Posts

"Coot" Ransomware

Image
What is Ransomware? Ransomware is a malicious program which will encrypt your data and make a barrier between you and your files After successful implementation of ransomware on your network or your machine it will stating encrypting the data with advance level of encryption which is really difficult to crack Now after encryption you have to purchase a tool called "Cypter" tool from attack and related decryption key too In some cases it is possible to retried the data without paying ransom to bad guy. What is Coot Ransomware attack? From ending of July 2020 the number of coot ransomware is increasing frequently. coot is from "DJVU" family of ransomware. In this type of attack the file will be encrypted with some high level encryption techniques and the file extension will be ".coot" at the end of the file. Suppose there is a file on your machine called "a.txt" than the encrypted file will be "a.txt.coot" Also you can see the other

Whai is Digital Forensic?

What is forensic science? Whenever a crime take place than one team from department visit the crime scene to collect the evidence for further process for LAW. Now hear the forensic science is a branch of science, which is related to crime and investigation and LAW. We can also say that the Forensic science is the use of scientific methods or expertise to investigate crimes or examine evidence that might be presented in a court of law. What is Digital Forensic? Digital Forensic is a branch of forensic science. As per the name suggest Digital Forensic is the forensic which is related to compute or any electronic machine. By the help of digital forensic, the data, which use during the digital crime is retrieve from the machine or the digital evidence has to be recover. The goal of digital forensics is to support the elements of troubleshooting, monitoring, recovery, and the protection of sensitive data. Moreover, in the event of a crime being committed, cyber forensics is also the approac

Ransomeware Malware

Image
What is ransomware? Ransomware is a part of a Malware It looks like a simple executable file, but whenever it executed on a machine . it will automatically encrypt all of your file with advanced encryption algorithm.  Ransomware is on trending on cyber-war. What is ransomware attack? First of all an attacker try to infect your machine with ransomware. Now the ransomware malware will encrypt your machine and you can not access your data, For decryption you required a software called "Crypter" as well as a key for decryption, which can only be with attacker only.  Now attacker ask for some money in form of Bit-coins to hide its identity, this money is called ransom.After you pay to attacker.he/she will give you software and a key.. This is called a ransomware attack. Why it is difficult to decrypt the files without payment? First of all we don't know from which encryption system did the attacker use it can be.... RSA DSA AES etc Now if we get the idea regarding the encrypti

What is threat-hunting?

Image
What is threat hunting? Threat hunting is a process to capture the things which are dangerous for  organization The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions is called threat hunting. With the help of threat hunting we can protect the organization from a cyber-attack in advanced to avoid damage. How threat hunting can help to stop future cyber-attacks ? It Is necessary to apply threat hunting for any organization Let assumes that a hacker install a threat (Ransom ware) in a network but right now he does not want to encrypt the whole network. So he will wait for a perfect time and then he will encrypt the network and ask admin for ransom. Now if that organization is using threat-hunting technology than the expert continuously search for the threat. Suppose an expert find the ransom ware, which are in dead state right now. So expert can easily remove that ransom ware and can save the org

Log analysis for a web server

Image
what is a log file for a server? Every server contain some basic details of their client in from of a file That file is called a “Server Log File”.  It automatically saves the information about IP address, time, HTTP status code and some other details. They are stored under /var/log/Apache2/access.log directory for a Linux based server. How to check a log file? To inspect a log file there are two ways Manual inspection Tool base inspection    In most of the cases cyber expert, prefer manual inspection. How to apply manual inspection on a log file? First of open log file using cat command to inspect it. You may find different data into that file.  Now there is always a reason why you are applying that inspection. The answer is that there was an attack happened on your server. Now to investigate that attack you are applying inspection.  Now you may find that the data are lengthy to investigate. For faster investigate you can find some words related to that attack. Suppose there is SQL-In

Data Recovery Tools (Disk Drill)

Image
There are many tools available for data recovery in the market . Some of the tools are as follow Encase FTK manager Manager RAM capture  X-ways forensic Sleuth kit (+autopsy) Paladin Disk Drill Restoration (Window) Disk Drill . Disk Drill is an undeniable leader among data recovery software, it can recover deleted files from your device even if it is failing, unreadable, or has lost a partition. Features : You can recover up to 500MB of data free with Disk Drill for Windows. Unlike any other, the app has two important additional data loss prevention functionalities. The first, Recovery Vault, adds a layer to the Recycle Bin and keeps a backup reference to all deleted files. The second, Guaranteed Recovery, keeps a copy of each file moved to a previously selected folder, as for example the Recycle Bin. In addition, Disk Drill allows users to create image files in the form of ISO, IMG or DMG files. Therefore in practice, enables the user to conduct the data search in a clone, without ta

What is USB Forensic?

Image
What is USB forensic? Digital Forensics analysis of USB forensics include preservation, collection, Validation, Identification, Analysis, Interpretation, Documentation, and Presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal. Sometime it is necessary to check weather the given file from the USB is as it as the sender send or not? It may be possible that the third party or an attacker can modify the data. To ensure this problem USB forensic is used. How to check the data integrity from USB drive? There is a function called MD checksum in any file. The value for the MD5SUM Is changed whenever the file is modify. Suppose sender A want to send the file acb.txt to receiver B Now with the file abc.txt a sender can also send the md5sum of that file to receiver B Note at the time of receiving the file , receiver B can check the md5sum of received file abc.txt and compare tha sum to the sen