How To Investigate Internet Crime? — ExploitByte
How To Investigate Internet Crime? — This Blogs focuses on investigating Internet crimes. It starts by describing the different types of Internet crimes. It then discusses the different forensic methods and tools investigators use when investigating Internet crimes.
What Is Internet Crime?
Internet crimes are crimes committed over the Internet or by using the Internet. The executor or perpetrator commits criminal acts and carries out wrongful activities on the Web in a variety of ways.
The following are some of the different types of Internet crimes:
* Phishing: Phishing is an e-mail fraud method in which the perpetrator sends out official-looking e-mail to the possible victims, pretending to be from their ISP, bank, or retail establishment, to collect personal and financial information. It is also known as “brand spoofing,” which is a trick to steal valuable information such as passwords, credit card numbers, Social Security numbers, and bank account numbers that the authorized organization already has. During this process, users are asked by e-mail to visit a Web site to update their personal information.
How To Investigate Internet Crime?
* Identity theft: Identity theft is a crime where a person’s identity is stolen. The perpetrator then uses the victim’s personal data-such as Social Security number, bank accounts, or credit card numbers-to commit fraud. Identity thieves obtain the names, addresses, and birth dates of victims, and may apply for loans in the name of their victims. In other instances, attackers acquire information such as user-names and passwords to login and steal valuable information and e-mails. Multiple methods are used to commit these frauds, such as purse or wallet theft, or posing as fake marketing executives. The Internet is the easiest and most effective way to carry out identity theft. It is simple for criminals to use a person’s credit card information to make purchases because transactions over the Internet occur quickly and without prior personal interaction. It is quite easy for any person to get another’s personal details if a victim is careless. Shoulder surfing is a method by which a thief looks over a person’s shoulder to see the person’s password or PIN. Identity thieves also use phishing to acquire personal information.
* Credit card fraud: In credit card fraud, attackers illegally use another’s credit card for purchasing goods and other services over the Internet. Attackers can steal personal details using different techniques such as phishing, eavesdropping on a user’s transactions over the Internet, or using social engineering techniques. In social engineering, an attacker extracts personal details from a user through social interactions.
How To Investigate Internet Crime?
* Illegal downloading: Illegal downloading is an offense under the cyber laws. Downloading from an authorized Web site is acceptable; however, an unauthorized organization or individual cannot sell any product that is copyright protected. Illegal downloading affects the sales of that product. This type of crime is rampant because of the availability of tools for cracking software. Different types of services are provided for customer satisfaction but are misused. There are many issues that lead to illegal downloading. These include:
* Getting products at low cost or for free
* No personal information required
* Readily available throughout the world
The following are the types of items downloaded illegally most often:
* Music
* Movies
* Software
* Confidential or defense information
* Corporate espionage: Espionage means collecting information about an enemy or a competitor through spies. Corporate espionage is all about collecting information such as client lists to perpetrate frauds and scams in order to affect a rival financially. For this reason, companies focus specifically on such crimes and take special care to prevent such situations. Experts have sketched out a two-pronged strategy for overcoming this situation as follows:
* Knowledge of employees: Conducting background checks on new employees, and keeping a check on employees who have been assigned sensitive projects is crucial.
* Access control: Information about the business that is critical or important should not be stored on a computer that is connected to a network. Data that is highly critical should be encrypted.
How To Investigate Internet Crime?
* Child pornography: Child pornography is any work that focuses on children in a sexual manner. The global community has realized that children are at risk and can suffer from negative effects because of pornographic exploitation. Rapidly expanding computer technology has given access to the production and distribution of child pornography. Not only girls and boys but also infants are becoming victims of such offensive activity. Pornographers make use of poor children, disabled minors, and
sometimes neighborhood children for sexual exploitation. Children who are sexually exploited through pornography suffer from mental depression, emotional withdrawal, mood swings, fear, and anxiety.
* Luring children via chat rooms: Kidnappers often use chat rooms to turn children into victims. A kidnapper tries to build a relationship with children by showing them cartoons, interesting art clips, and offering them sweets. This is known as grooming. With many people of different ages, including children and youth, having access to the Internet, children are easily trapped and kidnapped because of their innocence and trust.
* Scams: The Internet is globally uniform and serves as the best-known market to promote businesses and services for customers around the world. Yet it is difficult to track and differentiate between legal and fake sellers on the Internet. Fake sellers cheat people by using various options available on the Internet,such as e-mail, chat rooms, and e-commerce sites.
* Cyber terrorism: Cyber terrorism is committed using computer and electronic attacks. Cyber terrorists can sit on one system and carry out attacks on computers worldwide.
* Creation and distribution of viruses and spam: A virus is a program that spreads from machine to machine, usually causing damage to each system. These are some forms of viruses:
* A polymorphic virus is one that produces varied but operational copies of itself.
* A stealth virus is one that, while active, hides the modifications it has made to files or boot records.
* A fast infector infects programs not just when they are run, but also when they are simply accessed.
* A slow infector will only infect files when they are created or modified.
The following are some of the reasons individuals create viruses:
* It is a way of attracting attention.
* Virus writers gain a sense of fulfillment from creating something that impacts a vast number of people.
* It is motivated by financial gain.
* Virus writers may get excited about every bit of junk e-mail they get as a result of their virus.
The following are some of the forms in which a virus can be distributed:
* Removable disks: This includes floppy disks, CD-ROMs, and USB drives.
* Crack sites: These are sites that provide information on how to crack different applications
and software.
* Unsecured sites: These are Web sites that do not use the HTTPS protocol.
* Flash greetings: This is the most common way of spreading a virus. This is a Flash animation or video
that hides a virus.
* E-mail attachments: Users should not open attachments from unknown persons or Web sites.
How To Investigate Internet Crime?
* Downloading: Users should check Web sites to make sure they are legitimate before downloading.
Goals Of Investigation
The following are the goals of Internet forensic investigations:
* To ensure that all applicable logs and evidence are preserved
* To understand how the intruder is entering the system
* To discover why the intruder has chosen the target machine
* To gather as much evidence of the intrusion as possible
* To obtain information that may narrow the list of suspects
* To document the damage caused by the intruder
* To gather enough information to decide if law enforcement should be involved
Steps For Investigating Internet Crime
The following are the steps involved in investigating Internet crime:
1. Obtain a search warrant and seize the victim’s equipment.
2. Interview the victim.
3. Prepare bit-stream copies.
4. Identify the victim’s configuration.
5. Acquire the evidence.
6. Examine and analyze the evidence.
7. Generate a report.
How To Investigate Internet Crime?
Obtain A Search Warrant
The search warrant application should describe clearly that the investigators are to perform an on-site examination of the computer and network devices. The warrant needs to permit the seizure of all devices suspected to have been used in the crime, including the following:
* Victim’s equipment
* Router
* Webcam
* Switch
* Other network device
Investigators should perform forensic examinations on all equipment permitted in the search warrant.
Interview The Victim
Investigators need to interview the victim about the incident. While interviewing the victim, the investigator should ask the following questions:
* What incident occurred?
* How did the intruder get into the network?
* What was the purpose of the attack?
* What are the major losses from this incident?
Prepare Bit-Stream Copies
Investigators need to prepare bit-stream copies of all storage devices attached to the affected computer, using a tool such as SafeBack. Investigators should never directly work on original copies of evidence.
Check the Vlogs
Investigators need to remember to do the following when checking logs:
* Check the offsite or remote logs.
* Check the system, e-mail and Web server, and firewall log files.
* Check log files of chat sessions if the attacker monitored or had conversations with the victim through IRC services.
Identify the Source of the Attack
Investigators need to trace the source of the attack. The following are some of the possible initial sources:
* Web site
* E-mail address
Collect the Evidence
The investigator can gather the evidence using the following resources:
* Volatile and other important sources of evidence on live systems:
* Running processes (ps or the proc file system)
* Active network connections (netstat)
* ARP cache (arp)
* List of open files (lsof)
* Virtual and physical memory (/dev/mem, /dev/kmem)
* Computer forensic tools for data collection, including:
* Guidance Software’s EnCase (www.guidancesoftware.com)
* AccessData’s Forensic Toolkit (www.accessdata.com)
Generate a Report
The generated report must at least contain the following information:
* Name of the investigator
* List of router evidence
* Documents of the evidence and other supporting items
* List of tools used for investigation
* List of devices and setups used in the examination
* Brief description of the examination steps
* Details about the findings:
* Information about the files
* Internet-related evidences
* Data and image analysis
* Conclusion of the investigation
If You Like This Blog Please Comment Down And For More Hacking Content Click Here
Originally published at https://exploitbyte.com on August 28, 2021.