Pages

Pages

Tuesday, November 10, 2015

Computer Forensics and Cyber Crime

Computer Forensics and Cyber Crime

Introduction
Historically, the world has experienced periods of great enlightenment and progress.
The Industrial Revolution, for example, brought unprecedented knowledge and
opportunities almost two centuries ago. This revolution, automating common tasks,
provided previously unheard of privileges and advances. Advances in transportation
increased the array of vacation destinations, enabled families to remain in contact with
distant family members, and decreased infant mortality rates as prenatal care became
more accessible in remote areas. In addition, sharp advances in communication
improved police efficiency and radically changed the courting behavior of lovers. Individuals,
families, and institutions were granted unprecedented access to luxury items
like cooling systems, and household maintenance was made easier through power
tools, yard equipment, and the like. The automation of printing and the introduction of
mass media greatly enhanced information dissemination by increasing the availability
of reliable and credible sources of knowledge. Unfortunately, it also increased levels
of physical lethargy, obesity, complacency, desensitization, child poverty, and criminal
behavior. Today, American society has experienced similar transformations as a direct
result of the Information Revolution.
The introduction of the Internet has created unparalleled opportunities for commerce,
research, education, entertainment, and public discourse. A global marketplace has
emerged, in which fresh ideas and increased appreciation for multiculturalism have
flourished.
The introduction of computerized encyclopedias, international consortia,
worldwide connectivity, and communications has greatly enhanced quality of life
for many individuals. Indeed, the Internet can be utilized as a window to the world,
allowing
individuals to satiate their curiosity and develop global consciousness.
It allows individuals
to experience those things that they have only dreamed about.
Interested parties
can visit the Louvre, devouring priceless artifacts at their leisure
or take an African safari without the heat or mosquitoes. They can find answers to
the most complex legal or medical questions or search for their soul mates. They can
download coupons for their favorite restaurants or search for recipes to their favorite
dishes. In addition, individuals,
corporations, public organizations, and institutions
can more effectively advertise their products or services, using graphically highlighted
information and providing links to supplemental information or support. In
fact, computerized
access to unprecedented information has cut across traditional
boundaries
of communication.
Like other institutions, law enforcement has also benefited. The Internet has
successfully
created a nonthreatening platform for information exchange by community
residents. In addition, the speed and efficiency has enabled agencies to communicate
with other agencies on a global scale, solidifying relationships and increasing cooperation.
Indeed, law enforcement has been able to further its mission by simply extending
the range of audiences to whom it can communicate. Textual descriptions and graphic
images of wanted suspects or missing persons can be viewed by anyone with an Internet
connection, and concerned citizens can report suspicious activity in an efficient and
effective
manner. However, the Internet and the increasing reliance on digital technology
and communications have also had negative repercussions—creating seemingly
insurmountable obstacles for law enforcement. Indeed, the same technology that allows
access to favorite recipes from Madagascar can be utilized to download blueprints for
weapons of mass destruction. Those same individuals
surfing
the Web for vacation specials
can stalk and harass targeted victims
while enjoying the fruits of such searches.
Indeed, the very advantages that make the Internet, wireless
technologies, and smart
phones so attractive are often the same that pose the greatest risk
at No comments:

Command Guide CCNA Routing and Switching

Command Guide CCNA Routing and Switching

Learning the Basics


“Would you like to enter the initial configuration dialog? [yes/no]:”

- Where am I?



Command Modes

Cisco IOS has three main command modes – user EXEC, privileged EXEC and global configuration. Each command mode has its own set of commands for specific purposes.You’ll start at user EXEC mode.

User execution mode

Some verification and troubleshooting commands are available. Often used by 1st level helpdesk personnel.

You can identify user execution mode by the following prompt:

Router>

There’s not much to do in this command mode for a network administrator, elevate to next command mode by typing in enable command:

Router> enable
Moves to privileged execution mode.

Privileged execution mode

All verification and troubleshooting commands are available. Used by network administrators.

The “greater than” prompt changes to hash:

Router#

If you are looking to verify or troubleshoot something, you’ll find all the necessary commands available in this command mode. If you are looking to apply a configuration change, then elevate to the global configuration mode.

Router# configure terminal
Moves to global configuration mode.

Global configuration mode

Majority of configuration changes are applied here. Entering this command mode requires user to be in privileged execution mode, there are no shortcuts.

You can easily tell if you are in global configuration mode by the following prompt:

Router(config)#

This concludes the three main command modes of Cisco IOS. Type in “exit” or “end”, to move back to privileged execution mode:

Router(config)# exit
Moves back to privileged EXEC mode.

Saving Configurations

When you make a configuration change it’s only the “running-config” (contents of DRAM) that gets updated. All configuration changes are lost in case of power outages or system reboots unless changes were also written to “startup-config” (NVRAM).

For saving configurations navigate to privileged execution mode and use one of the commands below:

Router# write memory
Building configuration...
[OK]

Or

Router# copy running-config startup-config
Building configuration...
[OK]


Both of these commands copy contents of “running-config” to NVRAM. There’s no functional difference.

Show Commands for Information Gathering

Show commands help you verify configurations and troubleshoot. Some of them are listed below.

Router> enable
Navigates to privileged execution mode.

Router# show interfaces description
Lists all interfaces and their descriptions.
Router# show interfaces summary
Shows counter summary on all interfaces.
Router# show ip interface brief
Lists all interfaces and IP address information.
Router# show interface gigabitEthernet 0/1
Shows counter summary and status of the interface specified.
Router# show running-config interface gigabitEthernet 0/1
Shows configuration of the interface specified.
Router# show version
Shows brief system hardware information, including IOS version and configuration register value.
Router# show cdp neighbors detail
Shows detailed information of neighboring devices that have Cisco Discovery Protocol enabled.

Setting Hostname

Let’s take a look at how you can apply your very first configuration change. You can change the router hostname in global configuration mode.

Router> enable
Navigates to privileged execution mode.
Router# configure terminal
Navigates to global configuration mode.
Router(config)# hostname CupOfTea
Sets router hostname to “CupOfTea”.

Terminal prompt will change:
CupOfTea(config)#

Starting to feel like a network engineer already? Don’t forget to save the configuration!

CupOfTea(config)# exit
Navigates back to privileged execution mode.
CupOfTea# write memory
Saves changes to NVRAM.




Configuring an Ethernet Interface

“Easy! Just use the ‘no shut’ command.
 If the interface still doesn’t come up – try to reboot the router.” 

Assigning an IP Address

Router# show ip interface brief
Lists all available interfaces on the router. In this sample we’re going to modify configuration of the gigabitEthernet 0/0 interface.
Router# configure terminal
Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0
Moves to interface configuration mode.
Router(config-if)# ip address 192.168.101.1 255.255.255.0
Sets IPv4 address and network mask.
Router(config-if)# ipv6 address 2001:0db8:3c4d:0015:0011:0000:abcd:ed1a/64
Sets IPv6 address and network mask.
Router(config-if)# no shutdown
Enables the interface.

Note: “Administratively down” is the default state of all Ethernet interfaces on Cisco routers.

Interface Speed and Duplex

According to best practice it’s recommended to only change interface speed and duplex settings if you suspect that there might be a problem with auto negotiation. By default all Ethernet interfaces are configured with auto negotiation setting for interface speed and duplex.

Router# show interface gigabitEthernet 0/0
Shows interface speed and duplex settings.
Router# configure terminal
Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0
Moves to interface configuration mode.
Router(config-if)# speed auto
Enables speed auto-negotiation. This is default setting.
Router(config-if)# speed 1000
Forces interface into 1000Mbit/s operation mode.
Router(config-if)# speed 100
Forces interface into 100Mbit/s operation mode.
Router(config-if)# duplex auto
Enables duplex auto-negotiation. This is default setting.
Router(config-if)# duplex full
Forces interface into full duplex operation mode.
Router(config-if)# duplex half
Forces interface into half duplex operation mode.

Subinterfaces

One physical interface can be divided into multiple virtual interfaces.
 
Router# show ip interface brief
Lists all available interfaces on your router (including subinterfaces).
Router# configure terminal
Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0.1
Creates subinterface (.1) on gigabitEthernet 0/0 and moves to subinterface configuration mode.
Router(config-subif)# ip address 192.168.1.1 255.255.255.0
Assigns IPv4 address and network mask.
Router(config-subif)# encapsulation dot1q 1
Assigns subinterface to VLAN1 broadcast domain. Sets VLAN encapsulation method to dot1q.
Router(config-subif)# exit
Moves back to global configuration mode.

Router(config)# interface gigabitEthernet 0/0.2
Creates another subinterface (.2) on gigabitEthernet 0/0 and moves to subinterface configuration mode.
Router(config-subif)# ip address 192.168.2.1 255.255.255.0
Assigns IPv4 address and network mask.
Router(config-subif)# encapsulation dot1q 2
Assigns subinterface to VLAN2 broadcast domain. Sets VLAN encapsulation method to dot1q.



Remote Management

This chapter teaches you how to enable Telnet and SSH protocols.

Enabling Telnet

Telnet enables you to remotely manage router. It’s unencrypted and not very secure; the reason it’s still being used is that not all devices support SSH.

Note: Telnet sessions are prohibited by default. Without vty password configured you’ll notice a following message, when you attempt to log in to your router, using Telnet:

“Password required, but none set.”

Configuring vty password:

Router(config)# line vty 0 4
Enters into vty line configuration mode for lines 0 - 4.
Router(config-line)# password cookie
Sets password to “cookie” on vty lines 0,1,2,3 and 4.
Router(config-line)# login
Enables vty password authentication.

Enabling SSH

If your device also supports SSH it’s recommended that you use it instead of Telnet for remote management.

As a first step you must create RSA crypto key pairs.

Note: RSA crypto keys are non-exportable on Cisco routers and switches.

Router(config)# crypto key generate rsa
The name for the keys: MyRSA-Keys
How many bits in the modulus: 1024
Generates RSA crypto key pairs. These will be used for SSH encryption.

Router(config)# ip ssh version 2
Enables SSH version 2.
Router(config)# line vty 0 4
Enters into vty line configuration mode for lines 0 - 4.
Router(config-line)# password cookie
Sets password to “cookie” on vty lines 0,1,2,3 and 4.
Router(config-line)# login
Enables vty password authentication.


Optional: Prohibit Telnet and permit only SSH

Router(config)# line vty 0 4
Enters into vty line configuration mode for lines 0 - 4.
Router(config-line)# transport input ssh
Permits remote management over vty lines 0 – 4 only via SSH protocol.


at No comments:

Computer Forensics with FTK

Computer Forensics with FTK

Getting Started with
Computer Forensics
Using FTK
Forensic Toolkit (FTK) is a complete platform for digital investigations, developed
to assist the work of professionals working in the information security, technology,
and law enforcement sectors.
Through innovative technologies used in filters and the indexing engine, the relevant
evidence of investigation cases can be quickly accessed, dramatically reducing the
time to perform the analysis.
This chapter will cover the first steps needed to install and configure the FTK tool.
Forensic digital investigations include the following processes:
• Preparation
• Acquisition and preservation
• Analysis
• Reports and presentation
This process will be discussed in more detail in Chapter 4, Working with FTK Forensics,
with the use of FTK forensics and enterprise editions.
The computer forensics tools need to be kept updated to address issues such as an
increasing size of hard drives and the use of encryption in order to reduce the time
to perform the data acquisition and analysis.
Getting Started with Computer Forensics Using FTK
[ 6 ]
AccessData has two versions of the platform:
• FTK forensics: This version of FTK, which will be covered in this book, has
the ability to perform the acquisition and analysis of digital devices such
as computer hard drives, USB drives, flash memory devices, smartphones,
tablets, and other digital media. Its approach is related to a process called
post-mortem computer forensics, which happens when the computer has
been powered down.
• AD Enterprise: In general, AD Enterprise has the same features as the FTK
forensics version plus the ability to analyze multiple computers across your
company simultaneously. Another important feature of this version is the
ability to acquire and analyze volatile data, such as RAM. The investigation
process is totally confidential, and the investigated user will not be aware
of the analysis, even if it is done through the network and with the target
equipment in use.
In this book, we will use the solution only in the
standalone version.
Downloading FTK
Once the FTK platform has been acquired, AccessData usually sends the DVDs
for product installation and the hardware dongle codemeter with the license of
the product.
If not, then it is possible to download the FTK directly from the AccessData website.
All other products are also available for download.
In this book, we will use FTK Version 5 onwards, and you can download the product
from http://www.accessdata.com/support/product-downloads.
Chapter 1
[ 7 ]
Prerequisites for FTK
There are two different settings (configuration options) for FTK installation:
• One machine: FTK + database
• Two machines: FTK + database on separate machines
In general, the specification used for FTK with the PostgreSQL database is shown in
the following screenshot:
Note that this is the recommended specification by the vendor. However,
the more the processing, memory, and I/O resources available, the faster
the analysis.
Getting Started with Computer Forensics Using FTK
[ 8 ]
Installing FTK and the database
FTK installation is quite simple, although the components' installation sequence
must be respected. AccessData has created a menu to provide support for the correct
installation, as can be seen in the following screenshot:
Perform the following steps for installing FTK:
1. Start the installation process by using the Database component. You can then
enter a password to create the PostgreSQL database admin user.
2. Once the database installation is done, install FTK.
3. Install the Distributed Engine component, as it is necessary for the correct
operation of FTK.
4. The View User Guide installation is optional, but highly recommended.
Chapter 1
[ 9 ]
5. To finish the FTK platform installation process, click on the Other Products
button and select the components listed as follows:
°° License Manager: This is the product's license control component
°° Registry Viewer: This is the Windows registry analysis component
°° PRTK: This is the password recovery component
°° CodeMeter: This is the USB CodeMeter hardware driver and
management component
°° Imager: This is the FTK Imager product
Make sure that you select the correct platform, which can be either 32-
or 64-bits, and in case the Unable to connect to the database requested
error message appears, just change the RDBMS option to PostgresSQL.
Running FTK for the first time
If the installation has been done correctly, the first step would be to create a user:
Next, you can complete the fields in the form and then click on OK to create the first
user. This user will be the application administrator, who will manage the FTK tool.
The use of the FTK tool will be discussed in the next few chapters.
Getting Started with Computer Forensics Using FTK
[ 10 ]
Summary
This chapter covered the first necessary steps to be performed in order to use the FTK
forensics tool. The first step was to understand the difference between standalone
and enterprise platforms as it is extremely important to determine the approach to be
used in an investigation. This will certainly impact the time of acquisition and data
analysis. Another important point was to consider the hardware prerequisites. Keep
in mind that more the computing power the hardware has, the faster is the response
of their analysis.
The analysis process is really time-consuming, and if not properly scaled, the
hardware can have a negative impact on your project.
In the next chapter, you will use FTK Imager, the free version of the platform, which
is commonly used for evidence acquisition and preanalysis of data.
Working
at No comments: