Cyber Forensics

The paper deals with the Issues related to  Medical Instrumentation which have come in light in the recent decade. As the instrumentation advances the added features provide great ease but also add security and privacy concerns as has come to light with the efforts of many researchers and ethical hackers that the devices can easily be compromised and even lead to deaths. This can be exploited for the acts of bioterrorism and disease outbreak also. Demonstrated  security risks require a renewed emphasis by the FDA and manufacturers to identify, evaluate and plug the  potentially rare but serious security holes that exist in these devices. Unfortunately, the adoption of information technology (IT) in the health care system lags behind other industries because of financial and technical obstacles. Two main scenarios that develop in this wake are medical systems getting infected by common malwares and viruses and other of intentional hacking which has fortunately till date has happened only in research studies. This paper tries to investigate the risks associated with such devices from the cyber environment and present some technologically and economically viable solution to these problems.

If we start from the concept: “Forensic Computer is the science of extracting data so that it can be presented as evidence in a court of law” (Albert J. Marcella, 2007), in the process of extraction is important the recovery, examination and analysis of digital evidence; the recovery should be logical and physical starting from the identification of the type of partition, the identification of hidden drives. In the above process “investigation and examination”, the using of tools to recover deleted information that is related to the case is necessary, These tools must be standardized for proper information security, each disk drives a record of the data in each cluster, when a file is deleted, the reference to that file is removed from the record but the data is not actually delete from the disk (Casey, 2003). In all storages devices, external and internal the data will remain on the disk indefinitely, even when a deleted file is overwritten if the new file does not take up the entire cluster, for this reason a portion of the old file might remain in the slack space. When collecting the entire contents of a computer, a bitstream copy copies what is in slack space and unallocated space, whereas a regular copy does not, bistream copy duplicates everything in a cluster. (Casey, 2003) According to (Schweitzer, 2003) the proper forensic analysis the first step is to collect computer evidence, image is one of the first procedure to be carried out after the contents of the computer’s memory have been copied and preserved, the imaging process is nondestructive to the data and some cases not require the operating system.

We are glad to inform you that the School of Engineering & Technology, Sharda University, Greater Noida is organizing One Week International FDP on "Recent Trends in Cyber Security" through online mode from 26th June -01st July, 2021.

You are invited to attend the same and register yourself.

Kindly register yourself at the earliest by visiting the following link: https://forms.gle/jpsutNDPE2apNdaC7

Software tools designed for disk analysis play a critical role today in digital forensics investigations. However, these digital forensics tools are often difficult to use, usually task specific, and generally require professionally trained users with IT backgrounds. The relevant tools are also often open source requiring additional technical knowledge and proper configuration. This makes it difficult for investigators without some computer science background to easily conduct the needed disk analysis. In this dissertation, we present AUDIT, a novel automated disk investigation toolkit that supports investigations conducted by non-expert (in IT and disk technology) and expert investigators. Our system design and implementation of AUDIT intelligently integrates open source tools and guides non-IT professionals while requiring minimal technical knowledge about the disk structures and file systems of the target disk image. We also present a new hierarchical disk investigation model whi...

The utilization of the internet within organizations has surged over the past decade. Though, it has numerous benefits, the internet also comes with its own challenges such as intrusions and threats. Bring Your Own Device (BYOD) as a growing trend among organizations allow employees to connect their portable devices such as smart phones, tablets, laptops, to the organization’s network to perform organizational duties. It has gained popularity over the years because of its flexibility and cost effectiveness. This adoption of BYOD has exposed organizations to security risks and demands proactive measures to mitigate such incidents. In this study, we propose a Digital Forensic Readiness (DFR) framework for BYOD using honeypot technology. The framework consists of the following components: BYOD devices, Management, People, Technology and DFR. It is designed to comply with ISO/IEC 27043, detect security incidents/threats and collect potential digital evidence using lowand high-level inte...

The need for forensic accounting is due to incessant failure of the statutory audit to detect and prevent fraudulent activities. The purpose of this study is to examine the "Relevance of Forensic Accounting: Issues in Accountancy and Audit Practice in Nigeria". The basic methodology used to achieve the objectives was a combination of interview and questionnaire. Simple percentage and t-test statistics were employed as the statistical tool for analyzing and testing the hypothesis. The study revealed that

Today it is globally known that it is a modern era of Artificial Intelligence. There is a great impact of Artificial Intelligence on the society as we are surrounded by technology. It is being observed that in Today's time, Artificial Intelligence has turned out to be technically friendly due to increasing demand in the Tech Industry. Artificial intelligence may greatly increase the efficiency of the existing economy. But it may have an even larger impact by serving as a new general-purpose "method of invention" that can reshape the nature of the innovation process and the organization of R&D. Artificial Intelligence holds the ability to search, accumulate, analyse, manipulate and make decisions based on interpretations done. Digital Forensics is now adopting this technology to spot the patterns of online security attacks and threats that can be caused to the user browsing online on servers. These patterns may include Browsing History of servers, Credit Checks, Purchasing Histories, Online Payments and Transactions made by the user etc. To secure the users from various cyber threats and attacks we need to move to a new Tech Gateway for Cyber Forensics-"Artificial Intelligence". Today various Government Organizations like Police Cyber Cell, Joint Cipher Bureau, CBI Cyber Cell etc. are standing on the bleeding fringe of AI. The current globalization and technological advancements have meant that individual users, companies and organizations frequently need to adapt their internal cyber structure and operating cyber processes, to demonstrate efficiency and effectiveness of AI, especially when considering aspects that are beyond Tech Crimes, such as Cyber Hacking, User Account Penetration etc. To cope with that, this work proposes an alternative to model the evolution of AI in the field of Cyber Forensics. This paper highlights the role of Artificial Intelligence particularly in field of Digital Forensics, its application in different areas of Digital Forensic Processes and statistical facts relevant to this domain.

Hardware virtualization technologies play a significant role in cyber security. On the one hand these technologies enhance security levels, by designing a trusted operating system. On the other hand these technologies can be taken up into modern malware which is rather hard to detect. None of the existing methods is able to efficiently detect a hypervisor in the face of countermeasures such as time cheating, temporary self uninstalling, memory hiding etc. New hypervisor detection methods which will be described in this paper can detect a hypervisor under these countermeasures and even count several nested ones. These novel approaches rely on the new statistical analysis of time discrepancies by examination of a set of instructions, which are unconditionally intercepted by a hypervisor. Reliability was achieved through the comprehensive analysis of the collected data despite its fluctuation. These offered methods were comprehensively assessed in both Intel and AMD CPUs.

Despite growing concern among legal scholars and criminologists, our understanding of cyber stalking and cyber harassment legislation in the United States remains limited. Using a qualitative approach, this research work explored cyber stalking and cyber harassment legislation across the 50 states and identified themes present in the statutes. The primary themes that were identified using coaxial coding included intent, anonymity, communicating a message of alarm/distress/fear, prior contact with the criminal justice system, jurisdiction, and reference to minors. This may be the first step in developing clear definitions of the important phenomena of cyber stalking and cyber harassment. This more nuanced understanding of current legislation in the United States may help social scientists move forward and further explore the nature and extent of these important crimes.

On April 4, 2017 a Syrian government air-attack at Khan Sheikhoun, Syria was followed by reports, photographs, and video data that indicated a significant number of casualties from exposure to toxic gases associated with the attack. This event was immediately followed by allegations that the deaths and injuries were caused by nerve agent released from a small crater produced by an air-dropped bomb on an asphalt covered road. The crater's size, shape, depth, contained debris, and surroundings were extensively documented in numerous videos and photographs, but until now, there has been no clear, science-based explanation of how the crater was formed. In this paper, we have applied advanced techniques from computational mathematics and mechanics to perform a forensic reconstruction of the crime scene. Based on 3D image analysis, we first show that the alleged site of the chemical attack had been tampered with, and essentially all of the public reports about the scene around the crater depend on observations made after the tampering had occurred. Using mathematical modeling that utilizes the pertinent mechanics of fluids, solids, fracture and explosion based on LS-DYNA, our supercomputer simulation results have demonstrated the following: 1) We show that a bomb of cylindrical shape and high length-to-diameter (L/D) ratio that was attached to a metal tube arrived at a high speed and loft angle-in excess of 200 m/s and 45° respectively-and detonated at the surface of the asphalt road. The high L/D of the explosive charge and the attached metal tube indicates that the explosive charge was the warhead of a short-range rocket and the metal tube was the rocket's spent motor casing. 2) The cylindrical shape of the explosive charge, its loft angle, and its detonation at the asphalt surface completely explain the tear-shape (noncircular) of the crater rim and the location of deepest point in the crater-which is at the round forward edge the tear-shaped crater-perimeter (the crater is not deepest at its middle). Our calculations also reveal in detail how the empty rocket motor casing was carried forward by momentum after the crater was produced by the much faster action of the explosion of the warhead. The calculations show how the forward-moving casing then gets buried in the crater's forward wall and bent at a large angle by a violent torque, similar to that produced when a pole vaulter converts forward

The computer is being used by majority of the people living today. There are linked to the computer either directly or indirectly. The computer systems are gaining their implementations in different departments. Either it is education or the military, the computers are to be found everywhere. The computers are being used for performing different operations in different fields. It has produced much easier ways of performing different tasks easing human being lives. In the past, when the computer was not commercial and there was very limited use of it, it was hard to manage time. With the implementation of computer systems everywhere, many tasks can be completed within short span of time. It is being used by the banks, businesses and other government organizations as well. They have been using the computer systems for record keeping and producing much easier ways for the customers and the people to use their services whenever they want to. The businesses rely on the storage of information about their customers and other related information.

In the recent years, the use of internet and information technology across the globe has been increased tremendously. The opportunity to use the internet is huge and unconditional. Therefore, the criminal activities in the cyber world is increased in greater scale. Cyber forensics is an emerging research area that applies cyber crime investigation and analysis techniques to detect these crimes and prove the same with digital evidence in court. In this paper we have used the terms cyber, computer and digital forensics interchangeably and how cyber forensics play a key role in investigating a cybercrime.

Over the decade web applications are grown rapidly. This leads to cyber crimes. Attacker injects various scripts to malfunction the web application. Attacker injects these scripts to text box of vulnerable web application from various compounds such as search bar, feedback form, login form etc and later which is executed by the server. Sometimes attacker modifies the URL to execute a successful attack. This execution of system calls and API on web server by attacker can damage the file system and or leaks information of web server. PHP is a server side scripting language, dynamic features and functionalities are controlled through the PHP language. Hence, the use of PHP language results in high possibility of successful execution of code injection attacks. The aim of this paper is first to understand the code web application vulnerability related to PHP code injection attack, the scenario has been developed. Secondly defeat the attack and fast incident determination from the developed domain dictionary. This proposed system is helpful for cyber forensics expert to gather and analyze the evidence effectively

Electronic devices are a part and parcel of our lives today. With the penetration of technology in our lives, an increased dependency on gadgets, advancement in AI technologies, etc. the electronic devices hold abundance sensitive data about the person who owns the device. This makes them an essential piece of evidence, way more than any breathing witness, which helps the law enforcement officials in solving several cases. However electronic devices and records at the same time are sensitive evidences prone to tampering and manipulation which can substantially change the course of investigation. Therefore, it becomes important to handle these evidences prudently. Because of the same, the courts are hesitant in accepting and relying on electronic evidences. The Indian statutes lay down certain guidelines on handling of electronic evidences however these are not strictly adhered to. A dichotomy of opinion is observed in approach of the same court in different case laws, let alone be courts of various states. Hence a uniform practice could not be established to date even through judicial precedents. The paper studies the progress of recognizing electronic devices and records as an indispensable piece of evidence in a court of law in India through various case laws, the current attitude of court towards different forms of electronic records, and the challenges that still need to be addressed.

Dentro del proceso investigativo en delitos cibernéticos, todos los hallazgos encontrados vienen hacer parte fundamental de la investigación, los mismos que son tratados en el "Computer Crime Scene" como evidencia; la identificación, adquisición, seguridad y transportación como lo menciona (NIJ, 2008), son principios que deben sujetarse al apego y respeto a las leyes establecidas en "The Electronic Communication Privacy Act of 1986", "Privacy Protection Act of 1980", o a la misma "Cuarta Enmienda" donde se establece los criterios de respeto a los derechos constitucionales como lo explica (Salas, 2012), "La cuarta enmienda limita la capacidad del agente del gobierno para buscar y obtener pruebas sin una orden judicial, la Cuarta Enmienda establece: "The right of the people to be secure in their person, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issues, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized ". Estableciendo así un principio de legitimidad en cuando al uso correcto en la extracción y manejo de evidencia digital sin afectar los derechos de los ciudadanos.
Este trabajo tiene como objetivo establecer los lineamientos y normas establecidas por el Gobierno Federal en cuanto al correcto uso de los métodos de investigación y exanimación Forense dentro de una escena en delitos cibernéticos. Apegarnos a las normas y protocolos definirá nuestro trabajo como investigadores y examinadores forenses.

The intensification of Information and Communications Technology usage in all facets of life exceedingly amplify the incidents of information security policy breaches, cyber crimes, fraud, commercial crimes, cyber laundering etc, hence require a well developed approach to tackle these incidents in order to realize legally defensible digital evidence. Since electronic evidence is fragile and can easily be modified, finding this data, collecting, preserving, and presenting it properly in a court of law is the real challenge. There is a need for use of semantic analysis to discover underlying security policy requirements and internal power structures and institutionalization of anti cyber attack, antimoney- laundering and regulatory schemes. The first responders to cyber security incidents often than always are an organization ICT personnel who are technically sound though may be deficient in investigative skill. The scientific standards of cyber forensics dictates the procedure as it promotes objectivity, a precise and well documented analysis, particularly that the findings maybe used as evidence against the attacker. This paper aims to contribute to the advancement of the cyber forensics discipline with a view to assist the International community in combating this sophisticated, high-tech, dynamic ever changing phenomenon.

The purpose of this study is to explore the evolving technology and systems to find a low cost, efficient and portable solution for hard disk drive forensic imaging.Hard Disk Drive Imaging is one of the most frequently used forensic process which finds its application in both traditional as well as digital crimes and has found massive implementation in detecting cyber-crime incidents leading to cyber warfare. An empirical research was conducted using combination of hardware's like Intel NUC, Raspberry Pi 3 Model B, Custom Forensic Workstation (CFW), write blockers etc. and software's like ENCASE and FTK imager to do forensic imaging using multiple hard drives. A comparative analysis of the imaging process using same identical media over various platforms was done.The research shows that Raspberry Pi 3 Model B is a cost effective solution when a small device is to be imaged. Intel NUC with its i3 processor performs better than custom forensic work station with i7 processor when imaging using FTK Imager. The process of imaging involves many intricacies in order to prove the authenticity of evidence in a court of law. Problem in this regard arose when imaging was done using FTK on Linux and analyzed using ENCASE. The format generated on Linux and that recognized by ENCASE is different. The integrity of evidence is thus put to question. It was observed that not all components of each system are needed consecutively for the task of imaging. Consequently if a system is assembled with necessary components, it can help in further reducing the cost drastically.

Bilgi çağını yaşadığımız 21.
yüzyılda teknolojiye bağımlı
bir haldeyiz. Yaşamın her
alanını dijitalleştiriyoruz.
Bankacılıktan ticarete, habercilikten
iletişime, iş hayatından sosyal hayata
kadar her şeyin önüne “e” harfini
koyar olduk. Teknolojinin yardımı ile
yaşamımız ne kadar kolaylaşıyor
gibi görünse de, madalyonun öteki
yüzünde banka hesaplarımıza girilmesi,
e-postlarımızın ele geçirilmesi, kişisel
bilgilerimizin çalınması gibi bilişim
suçu olarak tabir ettiğimiz istenmeyen
ve bize zarar veren olaylara da maruz
kalmaya başladık.
Dijital dünya sınırlarımızı zorlarken
suçu aydınlatabilecek bilgiyi de
yine dijital ortamlardan elde etmek
zorundayız. Hal böyle olunca, dijital
ortamlardan delil tespit etmek, kıldan
DNA tespit etmek gibi uzmanlık
gerektiren bir konu oldu. Adli Bilişim
(Computer / Cyber Forensic) olarak
adlandırdığımız bu uzmanlık alanı artık
Adli Bilimler çatısı altında ayrı bir
disiplin ve uzmanlık alanı olarak kendini
göstermeye başlamış durumda.
Bu makalede adli bilişimin tüm
yönlerini teknik detaylara çok fazla
girmeden, hukukçuların anlayacağı
bir dil ile anlatmaya çalışacağım.
İlk önce dijital delil kavramı ve dijital
delilin bütünlüğünü ve sağladığımız veri
özet değeri kavramlarını anlattıktan
sonra, adli bilişimin temel ilkelerine ve
süreçlerine detaylı olarak değineceğim.

Many a times, it has been argued that over dependency on technology leads to deskilling, lack of innovation and creativity thus resulting in inferior or substandard work. With a field growing in both demand for personnel and market for forensic software, 'digital forensics' is certainly not spared. Lately, there has been an increase in the number of digital forensic tools being developed to aid the extraction, analysis and management of digital evidence. Various comparisons, opinions and debates on the effectiveness of digital forensic software tools and their forensic soundness continue to dominate forensic investigator networks, white papers and publications. Given this context, many digital forensic investigators have unfortunately placed an over reliance on 'push the button' tools whilst overlooking the importance of other skills attributes to the digital forensic process. This issue has been exacerbated by a number of digital forensic course providers who are placing an over-emphasis on computer forensic software tools at the expense of other skills in their curriculum. In this paper, the author will make the case that a digital forensic investigation is not solely dependent on software tools but is also affected by various other soft skills. In presenting this argument the author will first discuss the usefulness and shortcomings in the use of software tools. This will be followed by a study of other relevant digital forensic skills. The last section of the paper will present theoretical and field based findings leading to the proposed 'Digital Forensic Skills Framework' intended to act as a general guide for course providers, recruiters as well as practising and prospective digital forensic investigators in measuring skills maturity levels and optimal digital forensic skills set.

COMPUTER FORENSICS INTEGRATES THE FIELDS OF COMPUTER SCIENCE AND LAW TO INVESTIGATE CRIME. FOR DIGITAL EVIDENCE TO BE LEGALLY ADMISSIBLE IN COURT, INVESTIGATORS SHOULD FOLLOW PROPER LEGAL PROCEDURES WHEN RECOVERING AND ANALYZING DATA FROM COMPUTER SYSTEMS. THE LAWS WRITTEN BEFORE THE ERA OF COMPUTER FORENSICS ARE OFTEN OUTDATED AND CANNOT ADEQUATELY ASSESS THE TECHNIQUES USED IN A COMPUTER SYSTEM SEARCH. THE INABILITY OF THE LAW TO KEEP PACE WITH TECHNOLOGICAL ADVANCEMENTS MAY ULTIMATELY LIMIT THE USE OF COMPUTER FORENSICS EVIDENCE IN COURT. THIS PAPER DISCUSSES LEGAL ISSUES IN COMPUTER FORENSICS INVESTIGATIONS PROCESS AND ADMISSIBILITY OF DIGITAL EVIDENCE IN COURT OF LAW.

Abstract—Intrusion Detection Systems (IDS) have become crucial components in computer and network security. NSLKDD intrusion detection dataset which is an enhanced version of KDDCUP'99 dataset was used as the experiment dataset in this paper.  Because of inherent characteristics of intrusion detection, still there is huge imbalance between the classes in the NSLKDD dataset, which makes harder to apply machine learning effectively in the area of intrusion detection. In dealing with class imbalance in this paper Synthetic Minority Oversampling Technique (SMOTE) is applied to the training dataset. A feature selection method based on Information Gain is presented and used to construct a reduced feature subset of NSL-KDD dataset. Random Forests are used as a classifier for the proposed intrusion detection framework. Empirical results show that Random Forests classifier with SMOTE and information gain based feature selection gives better performance in designing IDS that is efficient and effective for network intrusion detection. 
Keywords— Network Security; Intrusion detection system; Imbalanced dataset; Feature selection; Random forests classifier

Management Fraud is a form of fraud, which normally does not come on surface, but its impact is staggering both in economic terms as well its effect on victims. Fraud whether it is committed by an employee or a manager is a concern of total society. Controlling fraud is everyone's business. However as citizens of a democratic society we accept the top executives of various organizations to foster conditions and create environment, which would inhibit temptations of the managerial staff to commit frauds.

In the modern world, we use microprocessors which are either based on ARM or x86 architecture which are the most common processor architectures. ARM originally stood for ‘Acorn RISC Machines’ but over the years changed to ‘Advanced RISC Machines’. It was started as just an experiment but showed promising results and now it is omnipresent in our modern devices. Unlike x86 which is designed for high performance, ARM focuses on low power consumption with considerable performance. Because of the advancements in the ARM technology, they are becoming more powerful than their x86 counterparts. In this analysis we will collate the two architectures briefly and conclude which microprocessor will dominate the microprocessor industry. The processor which will perform better in different tests will be more suitable for the reader to use in their application. The shift in the industry towards ARM processors can change how we write softwares which in turn will affect the whole software developmen...

The process of identifying and establishing attribution and motive in both cyber-attacks and counter attacks is often a problematic/challenging process. This is largely due to events often being undocumented and unverified, because of the uncertainty regarding their timing, extent, cause, and specific mechanisms of execution. Yet such attacks can upend critical infrastructure and impair their ability to avail key information for during crucial national events such as an election. The very borderless nature of cyberspace means that adversaries could be " thousands of miles away or in the very next cubicle at work, or both! " Cases that pertain to hacking should, therefore, pay special attention to the unknown hackers operating from both the outside and inside and play close attention to both domestic and international realms in their lines of inquiry. A targeted organization " s insiders are a much greater threat and can do far greater damage as they already have some level of access, means, and opportunity to hack. They can directly contribute to increased vulnerability, in a myriad of ways, including the creation of backdoors in systems which they can then exploit when stakes are high. By drawing upon Zimbabwe " s 2018 election as a case study, this paper painstakingly attempts to connect the dots between seemingly disparate cyber threats that took place on 1 August 2018 and to provide an analysis that positions them in their appropriate context in order to establish a connection, attribution, and motive. It also assesses the impact such events had on the election outcome. This will contribute to an evidence-based threat model which examines multiple attack vectors like data weaponization and white hat hacking for political reasons in the context of censorship and resistance in cyberspace. While the paper does not generate definitive conclusions on the events that occurred in Zimbabwe, the systematic analysis opens up new lines of inquiry in understanding the Zimbabwean attack vectors and related situations elsewhere.

Lirieka Meintjes-Van Der Cognitive bias affecting forensic
Walt & Adebola Olaborede expert opinion
The influence of bias in forensic expert opinion can create problems for
the criminal justice system. Many research studies have shown that forensic
experts can be susceptible to cognitive bias that influences their memory
and reasoning and affects the objectivity of their opinion and decisions.
This has contributed to the misidentifications and consequent wrongful
convictions of innocent persons. This article examines bias that can affect
the opinion offered by forensic experts in criminal trials and discusses
the risk of bias in some forensic science disciplines, such as fingerprint
examination, trace evidence, bullet comparison and DNA analysis. The
article contends that different factors such as the quality and/or clarity of the
forensic evidence, contextual case information and subjective interpretation
of forensic analysis can exacerbate bias. Strategies recommended for
mitigating bias include blind testing, blind verification, independent review,
linear sequential unmasking (LSU) and the filler control method. The merits
and demerits of these strategies are highlighted. The article also proposes
certain cross-examination questions that could expose bias in forensic
examination.

Serious weaknesses were discovered in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected WPA2-Wi-Fi networks. Depending on the handshake mechanism, it is also possible to inject and manipulate data. A solution is proposed to provide the secure handshake by capturing and analyzing the EAPOL packets to prevent nonce reuse which happens while reinstallation of Pairwise Trasient Key(PTK) which happens in case if there is an attack. Our patches blocks access to the victim system via rogue AP created by the KRACK and alerts the client about the suspicious activity and blocks the attacker from further attacking.

Software tools designed for disk analysis play a critical role today in digital forensics investigations. However, these digital forensics tools are often difficult to use, usually task specific, and generally require professionally trained users with IT backgrounds. The relevant tools are also often open source requiring additional technical knowledge and proper configuration. This makes it difficult for investigators without some computer science background to easily conduct the needed disk analysis.
In this dissertation, we present AUDIT, a novel automated disk investigation toolkit that supports investigations conducted by non-expert (in IT and disk technology) and expert investigators. Our system design and implementation of AUDIT intelligently integrates open source tools and guides non-IT professionals while requiring minimal technical knowledge about the disk structures and file systems of the target disk image. We also present a new hierarchical disk investigation model which leads AUDIT to systematically examine the disk in its totality based on its physical and logical structures. AUDIT's capabilities as an intelligent digital assistant are evaluated through a series of experiments comparing it with a human investigator as well as against standard benchmark disk images.

Computers are found in every aspect of our daily lives, employed for personal, social, and professional purposes. Electronic devices like hard discs and flash are standard storage media for most forms of information. The World Wide Web has become more conducive to cybercrime than ever before. This article will discuss cyber and network forensics in more detail. There are several crimes these days, especially those committed by digital means, which necessitate digital or electronic evidence as proof. Computer forensics, like many other forensic sciences, includes the use of advanced technological tools and methods to verify the accuracy of evidence retention and data processing outcomes. Over the last few years, computer forensics has experienced a sharp rise in interest with regard to digital forensics. Computer forensics, which includes proven processes and methodologies, has so far failed to solve many computers crime cases. The examination and analysis of a computer system in order to provide evidence in a court of law that can help solve a cybercrime case is referred to as "cyber forensics." It is difficult for India to achieve a healthy balance between the legal and judicial systems, which are democracies. In India, cyber forensics is still extremely new and uncharted territory. Many people do not know about the cyber forensics’ terminology and its usage. Every country is gradually getting digitized, with the availability of fast connecting networks, easy internet access, and user acceptability. Under the canopy of rising technology, cybercrime is expanding. In this paper an attempt is made to show the current scenario of the cyber forensics in India & its associate d difficulties. This paper aims to contribute to the advancement of the cyber forensics discipline and its importance in combating this sophisticated, high-tech, dynamic ever-changing phenomenon which is full of risk and danger. This paper also briefs about the trends and patterns of the Indian cyber forensic.

A  large  number  of  industries  including:  critical
national  infrastructure  (electricity,  gas,  water,  etc.)
and  manufacturing  firms  rely  heavily  on  computer
systems,  networks,  control  systems,  and embedded
devices  in  order  to  provide  safe  and  reliable
operations.  These  networks  can  be  very  complex
and  are  often  bespoke  to  the  types  of  product  the
industries  may  provide.  In  recent  years  we  have
seen  a  significant  rise  in  malicious  attacks  against
such systems, ranging from sophisticated intelligent
attacks  to  simple  tool  based  delivery  mechanisms.
With  the  rise  in  the  reliance  on  industrial  control
networks  and  of  course  the  increasing  attacks,  the
lack  of  security  monitoring  and  post  forensic
analysis  of  SCADA  networks  is  becoming
increasingly apparent. SCADA systems forensics is
not  like  standard  enterprise  file-system  forensics,
the  forensic  specialist  often  has  to  be  an  expert  in
such systems/networks and SCADA related devices
in  order  to  identify  where  potential  Forensic
evidence  could be  located.  This  paper looks  at the
SCADA/industrial  control  systems,  typical  attacks
and vulnerabilities, problems with forensic analysis
and  the  development  of  a  forensic
methodology/toolkit for such systems.

The use of hydro energy to generate electric power is crucial to meet the increasing energy demand of a modern
economy and maintains the stability of power supply for unstable sources of power like solar, and wind. In newly constructed
hydropower plants (HPPs), the trend among control systems is to adopt contemporary digital and cyber-based systems at the
expense of obsolete analog hard-wired systems. Therefore, cyber-physical security is a critical issue in reliability-constrained
HPPs. In this paper, we present different levels/layers of protection to manage cyber security. We adopt generalized
stochastic Petri nets to quantitatively evaluate the intrusion probability. We then propose a new cyber framework and show
that the proposed framework conforms to NIST cybersecurity regulations. Finally, we discuss dependability through three
metrics, i.e., reliability, maintainability, and availability. A case study is presented to demonstrate that the proposed cyber
framework is highly dependable through analyzing steady-state probabilities.

"En ces temps de Covid-19, et à l'image de l'attaque informatique sur les données de la compagnie EasyJet, le cyberespace est de plus en plus instable. États, entreprises et particuliers semblent promis à une période de très forte instabilité sur la toile mondiale."

Today’s world lives more online than offline, uses digital mean and technology almost with every breath and shudders with the thought of compromised privacy and security. Computers have come to the verge where we have computers as our drivers, our personal managers, our second personality and even as our hearts. In this scenario if any of our computers gets infected by a malicious program it’s almost as if we concocted a viral infection ourselves, in many cases it is more dangerous than it appears. So it is not far if computer infections are studied same way as human diseases. This paper discusses Cyber virology (many programs that can maliciously infect a PC), immunology (the programs that prevent and counteract the infections) and some unconventional but working methods not given in any manuals or taught by security specialists but learned from 10 year experience of the authors in solving PC problems and their logic.

The rate at which employee’s fall victim of Identity Theft and Phishing attack.
Promote the education of employees and conduct training sessions with mock phishing scenarios.
The fact that organizations have Information Technology/Information Security Team who could help establish and continuously create awareness
Cyber security has risen to become a national concern as threats
Concerning it now need to be taken more seriously.
• To help people reduce the vulnerability of their Information and
Communication Technology (ICT) systems and networks.
• To help individuals and institutions develop and nurture a
Culture of cyber security.
• To work collaboratively with public, private and international
Experts to secure cyberspace.
• To help understand the current trends in IT/cybercrime, and
Develop effective solutions.
• Availability.
• Integrity, which may include authenticity and non-repudiation.• Confidentiality.