About cyber crime investigation and malware

Cyber Crime Investigation:

The technological advancement over the past few decades has been phenomenal. Among them, the Internet has proved to be one of the most rapid growing technologies. Given its presence and widespread nature in the field of technology, it has spread its wings for criminal offenses too which are evident from the happenings across the world every day. The misuse of technology has confronted the traditional police agencies to evolve into a much-sophisticated system involving complex technology to deal with such online crimes popularly known as Cyber Crimes.

Cybercrime is defined as the act of committing a criminal offense by the means of a computer through the internet or any other network. Cybercrime employs various methods such as hacking, phishing, skimming, pharming, spoofing, spamming, malware etc. to perform criminal activities such as illegally accessing computer with the intent of stealing, manipulating and crashing the crucial information by impersonating data packets, IP addresses, MAC addresses, e-mail addresses or posting obscene content such as pornography, or stalking/ bullying people by harassing, threatening or sending derogatory messages.

Cybercrime is a new aspect of crime and conventional laws are not enforcing to address the format of cyber crimes. To tackle the menace, new laws are implemented. Computer forensic implements investigative techniques to identify, collect, scrutinize, assess, validate and submit information as an evidence in the court of law that is stored magnetically on a CD, pen drive, mobile or any other handheld or storage device. This evidence can be used to interrogate criminals in the court of law.

The sub-branches of Cyber forensics that deal with various type of cyber crimes are –

Disk Forensics (extracting data by looking inactive, deleted and files and analyzing them).
Network Forensics (analyzing the network traffic to extract legal evidence, this data is dynamic as the network traffic varies from time to time)
Database Forensics (analyzing database information such as the timestamp of the rows in a table).
Malware Forensics (analyzing malicious code as an information)
E-mail Forensics (analyzing existing and deleting e-mails and e-mail contacts).
Mobile forensics (examining call logs, messages, images, videos, audio files etc.)
Memory Forensics (dealing with collecting and interpreting data from system memory such as system registers, cache, RAM) in raw format.
What are Backdoor, Virus, and Worms ?:

A typical computer system has always been an object subjected to vulnerability. The security of a computer system can be attacked by means of any malicious software – Virus, Worm, Trojan, Backdoor etc. These programs pose a security threat to the system by intruding into its items disrupting the critical information saved in it. These programs are popularly known as Malware – short form for MALicious softWARE.

Malware is a software designed for the purpose of causing loss to a computer system in any way. It consists of a harmful programming code and scripts to possess an unauthorized access to the content with the intent of stealing, modifying or manipulating the information residing on the system for the sake of personal or corporate benefits.

Note that a computer can be susceptible to any kind of malware and be depending on the type of malware affected, the computer is exposed to different hazardous conditions.

Different types of malware: –

Virus:

A virus is a malware attached to an executable file which activates when the executable on the system is clicked to install or to run. It is self-replicating and spreads to other systems if the infected file is shared with them. This is the first type of malware discovered.

Worm:

This is a typical malware which creates a clone of itself and spreads to the other systems or the network shared, unlike Virus which modifies the files by spreading to them. Predominantly, worms affect the computer network shared.

Backdoor:

Backdoor is a security flaw used to provide unauthorized access to the port and hence data by avoiding encryption and decryption.

What is a Trojan and how to detect Trojans?

Trojan is a destructive program that is tough be identified as it is a tricky thing bearing resemblance to authentic names of a software website or other URLs on the internet. The malware can be in the form of a scammer, spammer etc. Clicking the files or browsing the links will lead to a security threat.

It is advised for the computer users to be careful from the executable file attachments which have extensions such as .exe, .vbs etc. Trojans usually appear in the form of e-mail links with the names YOU-WON-MILLION-DOLLARS.exe or LOVE-LETTER-FOR-YOU.TXT.vbs. Sometimes, the extension may be hidden. Avoid opening such mails to protect the system.

How to prevent the virus attacks?

It is recommended that you should not download or access files from unknown senders as the virus can slow down your computer, spread to other files and destroy them. It is always advised to set the computer firewall on, install a tough antivirus software to safeguard the data, run a completes system scan on regular basis for deleting the malware. Also, upgrade the software periodically to enhance the protection system.