Skip to main content

Sherlock’s First Digital Case



In this blog, Sherlock is going solve his first cases by using a concept called live analysis of a computer
Constable Clark: Hello Mr.Sherlock!! We had a case for you.
Sherlock: Hmm!! Go on Clark.
                          
Constable Clark: A company XYZ reported a data breach that happens to them, we are trying to solve this case but we are unable to find any clue we need your help Mr.Sherlock.

Sherlock: Watson!!!
1.     I need all the IDS records of the company
In Digital forensics analysis plays a major role to get culprits. The major part of cases is done in IDS record analysis.
2. I want you to take the details of
Previous pen-testing audit records and system repair details of the past few months.
Watson:  What does an IDS record consists?
Sherlock:  An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
Sherlock: Clark, I want to establish a connection between victim pc and my pc
   The process of establishment of remote connection and investigation of the case is called Live Analysis




Watson: How you’re going to perform a live analysis, Was there any tool to perform live analysis.
Sherlock:  Yes, there is a tool called Netcat
What is Netcat?
Netcat is a simple networking utility which reads and writes data across a network connection using TCP/IP protocol
Watson:  I reached victim place and now help me to connect to you Sherlock.
                             
Sherlock: Open the system to tell me what operating system it is.

Watson: It is a Windows operating system.
Sherlock: Now Open CMD and now enter
ipconfig
So you can IP Address of the system
Send me the IP Address
Watson:  The IP Address is 10.0.2.4
Meanwhile in Sherlock System
ifconfig(For Forensic system IPAddress)
10.0.2.5(Sherlock IP Address) – Forensics Workstation IP Address
nc -l 4656
Sherlock:
Watson,Type this command in command prompt
For example, you downloaded the netcat and it is saved in Downloads
Now in CMD
Type cd Downloads
dir
So you see all the downlods
Now type
nc -l 10.0.2.5(forensic system ip) 4656
Then after
dir | nc – 10.0.2.5 4656
Watson: OK,Sherlock. Its done.
Sherlock: Yeah, Got access to the drive.
This one of the way to live analysis a system using netcat tools.
Live analysis uses running system to obtain volatile data for deeper understanding of events going on
We need live analysis because
Live data forensics follows this aim but is only focused on computer systems that are powered on. The main purpose is to acquire volatile data that would otherwise get lost if the computer system is turned off or would be overwritten if the computer system will stay turned on for a longer period.
The outcome of the blog is to perform a live analysis on the victim system.
In next blog will be learning on how capture the RAM and retrieve the data.



To be continued ….

Comments

Post a Comment

Popular posts from this blog

Can Blockchain be the Iron Man of Data Security?

  Recent incident in Cyber Space shown that how vulnerable the data is and how important data security is to the user or an organization. There are various mechanisms out in the market in terms of data protection. What may be the reason for Data Thefts and Loss of Data Privacy? Lack of privacy towards the system is becoming more vulnerable to data thefts. For example, using weak passwords and lack of application regarding Cryptography. Cyber Criminals are finding the vulnerabilities in the system like Thanos finding the Infinity stones. Blockchain is the Iron Man of the Data Security. Blockchain Architecture will help reduce data theft and data tempering. What is Blockchain? Blockchain is growing list of records called blocks which are cryptographically hashed with pervious block. Blockchain follows the Merkle tree Data Structure Merkle Tree : In  cryptography  and  computer science , a hash tree or Merkle tree is a  tree  in which every  leaf node  is labelled with the 
1 comment
Read more

Sherlock says “A World with the Internet is Unsafe”

  Once a journalist in Baker street interviewed Mr Sherlock Holmes about a cybercrime happening in the Cyberspace. Disclaimer : This article is about privacy and security measure that needs to be taken in   cyberspace Journalist: Hello Sir, I am a Steve working as journalist and I have few queries about the cybercrime happening nowadays and the reasons behind it. Sherlock: A world with the internet is unsafe, the technologies and applications that we use are often not secure and our data might not be safe. Journalist: Sir, can you explain briefly? Sherlock: We download applications, files, music etc from different sites. This may trigger a Malware. This Malware acts as Spyware. Through this malware, we will have full access to the entire mobile such as a camera, microphone, messages, contacts and logs. Malware will also be able to gain access to content-sensitive information such as OTPs, bank details and these confidential details will help hackers gain access to the bank accou
Post a Comment
Read more

The Defense Against the Dark Arts

The Defense against the dark arts refers to defending yourself in the world Cyber against the Dark arts like hacking, data theft and social engineering attacks. Professor Snape for Hogwarts School of Witchcraft and Wizardry and Ilvermorny School of Witchcraft and Wizardry will teach the subject Defense against the Darks arts; ie Professor will teach how to protect your self from the Cyberworld. “Your defences must, therefore, be as flexible and inventive as the arts you seek to undo”    -Professor Snape Rule 1: “Don’t click unwanted links that you receive by E-Mails or by forwarded messages in Whats App” Once a student of Hogwarts came to know about the chamber of secrets, We all know the curiosity that the students of Hogwarts had They started digging into mystery while searching for the mystery they found something like what they want without knowing they started reading the spell and that resulted in huge damage. Rule 2: “Don’t connect to public WI-FI’s
Post a Comment
Read more