4361601-sem-6-lab-manual (1)

lOMoARcPSD|40079493
lOMoARcPSD|40079493
Diploma Engineering
Laboratory Manual
Cyber Security And Digital Forensic

(4361601)
[Information Technology, Semester-VI]
Enrolment No 226120316072
Name Vasava Hetal
Branch Information Technology
Academic Term 241
Institute Dr.S & S.S Ghandhy College of
Engineering & Technology
Directorate of Technical Education Gandhinagar -

Gujarat
226120316072
lOMoARcPSD|40079493
DTE’s Vision:
● To provide globally competitive technical education;
● Remove geographical imbalances and inconsistencies;
● Develop student friendly resources with a special focus on girls’ education and
support to weaker sections;
● Develop programs relevant to industry and create a vibrant pool of technical
professionals.
DTE’s Mission:
Institute’s Vision:
Institute’s Mission:
Department’s Vision:
Department’s Mission:
226120316072
lOMoARcPSD|40079493
Certificate
This is to certify that Mr/Ms.

Enrollment No. of 6th Semester of Diploma in
Information Technology of has
satisfactorily completed the term work in course Cyber Security And Digital
Forensic (4361601) for the academic year: Term: Odd/Even
prescribed in the GTU curriculum.
Place:
Date:
Signature of Course Faculty Head of the Department
226120316072
lOMoARcPSD|40079493
Preface
The primary aim of any laboratory/Practical/field work is enhancement of required skills as well as
creative ability amongst students to solve real time problems by developing relevant competencies
in psychomotor domain. Keeping in view, GTU has designed competency focused outcome-based
curriculum -2021 (COGC-2021) for Diploma engineering programmes. In this more time is allotted
to practical work than theory. It shows importance of enhancement of skills amongst students and it
pays attention to utilize every second of time allotted for practical amongst Students, Instructors
and Lecturers to achieve relevant outcomes by performing rather than writing practice in study
type. It is essential for effective implementation of competency focused outcome- based Green
curriculum-2021. Every practical has been keenly designed to serve as a tool to develop & enhance
relevant industry needed competency in each and every student. These psychomotor skills are very
difficult to develop through traditional chalk and board content delivery method in the classroom.
Accordingly, this lab manual has been designed to focus on the industry defined relevant outcomes,
rather than old practice of conducting practical to prove concept and theory.
By using this lab manual, students can read procedure one day in advance to actual performance
day of practical experiment which generates interest and also, they can have idea of judgement of
magnitude prior to performance. This in turn enhances predetermined outcomes amongst students.
Each and every Experiment /Practical in this manual begins by competency, industry relevant
skills, course outcomes as well as practical outcomes which serve as a key role for doing the
practical. The students will also have a clear idea of safety and necessary precautions to be taken
while performing experiment.
This manual also provides guidelines to lecturers to facilitate student-centered lab activities for
each practical/experiment by arranging and managing necessary resources in order that the students
follow the procedures with required safety and necessary precautions to achieve outcomes. It also
gives an idea that how students will be assessed by providing Rubrics.
Course specific para

Information technology is a modern phenomenon that has dramatically changed the daily
lives of individuals and businesses throughout the world. In today's digital age, mobile
computing has become an essential component of our daily lives. With a mobile computing, we
are capable of doing almost all task that we do by computer, using mobile devices. Therefore, the
knowledge about the various applications areas of mobile computing and networks including
practical skills acquired through the laboratory will help students when he/she will be working
with very dynamic and growing field of mobile computing.
Although we try our level best to design this lab manual, but always there are chances of
improvement. We welcome any suggestions for improvement.
226120316072
lOMoARcPSD|40079493
Programme Outcomes (POs):

1. Basic and Discipline specific knowledge: Apply knowledge of basic mathematics, science
and engineering fundamentals and engineering specialization to solve the engineering
problems.
2. Problem analysis: Identify and analyse well-defined engineering problems using codified
standard methods.
3. Design/ development of solutions: Design solutions for engineering well-defined technical

problems and assist with the design of systems components or processes to meet specified
needs.
4. Engineering Tools, Experimentation and Testing: Apply modern engineering tools and
appropriate technique to conduct standard tests and measurements.
5. Engineering practices for society, sustainability and environment: Apply appropriate

technology in context of society, sustainability, environment and ethical practices.
6. Project Management: Use engineering management principles individually, as a team

member or a leader to manage projects and effectively communicate about well-defined
engineering activities.
7. Life-long learning: Ability to analyse individual needs and engage in updating in the
context of technological changes in field of engineering.
226120316072
lOMoARcPSD|40079493
Practical Outcome - Course Outcome matrix

Course Outcomes (COs):
CO1: Gain knowledge of information security, including Cryptography and hashing
techniques. CO2: Explain the different types of network and system security techniques and
threats.
CO3: Understand the different types cybercrimes and Analyse cybercrime.
CO4: Implement ethical hacking methodologies using Kali Linux, including vulnerability analysis.
CO5: Explain how digital forensics methodologies use for investigate cybercrimes
S. Practical Outcome/Title of experiment CO1 CO2 CO3 CO4 CO5
No
1 a) Implement Private key Cryptography √ - - - -
algorithm DES in python.
(Install des package using pip)
b) Implement Message digest 5 and Secure
Hash Function using python.
2 Implement the RSA Public key √ - - - -
Cryptography algorithm in Python using
RSA library.
3 Demonstrate intrusion detection system (ids) using - √ - - -
any tool.(snort or any other s/w)
4 Install Tor browser and perform proxy tunnelling. - √ - - -
5 Perform data hiding using Steganography tool - - √ - -

Openstego (use AES encryption algorithm).
6 Create malicious script for generating multiple - - √ - -
folders using python.
7 Prepare a case study report on 3 different types - - √ - -
of cyber-crimes. ( https://gujaratcybercrime.org)
(https://cybercrime.gov.in)
8 Study Open-source intelligence (OSINT) - - - √ -

framework and perform Information gathering using
Username, Email address , Domain name and IP
address.
9 a) Installation and configuration of Kali Linux - - - √ -
in Virtual box/VMware.
b) Perform basic commands in Kali Linux.
10 Perform port scanning using NMAP. - - - √ -
11 a) Installation and configuration of Wireshark. - - - - √

b) Perform Password sniffing using
Wireshark. (Analyse GET/POST Request)
12 Perform Memory forensic using Memoryze - - - - √
tool. (https://fireeye.market/apps/211368)
13 Perform web Artifact analysis and registry analysis - - - - √
using Autopsy. (https://www.sleuthkit.org/autopsy/)
14 Create forensic images of entire local hard drives - - - - √
using FTK IMAGER tool.
(https://go.exterro.com/l/43312/2023-05-03/fc4b78)
226120316072
lOMoARcPSD|40079493
Industry Relevant Skills

The following industry relevant skills are expected to be developed in the students by
performance of experiments of this course.
(2 or 3 skills)
Understand the basic concepts of hacking.

Explain the concepts and digital forensics
Apply knowledge to real-world situations while investigate cyber crime using digital forensics.
And ethical hacking
Guidelines to Course Faculty

1. Course faculty should demonstrate experiment with all necessary implementation strategies
described in curriculum.
2. Couse faculty should explain industrial relevance before starting of each experiment.
3. Course faculty should involve & give opportunity to all students for hands on experience.
4. Course faculty should ensure mentioned skills are developed in the students by asking.
5. Utilise 2 hrs of lab hours effectively and ensure completion of write up with quiz also.
6. Encourage peer to peer learning by doing same experiment through fast learners.
Instructions for Students

1. Organize the work in the group and make record of all observations.
2. Students shall develop maintenance skill as expected by industries.
3. Student shall attempt to develop related hand-on skills and build confidence.
4. Student shall develop the habits of evolving more ideas, innovations, skills etc.
5. Student shall refer technical magazines and data books.
6. Student should develop habit to submit the practical on date and time.
7. Student should well prepare while submitting write-up of exercise.
226120316072
lOMoARcPSD|40079493
Continuous Assessment Sheet

Enrolment No: Term:
Name:
Sr. Marks
Practical Outcome/Title of experiment Page Date Sign
No (25)
a) Implement Private key
Cryptography algorithm DES in
1 python.
(Install des package using pip)
b) Implement Message digest 5 and Secure
Hash Function using python.
Implement the RSA Public key
2
Cryptography algorithm in Python using
RSA library.
Demonstrate intrusion detection system (ids)
3
using any tool.(snort or any other s/w)
Install Tor browser and perform
4
proxy tunnelling.
Perform data hiding using Steganography tool
5
Openstego (use AES encryption algorithm).
Create malicious script for generating multiple
6
folders using python.
Prepare a case study report on 3 different types
7 of cyber-crimes. ( https://gujaratcybercrime.org)
Study Open-source intelligence (OSINT)
framework and perform Information gathering
8
using Username, Email address , Domain name
and IP address.
a) Installation and configuration of Kali Linux
9 in Virtual box/VMware.
10 Perform port scanning using NMAP.
a) Installation and configuration of Wireshark.
11 b) Perform Password sniffing using
Wireshark. (Analyse GET/POST Request)
Perform Memory forensic using Memoryze
12
tool. (https://fireeye.market/apps/211368)
Perform web Artifact analysis and registry
13 analysis using Autopsy.
(https://www.sleuthkit.org/autopsy/)
Create forensic images of entire local hard
drives using FTK IMAGER tool.
14
(https://go.exterro.com/l/43312/2023-05-
03/fc4b78)
226120316072
lOMoARcPSD|40079493
Cyber Security and Digital Forensics (4361601)
Practical 1
Aim: a. Implement private key cryptography algorithm DES in python.
(Install DES package using PiP)
b. Implement Message digest 5 and Secure Hash Function using python.
A. Objective:
To apply the knowledge of private key cryptography to implement DES algorithm in
Python
To achieve data integrity by implementing MD5 and Hash function using Python
B. Expected Program Outcomes (POs)

PO1.PO2 PO3, PO4, PO7
C. Expected Skills to be developed based on competency:
1. Advanced encryption techniques

2. Implementation of Data integrity using hashing
D. Expected Course Outcomes (Cos)

techniques.
E. Practical Outcome (PRo)
Implement Private key Cryptography algorithm DES in python.

Implement Message digest 5 and Secure Hash Function using python.
F. Expected Affective domain Outcome (ADos)
Examine the symmetric key cryptography and hashing concept and their applications
G. Prerequisite Theory:
A block cipher is a method of encrypting data in blocks to produce ciphertext using a

cryptographic key and algorithm. The block cipher processes fixed-size blocks
simultaneously, as opposed to a stream cipher, which encrypts data one bit at a time. Most
modern block ciphers are designed to encrypt data in fixed-size blocks of either 64 or 128
bits. A block cipher uses a symmetric key and algorithm to encrypt and decrypt a block of
data. A block cipher requires an initialization vector (IV) that is added to the
input plaintext in order to increase the key space of the cipher and make it more difficult
to use brute force to break the key. The IV is derived from a random number generator,
which is combined with text in the first block and the key to ensure all subsequent blocks
result in ciphertext that does not match that of the first encryption block.
Steps of DES
com 1|Page
226120316072
lOMoARcPSD|40079493
H. Resources/Equipment Required
Sr. No. Instrument/Equipment Specification Quantity

/Components/Trainer kit
1 Computer System Operating System: Windows 7 or later 1
(Desktop/Laptop) version, RAM:4 GB , HDD: 250 GB,
Anaconda Framework / Google colab
I. Safety and necessary Precautions followed
In the implementation of cryptographic algorithms like DES (Data Encryption Standard)

and hash functions such as MD5 (Message Digest 5) in Python, ensuring safety and
taking necessary precautions are crucial to protect sensitive data.
 Environment Setup Use Virtual Environment Setup.
 Use pip to install necessary packages securely.
 Use Established Libraries
 Secure Key Management
J. Procedure to be followed/Source code:

Step 1: Open Google Colab and Install DES using pip Command
Step 2: Import des and initialize key for encryption
com 2|Page
226120316072
lOMoARcPSD|40079493
Step 3: Perform encryption using key and provide message for encryption and print
encrypted message.
Step 4: Perform decryption using decrypt function of des.
Step 5: Convert and print digest of plain text message into md5 using hashlib library
Step 6: Convert and print digest of plain text message into sha256 using hashlib library
com 3|Page
226120316072
lOMoARcPSD|40079493
K. Observations and Calculations/Input-Output (CE & IT software subjects):

Observation: We can see that our message is encrypted in 64-bit cipher text using
des library and we can also get original plain text using decrypt function of des package
MD 5 / SHA 256 Output
Below we can see that MD5 gives 128-bit output digest and SHA256 gives 256 bits
output. Generally, the longer the output, the more secure the hash function, as it reduces
the chances of collisions
MD5
SHA256
L. Practical related Quiz.

1. What is the role of S-box in DES?
2. How permutation works in DES?
3. Differentiate DES, 2-DES and 3-DES.
4. How public key cryptography works?
com 4|Page
226120316072
lOMoARcPSD|40079493
5. What is hashing algorithm? How it works?
6. What do you mean by an authentication? How to achieve using public key cryptography?
M. References / Suggestions (lab manual designer should give)
https://www.youtube.com/watch?v=j53iXhTSi_s
https://www.youtube.com/watch?v=r6GlzIWiMD0
N. Assessment-Rubrics
Sr Performance Indicators Weightage in Marks Obtained

No. % Marks
1 Analyse and identify suitable approach 25 0-5
for problem solving
2 Use of appropriate technology / software 25 0-5
/ tools
3 Demonstrate problems as per 20 0-5
instructions.
4 Interpret the result and conclusion 15 0-5
5 Prepare a report/presentation for given 15 0-5

problem
Total 100 25
Sign
Date: ……………
com 5|Page
226120316072
lOMoARcPSD|40079493
Practical 2
Aim: Implement the RSA Public key Cryptography algorithm in Python using
RSA library.
A. Objective: To Implement RSA cryptographic algorithm

PO1,PO2,PO3,PO4,PO7
Able to use RSA python library for encrypting and decrypting message
Able to implement RSA algorithm

techniques.
Implement the RSA Public key Cryptography algorithm in Python using RSA library.
Examine the concepts of public key cryptography
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic

systems that use pairs of related keys. Each key pair consists of a public key and a
corresponding private key. Key pairs are generated with cryptographic algorithms based
on mathematical problems termed one-way functions. Security of public-key cryptography
depends on keeping the private key secret; the public key can be openly distributed without
compromising security.
In a public-key encryption system, anyone with a public key can encrypt a message,
yielding a ciphertext, but only those who know the corresponding private key can decrypt
the ciphertext to obtain the original message.
com 6|Page
226120316072
lOMoARcPSD|40079493

(Desktop/Laptop) version, RAM:4 GB , HDD: 250 GB,
Anaconda Framework / Google colab
1. Equipment handling and proper connection: Connect network devices, cables, and
connectors with care to prevent improper connection. Ensure proper grounding of
devices to prevent electrical issues.
2. Testing in a controlled environment: Perform the practical test in a controlled
environment that is separate from a live production network. This ensures that any
changes or issues encountered during testing do not impact critical network operations.
J. Procedure to be followed:
Step 1: Install Cryptodome package and import required library
Step 2: Generate and display public key and Private key using RSA newkeys function
Step 3: Encryption of message using receiver’s public key named “pubkey”
com 7|Page
226120316072
lOMoARcPSD|40079493
Step 3: decryption of message using receiver’s private key named “prikey”

Observation: You can speed up the process of key generation based on your machine
and using parameter poolsize
For encryption and decryption of our message using RSA we need to use encode and
decode function before encryption and after decryption of our message. Here we have
used utf8 for encoding and decoding of our message.

1. What is the use of public key cryptography?
2. Write the steps to generate keys in RSA.
com 8|Page
226120316072
lOMoARcPSD|40079493
3. Give the principles of public key cryptosystem.
4. Draw block diagram of RSA algorithms.
com 9|Page
226120316072
lOMoARcPSD|40079493
https://www.youtube.com/watch?v=vf1z7GlG6Qo
https://www.youtube.com/watch?v=j2NBya6ADSY
Sr Weightage in Obtained
Performance Indicators Marks
No. % Marks
1 Analyze and identify suitable approach 25 0-5
for problem solving
/ tools
instructions.
problem
Total 100 25
Sign :
Date …………..
226120316072 Page 10
lOMoARcPSD|40079493
226120316072 Page 11
lOMoARcPSD|40079493
Practical 3
Aim: Demonstrate intrusion detection system (ids) using any tool.
(snort or any other s/w)
A. Objective: To familiarize participants with Intrusion Detection Systems (IDS) by
demonstrating the setup and operation of an IDS tool Snort.

PO1,PO2,PO3,PO4,PO7
1. Acquire practical experience in the installation and customization of an Intrusion

Detection System (IDS) tool.
2. Interpret alerts and logs generated by the IDS.
3. Understanding of IDS rules.
Understand the role of IDS in network security and its contribution to threat
identification and mitigation.
Participants will showcase their proficiency in configuring and managing an Intrusion

Detection System (IDS) with a selected tool, producing simulated alarms or log
entries, and scrutinizing them to detect potential security risks.
Participants are expected to:

 Understand the importance of constant monitoring and vigilance in network
security through the use of IDS.
 Acknowledge the significance of IDS in security, fostering a sense of
responsibility towards deploying and maintaining such systems.
 Foster adaptive thinking in recognizing evolving security threats and the role of
IDS in threat detection.
An IDS is a security tool that monitors network traffic or system activities for malicious
activities or policy violations.
Types of IDS:
Network-based IDS (NIDS): Monitors network traffic and identifies suspicious patterns or
anomalies.
226120316072 Page 12
lOMoARcPSD|40079493
Host-based IDS (HIDS): Monitors activities on individual hosts or devices.
Snort
Snort is an open-source network intrusion detection system (NIDS) and intrusion prevention
system (IPS) created by Sourcefire. It examines network packets and can act as a packet
sniffer, packet logger, and network intrusion detection system.
Snort Components:
Sniffer: Captures packets traversing a network interface.
Packet Logger: Logs captured packets to disk.
Detector: Analyses network traffic against predefined rules to identify and generate alerts for
suspicious activities.
Logger and Alerting System: Records events and generates alerts based on detected threats.
Snort Rules:
Rule-based Detection: Snort utilizes rules for defining conditions that, when matched, trigger
an alert.
Rule Structure: Rules consist of header, options, and rule options, allowing for the
specification of protocols, source/destination IPs, ports, and alert messages.
Snort Modes of Operation:

Sniffer Mode: Passively captures packets without altering network traffic.
Packet Logger Mode: Records packets to disk for later analysis.
Network Intrusion Detection System (NIDS) Mode: Analyses packets in real-time and
generates alerts for detected threats.
Network Intrusion Prevention System (NIPS) Mode: Similar to NIDS but can take active
measures to prevent threats.
Sr. Instrument/Equipment Specification Quantity

No /Components/Trainer kit
1 Computer System Operating System: Kali Linux, RAM:4 GB 1
(Desktop/Laptop) , HDD: 250 GB , SNORT
When demonstrating an Intrusion Detection System (IDS) using tools like Snort, ensure
safety by conducting tests in an isolated environment, adhering to official installation
226120316072 Page 13
lOMoARcPSD|40079493
226120316072 Page 14
lOMoARcPSD|40079493
guidelines, and implementing network segmentation. Additionally, emphasize ethical

considerations, maintain detailed documentation, and develop response plans for potential
security incidents.

Step 1: Install Snort. In Kali Linux you need to update source List.
sudo apt-get update
sudo apt-get install snort
Step 2: Configuration of Snort snort.conf Configuration: The primary configuration file for
Snort is snort.conf. It is located in /etc/snort/ on most Linux distributions and check snort
version.
sudo nano /etc/snort/snort.conf
snort --version
Step 3: Check Snort Configuration
sudo snort -T -c /etc/snort/snort.conf
Step 4: Start Snort in Sniffer Mode
Run Snort in sniffer mode, observing network traffic on a specified network interface.
sudo snort -A console -q -u snort -g snort -i <INTERFACE> -c /etc/snort/snort.conf

Observation: Snort Installation and Configuration shown in detail.
Output 1:
Output 2:
226120316072 Page 15
lOMoARcPSD|40079493
Output 3:
Initialized Snort rules
226120316072 Page 16
lOMoARcPSD|40079493
226120316072 Page 17
lOMoARcPSD|40079493

1. What is IDS.
2. Write tools for IDS.
226120316072 Page 18
lOMoARcPSD|40079493
3. What are the types of IDS
4. Write name of components of Snort.
5. What is Sniffer Mode in snort.
https://dev.to/ankitsahu/install-snort-on-kali-1co8
https://youtu.be/PYP0YH2PVuo?list=PLpPXZRVU-
dX33VNUeqWrMmBNf5FeKVmi-
https://youtu.be/CystKHV2gnI?list=PLpPXZRVU-dX33VNUeqWrMmBNf5FeKVmi-
No. % Marks
for problem solving
/ tools
instructions.

problem
Total 100 25
Sign
Date: ……………….
226120316072 Page 19
lOMoARcPSD|40079493
226120316072 Page 20
lOMoARcPSD|40079493
Practical 4
Aim: Install Tor browser and perform proxy tunnelling.
A. Objective: To familiarize with use of Tor browser and proxy tunnelling.

PO1, PO2, PO3,PO4,PO7
Understanding of proxy tunnelling.

Understand the role of tor browser in network security and its usage in hacking.
Participants will showcase their proficiency in configuring tor browser and proxy
tunnelling.

 Understand the importance tor browser and proxy tunnelling in hacking
A proxy address is an intermediary IP address that sits between your device and the
internet. When you connect to the internet through a proxy server, your requests are first
sent to the proxy server, which then forwards them to the destination server. This process
masks your device's IP address, providing anonymity and potentially allowing access to
content that may be restricted based on your geographical location or network policies.
Proxy tunneling, also known as proxy chaining or proxy forwarding, is a method of passing
network traffic through multiple proxy servers in a chain or series. This technique involves
establishing a connection to one proxy server and then routing the traffic through
successive proxy servers until it reaches its final destination on the internet.
Here's how proxy tunneling typically works:
Initiation: The client establishes a connection to the first proxy server in the chain. This can
be done by configuring the client software (such as a web browser or a network
application) to use a specific proxy server.
Forwarding: The first proxy server receives the client's request and forwards it to the next
proxy server in the chain. This process continues until the request reaches the final
destination server.
Response: The destination server processes the request and sends a response back to the
last proxy server in the chain.
Reverse Routing: The response is then sent back through the chain of proxy servers,
eventually reaching the client.
226120316072 Page 21
lOMoARcPSD|40079493
Proxy tunneling can be used for various purposes, including:

Anonymity: By passing traffic through multiple proxy servers, users can obfuscate their
original IP address, making it difficult for websites to track their online activities.
Bypassing Restrictions: Proxy tunneling can help users bypass network restrictions or
censorship imposed by governments, organizations, or ISPs. By routing traffic through
proxy servers located in different regions, users can access content that may be blocked in
their own country.
Enhancing Security: Proxy tunneling can add an extra layer of security to network
communications by encrypting traffic between the client and the proxy servers. This can
help protect sensitive information from eavesdropping or interception by malicious actors.
However, it's important to note that while proxy tunneling can provide anonymity and
bypass restrictions, it also introduces potential security risks. Malicious proxy servers may
intercept or modify traffic, leading to privacy breaches or data theft. Therefore, it's essential
to use proxy tunneling services from trusted sources and ensure proper encryption and
authentication mechanisms are in place to secure the communication channels.
Sr. Instrument/Equipment
/Components/Trainer kit Specification Quantity
No
1 Computer System Operating System: Windows or Kali Linux, 1
(Desktop/Laptop) RAM:4 GB , HDD: 250 GB ,Tor Browser

No Need any precautions

Procedure:
1) Download and Install Tor Browser:
a. Visit the official Tor Project website: https://www.torproject.org/.
b. Click on the "Download" button.
c. Download the appropriate version for your operating system (Windows, macOS, or Linux).
d. Run the installer and follow the on-screen instructions to install Tor Browser.
2) Launch Tor Browser:

a. Once the installation is complete, launch Tor Browser and connect with tor network.
b. Wait for the browser to connect to the Tor network. Confirm the connection status in the top-
left corner.
3) Verify Tor Browsing:

a. Open the Tor Browser and visit a website (e.g., https://check.torproject.org/) to confirm that
you are connected to the Tor network.
4)Configure Proxy Settings:

a. Open the Tor Browser menu by clicking on the three horizontal lines in the top-right corner.
b. Select “Connection”
226120316072 Page 22
lOMoARcPSD|40079493
226120316072 Page 23
lOMoARcPSD|40079493
c. Click on “Advanced" section and then "Settings."

e. Choose the option "I use a proxy to connect to the Internet." Select Proxy Type. Enter proxy
address and port number.
f. Enter the proxy details (address and port) and proxy type provided for the exercise.
g. Click "OK" to save the changes.
5) Test Connection:
a. Restart Browser and connect to tor network.
b. Browse check.torproject.org after successful connection.

Observation: Start Tor browser and connect with tor network. Open any website.
Configure proxy address as per procedure and connect with tor network. After connecting
network open any website.

1. What is Proxy address.
2. Write how Tor browser work.
226120316072 Page 24
lOMoARcPSD|40079493

https://dev.to/ankitsahu/install-snort-on-kali-1co8 https://youtu.be/PYP0YH2PVuo?
list=PLpPXZRVU-dX33VNUeqWrMmBNf5FeKVmi- https://youtu.be/CystKHV2gnI?
list=PLpPXZRVU-dX33VNUeqWrMmBNf5FeKVmi-

No. % Marks
1 Analyse and identify suitable approach for 25 0-5
problem solving
2 Use of appropriate technology / software / 25 0-5
tools
3 Demonstrate problems as per instructions. 20 0-5

problem
Total 100 25
Sign
Date: ……………
226120316072 Page 25
lOMoARcPSD|40079493
226120316072 Page 26
lOMoARcPSD|40079493
Practical 5
Aim: Perform data hiding using Steganography tool Openstego (use AES
encryption algorithm)
A. Objective: To acquaint learners with the implementation of Steganography techniques
utilizing OpenStego alongside Advanced Encryption Standard.

PO1, PO2,PO3,PO4,PO7
1. Ability to understand the principles and techniques of Steganography.

2. Proficiency in navigating and utilizing the features of OpenStego software for data
hiding and extraction within images.
3. Understanding of the Advanced Encryption Standard (AES) and its application in
securing hidden data.
Understand the concepts of Steganography and apply various techniques for data
hiding
Use of tools like OpenStego for data hiding and information retrieval.
Participants will get a greater understanding of data security ethics and respect for
legal and ethical boundaries while using data hiding methods like Steganography with
AES encryption.
What is Steganography?
Steganography is the practice of concealing a message or information within another
non-secret data in a way that the existence of the hidden message is not easily detected.
It's different from cryptography, which focuses on making the content of a message
unreadable to unauthorized parties. Steganography aims to hide the fact that
communication is happening at all.
There are several types of steganography techniques:
Image Steganography: Concealing information within digital images. This can be done
by subtly altering the colors of pixels, hiding data in the least significant bits of an
image, or embedding information in specific image areas that are less noticeable to the
human eye.
Audio Steganography: Hiding data within audio files. Similar to image steganography,
this involves altering sound waves or manipulating the audio file structure to embed
hidden information.
Video Steganography: Concealing data within video files. Techniques involve
modifying frames, hiding data in specific parts of the video stream, or using
imperceptible changes in video frames.
226120316072 Page 27
lOMoARcPSD|40079493
Text Steganography: Embedding data within text by altering the formatting, spaces, or
characters subtly to encode information without changing the meaning of the text.
File Steganography: Hiding data within various file types. This can involve embedding
information in less-used sections of a file format or altering certain elements within the
file structure to accommodate hidden data. Example
Features of OpenStego
 OpenStego is written in pure Java and should run on all platforms supported by
java. It has been tested on MS Windows and Linux.
 It supports password-based encryption of data for additional layer of security.
AES 128 and AES 256 algorithms are supported.
Sr. No. Instrument/Equipment Specification Quantit

/Components/Trainer kit y
(Desktop/Laptop) version, RAM:4 GB , HDD: 250 GB
,OpenStego Software
Data Sensitivity: Use non-sensitive data for hiding and respect privacy laws. Avoid
personally identifiable or classified information in the steganography process.
Secure Practices: Perform data hiding in authorized and secure environments. Ensure
legal compliance, maintain secure configurations, and protect access to the
steganography tool.
Encryption Security: Implement strong passwords and safeguard encryption keys for the
AES algorithm. Use encrypted channels for data transmission and conduct regular
security audits to identify vulnerabilities.
Step 1: Open Openstego Software.

There are two modes of operation - data hiding and watermarking.
226120316072 Page 28
lOMoARcPSD|40079493
226120316072 Page 29
lOMoARcPSD|40079493
Step 2: Input the required parameters

Message file to hide data
Cover Image file (In which data will be hidden)
Path to Store Stego File
Select additional options (Encryption algorithm and password for file)
In last Click on Hide Data.
Step 3: Once the data is hidden you will find a success message and the output file will
be placed at given path.
Step 4: For Extract data select the option
226120316072 Page 30
lOMoARcPSD|40079493
Step 5: Provide the Stego file, Path for output data file and password to Extract data.

Observation:
Now, check if message is hidden or not.
Successful means data is hidden.
Now try to Extract the data and check if you get same password file which was hidden.

1. What is Steganography?
2. Types of Steganography
3. What are the features of OpenStego tool?
226120316072 Page 31
lOMoARcPSD|40079493
226120316072 Page 32
lOMoARcPSD|40079493
4. What is AES?
5. Write name of other tools available for steganography
https://youtu.be/xepNoHgNj0w
https://youtu.be/Jsbe5oqRyXI

No. % Marks
for problem solving
/ tools
instructions.

problem
Total 100 25
Sign
Date: ………………..
226120316072 Page 33
lOMoARcPSD|40079493
Practical 6
Aim: Create Malicious Script for Generating Multiple Folders Using Python
A. Objective: To enable participants to utilize Python scripting for the benign creation of
multiple folders programmatically. Participants are also able to Understand File
System Manipulation.

PO1,PO2, PO3,PO4,PO7
1. Ability to understand utilizing Python programming to automate task.

2. Understand the ethical use of programming skills and discourage the creation or
distribution of malicious scripts
Understand and differentiate use of python for ethical and prevention and identification
of malicious scripts.
Use of python scripts for automation of task and prevention of cyber threats.
Participants will get a greater understanding of data security ethics and respect for
legal and ethical boundaries while using python scripts.
What is malicious script?

Malicious scripts are fragments of code that have been modified by threat actors for
nefarious purposes. Cyber threat actors hide them in legitimate websites, third-party
scripts, and other places to compromise the security of client-side web applications and
webpages. Malicious scripts most often target customers and users of web applications
or websites, since users have no way of knowing that dangerous code exists in these
websites or applications and assume the business, they are interacting with to be safe
and secure.
Malicious script attacks use interpreted language like JavaScript. An interpreted code
needs an extra step, called an interpreter, to read it line-by-line, turning the human
readable text into machine readable code before the machine can execute it.
Using bash script and python script you can create worm and virus like
Locker: Which is to create a full-screen window and prevent the user from closing it.
ENCRYPTOR: To encrypt all files in a given directory and all its subdirectories

(Desktop/Laptop) version, RAM:4 GB , HDD: 250 GB
,OpenStego Software
226120316072 Page 34
lOMoARcPSD|40079493
226120316072 Page 35
lOMoARcPSD|40079493
Conduct ethical hacking in authorized environments with explicit consent, document all
activities, and prioritize responsible disclosure. Respect privacy laws, collaborate with
stakeholders, and continuously update skills.
Create a script for educational purposes, emphasizing the potential impact of malicious
actions. Ensure informed consent, execute only in controlled environments, and strictly
adhere to ethical guidelines.
Step 1: Open Spyder or Python IDE. Create a new python file using below code.
Step 2: In Program you can give any name of folder and create a function for folder
creation. The folders will be created in same directory in which python script file is
stored.

Observation: Now, check the folders are created in directory or not.
We can see that multiple folders created in directory with given name.
226120316072 Page 36
lOMoARcPSD|40079493

1. What is malware?
2. Name python library to use with windows operations
3. What are different types of malwares?
4. Write bash script to create multiple folders in window.
226120316072 Page 37
lOMoARcPSD|40079493
226120316072 Page 38
lOMoARcPSD|40079493
5. What are the tools for running python scripts?
https://youtu.be/GVaGsj-Lx9I?list=PL8KnQ7ULK8egs86oy1gRRa21CGDrEefPw
https://youtu.be/lyVqm0b2cdk?list=PL8KnQ7ULK8egs86oy1gRRa21CGDrEefPw

No. % Marks
for problem solving
/ tools
instructions.

problem
Total 100 25
Sign:
Date: ………………….
226120316072 Page 39
lOMoARcPSD|40079493
Practical 7
Aim: Prepare a case study report on 3 different types of cyber-crimes.
(https://gujaratcybercrime.org) (https://cybercrime.gov.in)
A. Objective: To enable participants to analyse and understand various types of cyber-crimes,
develop investigative skills, and enhance their awareness of cybersecurity threats.

PO1, PO2, PO3, PO4, PO7
1. Develop the ability to analyse different cyber-crimes, including the methods, motives,
and impacts.
2. Enhance skills in gathering information related to cyber-crimes and cyber-criminals.
3. Understanding of IDS rules.
Upon completion, participants should be able to:

 Identify and describe three distinct types of cyber-crimes.
 Understand the techniques and tools employed in each type of cyber-crime.
 Analyse the motives and impacts of cyber-crimes on individuals and organizations.
Participants will produce a comprehensive case study report covering three different types of
cyber-crimes. The report will include detailed analyses, methodologies, and
recommendations for preventing or mitigating the impact of each cyber-crime.

 Gain a heightened sensitivity to the impact of cyber-crimes on individuals and
organizations
 Understand the ethical considerations surrounding cyber-crimes and the importance of
responsible technology use.
 Cultivate awareness of the evolving nature of cyber threats and the need for continuous
cybersecurity education and vigilance.
Participants should have theoretical knowledge in:

Cybersecurity Fundamentals: Basic understanding of cybersecurity concepts, threats, and
protective measures.
Common Cyber-crimes: Familiarity with common cyber-crimes such as phishing,
ransomware, identity theft, etc.
Legal and Ethical Aspects: Understanding of the legal and ethical aspects of cyber-crimes,
including privacy concerns and digital forensics.
226120316072 Page 40
lOMoARcPSD|40079493
226120316072 Page 41
lOMoARcPSD|40079493
Instrument/Equipment
Sr. No /Components/Trainer kit Specification Quantity
1 Computer System Operating System: Windows or any , 1
(Desktop/Laptop) RAM:4 GB , HDD: 250 GB
1. Emphasize the importance of approaching the case study ethically and responsibly,
respecting privacy and legal boundaries.
2. Stress the importance of avoiding any actions that could potentially cause harm or
compromise the security of systems or individuals.
Step 1: Choose three different types of cyber-crimes to focus on in the case study.
Step 2: Conduct in-depth research on each chosen cyber-crime, including the methods,
motives, and real-world examples. Use website like (https://gujaratcybercrime.org)
Participant can also refer newspapers and news sites.
Step 3: Prepare a detailed case study report covering the background, methods, motives,
impacts, and preventive measures for each cyber-crime.
Participants have to paste news cutting from authentic resources and write in detail method
used in cyber-crime and solution approach for prevent it.

Observation:
226120316072 Page 42
lOMoARcPSD|40079493
226120316072 Page 43
lOMoARcPSD|40079493
226120316072 Page 44
lOMoARcPSD|40079493
226120316072 Page 45
lOMoARcPSD|40079493
226120316072 Page 46
lOMoARcPSD|40079493
226120316072 Page 47
lOMoARcPSD|40079493

1. What are types of cyber-crime.
2. How to prevent OTP Fraud.
3. What is remote app login?
4. What do you mean by 2-layer security?
5. Write the role of token in session handling.

https://gujaratcybercrime.org
https://cybercrime.gov.in
https://youtu.be/BQ_JrFgUTKI
https://youtu.be/p6Y7SQv_Zts
226120316072 Page 48
lOMoARcPSD|40079493
226120316072 Page 49
lOMoARcPSD|40079493
No. % Marks
for problem solving
/ tools
instructions.

problem
Total 100 25
Sign:
Date: ………………….
226120316072 Page 50
lOMoARcPSD|40079493
Practical 8
Aim: Study Open-source intelligence (OSINT) framework and perform
Information gathering using Username, Email address, Domain name and IP
address.
A. Objective: To enable participants to utilize Open-source Intelligence (OSINT) frameworks
and methods for conducting information gathering using various identifiers such as
username, email addresses, domain names, and IP addresses.

P01,P02,PO3,PO4,PO7
1. Developing the ability to search and retrieve information from open sources
effectively.
2. Gaining familiarity with OSINT tools and frameworks for information gathering.
1. Utilize Open-source Intelligence (OSINT) frameworks for information collection.

2. Analyse and interpret data obtained from OSINT sources effectively.
Participants will demonstrate proficiency in utilizing OSINT methodologies by

gathering comprehensive information related to a provided username, email address,
domain name, and IP address, consolidating their findings in a structured report.
Participants will get a greater understanding of information gathering process using

various opensource tools and create python-based tools or services by using api.
What is Information Gathering?

Information gathering is a process of collecting information from different sources, such as
books, websites, interviews, surveys, and more. This process is used to gather information
about a particular topic or issue. It helps to create a comprehensive picture of the subject, and
is essential for making informed decisions. By gathering information, organizations and
individuals can better understand the environment in which they operate, identify potential
risks, develop strategies, and make informed decisions. Additionally, information gathering
can help to inform public policy and create public awareness on important topics.
OSINT Framework
OSINT Framework, as its name implies, is a cybersecurity framework, a collection of OSINT
tools to make your intel and data collection tasks easier. This tool is mostly used by security
researchers and penetration testers for digital foot printing, OSINT research, intelligence
gathering, and reconnaissance. It provides a simple web-based interface that allows you to
browse different OSINT tools filtered by categories. It also provides an excellent classification
of all existing intel sources, making it a great resource for knowing what infosec areas you are
neglecting to explore, or what will be the next suggested OSINT steps for your investigation.
226120316072 Page 51
lOMoARcPSD|40079493
226120316072 Page 52
lOMoARcPSD|40079493
No
(Desktop/Laptop) version, RAM:4 GB , HDD: 250 GB ,
Google Colab, Google Chrome
1. Conduct ethical OSINT within legal boundaries, obtaining informed consent and
respecting privacy. Ensure secure data handling, document findings transparently, and
prioritize continuous education on ethical guidelines.
2. Engage in authorized OSINT activities, secure informed consent for personal data, and
prioritize secure data handling practices to align with legal and ethical standards.
Step 1: Open website https://www.osintframework.com/ and use various tools for username
search. This framework provides two kinds of tools like Username Search Engines and Search
on Specific Sites.
Step 2: Perform email Information gathering like email search, email verification, check
whether your data is breached, spam list and blacklisted mail.
226120316072 Page 53
lOMoARcPSD|40079493
Step 3: Perform Domain name Information gathering like whois records, domain discovery,
subdomain, Passive DNS, Reputation of domain and Analytics of domain
Step 4: Find various information like geolocation, port discovery, blacklisted ip, and create IP
logger to record user’s IP.
Step 5: Create a python script for email and Ip footprinting using web api.
226120316072 Page 54
lOMoARcPSD|40079493
226120316072 Page 55
lOMoARcPSD|40079493

Observation: Provide details which OSINT tools you used and give in detail what output you
got after that tool.
226120316072 Page 56
lOMoARcPSD|40079493

1. What is OSINT Framework?
2. Write tools for Email Search.
3. Write name of tools used for vulnerability scanner
4. What is use of https://grabify.link/ web?
5. What are tools available in OSINT for Dark web?
https://osintframework.com/
https://securitytrails.com/blog/osint-framework https://youtu.be/Ye2AJwKBu9g?
list=PL0fjgIGwLMWQDNiizQiN3GDh7Uxcttntf https://youtu.be/ILNf5nOF1p8?
list=PL0fjgIGwLMWQDNiizQiN3GDh7Uxcttntf
226120316072 Page 57
lOMoARcPSD|40079493
226120316072 Page 58
lOMoARcPSD|40079493
No. % Marks
for problem solving
/ tools
instructions.

problem
Total 100 25
Sign:
Date: ………………….
226120316072 Page 59
lOMoARcPSD|40079493
Practical 9
Aim: a) Installation and configuration of Kali Linux in Virtual box/VMware.
A. Objective: To demonstrate the installation of kali Linux OS and familiarize participants with
various kali Linux commands.

PO1,PO2,PO3,PO4,PO7
1. Acquire practical experience in the installation and customization of kali Linux.

2. Understanding of how to use various commands available in kali Linux .
Understand the role of kali linux in security and its contribution to vulnerability
identification.
Participants will configuring and managing an kali Linux OS and perform various
commands.

 Understand the importance of kali linux and its tools.
 Acknowledge the significance of kali linux in security, pen testing and practice
ethical hacking.
Operating System Basics:

Understand the fundamentals of operating systems, including file systems, processes, users,
permissions, etc.
Familiarize yourself with the Linux operating system, its distributions, and common
terminology.
Networking Fundamentals:
Knowledge about TCP/IP networking concepts, including IP addresses, subnets, routing, and
protocols (e.g., TCP, UDP).
Understand network services, such as DNS, DHCP, HTTP, FTP, SSH, etc.
Virtualization Basics:
Understand the concept of virtualization and its benefits.
Knowledge of how to set up and manage virtual machines using virtualization software like
VirtualBox or VMware.
226120316072 Page 60
lOMoARcPSD|40079493
226120316072 Page 61
lOMoARcPSD|40079493
No. /Components/Trainer kit Specification Quantity
Computer System Operating System: Windows os, RAM:4
1 (Desktop/Laptop) GB , HDD: 250 GB ,Virtual Box for 1
windows
a. Backup your data.

b. Download the official Kali Linux ISO from a trusted source.
c. Verify the integrity of the downloaded ISO.
d. Allocate sufficient resources to the virtual machine (RAM, CPU, storage).
e. Enable virtualization technology in BIOS/UEFI settings.
f. Create a new virtual machine in VirtualBox.
g. Configure network settings, preferably using bridged networking.
h. Keep the system updated after installation.
i. Install VirtualBox Guest Additions for better integration.
j. Take snapshots before making significant changes.
a) Installation and configuration of Kali Linux in Virtual box/VMware.

STEP 1: Download Kali Linux and Virtual Box
Download Kali Linux ISO:
Visit the official Kali Linux website (https://www.kali.org/downloads/) and download the ISO
image for the version you want.
Install VirtualBox or VMware:

Download and install VirtualBox from the official website: https://www.virtualbox.org/ or
VMware (https://www.kali.org/downloads/)
STEP 2: Launch VirtualBox. You will notice New button – click on it.
STEP 3: You will be prompted to create a new machine. Name the machine whatever you like.
VirtualBox will have a default folder, you can leave it as is or change the location. Lastly,
choose the .iso image and click next.
226120316072 Page 62
lOMoARcPSD|40079493
STEP 4: You will be asked how much RAM and processing power you wish to use. Choose the
defaults or set as per your requirements. For better performance providing it 4 OR 6 GB of
RAM and 2 CPUs.
STEP 5: Select Virtual Hard disk Now option and click Next button.
226120316072 Page 63
lOMoARcPSD|40079493
STEP 6: Summary will show. Click on Finish Button.
STEP 7: VirtualBox manager, highlight the Kali instance and click Setting.
STEP 8: Goto Advance option of General setting. Select “Bidirectional” from dropdown list
for Shared Clipboard and Drag’n Drop options.
STEP 9: Click On System Option and In Motherboard Section Unchecked Floppy option from
Boot Order menu. You can also change base memory here.
226120316072 Page 64
lOMoARcPSD|40079493
STEP 10: Click on Display menu and in screen option set “Video Memory” to 128 MB
STEP 11: Click Storage Menu and click Select Kali installer file under controller IDE as shown
in image. After this click OK button to complete customization.
STEP 12: Click the Start button in the VirtualBox window
STEP 13: After booting from a virtual DVD, you will see a boot menu where you can select
boot options for Kali Linux, such as Boot from Live DVD, Install, Graphical Install, etc. Select
Graphical Install. Press Enter to continue.
226120316072 Page 65
lOMoARcPSD|40079493
226120316072 Page 66
lOMoARcPSD|40079493
STEP 14: Select a language. Choose the language you wish to use for the installation process
and the installed system. English is selected for our installation. Click the Continue button on
each screen to move forward.
STEP 15: Select your location. This option is used to set your time zone, time format, etc.
Select India as your location
STEP 16: Configure the keyboard. Select your keyboard layout. We use American English so
select it and continue.
STEP 17: Configure the network. Enter the hostname for your Linux system, for example,
kalilinux
Step 18: Configure the domain name. If you don’t use a domain in your network, you may
leave this field empty.
Step 19: Set up users and passwords. Enter the full name of your user that can be the same as
the username or not. This user account will be used to log in to Kali Linux on VirtualBox. We
create kalilinux for this purpose.
226120316072 Page 67
lOMoARcPSD|40079493
Step 20: Enter a username for your account. While the previous screen requested a full user
name for the explanation of the user, this screen requests that you enter a username for the
account registered in the Linux system.
Step 21: User password. Enter the password for the created user
226120316072 Page 68
lOMoARcPSD|40079493
226120316072 Page 69
lOMoARcPSD|40079493
STEP 22: Partition disks. select Guided – use entire disk.
STEP 23: Confirm that you want to erase the disk. There’s no reason for concern in this case,
as the empty 20-GB virtual disk is used for partitioning.
STEP 24: Select All files in one partition.
STEP 25: Check the overview and select Finish partitioning and write changes to disk.
226120316072 Page 70
lOMoARcPSD|40079493
STEP 26: Select Yes and confirm that you would like to write changes to the disk and Wait for
the system to be installed.
STEP 27: Software selection. Select the desktop environment for the graphical user interface of
Kali Linux.
226120316072 Page 71
lOMoARcPSD|40079493
226120316072 Page 72
lOMoARcPSD|40079493
STEP 28: Install the GRUB boot loader on a hard disk. Select Yes to install GRUB.
STEP 29: Select a disk on which to install GRUB. In our case, /dev/sda is the necessary disk and is the
only disk connected to a VM.
STEP 30: Finish the installation. When the installation of Kali Linux on VirtualBox is
complete, you will see a notification message. Now, you can reboot the virtual machine to boot
the Kali Linux installed on the VirtualBox VM.
226120316072 Page 73
lOMoARcPSD|40079493
STEP 31: After the reboot, you will see the login screen of Kali Linux. Enter your username
and password set while installing Kali Linux on VirtualBox to sign in. After sign in you will see
the desktop of Kali Linux installed on your VirtualBox virtual machine

Perform following basic commands after installing kali linux.Open Terminal and perform
commands
Whoami- prints the username of the current user who is logged in.
ls: show the full list or content of your directory
Date: display system date and time
Cal- displays the current month's formatted calendar
uname - Display system information.
pwd - Print working directory.
ls - List directory contents.
cd - Change directory.
mkdir - Create a directory.
rm - Remove files or directories.
mv - Move or rename files or directories.
cp - Copy files or directories
cat - Concatenate and display file content.
nano or vi - Text editors for creating or editing files.
chmod - Change file permissions.
chown - Change file ownership.
ifconfig or ip addr - Display network interface configuration.
ping - Send ICMP echo requests to a network host.
netstat - Display network connections, routing tables, interface statistics, etc.
apt or apt-get - Package management tool for installing, updating, and removing software
packages.
Sudo- stands for "superuser do" and is used to execute commands with elevated
privileges, typically as the root user or another user with administrative permissions.
useradd - Add a new user. Example - sudo apt install packageName
passwd - Change user password. Allows changing the password of a user account
usermod - Modify user properties.
groupadd - Add a new group.
userdel - Delete a user.
226120316072 Page 74
lOMoARcPSD|40079493
226120316072 Page 75
lOMoARcPSD|40079493
ps - Display information about active processes.

top - Display dynamic real-time information about running processes.
kill/killall - Kill Process: Terminates a process by PID or name. clear - Clear Screen:
Clears the terminal screen.
logout/exit - Logout/Exit: Logs out of the current session or exits the terminal
history - Command History: Displays the command history of the current session.

Observation: Perform basic command and observe the output. Write outputs here. (Students can
attached output of command in printed format)
226120316072 Page 76
lOMoARcPSD|40079493
226120316072 Page 77
lOMoARcPSD|40079493
226120316072 Page 78
lOMoARcPSD|40079493

1) What command is used to display the contents of a file in the terminal?
A) ls B) cat C) cp D) mv
2) Which command is used to change directory in Kali Linux?

A) cd B) mkdir C) ls D) pwd
3) What command is used to create a new directory?

A) cp B) mv C) mkdir D) touch
4) Which command is used to copy files or directories in Kali Linux?

A) mv B) cp C) rm D) chmod
5) Which command is used to change file permissions in Kali Linux?

A) chmod B) chown C) chgrp D) pwd
6) Which command is used to install software packages in Kali Linux?

A) apt-get B) dpkg C) apt D) yum
https://www.nakivo.com/blog/how-to-install-kali-linux-on-virtualbox/
https://itsfoss.com/install-kali-linux-virtualbox/
https://www.stationx.net/how-to-install-kali-linux-on-virtualbox/

No. % Marks
problem solving
tools

problem
Total 100 25
Sign
Date: …………
226120316072 Page 79
lOMoARcPSD|40079493
Practical 10
Aim: Perform port scanning using NMAP.
A. Objective: Participants can understand the fundamental step of ethical hacking recognisance
and use NMAP tools familiar with NMAP commands.

PO1, PO2, PO3, PO4 and PO7
1. Gaining hands-on experience in using NMAP for port scanning.

2. Analysing and interpreting scan results effectively.
3. Developing insights into network protocols and port interactions.
1. Perform port scanning using NMAP to identify open ports and services on a target
system.
2. Understand the significance of open ports and services in network security
assessments.
Participants will demonstrate proficiency in utilizing NMAP by conducting a port scan

on a provided target IP address or range, producing a detailed report highlighting
discovered open ports and associated services.
Participants, upon completion of the port scanning practical using NMAP, are expected to
demonstrate:
 Increase knowledge of network vulnerabilities and open ports' security dangers.
 Understand and understand port scan ethics.
 Learn to use security tools like NMAP with confidence and empowerment to do
network reconnaissance tasks.
Nmap (“Network Mapper”) is a free and open-source utility for network exploration and
security auditing. Many systems and network administrators also find it useful for tasks such
as network inventory, managing service upgrade schedules, and monitoring host or service
uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on
the network, what services (application name and version) those hosts are offering, what
operating systems (and OS versions) they are running, what type of packet filters/firewalls
are in use, and dozens of other characteristics. It was designed to rapidly scan large
networks, but works fine against single hosts. Nmap runs on all major computer operating
systems, and both console and graphical versions are available.
Uses of NMAP
1. What computers did you find running on the local network?
2. What IP addresses did you find running on the local network?
3. What is the operating system of your target machine?
226120316072 Page 80
lOMoARcPSD|40079493
226120316072 Page 81
lOMoARcPSD|40079493
4. Find out what ports are open on the machine that you just scanned?
5. Find out if the system is infected with malware or virus.
6. Search for unauthorized servers or network service on your network.
7. Find and remove computers which don't meet the organization's minimum level of
security
Computer System Operating System: Windows 7 Kali
1 (Desktop/Laptop) Linux, RAM:4 GB , HDD: 250 GB , 1
NMAP, ZenMap
connectors with care to prevent improper connection. Ensure proper grounding of
devices to prevent electrical issues.
2. Testing in a controlled environment: Perform the practical test in a controlled
environment that is separate from a live production network. This ensures that any
changes or issues encountered during testing do not impact critical network operations.
Step 1: Open Kali linux. Check Nmap version using -v
Nmap -v
Step 2: Scan the of list of hosts(-sL)

Nmap -sL 127.0.0.*
Step 3: Perform a UDP scan

nmap -sU <Domain Name>
As this command requires root privilege, we can only scan our own web server.
Step 4: Perform a ping scan

The “-sn” flag is used with nmap to perform a ping scan, which sends ICMP requests to a
target host or network to determine hosts is up or not.
nmap -sn <Domain Name>
Step 5: Port Scan

The “-p” flag is used with nmap to perform scan on a specific port or range of ports.
nmap -p 80 443 21 <Domain Name>
Scan port range

Nmap -p 1-80 <Domain Name>
Step 6: Aggressive Scan

nmap -A <Domain Name>
226120316072 Page 82
lOMoARcPSD|40079493

Observation: Provide details which OSINT tools you used and give in detail what
output you got after that tool.
Output 1:
Output 2:
Output 3:
nmap -sU <Domain Name>
As this command requires root privilege, we have to use sudo before command and provide
the password of running system.
Output 4:
The “-sn” flag is used with nmap to perform a ping scan, which sends ICMP requests to a
target host or network to determine hosts is up or not.
226120316072 Page 83
lOMoARcPSD|40079493
Output 5:
The “-p” flag is used with nmap to perform scan on a specific port or range of ports.
Output 6:

1. Write features of NMAP.
2. Write command for OS detection using NMAP.
226120316072 Page 84
lOMoARcPSD|40079493
3. What is TCP 3-way handshake process.
4. What is command for Stealth Scan in NMAP.
5. Write The Phases of an Nmap Scan.
https://youtu.be/IoIsTrKrl-0
https://youtu.be/4t4kBkMsDbQ
https://www.geeksforgeeks.org/nmap-command-in-linux-with-examples/
https://nmap.org/book/man.html

No. % Marks
problem solving
tools

problem
Total 100 25
Sign
Date: ……………
226120316072 Page 85
lOMoARcPSD|40079493
226120316072 Page 86
lOMoARcPSD|40079493
Practical 11
Aim: a. Installation and configuration of Wireshark.
b. Perform Password sniffing using Wireshark. (Analyse GET/POST
Request)
A. Objective:
 To apply the knowledge of open-source components for monitoring, analyzing and
documenting the network traffic are present.
 To achieve data by network monitoring on almost all types of network standards (ethernet,
wlan, Bluetooth etc)
PO1,PO2 PO3 PO4 and PO7
 Basic working principles of OSI & TCP/IP Layer Protocol stack.

 Fundamental knowledge of IPv4 and IPv6 address.
 CO5: Explain how digital forensics methodologies use for investigate cybercrimes.
 Understand how protocols work and also help you debug applications or network issues.
 Understand how the complete control on packet capturing and What to capture and view.
knowledge of Wireshark and use it to further understand various concepts in computer

networks.
OSI stands for Open Systems Interconnection. It is 7-layer architecture with each layer
having specific functionality to perform.
TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of
communication protocols used to interconnect network devices on the internet.
226120316072 Page 87
lOMoARcPSD|40079493
Computer System Operating System:
(Desktop/Laptop) Any Linux OS or Windows 7 or later version
1 1
RAM: 4 GB , HDD: 250 GB.
Active Internet connection.
connectors with care to prevent improper connection. Ensure proper grounding of devices
to prevent electrical issues.
2. Testing in a controlled environment: Perform the practical test in a controlled environment
that is separate from a live production network. This ensures that any changes or issues
encountered during testing do not impact critical network operations.
a. Installation and configuration of Wireshark.
Step 1: Visit the official Wireshark website using any web browser.
Step 2: Click on Download, a new webpage will open with different installers of Wireshark.
Step 3: Downloading of the executable file will start shortly.
Step 4: Now check for the executable file in downloads in your system and run it.
Step 5: It will prompt confirmation to make changes to your system. Click on Yes.
Step 6: Setup screen will appear, click on Next.
Step 7: The next screen will be of License Agreement, click on Noted.
Step 8: This screen is for choosing components, all components are already marked so don’t
change anything just click on the Next button.
Step 9: This screen is of choosing shortcuts like start menu or desktop icon along with file
extensions which can be intercepted by Wireshark, tick all boxes and click on Next button.
226120316072 Page 88
lOMoARcPSD|40079493
226120316072 Page 89
lOMoARcPSD|40079493
Step 10: The next screen will be of installing location so choose the drive which will have
sufficient memory space for installation. It needed only a memory space of 223.4 MB.
Step 11: Next screen has an option to install Npcap which is used with Wireshark to capture
packets pcap means packet capture so the install option is already checked don’t change
anything and click the next button.
Step 12: Next screen is about USB network capturing so it is one’s choice to use it or not,
click on Install.
Step 13: After this installation process will start.
Step 14: This installation will prompt for Npcap installation as already checked so the
license agreement of Npcap will appear to click on the I Agree button.
Step 15: Next screen is about different installing options of npcap, don’t do anything click
on Install.
226120316072 Page 90
lOMoARcPSD|40079493
Step 16: After this installation process will start which will take only a minute.
Step 17: After this installation process will complete click on the Next button.
Step 18: Click on Finish after the installation process is complete.

Step 19: After this installation process of Wireshark will complete click on the Next button.
Step 20: Click on Finish after the installation process of Wireshark is complete.
Wireshark is successfully installed on the system and an icon is created on the desktop as
shownbelow:
226120316072 Page 91
lOMoARcPSD|40079493
226120316072 Page 92
lOMoARcPSD|40079493
b. Perform Password sniffing using Wireshark. (Analyse GET/POST Request)

Wireshark for Pentester: Password Sniffing
Capture HTTP Password
Step 1: First of all, open your Wireshark tool in your window or in Linux virtual machine
and start capturing the network.
Step 2: After starting the packet capturing we will go to the website and login the credential
on that website as you can see in the image.
Step 3: Now after completing the login credential we will go and capture the password in
Wireshark. for that we have to use some filter that helps to find the login credential
through the packet capturing.
Step 4: Wireshark has captured some packets but we specifically looking for HTTP
packets. so in the display filter bar we use some command to find all the captured
HTTP packets.
226120316072 Page 93
lOMoARcPSD|40079493
Step 5: So there are some HTTP packets are captured but we specifically looking for form
data that the user submitted to the website. for that, we have a separate filter As we
know that there are main two methods used for submitting form data from web pages
like login forms to the server. the methods are- GET & POST
Step 6: So firstly for knowing the credential we use the first method and apply the filter for
the GET methods as you can see below.
http.request.method == "GET"
As you can see in the image there are two packets where the login page was requested
with a GET request as well, but there is no form data submitted with a GET request.
Step 7: Now after checking the GET method if we didn’t find the form data, then we will try
226120316072 Page 94
lOMoARcPSD|40079493
226120316072 Page 95
lOMoARcPSD|40079493
the POST method for that we will apply the filter on Wireshark as you can see.
http.request.method == "POST"
As you can see we have a packet with form data click on the packet with user info and the
application URL encoded.
Click on the down- HTML form URL Encoded where the login credential is found. login
credential as it is the same that we filed on the website in step 2.
Form item: "uname" = "Tonystark_44"
Form item: "pass" = "tony@1234"
As you can see in the another example in below image the green bar where we apply the filter.
226120316072 Page 96
lOMoARcPSD|40079493
K. Practical Proposed Suggested task.

 Monitoring HTTPS Packets over SSL or TLS
 Capture Telnet Password
 Capture FTP Password
 Capture SMTP Password
 Analyzing SNMP Community String
 Capture MSSQL Password
 Capture PostgreSQL Password
L. References / Suggestions (lab manual designer should give)
https://www.youtube.com/watch?v=Y-JNp_DDQ9w
https://www.youtube.com/watch?v=wVLcxqXwQPw
https://www.youtube.com/watch?v=bEXEEfbNADs
M. Assessment-Rubrics
Sr. Weightage in Obtained

No. % Marks
problem solving
tools

problem
Total 100 25
Sign
Date: ……………
226120316072 Page 97
lOMoARcPSD|40079493
226120316072 Page 98
lOMoARcPSD|40079493
Practical 12
Aim: Perform Memory forensic using Memoryze tool.
A. Objective:
 Understanding the basic concepts of analysis volatile data in a computer’s memory dump.
 Information security professionals conduct memory forensics to investigate and identify
attacks or malicious behaviours that do not leave easily detectable tracks on hard drive
data.
PO1,PO2,PO4,PO7
 Should possess a basic knowledge of digital forensic investigation tools and techniques.
 Should be comfortable with general troubleshooting of both Linux and Windows (setup,
configuration and networking).
 CO5: Explain how digital forensics methodologies use for investigate cybercrimes.
 Memory forensics can provide unique insights into runtime system activity, including open
network connections and recently executed commands or processes.
 Understand how the memory forensic software that helps incident responders find evil in
live memory.
 Knowledge of branch of forensics deals with collecting data from the memory (like cache,
RAM, etc.) in raw and then retrieve information from that data.
Mandiant Memoryze is a free live memory acquisition and analysis tool designed for
incident responders and forensic investigators. It allows you to capture and analyze system
memory, both on live systems and from memory image files. It's a valuable tool for
investigating malware, rootkits, and other suspicious activity.
Here are some key features of Memoryze:
Acquisition:
 Capture full system memory without relying on API calls.
 Image a process' entire address space to disk, including loaded DLLs, EXEs,
heaps, and stacks.
 Image a specified driver or all loaded drivers in memory.
 Include the paging file in analysis on live systems.
Analysis:
 Enumerate all running processes, even those hidden by rootkits.
 Search for specific indicators of compromise (IOCs) such as malicious file
names, registry keys, and network connections.
 Export data for further analysis with other tools.
226120316072 Page 99
lOMoARcPSD|40079493
Visualization:
 Use Redline™, Mandiant's free tool for investigating hosts, to visualize
Memoryze's output.
 Alternatively, use an XML viewer.
Memoryze is powerful but has a bit of a learning curve, so here are some helpful
resources:
No
1 (Desktop/Laptop) Any Linux OS or Windows 7 or later version
1
Internet connection.Download Memoryze:
1. Backup critical data: Always create a backup of any critical data on the target system
before proceeding. Memoryze can potentially disrupt ongoing processes or cause data
loss.
2. Choose the right mode: Memoryze offers two main modes: "Live Acquisition" and
"Image Analysis." Select the appropriate mode based on your needs. Live Acquisition is
for analyzing running systems, while Image Analysis is for analyzing previously captured
memory images.
3. Check available resources: Ensure sufficient free disk space to accommodate the captured
memory image, which can be several gigabytes depending on the system size.
 To install Memoryze, download the MSI file from the Mandiant Web site (mentioned
previously in this topic) and install it (D:\Mandiant directory).
 Then, to install Audit Viewer, download the zipped archive, and be sure that you’ve
downloaded the dependencies (i.e., Python 2.5 or 2.6, wxPython GUI extensions) as
described at the Mandiant Web site (if you’ve already installed and tried Volatility, you
already have Python installed).
 Unzip the Audit Viewer files into the directory D:\Mandiant\AV
TASK: Opening the Memory Image for Review

 Audit Viewer to open it for analysis. Run auditviewer.exe
 Select "Configure Memoryze". While tempting, ignore the option "Open Existing Results"
— it refers to re-opening an existing analysis file.
226120316072 Page 100

lOMoARcPSD|40079493
226120316072 Page 101

lOMoARcPSD|40079493
 Click next and tell AuditViewer where your copy of memoryze.exe is located and where
you would like to save the analysis results.
 Next tell AuditViewer to analyze "dead" memory and browse to the location of the memory
image just acquired.
 Finally, the AuditViewer wizard will step you through a series of analysis and acquisition
options.
 Mandiant does a great job of documenting their tools, and this is no exception. At the
conclusion of the wizard, a progress meter is displayed, culminating in an interactive view
of all of the identified processes and their corresponding dlls, handles, memory sections,
etc.
226120316072 Page 102

lOMoARcPSD|40079493

 Monitoring Performing Live Memory Analysis
 LiME: A command-line tool for acquiring and analyzing memory images on Linux
systems.
User Guide :: Memoryze User Guide PDF

https://fireeye.market/assets/apps/211368/documents/701164_en.pdf
Download :: Mandiant Memoryze 3.0 (https://fireeye.market/apps/211368)

No. % Marks
problem solving
tools

problem
Total 100 25
Sign
Date: ……………
226120316072 Page 103

lOMoARcPSD|40079493
226120316072 Page 104

lOMoARcPSD|40079493
Practical 13
Aim: Perform web Artifact analysis and registry analysis using Autopsy.
A. Objective:
 Understanding the basic concepts of user activity.
 Identify and analyse relevant data from web browsers and system registries to reconstruct
user activities, timelines, and potential indicators of compromise.
 Investigate system compromises and security incidents and systematic examination of
digital artifacts and registry data.
PO1, PO2, PO4, PO5, PO7
 Familiarity with common browsers and their artifacts: Awareness of how Chrome,
Firefox, Internet Explorer, etc. store data for history, bookmarks, cookies, and downloads
is important.
 Basic understanding of the Windows Registry: Knowledge of registry structure, key
locations, and common values is highly beneficial.
CO5: Explain how digital forensics methodologies use for investigate cybercrimes.
 Understand user actions, interests, and potential motivations.

 Uncover potential criminal activity, policy violations, or unauthorized access.
 Detect malware, phishing attempts, or other online threats.
 Extract remnants of files or settings that have been deleted or hidden.
 Analyses aim to collect and interpret digital traces of user activity and system
configuration, providing valuable insights for various investigative purposes, including:
Cybercrime investigations, Incident response, Malware analysis, Data breach
investigations, Fraud investigations.
Web Artifact Analysis:
 Reconstruct user browsing activity:
 Identify websites visited, search terms used, files downloaded, timestamps, and
user preferences.
 Understand user actions, interests, and potential motivations.
 Gather evidence of online behavior:
 Uncover potential criminal activity, policy violations, or unauthorized access.
 Support investigations into cybercrime, fraud, data breaches, or intellectual
property theft.
226120316072 Page 105

lOMoARcPSD|40079493
 Identify malicious websites or downloads:

 Detect malware, phishing attempts, or other online threats.
 Protect systems and networks from potential harm.
 Track user interactions with web applications:
 Understand how users engage with online services or platforms.
 Investigate potential misuse of web applications or services.
Registry Analysis Objectives:

 Reveal system configuration and settings:
 Identify installed software, hardware details, network configurations, user
accounts, and system modifications.
 Understand system changes and potential vulnerabilities.
 Track user activity on the system:
 Identify recently accessed files, programs, connected devices, and network
connections.
 Understand user actions and patterns of behavior.
 Detect malware and system tampering:
 Uncover malicious software, unauthorized system changes, or attempts to hide
evidence.
 Investigate system compromises and security incidents.
 Gather evidence of software usage:
 Determine when specific programs were installed or used.
 Investigate software licensing compliance or unauthorized software installations.
1 1
Software: Autopsy (open-source)

 Preserving Data Integrity
 Protecting Sensitive Data
 Preventing Malware Infection
 Document every step.
 Adhere to legal and ethical guidelines.
The Autopsy is a cyber-forensic tool used for the analysis of Windows and UNIX file
systems (NTFS, FAT, FFS, EXT2FS, and EXT3FS). It can also be used to recover deleted
files and also show various sectors of uploaded images making it easier to make an in-depth
analysis of the image.
Autopsy in Windows
 Download the Windows Installer Package of Autopsy from
http://sleuthkit.org/autopsy/download.php.
226120316072 Page 106
lOMoARcPSD|40079493
226120316072 Page 107

lOMoARcPSD|40079493
 Choose the 64-bit or 32-bit version subject to your computer’s specification

(Start button > Settings > System > About > System Type).
 Run the downloaded .msi file
(if Windows prompts with User Account Control, click ‘Yes’).
 Select the location of installation for Autopsy or click ‘Next’ if the default location
(C:\Program Files) is OK.
Autopsy in Kali Linux

 Install Java Runtime Environment (JRE): If not already present, install JRE 8 or
above using
sudo apt install default-jre.
 Execute the below command in the terminal for installing the Autopsy browser on
the Linux system.
sudo apt-get install autopsy
 Open a terminal window and type autopsy to launch the application.
Launch Autopsy:
Create a New Case:
 Click "New Case" to start a new investigation.
 Provide a case name and optional description.
 Select a case type (single-user or multi-user) and choose a case directory to store
case files.
Add Data Source:
Click "Add Data Source" and choose the type of evidence you want to analyze:
 Disk Image (.img, .raw, .e01, etc.)
 Local Drive (analyze a drive connected to the system)
 Logical File Set (analyze a specific folder or set of files)
 If using a disk image, specify its location and use a write blocker if necessary.
Ingest and Analyze:
Click "Ingest" to start processing the data.
Autopsy will automatically extract and parse various artifacts, including:
 Web artifacts (history, bookmarks, cookies, downloads)
 Registry data
Navigate through the "Results" section to view extracted artifacts, organized by category.
Use filters, keyword searches, and timeline analysis to refine your findings.
Create comprehensive reports to document your analysis and findings.

 Files and folders Analysis
 Deleted files Analysis
 Emails Analysis
 Metadata Analysis
 Images Analysis
 Other relevant forensic data Analysis
226120316072 Page 108

lOMoARcPSD|40079493
 https://www.sleuthkit.org/autopsy/web_artifacts.php
 https://www.autopsy.com/category/blog/
 https://www.sans.org/blog/a-step-by-step-introduction-to-using-the-autopsy-
forensic-browser/
 https://www.youtube.com/watch?v=JVQmJIw5a4Q

No. % Marks
problem solving
tools

problem
Total 100 25
Sign
Date: ……………
226120316072 Page 109

lOMoARcPSD|40079493
226120316072 Page 110

lOMoARcPSD|40079493
Practical 14
Aim: Create forensic images of entire local hard drives using FTK IMAGER.
A. Objective:
 To capture a bitwise copy of the entire storage media, including file structures, metadata,
and unallocated space, ensuring a complete and unaltered representation of the digital
evidence.
 To establish a secure and forensically sound foundation for subsequent analysis, enabling
the identification, preservation, and examination of potential artifacts and digital evidence.

PO1,PO2,PO4,PO5,PO7
 Knowledge of basic digital forensics concepts, including the principles of evidence

collection, preservation, and analysis.
 Familiarity with Windows and Linux environments about disk imaging works, different
imaging methods (e.g., sector-based vs. file-based), and their implications is crucial.
 Basic understanding of hash functions like MD5 or SHA-256, and their role in maintaining
evidence integrity, is essential.

CO5: Explain how digital forensics methodologies use for investigate cybercrimes.

 Provides a stable platform for investigators to examine data without altering the original
evidence, enabling multiple simultaneous analyses.
 Allows analysis on a copy while the original evidence remains untouched, saving time and
resources.
 Forensic Image Creation & Preservation of Evidence
 Data Extraction and Analysis & Timeline Reconstruction
 Artifact Identification & Support in Legal Proceedings
Technical Skills:
1. Basic Computer Literacy:
 Understanding of file systems (FAT, NTFS, exFAT), storage devices (hard
drives, USB drives, SSDs), and operating systems (Windows, Mac, Linux).
 Familiarity with Windows and Linux environments is particularly helpful.
2. Disk Imaging Principles:

 Knowledge of disk imaging techniques, including sector-based vs. file-based
imaging, and the implications of each method.
 Understanding of different image formats (e.g., raw, E01, AFF) and their benefits.
3. Command-Line Proficiency (Optional):
226120316072 Page 111

lOMoARcPSD|40079493
 While FTK Imager has a graphical interface, basic command-line skills can be
helpful for advanced tasks and automation.
4. Hashing and Verification:
 Familiarity with cryptographic hash functions like MD5 and SHA-256, and their
role in ensuring evidence integrity.
 Understanding how to generate and verify hash values for image files.
5. Data Backup and Storage:
 Knowledge of proper data backup and storage principles to ensure secure handling
of evidence images.
Investigative Skills:
1. Logical Thinking and Analysis:
 Ability to analyze digital evidence, identify patterns, and draw logical conclusions.
 Understanding of how files are stored and accessed on different operating systems.
2. Attention to Detail:
 Meticulousness in examining data, as small details can hold vital clues.
3. Report Writing and Documentation:
 Clear and concise written communication skills to document findings and the
investigation process accurately.
4. Understanding of Digital Forensics Principles:
 Knowledge of chain of custody, evidence handling procedures, and legal
considerations for working with digital evidence.
Instrument/Equipment/
Sr. No Specification Qnty.
Components/Trainer kit
RAM: 4 GB, HDD: 250 GB.
1 1
Software: FTK Imager
(https://go.exterro.com/l/43312/2023-05-
03/fc4b78)
 Preserving Data Integrity.
 Protecting Sensitive Data.
 Document every step.
 Follows to legal and ethical guidelines.
 Forensic Toolkit, or FTK, is a computer forensics software originally developed by
AccessData, an Exterro company. It scans a hard drive looking for various
information.
 FTK is also associated with a standalone disk imaging program called FTK Imager.
This tool saves an image of a hard disk in one file or in segments that may be later on
reconstructed.
 It calculates MD5 and SHA1 hash values and can verify the integrity of the data
imaged is consistent with the created forensic image.
226120316072 Page 112

lOMoARcPSD|40079493
226120316072 Page 113

lOMoARcPSD|40079493
 The forensic image can be saved in several formats, including DD/raw, E01, and AD1.
Installing FTK Imager:

1. Download the Software:
https://go.exterro.com/l/43312/2023-05-03/fc4b78
download the FTK Imager executable file (.exe) for Windows.
Windows OS:
2. Run the Installation Wizard
Linux Ubuntu OS:
Install WINE: Ensure that you have WINE installed on your Linux system.
Use the following commands:
sudo dpkg --add-architecture i386
sudo apt update
sudo apt install wine64 wine32
Run FTK Imager Installer with WINE:
 Open a terminal and navigate to the directory where you downloaded the FTK Imager
installer.
 Run the installer using WINE. Replace ftkimager_installer.exe with the actual filename
of the FTK Imager installer you downloaded.
Use the following commands:
 wine ftkimager_installer.exe
 wine ~/.wine/drive_c/Program\Files/AccessData/FTK\ Imager/FTK\ Imager.exe
3. Complete the Installation
4. Launch FTK Imager
Creating a Forensic Image
1. Open FTK Imager and select "File" from the menu.
2. Choose "Create Disk Image..."
3. In the "Disk Image Information" window, provide details such as the source (e.g.,
the hard drive you want to image) and destination for the forensic image.
4. Choose the type of image you want to create (e.g., physical or logical) and
configure any additional settings.
5. Click "Finish" to start the imaging process.
6. The final result shown is the summary page of the operation.
226120316072 Page 114

lOMoARcPSD|40079493
7. If you navigate to the root of the “Incident/Case#_Image” directory that you created.
8. You will see a text file pre-pended with the image filename; this document contains the
summary information that we need to solidify our chain of custody documentation,
along with the foundation of analysis which starts with verifying the image hash prior to
analyzing.
The E01 file is the base file name of the image, which will be followed by the next
1500MB fragment, at E02 and so on. The .csv file is used to store the directory
structure, if available.
9. Open the summary text file and explore the contents.
This summary report is a crucial piece of information needed to augment the chain of custody
documentation as this shows the computed hash (pre-image) and stored hash (post-image) match
exactly; therefore the Report Hash indicates a valid image. Also shown near the top of the
summary page is the sector count of the storage device, as seen by FTK Imager.
226120316072 Page 115

lOMoARcPSD|40079493
226120316072 Page 116

lOMoARcPSD|40079493

 Capturing Memory
 Analysing Image dump
 Mounting Image to Drive
 Custom Content Image using AD encryption
 Decrypt AD Encryption
 Files and folders Analysis
 Deleted files Analysis

 https://www.sleuthkit.org/autopsy/web_artifacts.php
 https://www.autopsy.com/category/blog/
 https://www.sans.org/blog/a-step-by-step-introduction-to-using-the-autopsy-forensic-
browser/
 https://www.youtube.com/watch?v=JVQmJIw5a4Q

No. % Marks
problem solving.
tools.
4 Interpret the result and conclusion. 15 0-5

problem.
Total 100 25
Sign
Date: ……………
226120316072 Page 117

lOMoARcPSD|40079493
Cyber Security and Digital Forensics

4361601
Lab manual is prepared by
Shri Vikas H. Sitapara Lecturer(IT)

L. E. College(Diploma), Morbi
Shri Jaydeep R. Tadhani Lecturer (IT)

Government Polytechnic, Rajkot
Shri Snehalkumar I. Patel Lecturer (IT)

Government Polytechnic for Girls, Ahmedabad
Branch Coordinator
Shri N. A. Fatak
HOD(IT)
Government Polytechnic for Girls, Ahmedabad
Committee Chairman
Shri R. D. Raghani
(HOD-EC)
Principal (I/C)
Government Polytechnic, Gandhinagar
226120316072 Page 118

lOMoARcPSD|40079493
226120316072 Page 119

4361601-sem-6-lab-manual (1)

Uploaded by

Copyright:

Available Formats

4361601-sem-6-lab-manual (1)

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4361601-sem-6-lab-manual (1)

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|40079493

Cyber Security And Digital Forensic

Directorate of Technical Education Gandhinagar -

This is to certify that Mr/Ms.

prescribed in the GTU curriculum.

Signature of Course Faculty Head of the Department

Course specific para

Programme Outcomes (POs):

3. Design/ development of solutions: Design solutions for engineering well-defined technical

5. Engineering practices for society, sustainability and environment: Apply appropriate

6. Project Management: Use engineering management principles individually, as a team

Practical Outcome - Course Outcome matrix

5 Perform data hiding using Steganography tool - - √ - -

8 Study Open-source intelligence (OSINT) - - - √ -

11 a) Installation and configuration of Wireshark. - - - - √

Industry Relevant Skills

Understand the basic concepts of hacking.

Guidelines to Course Faculty

Instructions for Students

Continuous Assessment Sheet

Cyber Security and Digital Forensics (4361601)

B. Expected Program Outcomes (POs)

C. Expected Skills to be developed based on competency:

1. Advanced encryption techniques

CO1: Gain knowledge of information security, including Cryptography and hashing

E. Practical Outcome (PRo)

Implement Private key Cryptography algorithm DES in python.

F. Expected Affective domain Outcome (ADos)

A block cipher is a method of encrypting data in blocks to produce ciphertext using a

Cyber Security and Digital Forensics (4361601)

Sr. No. Instrument/Equipment Specification Quantity

I. Safety and necessary Precautions followed

In the implementation of cryptographic algorithms like DES (Data Encryption Standard)

J. Procedure to be followed/Source code:

Step 2: Import des and initialize key for encryption

Cyber Security and Digital Forensics (4361601)

Step 4: Perform decryption using decrypt function of des.

Cyber Security and Digital Forensics (4361601)

K. Observations and Calculations/Input-Output (CE & IT software subjects):

MD 5 / SHA 256 Output

L. Practical related Quiz.

2. How permutation works in DES?

3. Differentiate DES, 2-DES and 3-DES.

4. How public key cryptography works?

Cyber Security and Digital Forensics (4361601)

5. What is hashing algorithm? How it works?

M. References / Suggestions (lab manual designer should give)

Sr Performance Indicators Weightage in Marks Obtained

5 Prepare a report/presentation for given 15 0-5

Cyber Security and Digital Forensics (4361601)

B. Expected Program Outcomes (POs)

C. Expected Skills to be developed based on competency:

CO1: Gain knowledge of information security, including Cryptography and hashing

Examine the concepts of public key cryptography

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic

Cyber Security and Digital Forensics (4361601)

Sr. No. Instrument/Equipment Specification Quantity

I. Safety and necessary Precautions followed

Step 3: Encryption of message using receiver’s public key named “pubkey”