Skip to main content

Sherlock’s First Digital Case



In this blog, Sherlock is going solve his first cases by using a concept called live analysis of a computer
Constable Clark: Hello Mr.Sherlock!! We had a case for you.
Sherlock: Hmm!! Go on Clark.
                          
Constable Clark: A company XYZ reported a data breach that happens to them, we are trying to solve this case but we are unable to find any clue we need your help Mr.Sherlock.

Sherlock: Watson!!!
1.     I need all the IDS records of the company
In Digital forensics analysis plays a major role to get culprits. The major part of cases is done in IDS record analysis.
2. I want you to take the details of
Previous pen-testing audit records and system repair details of the past few months.
Watson:  What does an IDS record consists?
Sherlock:  An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
Sherlock: Clark, I want to establish a connection between victim pc and my pc
   The process of establishment of remote connection and investigation of the case is called Live Analysis




Watson: How you’re going to perform a live analysis, Was there any tool to perform live analysis.
Sherlock:  Yes, there is a tool called Netcat
What is Netcat?
Netcat is a simple networking utility which reads and writes data across a network connection using TCP/IP protocol
Watson:  I reached victim place and now help me to connect to you Sherlock.
                             
Sherlock: Open the system to tell me what operating system it is.

Watson: It is a Windows operating system.
Sherlock: Now Open CMD and now enter
ipconfig
So you can IP Address of the system
Send me the IP Address
Watson:  The IP Address is 10.0.2.4
Meanwhile in Sherlock System
ifconfig(For Forensic system IPAddress)
10.0.2.5(Sherlock IP Address) – Forensics Workstation IP Address
nc -l 4656
Sherlock:
Watson,Type this command in command prompt
For example, you downloaded the netcat and it is saved in Downloads
Now in CMD
Type cd Downloads
dir
So you see all the downlods
Now type
nc -l 10.0.2.5(forensic system ip) 4656
Then after
dir | nc – 10.0.2.5 4656
Watson: OK,Sherlock. Its done.
Sherlock: Yeah, Got access to the drive.
This one of the way to live analysis a system using netcat tools.
Live analysis uses running system to obtain volatile data for deeper understanding of events going on
We need live analysis because
Live data forensics follows this aim but is only focused on computer systems that are powered on. The main purpose is to acquire volatile data that would otherwise get lost if the computer system is turned off or would be overwritten if the computer system will stay turned on for a longer period.
The outcome of the blog is to perform a live analysis on the victim system.
In next blog will be learning on how capture the RAM and retrieve the data.



To be continued ….

Comments

Post a Comment

Popular posts from this blog

Can Blockchain be the Iron Man of Data Security?

  Recent incident in Cyber Space shown that how vulnerable the data is and how important data security is to the user or an organization. There are various mechanisms out in the market in terms of data protection. What may be the reason for Data Thefts and Loss of Data Privacy? Lack of privacy towards the system is becoming more vulnerable to data thefts. For example, using weak passwords and lack of application regarding Cryptography. Cyber Criminals are finding the vulnerabilities in the system like Thanos finding the Infinity stones. Blockchain is the Iron Man of the Data Security. Blockchain Architecture will help reduce data theft and data tempering. What is Blockchain? Blockchain is growing list of records called blocks which are cryptographically hashed with pervious block. Blockchain follows the Merkle tree Data Structure Merkle Tree : In  cryptography  and  computer science , a hash tree or Merkle tree is a  tree  ...
1 comment
Read more

Cyber Kurukshetra – An inspiration from the Mahabharata.

  The Mahabharata is an ancient Indian epic where the main story revolves around two branches of a family - the Pandavas and Kauravas - who, in the Kurukshetra War, battle for the throne of Hastinapura. At 100,000 verses, it is the longest epic poem ever written, generally thought to have been composed in the 4th century BCE or earlier. The Mahabharata is written by the Ved Vyas Maharshi. Mahabharata teaches the way of living for a human being. As an inspiration, we can interlink Mahabharata to Cyber Space or Cyber World and take valuable life lessons. We can grab some quick lessons from Mahabharata that will help one in their Cyber Space to stay safe and secured from Cyberattacks. So, this blog will be helping one to stay safe and secure in the Cyberspace. Ashwathama hatha narova kunjarova Explanation: It means  Ashwathama  is dead. And kunjaraha means elephant. But this was used as a ploy to kill  Ashwathama's  father,  Dronacharya . Yudhisthir is kn...
3 comments
Read more

Sherlock says “A World with the Internet is Unsafe”

  Once a journalist in Baker street interviewed Mr Sherlock Holmes about a cybercrime happening in the Cyberspace. Disclaimer : This article is about privacy and security measure that needs to be taken in   cyberspace Journalist: Hello Sir, I am a Steve working as journalist and I have few queries about the cybercrime happening nowadays and the reasons behind it. Sherlock: A world with the internet is unsafe, the technologies and applications that we use are often not secure and our data might not be safe. Journalist: Sir, can you explain briefly? Sherlock: We download applications, files, music etc from different sites. This may trigger a Malware. This Malware acts as Spyware. Through this malware, we will have full access to the entire mobile such as a camera, microphone, messages, contacts and logs. Malware will also be able to gain access to content-sensitive information such as OTPs, bank details and these confidential details will help hackers gain access to the b...
Post a Comment
Read more