1. INTRODUCTION
The following techniques are proceeding by cybercrime investigation to solve the case.
Step 1: The investigation is to assess the crime. You need to know what exactly happened.
This is a great part to ask the rudimentary questions: ―Who, what, where, why, how, and
when?‖ This will give you the opportunity to gather surface-level information that will help
you prioritize your resources and time in the right direction.
Step 2: After you answer all the questions you can above, you should have an idea of what
tools you need to use to find the evidence.
Step 3: Next, you will need to follow the proper procedure to collect the evidence. The
proper procedure is usually already established by a proper investigating supervisor or
department officer.
Step 4: After the assessment of the evidence, you are ready to decide what it would take to
commit this crime or show evidence. For example, financial crimes would require analysing
email transfers, and artefact detection.
Step 5: Therefore you would perform discovery to find these traces. You would also decide
where on a computer or mobile device where this might be hiding and focus your tools to
extract the evidence on that software or mobile app. Once you assess and collect the memory
and files from a device you can move on to the next step, Evidence Examination.
Step 6: As a planet-spanning network, the Internet offers criminals multiple hiding places in
the real world as well as in the network itself.
Step 7: However, just as individuals walking on the ground leave marks that a skilled tracker
can follow, cybercriminals leave clues as to their identity and location, despite their best
efforts to cover their tracks.
Step 8: In order to follow such clues across national boundaries, though, international
cybercrime treaties must be ratified.
Step 9: Schemes to defraud abound on the Internet. Among the most famous is the or ―419,‖
scam; the number is a reference to the section of Nigerian law that the scam violates.
Step 10: Although this con has been used with both fax and traditional mail, it has been given
new life by the internet. In the scheme, an individual receives an e-mail asserting that the
1
,sender requires help in transferring a large sum of money out of Nigeria or another distant
country.
Step 11: Usually, this money is in the form of an asset that is going to be sold, such as oil, or
a large amount of cash that requires ―laundering‖ to conceal its source; the variations are
endless, and new specifics are constantly being developed.
Step 12: The message asks the recipient to cover some cost of moving the funds out of the
country in return for receiving a much larger sum of money in the near future. Should the
recipient respond with a check or money order, he is told that complications have developed;
more money is required. Over time, victims can lose thousands of dollars that are utterly
unrecoverable.
Data Work Flow Diagram -
Suspect Link Scan the URL
Identify IP
Requesting to
Details IP domain
Details of
the victim
Identify the
FIR victim
2
, 2. HDFC CLONE LINK FRAUD
2.1 Nikto:
Nikto is a free software command-line vulnerability scanner that scans web servers
for dangerous files/CGIs, outdated server software and other problems. It performs generic
and server type specific checks. It also captures and prints any cookies received.
This tool is used to find the vulnerabilities available in the domain with some
template-oriented strikes, Analysis of headers of a request, crafted request and etc.
https://tinyurl.com/3kzb6s29 website only has the missing headers vulnerability.
SUSPECT CREATED LINK: (https://tinyurl.com/3kzb6s29)
Figure 2.1 Vulnerability details of website using Nikto tool
3
, 2.2 Whatweb Tool Use:
WhatWeb identifies websites. It recognises web technologies including content management
systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and
embedded devices.
WhatWeb has over 900 plugins, each to recognise something different. It also
identifies version numbers, email addresses, account IDs, web framework modules, SQL
errors, and more.
Figure 2.2 whatweb
4
The following techniques are proceeding by cybercrime investigation to solve the case.
Step 1: The investigation is to assess the crime. You need to know what exactly happened.
This is a great part to ask the rudimentary questions: ―Who, what, where, why, how, and
when?‖ This will give you the opportunity to gather surface-level information that will help
you prioritize your resources and time in the right direction.
Step 2: After you answer all the questions you can above, you should have an idea of what
tools you need to use to find the evidence.
Step 3: Next, you will need to follow the proper procedure to collect the evidence. The
proper procedure is usually already established by a proper investigating supervisor or
department officer.
Step 4: After the assessment of the evidence, you are ready to decide what it would take to
commit this crime or show evidence. For example, financial crimes would require analysing
email transfers, and artefact detection.
Step 5: Therefore you would perform discovery to find these traces. You would also decide
where on a computer or mobile device where this might be hiding and focus your tools to
extract the evidence on that software or mobile app. Once you assess and collect the memory
and files from a device you can move on to the next step, Evidence Examination.
Step 6: As a planet-spanning network, the Internet offers criminals multiple hiding places in
the real world as well as in the network itself.
Step 7: However, just as individuals walking on the ground leave marks that a skilled tracker
can follow, cybercriminals leave clues as to their identity and location, despite their best
efforts to cover their tracks.
Step 8: In order to follow such clues across national boundaries, though, international
cybercrime treaties must be ratified.
Step 9: Schemes to defraud abound on the Internet. Among the most famous is the or ―419,‖
scam; the number is a reference to the section of Nigerian law that the scam violates.
Step 10: Although this con has been used with both fax and traditional mail, it has been given
new life by the internet. In the scheme, an individual receives an e-mail asserting that the
1
,sender requires help in transferring a large sum of money out of Nigeria or another distant
country.
Step 11: Usually, this money is in the form of an asset that is going to be sold, such as oil, or
a large amount of cash that requires ―laundering‖ to conceal its source; the variations are
endless, and new specifics are constantly being developed.
Step 12: The message asks the recipient to cover some cost of moving the funds out of the
country in return for receiving a much larger sum of money in the near future. Should the
recipient respond with a check or money order, he is told that complications have developed;
more money is required. Over time, victims can lose thousands of dollars that are utterly
unrecoverable.
Data Work Flow Diagram -
Suspect Link Scan the URL
Identify IP
Requesting to
Details IP domain
Details of
the victim
Identify the
FIR victim
2
, 2. HDFC CLONE LINK FRAUD
2.1 Nikto:
Nikto is a free software command-line vulnerability scanner that scans web servers
for dangerous files/CGIs, outdated server software and other problems. It performs generic
and server type specific checks. It also captures and prints any cookies received.
This tool is used to find the vulnerabilities available in the domain with some
template-oriented strikes, Analysis of headers of a request, crafted request and etc.
https://tinyurl.com/3kzb6s29 website only has the missing headers vulnerability.
SUSPECT CREATED LINK: (https://tinyurl.com/3kzb6s29)
Figure 2.1 Vulnerability details of website using Nikto tool
3
, 2.2 Whatweb Tool Use:
WhatWeb identifies websites. It recognises web technologies including content management
systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and
embedded devices.
WhatWeb has over 900 plugins, each to recognise something different. It also
identifies version numbers, email addresses, account IDs, web framework modules, SQL
errors, and more.
Figure 2.2 whatweb
4
