragile evidence
  • 21. First Responder Toolkit • Crime scene tape. • Stick-on labels and ties. • Color marker pens. • Notepad. • Gloves. • Magnifying glass. • Flashlight.
  • 22. • Sealable bags of mixed size; should be antistatic bags to preserve evidence integrity. • Camera (can capture both video and images and must be configured to show the date/time when the capture happens). • Radio frequency-shielding material to prevent some types of seized devices (e.g., smartphones and tablets with SIM cards) from receiving calls or messages (also known as a Faraday shielding bag). This bag will also protect evidence against • Bootable CDs.
  • 23. • Lightning strikes and electrostatic discharges. • Chain of custody forms. • Secure sanitized external hard drive to store image of any digital exhibits. • USB hub.
  • 24. Locations of Electronic Evidence • Desktops • Laptops • Tablets • Servers and RAIDs • Network devices like hubs, switches, modems, routers, and wireless access points • Internet-enabled devices used in home automation (e.g., AC and smart refrigerator)
  • 25. • IoT devices • DVRs and surveillance systems • MP3 players • GPS devices • Smartphones
  • 26. • Game stations (Xbox, PlayStation, etc.) • Digital cameras • Smart cards • Pagers • Digital voice recorders • External hard drives • Flash/thumb drives • Printers • Scanners
  • 27. Chain of Custody • What is the digital evidence? (E.g., describe the acquired digital evidence.) • Where was the digital evidence found? (E.g., computer, tablet, cell phone, etc.; also to be included is the state of the computing device upon acquiring the digital evidence–ON or OFF?)
  • 28. • How was the digital evidence acquired? (E.g., tools used; you also need to mention the steps taken to preserve the integrity of evidence during the acquisition phase.) • When was the digital evidence accessed, by whom and for what reason? • How was the digital evidence used during the investigation?
  • 29. • How was the digital evidence transported, preserved, and handled? • How was the digital evidence examined? (E.g., any tools and techniques used.)
  • 30. Sample Chain of Custody Form
  • 31.
  • 33. Acquisition & Duplication Acquisition • Acquisition is the process of collecting digital evidence from an electronic media.
  • 34. Duplication • A forensic duplication is an accurate copy of data that is created with the goal of being admissible as evidence in legal proceedings. • We define forensic duplication as an image of every accessible bit from the source medium.
  • 35. Types of Duplication 1. Simple duplication • Copy selected data; file, folder, partition. 2. Forensic duplication • Every bit on the source is retained • Including deleted files
  • 37. Hashing & Write Protection Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hash value generation in digital forensic: • Generally, hash value is used to check the integrity of any data file but, in digital forensic it is used to check the integrity of evidence disk data. • The image of a disk is created in digital forensic for analysis so, it is necessary the image have exactly or replica of evidence disk. • The hash value generated during imaging should match when that image of evidence disk is extracted for detail analysis. In digital forensic hash value is generated for whole disk data not only single or multiple files.
  • 38. Hashes • MD5: 464668D58274A7840E264E8739884247 • SHA-1: 4698215F643BECFF6C6F3D2BF447ACE0C067149E • SHA-256: F2ADD4D612E23C9B18B0166BBDE1DB839BFB8A376ED01E32 FADB03A0D1B720C7 • SHA-384: 2707F06FE57800134129D8E10BBE08E2FEB622B76537A7C42 95802FBB94755BBEE814B101ED18CC2D0126BD66E5D77B6
  • 39. • SHA-512: C526BC709E2C771F9EC039C25965C91EAA3451A8CB43651A 4CD813F338235F495D37891DD25FE456FE2A8CA894576293 78BE63FB3A9A5AD54D9E11E4272D60C • RIPEMD-128: A868B98EAEC84891A7B7BA620EDDE621 • TIGER: F31A22CEED5848E69316649D4BAFBE8F9274DED53E25C02D • PANAMA: 7E703B1798A26A0AF21ECD661CBADB9C72B419455814CA7B 82E29EE0C03FA493
  • 41. Write Protection: Write protection is any physical mechanism that prevents modification or erasure of valuable data on a device.
  • 42.
  • 43.
  • 45. Analyzing & Investigating Deleted Data Data recovery is the extraction of data from damaged evidence sources in a forensically sound manner. This method of recovering data means that any evidence resulting from it can later be relied on in a court of law. Tools for recovering deleted Data:  Disk Drill  Recuva  MiniTool Power Data Recovery  Lazesoft
  • 49. HONEY POT • It can be used to detect attacks or deflect them from a legitimate target.
  • 50.
  • 51. What is Deception technology?  Deception technology has evolved from honeypots to more sophisticated systems that can track intruders' movements. The technology has been commercialized over the last few years as a separate product line  Today's deception technology is more focused on Active Directory, where it can create a perceived AD environment, "This allows it to capture each and every step an attacker is taking in real time.
  • 52. • Another advantage of newer deception technology is that it helps in detection of lateral movement of hackers and intruders long before an attack takes place.
  • 54. Red team • Red teams often consist of independent ethical hackers who evaluate system security in an objective manner.
  • 55. Red team works • Penetration testing • Social engineering • Phishing
  • 56. Blue Team • Blue teams use a variety of methods and tools as countermeasures to protect a network from cyber attacks.
  • 57. Blue team work • Implementing SIEM solutions • Ensuring firewall access controls are properly configured • Deploying IDS and IPS software as a detective and preventive security control.
  • 58. • Using vulnerability scanning software on a regular basis. • Securing systems by using antivirus or anti-malware software. • Segregating networks and ensure they are configured correctly.
  • 59.
  • 60. SIEM • Security information and event management solution supports threat detection, compliance and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources.
  • 62.
  • 63. Tools • Splunk Enterprise Security • IBM Qradar • AlienVault
  • 64. Firewall • Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
  • 65.
  • 66. IDS • Intrusion Detection System (IDS) is a network security technology originally built for detecting vulnerability
  • 67. Tools
  • 68. Intrusion detection system • May use signature based technique • Snort network intrusion detection system(NIDS) • Available for windows as well as Linux
  • 69. IPS • An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats
  • 71. Windows Log Analysis • In an event of a forensic investigation, Windows Event Logs serve as the primary source of evidence as the operating system logs every system activity. Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artefacts. The information that needs to be logged depends upon the audit features that are turned on which means that the event logs can be turned off with the administrative privileges. From the forensic point of view, the Event Logs catch a lot of data.
  • 72. • The Windows Event Logs are used in forensics to reconstruct a timeline of events. • The main three components of event logs are: – Application – System – Security • On Windows Operating System, Logs are saved in root location %System32%winevtLogs. • When Maximum Log size is reached: – Oldest Events are Overwritten – Archive the Logs when full – If do not wish to overwrite the events, clear logs manually
  • 73. The type of events that are recorded can be any occurrence that affects the system: • An Incorrect Login Attempt, • A Hack, Breach, System Settings Modification, • An Application Failure, • System Failure etc. All these events are logged in the “%System32%/Winevt/Log”.
  • 74.
  • 75.
  • 76.
  • 77. Full Event Log View • https://www.nirsoft.net/utils/full_event_log_view.html#: ~:text=FullEventLogView%20is%20a%20simple%20tool, network%2C%20and%20events%20stored%20in%20.
  • 80. Kali Linux Password Reset 1. Boot your Kali system and let the GNU Grub page will appear. 2. On the GNU GRUB page select the * Advanced options for Kali GNU/Linux option by down arrow key and press enter. 3. Now simply select the second one Recovery mode option and press E key to go to recovery mode of Kali Linux. 4. To modify it just change read-only mode (ro) to rw (write mode) and add init=/bin/bash like below screenshot then press F10 to reboot the Kali Linux. 5. After rebooting the Kali Linux system, it will bring you the bellow screen to reset Kali Linux password.
  • 81. • To reset root password of Kali Linux system, simply type “passwd ” and hit the enter. Then type the new password twice for the root user. After successfully resetting Kali Linux lost password, you will see the succeed message*password update successfully*. Well reboot the system with reboot –f and log in with a newly changed password of root user.
  • 82.