AI Intro-1

Unit-I: Artificial Intelligence
Areas of AI and Some Dependencies
Knowledge
Search Logic Representation
Machine
Planning
Learning
Expert
NLP Vision Robotics Systems
What is Artificial Intelligence ?
◻ making computers that think?

◻ the automation of activities we associate with human thinking,
like decision making, learning ... ?
◻ the art of creating machines that perform functions that require
intelligence when performed by people ?
◻ the study of mental faculties through the use of computational
models ?
◻ the study of computations that make it possible to perceive,
reason and act ?
◻ a field of study that seeks to explain and emulate
intelligent behaviour in terms of computational processes ?
◻ a branch of computer science that is concerned with the
automation of intelligent behaviour ?
◻ anything in Computing Science that we don't yet know
how to do properly ? (!)
THOUGHT Systems that Systems that

think think
like humans rationally
Systems that act Systems that act

BEHAVIOUR like humans rationally
HUMAN RATIONAL
Systems that act like humans:
Turing Test
◻ “The art of creating machines that perform

functions that require intelligence when performed
by people.” (Kurzweil)
◻ “The study of how to make computers do things at
which, at the moment, people are better.” (Rich and
Knight)
Systems that act like humans
?
◻ You enter a room which has a computer terminal.
You have a fixed period of time to type what you
want into the terminal, and study the replies. At the
other end of the line is either a human being or a
computer system.
◻ If it is a computer system, and at the end of the
period you cannot reliably determine whether it is a
system or a human, then the system is deemed to be
intelligent.
◻ The Turing Test approach

⮚ a human questioner cannot tell if
✔ there is a computer or a human answering his question,
via teletype (remote communication)
⮚ The computer must behave intelligently
◻ Intelligent behavior
⮚ to achieve human-level performance in all cognitive
tasks
◻ These cognitive tasks include:
⮚ Natural language processing
✔ for communication with human
⮚ Knowledge representation
✔ to store information effectively & efficiently
⮚ Automated reasoning
✔ to retrieve & answer questions using the stored
information
⮚ Machine learning
✔ to adapt to new circumstances
The total Turing Test
◻ Includes two more issues:

⮚ Computer vision
✔ to perceive objects (seeing)
⮚ Robotics
✔ to move objects (acting)
THOUGHT Systems that think Systems that think

Systems that Systems that

BEHAVIOUR act act
HUMAN RATIONAL
Systems that think like humans:
cognitive modeling
◻ Humans as observed from ‘inside’
◻ How do we know how humans think?
⮚ Introspection vs. psychological experiments
◻ Cognitive Science
◻ “The exciting new effort to make computers think …
machines with minds in the full and literal sense”
(Haugeland)
◻ “[The automation of] activities that we associate with
human thinking, activities such as decision-making,
problem solving, learning …” (Bellman)


BEHAVIOUR act act
HUMAN RATIONAL
Systems that think ‘rationally’
"laws of thought"
◻ Humans are not always ‘rational’
◻ Rational - defined in terms of logic?
◻ Logic can’t express everything (e.g. uncertainty)
◻ Logical approach is often not feasible in terms of
computation time (needs ‘guidance’)
◻ “The study of mental facilities through the use of
computational models” (Charniak and McDermott)
◻ “The study of the computations that make it possible to
perceive, reason, and act” (Winston)


BEHAVIOUR act act
HUMAN RATIONAL
Systems that act rationally:
“Rational agent”
◻ Rational behavior: doing the right thing

◻ The right thing: that which is expected to maximize goal
achievement, given the available information
◻ Giving answers to questions is ‘acting’.
◻ I don't care whether a system:
⮚ replicates human thought processes
⮚ makes the same decisions as humans
⮚ uses purely logical reasoning
Systems that act rationally
◻ Logic 🡪 only part of a rational agent, not all of rationality

⮚ Sometimes logic cannot reason a correct conclusion
⮚ At that time, some specific (in domain) human knowledge or
information is used
◻ Thus, it covers more generally different situations of problems
⮚ Compensate the incorrectly reasoned conclusion
Systems that act rationally
◻ Study AI as rational agent –

◻ Two advantages:
⮚ It is more general than using logic only
✔ Because: LOGIC + Domain knowledge
⮚ It allows extension of the approach with more scientific
methodologies
Rational agents
❑An agent is an entity that perceives and acts
❑An agent is a function from percept histories to actions: [f:
P* 🡪 A]
For any given class of environments and tasks, we seek the
agent (or class of agents) with the best performance
❑Caveat: computational limitations make perfect rationality
unachievable 🡪 design best program for given machine
resources
Artificial Intelligence- Definition
◻ Artificial
⮚ Produced by human art or effort, rather than
originating naturally.
◻ Intelligence - is the ability to acquire knowledge and
use it [Pigford and Baur]
◻ AI can be defined as:
⮚ AI is the study of ideas that enable computers to be
intelligent.
⮚ AI is the part of computer science concerned with
design of computer systems that exhibit human
intelligence(From the Concise Oxford Dictionary)
Role of AI
❑ AI has two major roles:

⮚ Study the intelligent part concerned with humans.
⮚ Represent those actions using computers.
Goals of AI
◻ To make computers more useful by letting them take over

dangerous or tedious tasks from human
◻ Understand principles of human intelligence
The Foundation of AI
◻ Philosophy
⮚ At that time, the study of human intelligence began with no
formal expression
⮚ Initiate the idea of mind as a machine and its internal
operations
❑Mathematics formalizes the three main area of AI:

computation, logic, and probability
⮚ Computation leads to analysis of the problems that can be
computed
✔ complexity theory
⮚ Probability contributes the “degree of belief” to handle
uncertainty in AI
⮚ Decision theory combines probability theory and utility
theory (bias)
◻ Psychology
⮚ How do humans think and act?
⮚ The study of human reasoning and acting
⮚ Provides reasoning models for AI
⮚ Strengthen the ideas
✔ humans and other animals can be considered as information
processing machines
◻ Computer Engineering
⮚ How to build an efficient computer?
⮚ Provides the artifact that makes AI application possible
⮚ The power of computer makes computation of large and
difficult problems more easily
⮚ AI has also contributed its own work to computer science,
including: time-sharing, the linked list data type, OOP, etc.
◻ Control theory and Cybernetics

⮚ How can artifacts operate under their own control?
⮚ The artifacts adjust their actions
✔ To do better for the environment over time
✔ Based on an objective function and feedback from the
environment
⮚ Not limited only to linear systems but also other problems
✔ as language, vision, and planning, etc.
◻ Linguistics
⮚ For understanding natural languages
✔ different approaches has been adopted from the linguistic
work
⮚ Formal languages
⮚ Syntactic and semantic analysis
⮚ Knowledge representation
The main areas in AI
❑ Artificial intelligence can be considered under a number
of application domains:
⮚ Search (includes Game Playing)
⮚ Representing Knowledge and Reasoning with it
⮚ Planning
⮚ Learning
⮚ Natural language processing
⮚ Expert Systems
⮚ Interacting with the Environment (e.g. Vision, Speech
recognition, Robotics)
Some Advantages of AI
🞑 Computers can become more powerful and more useful

🞑 AI can create new and improved interfaces
🞑 AI can solve new problems
🞑 AI can handle information in better fashion
🞑 It relieves from information overload
🞑 It can convert information into knowledge
The Disadvantages
🞑 Use of AI can increase costs
🞑 Software development may be slow and expensive
🞑 There can few experienced programmers available
🞑 Only few practical products have reached the market as yet
Search
◻ Search is the fundamental technique of AI.

⮚ Possible answers, decisions or courses of action are structured
into an abstract space, which we then search.
◻ Search is either "blind" or “uninformed":
⮚ blind
✔ we move through the space without worrying about what is
coming next, but recognising the answer if we see it
⮚ informed
✔ we guess what is ahead, and use that information to decide
where to look next
◻ We may want to search for the first answer that satisfies our
goal, or we may want to keep searching until we find the best
answer.
Knowledge Representation & Reasoning
◻ The second most important concept in AI

◻ If we are going to act rationally in our environment, then we
must have some way of describing that environment and
drawing inferences from that representation.
⮚ how do we describe what we know about the world ?
⮚ how do we describe it concisely ?
⮚ how do we describe it so that we can get hold of the right piece
of knowledge when we need it ?
⮚ how do we generate new pieces of knowledge ?
⮚ how do we deal with uncertain knowledge ?
Knowledge
Declarative Procedural
⮚ Declarative knowledge deals with factoid questions (what is the

capital of India? Etc.)
⮚ Procedural knowledge deals with “How”
⮚ Procedural knowledge can be embedded in declarative
knowledge
Planning
❑ Given a set of goals, construct a sequence of actions that

achieves those goals:
⮚ often very large search space
⮚ most parts of the world are independent of most other parts
⮚ often start with goals and connect them to actions
⮚ no necessary connection between order of planning and order
of execution
⮚ what happens if the world changes as we execute the plan
and/or our actions don’t produce the expected results?
Learning
◻ If a system is going to act truly appropriately, then it

must be able to change its actions in the light of
experience:
⮚ how do we generate new facts from old ?
⮚ how do we generate new concepts ?
⮚ how do we learn to distinguish different situations in new
environments ?
Interacting with the Environment
◻ In order to enable intelligent behaviour, we will have to

interact with our environment.
◻ Properly intelligent systems may be expected to:
⮚ accept sensory input
✔ vision, sound, …
⮚ interact with humans
✔ understand language, recognise speech, generate text, speech
and graphics, …
⮚ modify the environment
✔ robotics
The ‘von Neuman’ Architecture
AI Applications
◻ Autonomous Planning
& Scheduling:
⮚ Autonomous rovers
AI Applications
◻ Autonomous Planning & Scheduling:

⮚ Telescope scheduling
AI Applications
◻ Autonomous Planning & Scheduling:

⮚ Analysis of data:
AI Applications
◻ Medicine:
⮚ Image guided surgery
AI Applications
◻ Medicine:
🞑 Image analysis and enhancement
AI Applications
◻ Transportation:
⮚ Autonomous vehicle control
AI Applications
◻ Transportation:
⮚ Pedestrian detection
AI Applications
❑ Games:
AI Applications
◻ Games:
AI Applications
◻ Robotic toys:
AI Applications
◻ Bioinformatics:
⮚ Gene expression data analysis
⮚ Prediction of protein structure
◻ Text classification, document sorting:
⮚ Web pages, e-mails
⮚ Articles in the news
◻ Video, image classification
◻ Music composition, picture drawing
◻ Natural Language Processing
◻ Perception
Concept of machine learning
and deep learning
Machine Learning
◻ Machine learning is a branch of science that deals with

programming the systems in such a way that they
automatically learn and improve with experience.
◻ Learning refers to recognize and understand the input data and
make wise decisions based on the supplied data.
◻ The algorithms are designed to build knowledge from specific
data and past experience with the principles of statistics,
probability theory, logic, combinatorial optimization, search,
reinforcement learning, and control theory.
Machine Learning Algorithms
◻ The developed algorithms form the basis of various
applications such as:
⮚ Vision processing
⮚ Language processing
⮚ Forecasting (e.g., stock market trends)
⮚ Pattern recognition
⮚ Games
⮚ Data mining
⮚ Expert systems
⮚ Robotics
Types of Machine Learning
1) Supervised Learning
2) Unsupervised Laerning
1. Supervised Learning
◻ Supervised learning deals with learning a function
from available training data.
◻ A supervised learning algorithm analyzes the
training data and produces an inferred function,
which can be used for mapping new examples.
◻ Common examples of supervised learning include:
✔ classifying e-mails as spam,
✔ labeling webpages based on their content, and
✔ voice recognition.
Examples of Supervised
Algorithms
◻ There are many supervised learning algorithms such as
✔ neural networks,
✔ Support Vector Machines (SVMs), and
✔ Naive Bayes classifiers.
◻ Mahout implements Naïve Bays classifier
2. Unsupervised Learning:
◻ Unsupervised learning makes sense of unlabeled data
without having any predefined dataset for its training.
◻ It is an extremely powerful tool for analyzing available
data and look for patterns and trends.
◻ It is most commonly used for clustering similar input into
logical groups.
◻ Common approaches to unsupervised learning include:
✔ k-means
✔ Self-organizing maps, and
✔ Hierarchical clustering
Deep Learning
◻ Deep learning is a subfield of machine learning where
concerned algorithms are inspired by the structure and
function of the brain called artificial neural networks.
◻ All the value today of deep learning is through
supervised learning or learning from labelled data and
algorithms.
◻ Each algorithm in deep learning goes through the same
process.
◻ It includes a hierarchy of nonlinear transformation of
input that can be used to generate a statistical model as
output.
Deep/Machine Learning Process
◻ The following steps will take place in Machine
Learning process
✔ Identifies relevant data sets and prepares them for
analysis
✔ Chooses the type of algorithm to use
✔ Builds an analytical model based on the algorithm used
✔ Trains the model on test data sets, revising it as needed
✔ Runs the model to generate test scores
Applications of Machine Learning
and Deep Learning
✔ Computer vision which is used for facial recognition and
attendance mark through fingerprints or vehicle identification
through number plate
✔ Information Retrieval from search engines like text search for
image search
✔ Automated email marketing with specified target
identification
✔ Medical diagnosis of cancer tumors or anomaly identification
of any chronic disease
✔ Natural language processing for applications like photo
tagging, Example - Facebook.
✔ Online Advertising.
Embedded Systems- Introduction
⮚ It is an Electronic/Electro-mechanical system
designed to perform a specific function and is a
combination of both hardware & software.
OR
⮚ A combination of hardware and software which
together form a component of a larger machine.
Unit-II: Internet Of Things
Digital System v. Embedded
System
◻ Digital System: may provide service
🞑as a self-contained unit (e.g., desktop PC)
🞑as part of a larger system (e.g., digital control system
for manufacturing plant)
◻ Embedded System:
🞑part of a larger unit
🞑provides dedicated service to that unit
Embedded Systems Overview
◻ Computing systems are everywhere
◻ Most of us think of “desktop” computers
🞑 PC’s
🞑 Laptops
🞑 Mainframes
🞑 Servers
◻ But there’s another type of computing system
🞑 Far more common...
Embedded Systems Overview (cont.)
◻ Embedded computing systems

Computers are in here...
🞑 Computing systems embedded within
and here...
electronic devices
🞑 Hard to define. Nearly any computing and even here...
system other than a desktop computer

🞑 Billions of units produced yearly, versus
millions of desktop units
🞑 Perhaps 100s per household and per
automobile Lots more of these,
though they cost a lot
less each.
A “Short List” of Embedded Systems
Anti-lock brakes Modems
Auto-focus cameras MPEG decoders
Automatic teller machines Network cards
Automatic toll systems Network switches/routers
Automatic transmission On-board navigation
Avionic systems Pagers
Battery chargers Photocopiers
Camcorders Point-of-sale systems
Cell phones Portable video games
Cell-phone base stations Printers
Cordless phones Satellite phones
Cruise control Scanners
Curbside check-in systems Smart ovens/dishwashers
Digital cameras Speech recognizers
Disk drives Stereo systems
Electronic card readers Teleconferencing systems
Electronic instruments Televisions
Electronic toys/games Temperature controllers
Factory control Theft tracking systems
Fax machines TV set-top boxes
Fingerprint identifiers VCR’s, DVD players
Home security systems Video game consoles
Life-support systems Video phones
Medical testing systems Washers and dryers
And the list goes on and on…

Embedded system hardware
◻ An embedded system uses a hardware platform to execute the
operation
◻ Hardware of the embedded system includes
✔ Power Supply,
✔ Reset and Oscillator Circuits
✔ Memory i.e. Program and data,
✔ Processor (Microcontroller, ARM, PIC, ASIC)
✔ Timers
✔ Input/Output circuits
✔ Serial communication ports
✔ SASC (System application specific circuits)
✔ Interrupt Controller and Parallel ports
Embedded system software
◻ The software of an embedded system is written to execute a
particular function
◻ The software used in the embedded system is set of instructions i.e.
program.
◻ The microprocessors or microcontrollers used in the hardware
circuits of embedded systems are programmed to perform specific
tasks by following the set of instructions.
◻ These programs are mainly written using any programming
software like Proteus or Lab-view using any programming
languages such as C or C++ or embedded C
◻ These programs are stored into the microprocessors or
microcontrollers memory that are used in the embedded system
circuits
Embedded Operating system
◻ An embedded operating system (OS) is a dedicated operating
system designed to perform a specific task for a device.
◻ The main job of an embedded operating system is to run the
code that allows the device to perform its job.
◻ The embedded OS also allow the device’s hardware accessible
to the software that is running on top of the OS
◻ Embedded operating systems are also known as real-time
operating systems (RTOS)
◻ The most common examples - Windows Mobile/CE
(handheld Personal Data Assistants), Symbian (cell phones)
and Linux, Palm OS, iOS - Subset of Mac OS X, used in
Apple’s mobile devices
Embedded processors- PIC, ARM,
AVR, ASIC
◻ Embedded Processor consists of –
✔ Control Unit (CU)
✔ Execution unit (EU)
✔ Inbuilt Program and Data Memory
✔ Timers
✔ Interrupts
✔ Serial communication port
✔ Parallel ports
✔ Input and Output Driver Circuits
✔ Power supply
✔ Reset and Oscillator Circuits
✔ System Application Specific Circuits such as ADC, DAC etc.
PIC (Programmable/Peripheral
Interface Controllers)
◻ PIC microcontrollers are the smallest microcontrollers which
can be programmed to perform a large range of tasks.
◻ PIC microcontrollers are used in many electronic devices such
as phones, computer control systems, alarm systems,
embedded systems, etc
◻ PIC microcontroller architecture consists of RAM, ROM,
CPU, timers, counters, A/D converter, Ports, Flash memory,
general purpose register (GPR), special purpose register
(SPR), Stack, Interrupt and supports the protocols such as SPI,
CAN, and UART for interfacing with other peripherals.
Features of PIC
⮚ RISC (reduced instruction set computer) architecture
⮚ On chip program ROM in the form of flash memory
⮚ On Chip RAM (random access memory)
⮚ On Chip Data EEPROM
⮚ Include Timers
⮚ Include ADC (Analog to Digital converter)
⮚ Include USART protocol for PC communication
⮚ Contains I/O ports and I/O port register are bit accessible and port
accessible both
⮚ Include CAN, SPI and I2C PROTOCOL for serial communication
⮚ Support n-stage pipelining
⮚ Provide interrupts
Application of PIC
⮚ Motor Control, Digital Power & Lighting

✔ Motor Control
✔ Digital Power
✔ Lighting
✔ Automotive
✔ Home Appliance
✔ High Temperature for 150C
Application of PIC
⮚ Human Interface
✔ Graphics Solutions
✔ Segmented LCD
✔ Touch Sensing Solutions
✔ Audio and Speech
⮚ Connectivity
✔ Wireless
✔ USB
✔ Ethernet
✔ CAN
AVR (Alf-EgilBogen VegardWollan
RISC microcontroller
◻ It is also called as Advanced Virtual RISC
◻ AVR was developed in the year 1996 by Atmel Corporation
◻ The architecture of AVR was designerd by Alf-EgilBogen and
Vegard Wollan
◻ AVR microcontroller executes most of the instructions in
single execution cycle
◻ AVRs are about four times faster than PICs and consumes less
power
◻ AVRs can be operated in different power saving modes
Features of AVR
◻ AVRs provides a wide range of features
✔ Internal, self-programmable instruction flash memory up to 256 KB
✔ In-system programmable (ISP) using serial/parallel low-voltage proprietary
interfaces and On-chip debugging support through JTAG
✔ Internal data EEPROM up to 4 KB and SRAM up to 16 KB
✔ 8-bit and 16-bit timers
✔ PWM output, Analog comparator
✔ 10 or 12-bit A/D converters, with multiplex of up to 16 channels
✔ 12-bit D/A converters
✔ Synchronous/asynchronous serial peripherals (UART/USART), Serial Peripheral
Interface Bus (SPI)
✔ Multiple power-saving sleep modes
✔ Lighting and motor control (PWM) controller models
✔ CAN, USB. Ethernet, LCD, DMA controller support
✔ Low-operating voltage devices i.e.1.8 V
Applications of AVR
⮚ Signal sensing and Data acquisition
⮚ Motion control and Interface motors
⮚ Displays on LCD
⮚ Interface any type of sensors and transducers
⮚ Interface GSM and GPSEmerging Trends in CO and IT (22618)
⮚ Control and automation of industrial plants, mechanical & electrical
systems
⮚ Automation of heavy machineries
⮚ Developments for UAVs (Unmanned Aerial Vehicles)
⮚ Light sensing,Temperature sensing & controlling devices
⮚ Fire detection & safety devices
⮚ Industrial instrumentation devices
⮚ Process control devices
ARM microcontroller
⮚ The ARM (Advanced RISC machine) is a 32-bit Reduced
Instructions Set Computer (RISC) microcontroller and
introduced by the Acron computers’ organization in 1987
⮚ The ARM architecture uses a ‘Harvard architecture’ which
support separate data and instruction buses for communicating
with the ROM and RAM memories
⮚ The ARM microcontrollers support for both low-level and
high-level programming languages
Features of ARM microcontroller
⮚ Load/store RISC architecture
⮚ An ARM and Thumb instruction sets i.e. 32-bit instructions can be
freely intermixed with 16-bit instructions in a program
⮚ Efficient multi-core processing and easier coding for developers
⮚ Support multi-processing
⮚ Enhanced power-saving design
⮚ 64 and 32-bit execution states for scalable high performance
⮚ Supports Memory Management Unit (MMU) and the Memory
Protection Unit (MPU)
⮚ Support for Digital Signal Processing (DSP) algorithms
⮚ Smaller size, reduced complexity and lower power consumption
⮚ Floating-point support
Applications of ARM microcontroller
⮚ Smartphones
⮚ Multimedia players
⮚ 3-Ds handheld game consoles
⮚ Digital cameras
⮚ Tablet computers
⮚ Industrial instrument control systems
⮚ Wireless networking and sensors
⮚ Automotive body system
⮚ Robotics
⮚ Consumer electronics
⮚ Set-top boxes
⮚ Digital television
⮚ Smart watches etc
ASIC (Application-Specific Integrated
Circuit)
◻ An ASIC is a microchip designed for a special application,
such as a particular kind of transmission protocol or a hand-
held computer
◻ ASICs are used in a wide-range of applications, including
auto emission control, environmental monitoring, and
personal digital assistants (PDAs)
◻ An ASIC can be pre-manufactured for a special application or
it can be custom manufactured (typically using components
from a "building block" library of components) for a
particular customer application.
Advantages of ASIC
⮚ The small size - makes it a high choice for sophisticated
larger systems
⮚ Large number of circuits built over a single chip, so more
suitable for high-speed applications
⮚ Low power consumption
⮚ The system on the chip, so circuits are present side by side
⮚ Very minimal routing is needed to connect various circuits
⮚ Has no timing issues and post-production configuration.
The disadvantages of ASIC
⮚ As these are customized chips they provide low

flexibility for programming
⮚ As these chips have to be designed from the root level
they are of high cost per unit
⮚ ASIC have larger time-to-market margin
Some Application Domains
◻ CONSUMER PRODUCTS • Local
🞑 Appliances, Games, A/V, • e.g., appliance
Intelligent home devices
• Locally distributed
◻ TRANSPORTATION
🞑 Autos, Trains, Ships,
• e.g., aircraft
Aircrafts control over a
◻ PLANT CONTROL LAN
🞑 Manufacturing, Chemical, • Geographically
Power Generation distributed
◻ NETWORKS • e.g., telephone
🞑 Telecommunication, Defense network
Parts of an Embedded System
USER EMBEDDED
SYSTEM
I/
O
MEMOR PROCESSOR
Y
ACTUATORS
SENSORS
HARDWIRED UNIT
• Application-specific logic
• Timers
• A/D and D/A conversion
ENVIRONMEN
T
Parts of an Embedded System (cont.)
◻ Actuators - mechanical components (e.g., valve)

◻ Sensors - input data (e.g., accelerometer for airbag
control)
◻ Data conversion, storage, processing
◻ Decision-making
◻ Range of implementation options

◻ Single-chip implementation: system on a chip
Functions and Design Criteria
◻ Monitoring and control functions for the overall
system (e.g., vehicle control)
◻ Information-processing functions
(e.g. telecommunication system data compression,
routing, etc.)
◻ Criteria: performance, reliability, availability,

safety, usability, etc.
Some Common Characteristics
◻ Single-functioned
🞑Executes a single program, repeatedly
◻ Tightly-constrained
🞑Low cost, low power, small, fast, etc.
◻ Reactive and real-time
🞑Continually reacts to changes in the system’s
environment
🞑Must compute certain results in real-time without
delay
An Embedded System Example
Digital camera chip
CC
D
CCD preprocessor Pixel coprocessor D2A
A2D
lens
JPEG codec Microcontroller Multiplier/Accum

Digital
Camera DMA controller Display ctrl
Memory controller ISA bus interface UART LCD ctrl
• Single-functioned -- always a digital camera

• Tightly-constrained -- Low cost, low power, small, fast
• Reactive and real-time -- only to a small extent
Three Key Technologies
◻ Technology
🞑A manner of accomplishing a task, especially using
technical processes, methods, or knowledge
◻ Three key technologies for embedded systems
🞑Processor technology (CprE 581, 583, 681)
🞑IC technology (EE 501, 507, 511)
🞑Design technology (CprE 588)
Processor Technology
◻ The architecture of the computation engine used to implement
a system’s desired functionality
◻ Processor does not have to be programmable
🞑 “Processor” not equal to general-purpose processor
Controller Datapath Controller Datapath Controller Datapath
Control index
Control Register Control logic Registers
logic
logic and file and State total
State register register
Custom State +
ALU register
General
IR PC ALU IR PC
Data Data
memory memory
Program Data Program memory
memory memory
Assembly code Assembly code
for: for:
total = 0 total = 0
for i =1 to … for i =1 to …
General-purpose (“software”) Application-specific Single-purpose (“hardware”)

Processor Technology (cont.)
◻ Processors vary in their customization for the problem at hand
total = 0
for i = 1 to N
loop
Desired total += M[i]
functionality end loop
General- Application- Single-

purpose specific purpose
processor processor processor
General-Purpose Processors
◻ Programmable device used in a variety
of applications Controller Datapath
🞑 Also known as “microprocessor” Control

◻ Features
Register
logic and file
State register
🞑 Program memory
🞑 General datapath with large register file General
and general ALU ALU
◻ User benefits
IR PC
🞑 Low time-to-market and NRE costs Program Data

🞑 High flexibility memory
◻ “Intel/AMD” the most well-known, but
memory
there are hundreds of others Assembly code

for:
total = 0
for i =1 to …
Application-Specific Processors
◻ Programmable processor optimized Controller Datapath
for a particular class of applications Control Registers

logic and
having common characteristics State
🞑 Compromise between general-purpose register

Custom
ALU
and single-purpose processors IR PC
◻ Features Data
Program memory
🞑 Program memory memory
🞑 Optimized datapath Assembly code
🞑 Special functional units

for:
◻ Benefits
total = 0
for i =1 to …
🞑 Some flexibility, good performance,

size and power
Independence of Processor Technologies
◻ Basic tradeoff
🞑 General vs. custom
🞑 With respect to processor technology or IC technology
🞑 The two technologies are independent
General- Single-
purpose ASIP purpose
General, processor processor Customized,
providing improved: providing improved:
Flexibility Power efficiency

Maintainability Performance
NRE cost Size
Time- to-prototype Cost (high volume)
Time-to-market
Cost (low volume)
PLD Semi-custom Full-custom

Design Technology
◻ The manner in which we convert our concept of desired
system functionality into an implementation
Compilation/ Libraries/ Test/
Synthesis IP Verification
Compilation/Synthesis: System System Hw/Sw/ Model simulat./

Automates exploration specification synthesis OS checkers
and insertion of
implementation details
for lower level.
Behavioral Behavior Cores Hw-Sw
specification synthesis cosimulators
Libraries/IP:
Incorporates pre-
designed implementation
from lower abstraction RT RT RT HDL simulators
level into higher level. specification synthesis components (H/W Definition
Language
Test/Verification: Ensures
correct functionality at each
Logic Logic Gates/ Gate
level, thus reducing costly specification synthesis Cells simulators
iterations between levels.
To final implementation
Internet of Things (IoT)
◻ Internet of Things (IoT) is a network of physical objects or
people called "things" that are embedded with software,
electronics, network, and sensors that allows these objects to
collect and exchange data.
◻ The goal of IoT is to extend to internet connectivity from
standard devices like computer, mobile, tablet to relatively
dumb devices like a toaster.
What is an IoT?
⮚ IoT makes virtually everything "smart," by improving aspects of
our life with the power of data collection, AI algorithm, and
networks. The thing in IoT can also be a person with a diabetes
monitor implant, an animal with tracking devices, etc.
IoT
◻ The internet of things (IoT) is a computing concept of connecting
everyday life physical objects to the internet and able to identify
themselves to other devices.
◻ Internet of Things (IoT) refers to physical and virtual objects that
have unique identities and are connected to the internet to facilitate
intelligent applications that make energy, logistics, industrial
control, retail, agriculture and many other domains "smarter".
◻ Internet of things (IoT) is a new revolution in which endpoints
connected to the internet and driven by the advancements in sensor
networks, mobile devices, wireless communications, networking
and cloud technologies.
How IoT works?
Components of IoT
1) Sensors/Devices
2) Connectivity
3) Data Processing
4) User Interface:
1. Sensors/Devices
◻ Sensors or devices are a key component that helps you to
collect live data from the surrounding environment.
◻ All this data may have various levels of complexities.
◻ It could be a simple temperature monitoring sensor, or it
may be in the form of the video feed.
◻ A device may have various types of sensors which
performs multiple tasks apart from sensing.
• Example, A mobile phone is a device which has multiple
sensors like GPS, camera but your smartphone is not able to
sense these things
2. Connectivity
◻ All the collected data is sent to a cloud infrastructure.
◻ The sensors should be connected to the cloud using
various mediums of communications.
◻ These communication mediums include mobile or
satellite networks, Bluetooth, WI-FI, WAN, etc.
3. Data Processing
◻ Once that data is collected, and it gets to the cloud, the
software performs processing on the gathered data.
◻ This process can be just checking the temperature,
reading on devices like AC or heaters. However, it can
sometimes also be very complex like identifying objects,
using computer vision on video.
4. User Interface
◻ The information needs to be available to the end-user in some way
which can be achieved by triggering alarms on their phones or
sending them notification through email or text message.
◻ The user sometimes might need an interface which actively checks
their IoT system.
• For example, the user has a camera installed in his home. He wants to
access video recording and all the feeds with the help of a web server.
◻ However, it's not always one-way communication - depending on
the IoT application and complexity of the system, the user may also
be able to perform an action which may create cascading effects.
• For example, if a user detects any changes in the temperature of the
refrigerator, with the help of IoT technology the user should able to adjust
the temperature with the help of their mobile phone.
IoT Characteristics
◻ Intelligence
◻ Connectivity
◻ Dynamic Nature
◻ Enormous scale
◻ Sensing
◻ Heterogeneity
◻ Security
◻ Self Configuring
◻ Supports Interoperable Communication Protocols
◻ Unique identity
1. Intelligence
⮚ IoT comes with the combination of algorithms and
computation, software & hardware that makes it smart.
⮚ Ambient intelligence in IoT enhances its capabilities which
facilitate the things to respond in an intelligent way to a
particular situation and supports them in carrying out specific
tasks.
⮚ In spite of all the popularity of smart technologies,
intelligence in IoT is only concerned as means of interaction
between devices, while user and device interaction is achieved
by standard input methods and graphical user interface
2. Connectivity
⮚ Connectivity empowers Internet of Things by bringing
together everyday objects.
⮚ Connectivity of these objects is pivotal because simple object
level interactions contribute towards collective intelligence in
IoT network.
⮚ It enables network accessibility and compatibility in the
things.
⮚ With this connectivity, new market opportunities for Internet
of things can be created by the networking of smart things and
applications.
3. Dynamic Nature
⮚ The primary activity of Internet of Things is to collect data
from its environment, this is achieved with the dynamic
changes that take place around the devices.
⮚ The state of these devices change dynamically
✔ example sleeping and waking up, connected and/or
disconnected as well as the context of devices including
temperature, location and speed.
⮚ In addition to the state of the device, the number of devices
also changes dynamically with a person, place and time.
4. Enormous scale
⮚ The number of devices that need to be managed and that
communicate with each other will be much larger than the
devices connected to the current Internet.
⮚ The management of data generated from these devices and
their interpretation for application purposes becomes more
critical.
⮚ Gartner (2015) confirms the enormous scale of IoT in the
estimated report where it stated that 5.5 million new things
will get connected every day and 6.4 billion connected things
will be in use worldwide in 2016, which is up by 30 percent
from 2015.
⮚ The report also forecasts that the number of connected devices
will reach 20.8 billion by 2020.
5. Sensing
⮚ IoT wouldn’t be possible without sensors which will detect or
measure any changes in the environment to generate data that
can report on their status or even interact with the
environment.
⮚ Sensing technologies provide the means to create capabilities
that reflect a true awareness of the physical world and the
people in it.
⮚ The sensing information is simply the analogue input from the
physical world, but it can provide the rich understanding of
our complex world.
6. Heterogeneity
⮚ Heterogeneity in Internet of Things as one of the key
characteristics.
⮚ Devices in IoT are based on different hardware platforms and
networks and can interact with other devices or service
platforms through different networks.
⮚ IoT architecture should support direct network connectivity
between heterogeneous networks.
⮚ The key design requirements for heterogeneous things and
their environments in IoT are scalabilities, modularity,
extensibility and interoperability.
7. Security
⮚ IoT devices are naturally vulnerable to security threats. As we
gain efficiencies, novel experiences, and other benefits from
the IoT, it would be a mistake to forget about security
concerns associated with it.
⮚ There is a high level of transparency and privacy issues with
IoT.
⮚ It is important to secure the endpoints, the networks, and the
data that is transferred across all of it means creating a
security paradigm.
Advantages of IoT
◻ Efficient resource utilization: we can definitely increase the
resource utilization as well as monitor utilization of natural
resources.
◻ Minimize human effort: As the devices of IoT interact and
communicate with each other and do lot of task for us, human effort
are reduced
◻ Save time: Since human efforts are reduced, it saves out time.
◻ Reduced Waste: IoT provides real-world information leading to
more effective management of resources.
◻ Enhanced Data Collection: Since it has number of connected
devices, it collects data from all these devices which can be analysed
and can be utilised for better decision making
Disadvantages of IoT
◻ Security: As the IoT systems can have large number of
interconnected devices, it can be vulnerable to various security
threats
◻ Privacy: Even without the active participation in the network, the
IoT system provides substantial personal data leaks
◻ Complexity: The designing, developing, deploying and maintaining
IoT system is quite complex due to large number of heterogeneous
devices
◻ Flexibility: Developing a general purpose IoT system is very
difficult due to heterogeneity of the connected devices, hence it
looses its flexibility
◻ Compliance: Its complexity makes compliance incredibly
challenging
Generic Block diagram of IoT devices
IoT Devices
◻ An IoT device may consist of several interfaces for
connections to other devices, both wired and wireless such as
✔ I/O interfaces for sensors
✔ Interfaces for Internet connectivity
✔ Memory and storage interfaces and
✔ audio/video interfaces
❑ An IoT device can collect various types of data from the on-
board or attached sensors, such as temperature, humidity, light
intensity.
❑ The sensed data can be communicated either to other devices
or cloud-based servers/storage.
IoT Devices
◻ IoT devices can be connected to actuators that allow them to
interact with other non-IoT devices and systems in the vicinity of
the device
✔ Example: a relay switch connected to an IoT device can turn an
appliance on/off based on the commands sent to the IoT device over the
Internet.
◻ IoT devices can be of various types such as wearable sensors, smart
watches, LED lights, automobiles and industrial machines
◻ Almost all IoT devices generate data in some form or the other
which when processed by data analytics systems leads to useful
information to guide further actions locally or remotely
✔ Example: a sensor data generated by a soil moisture monitoring device
in a garden, when processed can help in determining the optimum
watering schedules.
IoT Protocols
IoT Protocols
◻ 802.15.4-LR-WPAN
⮚ IEEE 802.15.4 is a collection of standards for low-rate
wireless personal area networks (LR-WPANs).
⮚ These standards form the basis of specifications for high
level communication protocols such as ZigBee.
⮚ LR-WPAN standards provide data rates from 40 Kb/s to
250 Kb/s.
⮚ These standards provide low-cost and low-speed
communication for power constrained devices
IoT Protocols
◻ 2G/3G/4G - Mobile Communication:

⮚ There are different generations of mobile communication
standards including second generation (2G including GSM
and CDMA), third generation (3G - including UMTS and
CDMA2000) and fourth generation (4G - including LTE).
⮚ IoT devices based on these standards can communicate
over cellular networks.
⮚ Data rates for these standards range from 9.6 Kb/s (for 2G)
to upto 100 Mb/s (for 4G) and are available from the 3GPP
websites.
IoT Protocols
◻ 6LoWPAN
⮚ 6LoWPAN (IPv6 over Low power Wireless Personal Area
Networks) brings IP protocol to the low-power devices
which have limited processing capability
⮚ 6LoWPAN operates in the 2.4 GHz frequency range and
provides data transfer rates of 250 Kb/s
⮚ 6LoWPAN works with the 802.15.4 link layer protocol and
defines compression mechanisms for IPv6 datagrams over
IEEE 802.15.4-based networks
IoT Protocols
◻ Hypertext Transfer Protocol (HTTP)
⮚ It is the application layer protocol that forms the foundation of
the World Wide Web (WWW).
⮚ HTTP includes commands such as GET, PUT, POST, DELETE,
HEAD, TRACE, OPTIONS, etc.
⮚ The protocol follows a request-response model where a client
sends requests to a server using the HTTP commands.
⮚ HTTP is a stateless protocol and each HTTP request is
independent of the other requests.
⮚ An HTTP client can be a browser or an application running on
the client (e.g., an application running on an IoT device, a mobile
application or other software).
⮚ HTTP protocol uses Universal Resource Identifiers (URIs) to
identify HTTP resources.
IoT Protocols
◻ Constrained Application Protocol (CoAP)
⮚ It is an application layer protocol for machine-to-machine
(M2M) applications, meant for constrained environments with
constrained devices and constrained networks.
⮚ Like HTTP, CoAP is a web transfer protocol and uses a request-
response model, however it runs on top of UDP instead of TCP.
⮚ COAP uses a client-server architecture where clients
communicate with servers using connectionless datagrams
⮚ COAP is designed to easily interface with HTTP
⮚ Like HTTP, COAP supports methods such as GET, PUT, POST,
and DELETE
⮚ COAP draft specifications are available on IEFT Constrained
environments (CORE) Working Group website
IoT Protocols
◻ WebSocket
⮚ WebSocket protocol allows full-duplex communication
over a single socket connection for sending messages
between client and server.
⮚ WebSocket is based on TCP and allows streams of
messages to be sent back and forth between the client and
server while keeping the TCP connection open.
⮚ The client can be a browser, a mobile application or an IoT
device.
IoT Protocols
◻ Message Queue Telemetry Transport (MQTT)
⮚ is a light-weight messaging protocol based on the publish-
subscribe model
⮚ MQTT uses a client-server architecture where the client
(such as an IoT device) connects to the server (also called
MQTT Broker) and publishes messages to topics on the
server
⮚ The broker forwards the messages to the clients subscribed
to topics
⮚ MQTT is well suited for constrained environments where
the devices have limited processing and memory resources
and the network bandwidth is low
IoT Protocols
◻ Extensible Messaging and Presence Protocol (XMPP)
⮚ It is a protocol for real-time communication and streaming XML data
between network entities
⮚ XMPP powers wide range of applications including messaging,
presence, data syndication, gaming, multi-party chat and voice/video
calls
⮚ XMPP allows sending small chunks of XML data from one network
entity to another in near real-time.
⮚ XMPP is a decentralized protocol and uses a client-server
architecture
⮚ XMPP supports both client-to-server and server-to-server
communication paths
⮚ In the context of IoT, XMPP allows real-time communication
between IoT devices.
IoT Protocols
◻ Data Distribution Service (DDS)
⮚ It is a data-centric middleware standard for device-to-
device or machine-to-machine communication
⮚ DDS uses a publish-subscribe model where publishers (e.g.
devices that generate data) create topics to which
subscribers (e.g., devices that want to consume data) can
subscribe
⮚ Publisher is an object responsible for data distribution and
the subscriber is responsible for receiving published data.
⮚ DDS provides quality-of-service (QoS) control and
configurable reliability.
IoT Protocols
◻ Advanced Message Queuing Protocol (AMQP)
⮚ It is an open application layer protocol for business messaging
⮚ AMQP supports both point-to-point and publisher/subscriber
models, routing and queuing
⮚ AMQP brokers receive messages from publishers (e.g., devices
or applications that generate data) and route them over
connections to consumers (applications that process data)
⮚ Publishers publish the messages to exchanges which then
distribute message copies to queues
⮚ Messages are either delivered by the broker to the consumers
which have subscribed to the queues or the consumers can pull
the messages from the queues
Logical design of IoT
◻ IoT functional blocks: An IoT system comprises of a number
of functional blocks that provide the system the capabilities
for identification, sensing, actuation, communication, and
management
Functional Blocks of IoT
◻ Device: An IoT system comprises of devices that provide sensing, actuation,
monitoring and control functions.
◻ Communication: The communication block handles the communication for
the IoT system
◻ Services: IoT services such as services for device monitoring, device
control services, data publishing services and services for device discovery
◻ Management: Management functional block provides various functions to
govern the IoT system.
◻ Security: This block secures the IoT system by providing functions such as
authentication, authorization, message and content integrity, and data
security
◻ Application: IoT applications provide an interface that the users can use to
control and monitor various aspects of the IoT system. Applications also
allow users to view the system status and view or analyze the processed
data.
IoT Communication models
◻ Request-Response
◻ Publish-Subscribe
◻ Push-Pull
◻ Exclusive Pair
Request-Response model
◻ Request-Response is a communication model in which the

client sends requests to the server and the server responds to
the requests.
Publish-Subscribe model
◻ Publish-Subscribe is a
communication model that involves
publishers, brokers and consumers
◻ Publishers are the source of data &
send the data to the topics which are
managed by the broker
◻ Publishers are not aware of the
consumers.
◻ Consumers subscribe to the topics
which are managed by the broker.
◻ When the broker receives data for a
topic from the publisher, it sends the
data to all the subscribed consumers.
Push-Pull model
◻ Push-Pull is a communication model
in which the data producers push the
data to queues and the consumers pull
the data from the queues
◻ Producers do not need to be aware of
the consumers.
◻ Queues help in decoupling the
messaging between the producers and
consumers.
◻ Queues also act as a buffer which
helps in situations when there is a
mismatch between the rate at which
the producers push data and the rate at
which the consumers pull data.
Exclusive Pair model
◻ Exclusive Pair is a bi-directional,
fully duplex communication
model that uses a persistent
connection between the client and
server
◻ Once the connection is setup it
remains open until the client sends
a request to close the connection
◻ Client and server can send
messages to each other after
connection setup
◻ Exclusive pair is a stateful
communication model and the
server is aware of all the open
connections.
IoT Devices and its features: Arduino,
Uno, Raspberry Pi, Nodeµ IoT
Devices
◻ Internet of Things Devices is non-standard devices that connect
wirelessly to a network with each other and able to transfer the data
◻ IoT devices are enlarging the internet connectivity beyond standard
devices such as smartphones, laptops, tablets, and desktops
◻ There are large varieties of IoT devices available based on IEEE
802.15.4 standard.
◻ These devices range from wireless motes, attachable sensor-boards to
interface-board which are useful for researchers and developers
◻ IoT devices include computer devices, software, wireless sensors, and
actuators.
◻ These IoT devices are connected over the internet and enabling the
data transfer among objects or people automatically without human
intervention
Properties of IoT Devices
◻ Some of the essential properties of IoT devices are mention
below:
✔ Sense: The devices that sense its surrounding environment in
the form of temperature, movement, and appearance of things,
etc.
✔ Send and receive data: IoT devices are able to send and
receive the data over the network connection
✔ Analyze: The devices can able to analyze the data that
received from the other device over the internet networks
✔ Controlled: IoT devices may control from some endpoint
also. Otherwise, the IoT devices are themselves communicate
with each other endlessly leads to the system failure.
Applications of IoT
Application type Description
Smart Thermostats Helps you to save resource on heating bills by knowing your usage patterns.
Connected Cars IoT helps automobile companies handle billing, parking, insurance, and
other related stuff automatically.
Activity Trackers Helps you to capture heart rate pattern, calorie expenditure, activity levels,
and skin temperature on your wrist.
Smart Outlets Remotely turn any device on or off. It also allows you to track a device's
energy level and get custom notifications directly into your smartphone.
Parking Sensors IoT technology helps users to identify the real-time availability of parking
spaces on their phone.
Connect Health The concept of a connected health care system facilitates real-time health
monitoring and patient care. It helps in improved medical decision-making
based on patient data.
Smart City Smart city offers all types of use cases which include traffic management to
water distribution, waste management, etc.
Smart home Smart home encapsulates the connectivity inside your homes. It includes
smoke detectors, home appliances, light bulbs, windows, door locks, etc.
Smart supply chain Helps you in real time tracking of goods while they are on the road, or
getting suppliers to exchange inventory information.
Challenges of IoT
◻ Insufficient testing and updating
◻ Concern regarding data security and privacy
◻ Software complexity
◻ Data volumes and interpretation
◻ Integration with AI and automation
◻ Devices require a constant power supply which is
difficult
◻ Interaction and short-range communication
What are IoT Protocols?
◻ How the devices in IoT can communicate with each other in
IoT? and How IoT works?
◻ These devices this can communicate with other devices
through protocols which are known as IoT protocols.
◻ The protocol is defined as a set of rules and regulation
guidelines having how to react for commands from another
device.
◻ These protocols are very important while in communication
devices.
◻ The general-purpose protocolsThe general-purpose
protocols like CDMA, WAP, etc are not suitable for this
specific IoT technology.
◻ This technology needs some more powerful protocols.
IoT Protocols
◻ Some of the Specific IoT Protocols List
⮚ MQTT – Message Queue Telemetry Transport Protocol
⮚ DDS – Data Distribution Service
⮚ AMQP – Advanced Message Queuing Protocol
⮚ CoAP – Constrained Application Protocol
Unit-3: Basics of Digital
Forensic
What is Digital Forensic?
◻ Forensics science is a well-established science that plays vital
role in criminal justice systems.
◻ It is applied to both criminal and civil action.
◻ Digital forensics sometimes known as digital forensic
science, is a branch of forensic science encompassing the
recovery and investigation of material found in digital
devices, often in relation to computer crime.
◻ Digital forensics includes the identification, recovery,
investigation, validation, and presentation of facts regarding
digital evidence found on computers or similar digital storage
media devices.
Rule of Digital Forensics
◻ While performing digital forensics investigation, the investigator
should follow the given rules:
✔ Rule 1: An examination should never be performed on the original
media
✔ Rule 2: A copy is made onto forensically sterile media. New media
should always be used if available
✔ Rule 3: The copy of the evidence must be an exact, bit-by-bit copy
(Sometimes referred to as a bit-stream copy)
✔ Rule 4: The computer and the data on it must be protected during the
acquisition of the media to ensure that the data is not modified
✔ Rule 5: The examination must be conducted in such a way as to
prevent any modification of the evidence
✔ Rule 6: The chain of the custody of all evidence must be clearly
maintained to provide an audit log of whom might have accessed the
evidence and at what time.
Digital Forensic Investigation (DFI)
◻ Digital forensic investigation (DFI) is a special type of

investigation where the scientific procedures and techniques
used will be allowed to view the result- digital evidence- to be
admissible in a court of law
◻ The main objective computer forensic investigation is to
examine digital evidences and to ensure that they have not
been tampered in any manner.
Obstacles in DFI
1. Handle and locate certain amount of valid data from large amount of files
stored in computer system
2. It is viable that the information has been deleted, in such situation
searching inside the file is worthless
3. If the files are secured by some passwords, investigators must find a way to
read the protected data in an unauthorized manner
4. Data may be stored in damaged device but the investigator searches the
data in working devices
5. Each and every case is different, identifying the techniques and tools will
take long time
6. The digital data found should be protected from being modified; it is very
tedious and difficult to prove that data under examination is unaltered
7. Common procedure for investigation and standard techniques for
collecting and preserving digital evidences are desired
Basic Balmer Model of Forensic
Computing
◻ Arising directly out of the DFRWS was the development
of 7 Step linear model for the conduct of FC
investigations:
1. Identification
2. Preservation
3. Collection
4. Examination
5. Analysis
6. Presentation
7. Decision
Road Map for Digital Forensic
Research (RMDFR)
Fig.1 Road map for digital forensic research

Phases of RMDFR
1. Identification: It recognizes an incident from indicators and determines its
type
2. Preservation: Stopping or preventing any activities that can damage
digital information being collected
✔ Preservation involves operations such as preventing people from using computers
during collection, stopping ongoing deletion processes, and choosing the safest way
to collect information.
3. Collection: Finding and collecting digital information that may be relevant
to the investigation
✔ Since digital information is stored in computers, collection of digital information
means either collection of the equipment containing the information, or recording
the information on some medium.
✔ Collection may involve removal of personal computers from the crime scene,
copying or printing out contents of files from a server, recording of network traffic,
and so on.
Phases of RMDFR
4. Examination: In-depth systematic search of evidence relating

to the incident being investigated.
✔ The outputs of examination are data objects found in the collected
information.
✔ They may include log-files, data files containing specific phrases,
times-stamps, and so on
5. Analysis: To “draw conclusions based on evidence found”
6. Reporting: This entails writing a report outlining the
examination process and pertinent data recovered from the
overall investigation
Abstract Digital Forensic Model
(ADFM)
Fig. 2. Abstract Digital Forensic Model (ADFM)

Phases of ADFM model
1. Identification - it recognizes an incident from indicators and
determines its type.
2. Preparation - it involves the preparation of tools, techniques,
search warrants and monitoring authorization and management
support
3. Approach strategy - formulating procedures and approach to
use in order to maximize the collection of untainted evidence
while minimizing the impact to the victim
4. Preservation - it involves the isolation, securing and preserving
the state of physical and digital evidence
5. Collection - This is to record the physical scene and duplicate
digital evidence using standardized and accepted procedures
Phases of ADFM model
6. Examination - An in-depth systematic search of evidence

relating to the suspected crime. This focuses on identifying
and locating potential evidence.
7. Analysis - This determines importance and probative value
to the case of the examined product
8. Presentation - Summary and explanation of conclusion
9. Returning Evidence - Physical and digital property
returned to proper owner
Integrated Digital Investigation
Process (IDIP)
Fig. 3. An Integrated Digital Investigation Process

The phases of IDIP
1. Readiness phase - The goal of this phase is to ensure that
the operations and infrastructure are able to fully support an
investigation. It includes two phases:
✔ Operations readiness phase
✔ Infrastructure readiness phase
2. Deployment phase The purpose is to provide a mechanism
for an incident to be detected and confirmed. It includes two
phases:
✔ Detection and Notification phase - where the incident is detected
and then appropriate people notified.
✔ Confirmation and Authorization phase - which confirms the
incident and obtains authorization for legal approval to carry out a
search warrant.
The phases of IDIP
3. Physical Crime Investigation phase - Collect and analyze the
physical evidence and reconstruct the actions that took place
during the incident. It includes six phases:
✔ Preservation phase - preserve the crime scene so that evidence
can be later identified and collected by personnel trained in
digital evidence identification.
✔ Survey phase - an investigator has to walk through the physical
crime scene and identify pieces of physical evidence.
✔ Documentation phase - capture as much information as possible
so that the layout and important details of the crime scene are
preserved and recorded. It includes taking photographs,
sketches, and videos of the crime scene and the physical
evidence.
The phases of IDIP
3. Physical Crime Investigation phase

✔ Search and collection phase - In-depth search and collection of
the scene is performed so that additional physical evidence is
identified and hence paving way for a digital crime investigation
to begin
✔ Reconstruction phase - which involves organizing the results
from the analysis done and using them to develop a theory for
the incident.
✔ Presentation phase - that presents the physical and digital
evidence to a court or corporate management
The phases of IDIP
4. Digital Crime Investigation phase - collect and analyze the
digital evidence that was obtained from the physical
investigation phase and/or through any other future means; It
includes similar six phases as the Physical Investigation phases,
although the primary focus is on the digital evidence .
✔ Preservation phase - which preserves the digital crime scene so
that evidence can later be synchronized and analyzed for further
evidence.
✔ Survey phase - whereby the investigator transfers the relevant data
from a venue out of physical or administrative control of the
investigator to a controlled location
✔ Documentation phase - which involves properly documenting the
digital evidence when it is found. This information is helpful in the
presentation phase.
The phases of IDIP
4. Digital Crime Investigation phase
✔ Search and collection phase - an in-depth analysis of the digital
evidence is performed
• Software tools are used to reveal hidden, deleted, swapped and
corrupted files that were used including the dates, duration, log file
etc.
• Low-level time lining is performed to trace a user’s activities and
identity
✔ Reconstruction phase - which includes putting the pieces of a
digital puzzle together, and developing investigative
hypotheses.
✔ Presentation phase - that involves presenting the digital
evidence that was found to the physical investigative team
The phases of IDIP
5. Review phase – it reviews the whole investigation and
identifies areas of improvement
✔ The IDIP model does well at illustrating the forensic
process, and also conforms to the cyber terrorism
capabilities which require a digital investigation to
address issues of data protection, data acquisition,
imaging, extraction, interrogation,
ingestion/normalization, analysis and reporting.
✔ It also highlights the reconstruction of the events that led
to the incident and emphasizes reviewing the whole task,
hence ultimately building a mechanism for quicker
forensic examinations
End to End Digital Investigation
Process (EEDIP)
Fig. 4. End to End Digital Investigation Process (EEDIP)

The phases of EEDIP
1. Identification phase involves identifying the nature of incident from
possible known indicators
2. Preservation phase includes condensing the investigation and
finding till date
3. Collection phase includes documentation of the physical scene and
replication of the digital evidence using approved standard procedure
4. Examination phase involves obtaining and studying the digital
evidence. Method of extraction is used for reconstructing data from
the media.
5. Analysis phase the vital documented evidence is explored and
conclusions are drawn by integrating chunk of data.
6. Presentation phase involves summarizing the evidences found in the
process of investigation
UML Modeling of Digital Forensic
Process Model (UMDFPM)
Fig. 5. UML Modeling of digital forensic process model (UMDFPM)

UML Modeling of digital forensic
process model (UMDFPM)
◻ Kohn and Oliver made use of UML activity diagram (Figure 4) to
demonstrate all the phases and its interaction with all investigators.
◻ Two processes have been added to the activity diagram to club with
Kohn framework.
◻ These are “prepare” in the preparation phase and “present” in
presentation phase.
✔ Prepare is the first step.
✔ The rest of the processes follow logically from prepare to collect,
authenticate, examination and the analyze
✔ Authentication is introduced between examination and collection phase to
make sure that the data integrity of the data before the examination is started
and preserved
✔ Examination can alter the contents of data such as in the case of compressed
files, hidden files and other forms of data incomprehension .
Ethical issues in Digital Forensic
◻ Ethics in digital forensic field can be defined as set of
moral principles that regulate the use of computers.
◻ Ethical decision making in digital forensic work
comprises of one or more of the following:
✔ Honesty towards the investigation
✔ Prudence means carefully handling the digital evidences
✔ Compliance with the law and professional norms.
General ethical norms for investigator
◻ Investigator should satisfy the following points:
1. To contribute to the society and human being
2. To avoid harm to others
3. To be honest and trustworthy
4. To be fair and take action not to discriminate
5. To honor property rights, including copyrights and patents
6. To give proper credit to intellectual property
7. To respect the privacy of others
8. To honor confidentiality
Unethical norms for Digital Forensic
Investigation
◻ The Investigator should not:
1. Uphold any relevant evidence
2. Declare any confidential matters or knowledge
3. Express an opinion on the guilt or innocence belonging to
any party
4. Engage or involve in any kind of unethical or illegal conduct
5. Deliberately or knowingly undertake an assignment beyond
him or her capability
6. Distort or falsify education, training, credentials
7. Display bias or prejudice in findings or observation
8. Exceed or outpace authorization in conducting
examination
Unit-4: Digital Evidences
Digital Evidence
◻ Investigation of a computer security incident leads to legal
proceeding, such as court proceeding, where the digital evidence
and documents obtained are likely used as exhibits in the trial.
◻ To meet the requirements of the judicial system and to withstand or
face any challenges, it is essential to follow the evidence-handling
procedure
◻ It is also necessary to ensure that the evidence-handling procedures
chosen are not difficult to implement at your organization as this
can sometimes become an overhead for an organization.
◻ While investigating a computer security incident, we are sometimes
not sure and indecisive whether an item (viz. a chip, floppy disk,
etc) should be considered as an evidence or an attachment or an
addendum.
Digital Evidence
◻ Digital devices are everywhere in today’s world, helping people to
communicate locally and globally with ease.
◻ Only computers, cell phones and the Internet are not only the
sources for digital evidence, but any piece of technology that
processes information can be used in a criminal way.
◻ Example: hand-held games can carry encoded messages between
criminals and even newer household appliances, such as a
refrigerator with a built-in TV, could be used to store, view and
share illegal images.
◻ The important thing is to know that responders need to be able to
recognize and properly seize potential digital evidence
Digital Evidences/Electronic evidence
◻ Evidence: Any information that can be reliable or trusted and
can prove something related to a case in trial
◻ Relevant Evidence: An information which has a positive
impact on the action occurred, such as the information
supporting an incident.
◻ Digital Evidence: Digital evidence is any trusted information
or data that can prove something related to a case in trial
Or
Digital evidence can be defined as the information or valuable
data stored on a computer or a mobile device that was seized
by a law enforcement organization as part of a criminal
investigation.
Characteristics of Digital Evidence
◻ Digital evidence is also defined as information and/or data of
value to an investigation that is stored on, received or
transmitted by an electronic device.
◻ The digital evidence can be acquired when electronic devices
are seized and secured for examination.
◻ Digital evidence can have characteristics like:
✔ Is latent (hidden), like fingerprints or DNA evidence
✔ Crosses jurisdictional borders quickly and easily
✔ Can be altered, damaged or destroyed with little effort
✔ Can be time sensitive
Sources of Digital evidence
◻ There are many sources of digital evidence such as;
1. Internet-based
2. Stand-alone computers or devices and
3. Mobile devices.
❑ These sources tend to have different evidence-gathering
processes, tools and concerns, and different types of crimes
tend to lend themselves to one device or the other.
❑ Some of the popular electronic devices which are potential
digital evidence are: HDD, CD/DVD media, backup tapes,
USB drive, biometric scanner, digital camera, smart phone,
smart card, PDA, etc.
Forms of digital evidence
◻ Text message, emails, pictures, videos and internet searches
are most common types of Digital evidences
◻ The digital evidence are used to establish a credible link
between the attacker, victim, and the crime scene.
◻ Some of the information stored in the victim’s system which
can be treated as potential digital evidence are IP address,
system log-in & remote log-in details, browsing history, log
files, emails, images, etc.
Forms of digital evidence
◻ Digital Evidences may be in
the form:
✔ Email Messages (may be ✔ Cache files
deleted one also) ✔ Cookies
✔ Office file ✔ Registry
✔ Deleted files of all kinds ✔ Unallocated Space
✔ Encrypted file ✔ Slack Space
✔ Compressed files
✔ Web/E-Mail server access Logs
✔ Temp files
✔ Domain access Logs
✔ Recycle Bin
✔ Web History
Best Evidence
◻ Best Evidence: The most complete copy or a copy which
includes all necessary parts of evidence, which is closely
related to the original evidence
✔ Example- A client has a copy of the original evidence media
❑ Best Evidence Rule: an original writing must be offered as
evidence unless it is unavailable, in which case other evidence, like
copies, notes, or other testimony can be used.
❑ Since the rules concerned with evidence on a computer are fairly
reasonable (what you can see on the monitor is what the computer
contains, computer printouts are best evidence) computer records
and records obtained from a computer are best evidence
Original Evidence
◻ The original evidence is the most complete copy, which
includes all the necessary parts of the evidence that are
closely related to the original evidence
◻ It is also called as duplication of the evidence media
◻ There should be an evidence protector which will store either
the best evidence or original evidence for every investigation
in the evidence safe
Rules of Digital Evidence
◻ Rule of evidence is also called as Law of evidence.
◻ It surrounds the rules and legal principles that govern all the proof
of facts.
◻ This rule helps us to determine what evidence must or must not be
considered by a trier of fact.
◻ The rule of evidence is also concerned with the amount, quantity
and type of proof which helps us to prove in litigation.
◻ The rules may vary according to the criminal court, civil court etc.
Rules of Digital Evidence
◻ The rule must be:

✔ Admissible: The evidence must be usable in the court
✔ Authentic: The evidence should act positively to an
incident
✔ Complete: A proof that covers all perspectives
✔ Reliable: There ought to be no doubt about the reality of
the specialist’s decision.
✔ Believable: The evidence should be understandable and
believable to the jury
Locard’s Exchange Principle
Fig. 6. Locard’s Exchange Principle

◻ According to Locard’s Exchange Principle, contact between two
items will result in an exchange.
◻ This principle applies to any contact at a crime scene i.e. contact
between an offender and victim, between a person with a weapon,
and between people and the crime scene itself.
◻ There will always be evidence of the interaction, although in some
cases it may not be detected easily (note that absence of evidence is
not evidence of absence).
◻ This transfer occurs in both the physical and digital realms and can
provide links between them as depicted in Figure 6.
◻ In the physical world, an offender might inadvertently leave
fingerprints or hair at the scene and take a fiber from the scene.
Locard’s Exchange Principle -
Example
◻ In an e-mail harassment case, the act of sending threatening
messages via a Web-based e-mail service such as Hotmail can leave
a number of traces.
◻ The Web browser used to send messages will store files, links, and
other information on the sender’s hard drive along with date-time–
related information.
◻ Forensic analysts may find an abundance of information relating to
the sent message on the offender’s hard drive, including the original
message contents.
◻ Investigators may be able to obtain related information from
Hotmail, including Web server access logs, IP addresses, and
possibly the entire message in the sent mail folder of the offender’s
e-mail account.
Digital Stream of Bits
◻ Cohen refers to digital evidence as a bag of bits, which in turn
can be arranged in arrays to display the information.
◻ The information in continuous bits will rarely make scene and
tools are needed to show these structures logically so that it is
readable.
◻ The circumstance in which digital evidence are found also
helps the investigator during the inspection.
◻ Metadata is used to portray data more specifically and is
helpful in determining the background of digital evidence
Types of Evidences
1. Illustrative evidence:
⮚ Illustrative evidence is also called as demonstrative evidence.
⮚ It is generally a representation of an object which is common form of proof.
⮚ Example: photographs, videos, sound recordings, X-rays, maps, drawing,
graphs, charts, simulations, sculptors, and model.
2. Electronic Evidence:
⮚ Electronic evidence is nothing but digital evidence.
⮚ The use of digital evidence in trials has greatly increased nowadays
⮚ The evidences or proof that can be obtained from the electronic source is
called the digital evidence.(viz. Email, hard drives etc.)
3. Documented Evidence:
⮚ Documented evidence is same as demonstrative evidence.
⮚ However, in documentary evidence, the proof is presented in writing (Viz.
Contracts, wills, invoices etc
Types of Evidences
4. Explainable Evidence:
⮚ This type of evidence is typically used in criminal cases in which it
supports the dependent, either partially or totally removing their guilt in
the case.
⮚ It is also referred to as exculpatory.
5. Substantial Evidence:
⮚ A proof that is introduced in the form of a physical object, whether whole
or in part is referred to as substantial evidence.
⮚ It is also called as physical evidence
⮚ Such evidence might consist of dried blood, fingerprint, and DNA samples,
casts of footprints or tries at the scene of crime
6. Testimonial:
⮚ It is the kind of evidence spoken by the spectator under the oath, or written
evidence given under the oath by an official declaration that is affidavit.
⮚ This is the common forms of evidence in the system.
Challenges in Evidence handling
◻ A failure to adequately document is one of the most common mistakes
made by computer security professional’s
◻ Analytical data might never be collected, critical data may be lost or data's
origin or meaning may become unknown.
◻ As there are many evidences collected, properly retrieved evidence requires
a paper trial based on technical complexity
◻ The challenges faced in the evidence handling must be properly understood
by all the investigators.
◻ To handle the challenges, every organization should have formal evidence
handling procedures that support computer security investigation
◻ The most difficult task for an evidence handler is to substantiate the
collected evidence at the judicial proceedings.
◻ Maintaining the chain of custody is also necessary
◻ You must have both power and skill to validate your evidence.
Authentication of Evidence
◻ The laws of many state jurisdictions define data as Written Works and
Record keeping
◻ Before introducing them as evidence, documents and recorded material
must be authenticated
◻ The evidence that are collected by any person/investigator should be
collected using authenticate methods and techniques because during court
proceedings these will become major evidences to prove the crime
◻ For an evidence to be admissible, it is necessary that it should be
authenticated, otherwise the information cannot be presented to judiciary
◻ The evidence collected by any person should meet the demand of
authentication
◻ The evidence collected must have some sort of internal documentation that
records the manner of collected information.
Chain of Custody
◻ What Is the Chain of Custody in Computer Forensics?
⮚ The chain of custody in digital forensics can also be referred as the
forensic link, the paper trail, or the chronological documentation of
electronic evidence.
⮚ It indicates the collection, sequence of control, transfer, and analysis.
⮚ It also documents each person who handled the evidence, the date/time
it was collected or transferred, and the purpose for the transfer.
❑ Why Is It Important to Maintain the Chain of Custody?
⮚ It is important to maintain the chain of custody to preserve the integrity
of the evidence and prevent it from contamination, which can alter the
state of the evidence
⮚ If not preserved, the evidence presented in court might be challenged
and ruled inadmissible
Procedure to Establish the Chain of
Custody
◻ Save the original materials
⮚ You should always work on copies of the digital evidence as opposed to the original
⮚ This ensures that you are able to compare your work products to the original that
you preserved unmodified.
◻ Take photos of physical evidence
⮚ Photos of physical (electronic) evidence establish the chain of custody and make it
more authentic.
◻ Take screenshots of digital evidence content
⮚ In cases of intangible evidence, taking screenshots is an effective way of
establishing the chain of custody.
◻ Document date, time, and any other information of receipt
⮚ Recording the timestamps of evidence allows investigators to build a
reliable timeline of where the evidence was prior to being obtained
⮚ If there is a hole in the timeline, further investigation may be necessary
Procedure to Establish the Chain of
Custody
◻ Inject a bit-for-bit clone of digital evidence content into our
forensic computers
⮚ This ensures that we obtain a complete duplicate of the digital evidence
in question.
◻ Perform a hash test analysis to further authenticate the working
clone
⮚ Performing a hash test ensures that the data we obtain from the
previous bit-by-bit copy procedure is not corrupt and reflects the true
nature of the original evidence
⮚ If this is not the case, then the forensic analysis may be flawed and may
result in problems, thus rendering the copy non-authentic
Considerations Involved in Digital
Evidence
◻ We shall take a look at the most common and discuss globally
accepted best practices
1. Never work with the original evidence to develop procedures
✔ The forensic expert has to make a complete copy of the evidence for
forensic analysis
✔ This cannot be overlooked because, when errors are made to working
copies or comparisons are required, it will be necessary to compare the
original and copies
2. Use clean collecting media
✔ It is important to ensure that the examiner’s storage device is
forensically clean when acquiring the evidence- this prevents the
original copies from damage
✔ Think of a situation where the examiner’s data evidence collecting
media is infected by malware
✔ If the malware escapes into the machine being examined, all of the
evidence can become compromised
Evidence
3. Document any extra scope
✔ During the course of an examination, if the information of evidence is
beyond the scope of the current legal authority, this information should
be documented and brought to the attention of the case agent because the
information may be needed to obtain additional search authorities.
✔ A comprehensive report must contain the following sections:
▪ Identity of the reporting agency ▪Descriptive list of items
▪ Case identifier or submission number submitted for examination,
including serial number,
▪ Case investigator
make, and model
▪ Identity of the submitter ▪ Identity and signature of the
▪ Date of receipt examiner
▪ Date of report ▪ Brief description of steps
taken during examination,
such as string searches,
graphics image searches,
and recovering erased files
Results/conclusions
Evidence Validation
◻ The challenge is to ensure that the data that you have collected is
same/similar to the data provided or presented in court
◻ It may happen that there can be a gap of several years between the
collection of evidence and the production of evidence at a judiciary
proceeding, which is very common
◻ To meet the challenge of validation, it is necessary to ensure that the
original media matches the forensic duplication by using MD5 hashes
◻ The evidence for every file is nothing but the MD5 hash values that are
generated for every file that contributes to the case
◻ The verify function within the Encase application can be used while
duplicating a hard drive with Encase.
◻ To perform a forensic duplication using dd (a tool used to copy bits from
one file to another), you must record MD5 hash for both the original
evidence media and binary files or the files which compose the forensic
duplication.
Volatile Evidence
◻ Not all the evidences on a system will last for very long duration
◻ Some evidence is residing in storage that requires a consistent
power supply
◻ When collecting evidence, you should always try to proceed from
the most volatile to the least.
◻ Investigator shouldn’t waste time in extracting information from an
unimportant/unaffected machine’s main memory when an important
or affected machine’s secondary memory hasn’t been examined
◻ You need to respond to the target system at the console during the
collection of volatile data rather than access it over the network
◻ If you are creating a forensic duplication of the targeted system, you
should focus on obtaining the volatile system data before shutting
down the system
Order of Volatility of digital evidence
◻ A list of evidence sources ordered by relative volatility
1. Registers and cache
2. Routing tables
3. Arp cache
4. Process table
5. Kernel statistics and modules
6. Main memory
7. Temporary file systems
8. Secondary memory
9. Router configuration
10. Network topology
Unit-5 Basics of Hacking
Ethical Hacking
◻ Ethical hacking is the science
of testing computers and
networks for security
vulnerabilities and plugging
the holes found before the
unauthorized people get a
chance to exploit them
Hacker’s Attitude
◻ The world is full of fascinating problems waiting to be solved
✔ Innovation happens because hackers like to solve the problem rather
than complaining.
✔ If one happen to find these problems fascinating and exciting, then it
won’t even feel like hard work.
◻ No Problem should ever have to be solved twice.
✔ Hackers are perfectionists for clarifying the problem before they start
generating ideas
✔ It’s easy to jump to solutions, but sometimes that means wrong
problems are solved
✔ A little bit of accuracy on the front end of a problem solving process
means one tackles the right and real problem, so one only have to do it
once.
Hacker’s Attitude
◻ Boredom and drudgery (more and more work) are evil.
✔ The best way to lose touch with innovation is to become too repetitive
✔ Innovation requires constant and vigilant creativity.
✔ It may not be broken enough to fix, but there’s no point to wait to break
◻ Freedom is good
✔ Hackers need freedom to work upon their ideas
◻ Attitude is no substitute for competence
✔ Hackers are open-minded and see problems as interesting opportunities
✔ Innovators try to understand a problem more deeply, puzzling at how an
unworkable idea might become workable, improving their skill sets so
that they can be better problem solvers and can better execute their ideas
✔ Hackers are the innovators of the Internet
✔ Hackers are those people who have got relentless, curious, problem-
solving attitude.
Hackers, Crackers and Ethical Hackers
◻ Hacker is a word that has two meanings
⮚ A hacker is someone who likes to tamper with software or electronic
systems
⮚ They love discovering new ways to work electronically
✔ Crackers (criminal hackers) - someone who maliciously breaks into
systems for personal gain
✔ Crackers break into (crack) systems with malicious intent
✔ Crackers work for personal gain: fame, profit, and even revenge
✔ Crackers modify, delete, and steal critical information, often making other
people miserable.
⮚ Ethical Hacker (White hat hacker)- an information security expert
who systematically attempts to penetrate into a computer system,
network, application or other computing resources on behalf of its
owners with their permission to find security vulnerabilities that
malicious hackers could potentially exploit
Ethical hacking versus auditing
◻ Security auditing involves comparing a company’s security
policies (or compliance requirements) to what’s actually taking
place.
◻ The intention of security auditing is to validate/ensure that security
controls exist using a risk-based approach
◻ Security audits are usually based on checklists and security
assessments based around ethical hacking focus on vulnerabilities
that can be exploited
◻ This testing approach validates that security controls do not exist or
are incompetent
◻ Ethical hacking can be both highly technical and nontechnical, and
although one can use a formal methodology, it tends to be a bit less
structured than formal auditing
Example of Hacking:
◻ Computers have become mandatory to run a successful businesses.
◻ It is not enough to have isolated computers systems; they need to be
networked to facilitate communication with external businesses.
◻ The hacking can happen
⮚ Using password cracking algorithm to gain access to a system- This
exposes them to the outside world and hackers
⮚ Hacking means using computers to commit fraudulent acts such as
fraud, privacy invasion, stealing corporate/personal data, etc.
⮚ Cybercrimes cost many organizations millions of dollars every year
and businesses need to protect themselves against such attacks
Ethical Hacking
◻ Ethical Hacking is identifying weakness in computer systems and/or
computer networks and taking some countermeasures that deals with
the weaknesses.
◻ Ethical hacking is a branch of information security or information
assurance which tests an organization's information systems against a
variety of attacks.
◻ Ethical hackers are also sometimes known as White Hats
◻ Many people are confused when the terms "Ethical" and "Hacking" are
used together
◻ Ethical hacking refers to the act of locating weaknesses and
vulnerabilities of computer and information systems by duplicating the
intent and actions of malicious hackers
◻ It is also known as penetration testing, intrusion testing, or red
teaming
Rules for Ethical hackers
◻ Ethical hackers must abide by the following rules:

⮚ Get written permission from the owner of the computer system
and/or computer network before hacking
⮚ Protect the privacy of the organization being hacked
⮚ Transparently report all the identified weaknesses in the
computer system to the organization
⮚ Inform hardware and software vendors about the identified
weaknesses.
Penetration testing/Intrusion testing
◻ By conducting penetration tests, an ethical hacker looks to answer
the following four basic questions:
1. What information/locations/systems can an attacker gain access?
2. What can an attacker see on the target?
3. What can an attacker do with available information?
4. Does anyone at the target system notice the attempts?
❑ An ethical hacker operates with the knowledge and permission of
the organization for which they are trying to defend.
❑ In some cases, the organization will neglect to inform their
information security team of the activities that will be carried out by
an ethical hacker in an attempt to test the effectiveness of the
information security team. This is referred to as a double-blind
environment.
Malicious Users
◻ Malicious users or internal attackers try to collect sensitive
information from the inside as authorized and “trusted” users
⮚ Malicious attackers are, generally known as both, hackers and
malicious users
⮚ Malicious user means a rogue employee, contractor, intern, or other
user who abuses his or her trusted privileges
❑ These users search through critical database systems to collect
sensitive information, e-mail confidential client information or
delete sensitive files from servers that they probably do not have
access
❑ There can be occasional ignorant insider whose intent is not
malicious but who still causes security problems by moving,
deleting, or corrupting sensitive information.
❑ Even an innocent “fat-finger” (inaccurate typing) on the keyboard
can have terrible consequences in the business world
Evidence
4. Consider safety of personnel at the scene
✔ It is advisable to always ensure the scene is properly secured before
and during the search.
✔ In some cases, the examiner may only have the opportunity to do
the following while onsite:
▪ Identify the number and type of computers.
▪ Determine if a network is present.
▪ Interview the system administrator and users
▪ Identify and document the types and volume of media, including
removable media.
▪ Document the location from which the media was removed.
▪ Identify offsite storage areas and/or remote computing locations.
▪ Identify proprietary software.
▪ Determine the operating system in question .
1. Black Hat hackers (Crackers)
◻ Black hat hackers are normally responsible for creating malware,
which is frequently used to infiltrate computer networks and
systems
◻ They are usually motivated by personal or financial gain, but can
also participate in espionage, protests, or merely enjoy the thrill
◻ Black hat hackers can be anyone from amateurs to highly
experienced and knowledgeable individuals looking to spread
malware, steal private data, like login credentials, along with
financial and personal information.
◻ Upon accessing their targets and depending on their motives,
black hat hackers can either steal, manipulate, or destroy system
data
2. White Hat hackers
◻ White hat hackers also known as “ethical hackers”, are often
employed or contracted by companies and governmental
entities, working as security specialists looking for
vulnerabilities.
◻ They employ the same methods as black hat hackers, but
always with permission from the system’s owner, making
their actions completely legal
◻ White hat hackers implement strategies like penetration tests,
monitor in-place security systems, along with vulnerability
assessments
◻ They do Ethical hacking and it can even be learned through
independent sources, training, conferences, and certifications
3. Grey Hat
◻ Grey Hat hackers utilize aspects from black and white hat
hackers, but will usually seek out vulnerabilities in a system
without an owner’s permission or knowledge.
◻ They will report any issues they encounter to the owner,
they’ll also request some sort of compensation or incentive
◻ Should the owner not respond or reject their proposition, a
grey hat hacker might exploit the newfound flaws.
◻ Grey hat hackers aren’t malicious by nature, but do seek to
have their efforts rewarded
◻ Since grey hat hackers don’t have permission to access the
system by its owner, their actions are ultimately considered
illegal, despite any alarming findings they might reveal
Script Kiddies
◻ They are the most dangerous people in terms of hackers.
◻ A Script kiddie is an unskilled person who uses scripts or
downloads tools available for hacking provided by other
hackers.
◻ They attempt to attack computer systems and networks and
deface websites.
◻ Their main purpose is to impress their friends and society.
◻ Generally, Script Kiddies are juveniles who are unskilled
about hacking
Hacktivists and Phreakers
◻ Hacktivists
⮚ These are also called the online versions of the activists
⮚ Hacktivist is a hacker or a group of anonymous hackers
who gain unauthorized access to government’s computer
files and networks for further social or political ends .
◻ Phreakers
⮚ A hacker who identifies and exploits weaknesses in
telephones instead of computers
Penetration Testing
❑ Stages in penetration testing
WAF –Web Application

Firewall
Why Ethical Hacking?
◻ Information is one of the most valuable assets of an
organization.
◻ Keeping information secured can protect an organization’s
image and save an organization a lot of money.
◻ Hacking can lead to loss of business for organizations that
deal in finance such as PayPal.
◻ Ethical hacking puts them a step ahead of the cyber criminals
who would otherwise lead to loss of business.
◻ Legality of Ethical Hacking - Ethical Hacking is legal if the
hacker abides by the stipulated rules
Why to hack your own systems
◻ To catch a thief, think like a thief
⮚ With the increased numbers and expanding knowledge of hackers combined
with the growing number of system vulnerabilities and other unknowns, the
time will come when all computer systems are hacked or compromised in
some way
⮚ Protecting your systems from the bad guys and not just the generic
vulnerabilities that everyone knows about is absolutely critical.
⮚ When the hacker tricks are known, we can see how vulnerable the systems are
◻ Building the Foundation for Ethical Hacking
⮚ One should not forget about insider threats from malicious employees
⮚ The goals as an ethical hacker should be as follows:
✔ Hack your systems in a non-destructive fashion
✔ Enumerate vulnerabilities and, if necessary, prove to upper management that
vulnerabilities exist
✔ Apply results to remove vulnerabilities and better secure your systems .
Some well-known attacks
◻ There are some well-known attacks
◻ Many information-security vulnerabilities aren’t critical by
themselves but exploiting several vulnerabilities at the same time
can take its toll.
◻ Example: a default Windows OS configuration, a weak SQL
Server administrator password, and a server hosted on a
wireless network may not be major security concerns separately.
◻ But exploiting all three above mentioned vulnerabilities at the same
time can be a serious issue as:
⮚ Nontechnical attacks
⮚ Network-infrastructure attacks
⮚ Operating-system attacks
⮚ Application and other specialized attacks
Nontechnical attacks
◻ Manipulating people or end users and even yourself are the greatest
vulnerability within any computer or network infrastructure
◻ Humans are trusted by nature, which can lead to social-engineering
exploits
⮚ Social engineering is defined as the exploitation of the trusting nature
of human beings to gain information for malicious purposes.
◻ Other common and effective attacks against information systems
are physical attacks.
⮚ Hackers break into buildings, computer rooms, or other areas
containing critical information or property.
⮚ Physical attacks can include dumpster diving (searching through trash
cans and dumpsters for intellectual property, passwords, network
diagrams, and other information).
Network-infrastructure attacks
◻ Hacker attacks against network infrastructures can be easy, because
many networks can be reached from anywhere in the world via the
Internet.
◻ Examples of network-infrastructure attacks:
⮚ Connecting into a network through a rogue modem attached to a
computer behind a firewall
⮚ Exploiting weaknesses in network transport mechanisms, such as
TCP/IP and NetBIOS.
⮚ Flooding a network with too many requests, creating a Denial of
Service (DoS) for legitimate requests
⮚ Installing a network analyzer on a network and capturing every packet
that travels across it, revealing confidential information in clear text
⮚ Piggybacking onto a network through an insecure wireless
configuration.
Operating-system attacks
◻ Hacking Operating Systems (OSs) is a preferred method of the bad
guys(hackers)
◻ Operating systems comprise a large portion of hacker attacks simply
because every computer has one operating system
◻ Hackers prefer attacking operating systems like Windows and Linux
because they are widely used and better known for their
vulnerabilities
◻ Examples of attacks on operating systems:
⮚ Exploiting specific protocol implementations
⮚ Attacking built-in authentication systems
⮚ Breaking file-system security
⮚ Cracking passwords and encryption mechanisms
Application and other specialized
attacks
◻ Applications take a lot of hits by hackers
◻ Programs such as e-mail server software and Web applications
often are beaten down:
⮚ Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer
Protocol (SMTP) applications are frequently attacked because most
firewalls and other security mechanisms are configured to allow full
access to these programs from the Internet.
⮚ Malicious software (malware) includes viruses, worms, Trojan
horses, and spyware. Malware clogs networks and takes down
systems.
⮚ Spam (junk e-mail) is wreaking havoc on system availability and
storage space. And it can carry malware. Ethical hacking helps
reveal such attacks against computer systems
Basic commandments for Ethical
Hacker
◻ Working ethically
⮚ Hackers should work with high professional morals and principles.
⮚ While performing ethical hacking tests against own systems or for someone who has hired
you, one need to support the company’s goals.
⮚ No hidden agendas are allowed, Trustworthiness is the ultimate principle and the misuse of
information is absolutely forbidden.
◻ Respecting privacy
⮚ All information obtained during testing from Web-application log files must be kept private
⮚ If you sense or feel that someone should know there’s a problem, consider sharing that
information with the appropriate manager.
◻ Not crashing your systems
⮚ One of the biggest mistakes seen when people try to hack their own systems is
inadvertently crashing their systems.
⮚ The main reason for this is poor planning.
⮚ These testers have not read the documentation or misunderstand the usage and power of the
security tools and techniques.
The Ethical Hacking Process
◻ Formulating your plan
◻ Selecting tools
◻ Executing the plan
◻ Evaluating results
◻ Moving on

AI Intro-1

Uploaded by

Copyright:

Available Formats

AI Intro-1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AI Intro-1

Uploaded by

Copyright:

Available Formats

Unit-I: Artificial Intelligence

Areas of AI and Some Dependencies

◻ making computers that think?

THOUGHT Systems that Systems that

Systems that act Systems that act

◻ “The art of creating machines that perform

◻ The Turing Test approach

◻ Includes two more issues:

THOUGHT Systems that think Systems that think

Systems that Systems that

THOUGHT Systems that think Systems that think

Systems that Systems that

THOUGHT Systems that think Systems that think

Systems that Systems that

◻ Rational behavior: doing the right thing

◻ Logic 🡪 only part of a rational agent, not all of rationality

◻ Study AI as rational agent –

❑ AI has two major roles:

◻ To make computers more useful by letting them take over

❑Mathematics formalizes the three main area of AI:

◻ Control theory and Cybernetics

🞑 Computers can become more powerful and more useful

◻ Search is the fundamental technique of AI.

◻ The second most important concept in AI

⮚ Declarative knowledge deals with factoid questions (what is the

❑ Given a set of goals, construct a sequence of actions that

◻ If a system is going to act truly appropriately, then it

◻ In order to enable intelligent behaviour, we will have to

◻ Autonomous Planning & Scheduling:

◻ Autonomous Planning & Scheduling:

◻ Machine learning is a branch of science that deals with

◻ Embedded computing systems

system other than a desktop computer

And the list goes on and on…

⮚ Motor Control, Digital Power & Lighting

⮚ As these are customized chips they provide low

◻ Actuators - mechanical components (e.g., valve)

◻ Range of implementation options

◻ Criteria: performance, reliability, availability,

JPEG codec Microcontroller Multiplier/Accum

Memory controller ISA bus interface UART LCD ctrl

• Single-functioned -- always a digital camera

General-purpose (“software”) Application-specific Single-purpose (“hardware”)

General- Application- Single-

🞑 Also known as “microprocessor” Control

🞑 Low time-to-market and NRE costs Program Data

there are hundreds of others Assembly code

for a particular class of applications Control Registers

🞑 Compromise between general-purpose register

🞑 Optimized datapath Assembly code

🞑 Special functional units

🞑 Some flexibility, good performance,

Flexibility Power efficiency

PLD Semi-custom Full-custom

Compilation/Synthesis: System System Hw/Sw/ Model simulat./

◻ 2G/3G/4G - Mobile Communication:

◻ Request-Response is a communication model in which the

◻ Digital forensic investigation (DFI) is a special type of

Fig.1 Road map for digital forensic research