Chapter 4

Data Recovery & Cyber Security

4.1 Introduction to Deleted File Recovery Formatted Partition Recovery, Data

Recovery Tools, Data Recovery Procedures and Ethics.

Data Recovery
• Data recovery is the process of recovering and handling the data through the
data from damaged, failed, corrupted, or inaccessible secondary storage
media when it cannot be accessed normally.
• Often times, these files are being stored in hard drives and removable disks,
including CDs, DVDs, tape cartridges, flash memories
• Different data recovery tools are
1. Puran File Recovery
2. Glary Undelete
3. Pandora Recovery
4. Recuva
5. FreeUndelete
6. Restoration
7. Wise Data Recovery
8. EaseUS Data Recovery Wizard
9. SoftPerfect File Recovery
10. Diskinternal_s

Reasons of Data Loss

1. Hardware or System Malfunctions
2. Human Errors
3. Software Corruption
4. Computer Viruses and Malware
5. Natural Disasters

Different File systems

FAT
 A FAT stand for File Allocation Table and FAT32 is an extension which
means that data is stored in chunks of 32 bits.
 These are an older type of file system that isn’t commonly used these
days.
 A file allocation table (FAT) is a table that an operating system maintains
on a hard disk that provides a map of the clusters (the basic units of
logical storage on a hard disk) that a file has been stored in.
 When you write a new file to a hard disk, the file is stored in one or more
clusters that are not necessarily next to each other; they may be rather
widely scattered over the disk.
  The operating system creates a FAT entry for the new file that records
where each cluster is located and their sequential order.
 When you read a file, the operating system reassembles the file from
clusters and places it as an entire file where you want to read it.
 For example, if this is a long Web page, it may very well be stored on
more than one cluster on your hard disk.

NTFS
NTFS stands for New Technology File System and this took over from FAT as
the primary file system being used in Windows.
 NTFS is the file system that the Windows NT operating system uses for
storing and retrieving files on a hard disk.
 NTFS is the Windows NT equivalent of the Windows FAT and the High
Performance File System (HPFS).
 NTFS offers a number of improvements over FAT and HPFS in terms of
performance, extendibility, and security.

Partitions
 A partition is a logical division of a hard disk that is treated as a separate
unit by operating systems (OSes) and file systems.
 The OSes and file systems can manage information on each partition as if
it were a distinct hard drive.
 This allows the drive to operate as several smaller sections to improve
efficiency, although it reduces usable space on the hard disk because of
additional overhead from multiple OSes.
  Types of Hard drive partitions
1. Primary Partition is a partition that is needed to store and boot an
operating system, though applications and user data can reside there as
well, and what’s more, you can have a primary partition without any
operating system on it.
2. Active (boot) partition is a primary partition that has an operating
system installed on it. It is used for booting your machine. If you have
a single primary partition, it is regarded as active. If you have more
than one primary partition, only one of them is marked active.
3. Extended partition can be sub-divided into logical drives and is
viewed as a container for logical drives, where data proper is located.
An extended partition is not formatted or assigned a drive letter. The
extended partition is used only for creating a desired number of logical
partitions.

 Reasons of Partition Damage

1. Physical damage
2. Head crashes, failed motors
3. Logical damage
4. Corrupt partitions and file systems, media errors
5. Overwritten data

Data recovery tools:

1. NTFS Data recovery tools
2. FAT data recovery tool
3. Digital Camera Data recovery tool
4. Removable media data recovery tool
5. Recovery of deleted files
6. Recovery of formatted partition

Data Recovery Procedure & Ethics :

(note :- while writing example you can write procedure of any suitable tool)

1. NTFS Data Recovery Tools: NTFS Recovery is a fully automatic utility that
recovers data from damaged or formatted disks. It is designed with a home user in
mind. You don't need to have any special knowledge in disk recovery.
Example: - Diskinternal_s NTFS Data Recovery tool. The tool supports

malfunction.
 les or folders are not readable

2. FAT Data Recovery Tools:

FAT Recovery is a fully automatic utility that recovers data from damaged or
formatted disks. The program scans the disk first and then restores the original
structure of files and folders.
Example: - Diskinternal_s FAT Data Recovery tool.
Works for all:


FAT Recovery is fully wizard-based, meaning there is no technical knowledge
needed. Any person can recover data from damaged or formatted disks on their
own, without hiring a technician. FAT Recovery does not write anything to the
damaged disk, therefore you can try the program without any risk of losing data
you want to be recovered. It does not matter whether Windows recognizes a disk or
not, nor does it matter if all directory information is missing – all recoverable data
will be recovered and the original disk structure will be restored. Because the
program scans every single sector, it never misses recoverable data. Another
important advantage of FAT Recovery is its capability to recover data from virtual
disks, and it does not matter if the data was deleted prior to recovery or not. FAT
Recovery supports the following file systems - FAT12, FAT16, FAT32, and
VFAT. Files up to 64 KB are recovered by FAT Recovery.

3. Digital Camera Data recovery tool:

Digital camera data recovery has the leading photo recovery software for memory
card used by digital camera or phone. It can effectively recover lost, deleted,
corrupted or formatted photos and video files from various memory cards. It
supports almost all memory card types including SD Card, MicroSD, SDHC, CF
(Compact Flash) Card, XD Picture Card, Memory Stick and more.
Example: - Diskinternal_s Digital Camera Data Recovery tool.
Features

from memory cards

s, video files from mobile phones

4. Removable media data recovery tool:

The process of recovery is a very straightforward one - insert disk, press "Recover"
and get the files you need. The software is easy to use and does not require any
additional skills. We tried to make working with it as comfortable as possible. The
program starts working automatically and doesn't require the additional set up
change. Comfortable Recovery Wizard will do everything for you. The result of
the Wizard work is the list of all the recoverable files. All you have to do is to
choose the necessary files and press a Recover button. The innovational scanning
technology economizes greatly your time that otherwise would be spent on a
damaged disc recovery.
The advanced users can use a manual recovering. In this case you can work
individually with each session\track and chose the file system depending on
session.
Example:-

5. Procedure to recover deleted files:

If the file is deleted from the recycle bin, or by using shift + delete button, the
simplest and easiest way to recover deleted file is by using a data recover software.
If the file has been partially over written, there are some data recovery software
applications which will perform better to recover the maximum of data.
It is important to save the recovered file in a separate location like a flash drive. A
file can only be permanently lost if it is over written. So do not over write, do not
install or create new data on the file location.

6. Procedure to recover formatted partition:

If the hard drive is formatted, then people generally use a bootable CD to start the
system. But if the system is booted and installed something like an operating
system, on the formatted drive then there is more chances of losing the data
forever.
Formatting is to add deletion mark on all files or even empty FAT and system
couldn't identify any content of disk partition. Formation nevertheless doesn't
perform any operation upon data. Though directory is empty, data still exists. By
utilizing data recovery software, user could retrieve all those data.
Partition damage could probably render users considerable losses not only in terms
of data, but economically also. Partition data loss is likely to bring about tens of
millions of economic loss for user. Therefore, user should attach great attention on
data protection while using computer. To recover files from a formatted drive
through data recovery software is not a very complicated process, but it can be
lengthy, and will need:

1. An enclosure (to convert hard drive into USB external

drive).
2. A bootable system with preferably a high storage
capacity hard drive.
3. A disk image creator and a virtual disk creator.
4. Data recovery software.
5. Sufficient storage space on devices other than the
formatted drive.

Ethics

• Computer ethics deals with the procedures, values and practices that govern
the process of consuming computing technology and its related disciplines
without damaging or violating the moral values and beliefs of any
individual, organization or entity.

• Computer ethics is a concept in ethics that addresses the ethical issues and
constraints that arise from the use of computers, and how they can be
mitigated or prevented

4.2 Introduction to Cyber Crimes – Hacking, Cracking, Viruses, Virus

Attacks, Pornography, Software Piracy, Intellectual property, Legal System
of Information Technology, Mail Bombs, Bug Exploits, Cyber Crime
Investigation

Cyber Crime

 Any crime with the help of computer and telecommunication technology.

 Any crime where either the computer is used as an object or subject.

Categories of Cyber Crime

We can categorize cyber crime in two ways:

 The computer as a target: - using a computer to attack other computer, e.g.
Hacking, virus/worms attacks, Dos attack etc.
 The computer as a weapon:- using a computer to commit real world crime
e.g. cyber terrorism, credit card fraud and pornography etc.

Cybercrime can be also categorized as:

 1. Cybercrimes against persons.
2. Cybercrimes against property.
3. Cybercrimes against government.

1. Cybercrimes against persons:

 Cyber stalking
 Impersonation
 Loss of Privacy
 Transmission of Obscene Material.
 Harassment with the use of computer.

2. Cybercrimes against property

 Unauthorized Computer Trespassing
 Computer vandalism
 Transmission of harmful programmes
 Siphoning of funds from financial institutions
 Stealing secret information & data
 Copy Right
3. Cybercrimes against government.
 Hacking of Government websites
 Cyber Extortion
 Cyber Terrorism
 Computer Viruses

Collectively all cyber-crimes listed here are:

1. Viruses 2. Worms 3.Trojans
4. Mail bombs 5.Threats 6.Harassment
7. DOS 8.Fraud 9.Theft
10.Piracy 11.Logic bombs 12.Spamming
13.Pornography 14.Bug exploits 15.Hacking
16.Cracking 17.
1. Hacking
 Hacking refers to the unauthorized access of another computer system. It is
the practice of modifying features of assistant in order to accomplish a goal
outside of the creature’s original purpose.
 Every act committed towards breaking into a computer and/or network is
hacking and it is an offence.
 Hackers write or use readymade computer programs to attack the target
computer.
 They possess the desire to destruct and they get enjoyment out of such
destruction. Some hackers hack for personal monetary gains, such as
stealing credit card information, transferring money from various bank
accounts to their own account followed by withdrawal of money.
 Government websites are hot on hacker‟s target lists and attacks on
government websites receive wide press coverage
 There are different types of Hackers:
1. White Hat:
 This type of hackers is someone who has non-malicious purpose
whenever he breaks into security systems.
 In fact,a large number of white hat hackers are security experts
themselves who want to push the boundaries of their own IT
security ciphers and shields or event, penetration testers
specifically hired to test out how vulnerable or impenetrable (at the
time) a present protective setup currently is.
 A white hat that does vulnerability assessments and penetration
tests is also known as an ethical hacker.
2. Black Hat:
 This type of hackers is also known as a cracker and he Has a
malicious purpose whenever he goes about breaking into computer
security systems with the use of technology such as a network,
telecommunication system, or computer and without authorization.
 His malicious purposes can range from all sorts cybercrimes such
as piracy, identity theft, credit card fraud, damage, and so forth. He
may or may not utilize questionable tactics such as deploying
worms and malicious sites to meet his ends.
3. Grey Hat:
 A grey hat hacker is a combination of both white hats And black
hats.
 This is the kind of hacker that is not a penetration tester but will go
ahead and surf the Internet for vulnerable systems he could exploit.
 Like a white hat, he will inform the administrator of the website of
the vulnerabilities he found after hacking through the site.
 Like a black hat and unlike a pen tester, he will hack any site
freely and without any prompting or authorization from owners
what so ever.
  He will even offer to repair the vulnerable site he exposed in the
first place for a small fee.
4. Elite Hacker:
 As with any society, better than average people are rewarded for
their talent and treated as special.
 This social status among the hacker underground, the elite are the
hackers among hackers in this subculture of sorts.
 They are the masters of deception that have a solid reputation
among their peers as the cream of the hacker crop.
5. Script Kiddie:
 A script kiddie is basically an part-time or nonexpert hacker, who
breaks into people‟s computer systems not through his knowledge
in IT security and the ins and outs of given website, but through
the prepackaged automated scripts (hence the name), tools, and
software written by people who are real hackers, unlike him.
 He usually has little to know knowledge of the underlying concept
behind how those scripts he has on hand works.
2. Cracking
 A cracker is someone who breaks into someone else‗s computer
system, often on a network by passing passwords or licenses in
computer programs or in other ways intentionally breaches computer
security.
 A cracker can be doing this for Profit maliciously, for some altruistic
purpose or cause, or because the challenge is there. The term
―cracker" is not to be confused with ―hacker‖. Hackers generally
deplore cracking.
 Some breaking-and-entering has been done ostensibly to point out
weaknesses in a site's security system.
 Contrary to widespread myth, cracking does not usually involve some
mysterious leap of hackerly brilliance,
 but rather persistence and the determined repetition of a handful of
fairly well-known tricks that exploit common weaknesses in the
security of target systems

3. Viruses ,Virus Attacks

 A computer virus attaches itself to a program or file enabling it to spread
from one computer to another, leaving infections as it travels.
 Like a human virus, a computer virus can range in severity: some may cause
only mildly annoying effects while others can damage your hardware,
software or files.
 A computer virus is one kind of threat to the security and integrity of
computer systems.
 A Computer virus can cause the loss or alteration of programs or data, and
can compromise their Confidentiality.
 A computer virus can spread from program to program, and from system to
system, without direct human intervention.

4.Pornography
 Child Pornography is a very inhuman and serious cybercrime offence.
 It includes the following:
 Any photograph that can be considered obscene and/or unsuitable for the
age of child viewer. Film, video, picture.
 Computer generated image or picture of sexually explicit conduct where
the production of such visual depiction involves the use of a minor
engaging in sexually explicit conduct .
 Internet is the most frequently used tool for such criminals to reach
children and practice child sex abuse.
 The spreading use internet and its easy accessibility to children has made
them viable victim to cybercrime.
 There is a type of humans called Pedophiles who usually allure the
children by obscene Pornographic contents and then they approach them
for sex.
 Then they take their naked photographs while having sex. Such people
sometime misguide children telling them that they are of the same age
and win their confidence.
 Then they exploit the children either by forcing them to have sex or
selling their pictures over internet.

5. Software Piracy
 Cybercrime Investigation Cell of India defines ―software piracy‖ as
theft of software through the illegal copying of genuine programs or
the counterfeiting and distribution of products intended to pass for the
original.
 Software piracy can be defined as ―copying and using commercial
software purchased by someone else‖ .
 Software piracy is illegal.
 Each pirated piece of software takes away from company profits,
reducing funds for further software development initiatives.
 Making duplication of software is an act of copyright infringement,
and it‗s illegal.
 Providing unauthorized access to software or to serial numbers used to
register software can also be illegal ways to Deal With/Minimize
Software Piracy : ―
 Have a central location for software programs.Know which
applications are being added, modified or deleted.
 Secure master copies of software and associate
documentation, while providing faculty access to those
programs when needed.
  Never lend or give commercial software to unlicensed users.
 Permit only authorized users to install software.
 Train and make staff aware of software use and security
procedures which reduce likelihood of software piracy.

6. Intellectual Property
 Intellectual property (IP) rights are the legally recognized exclusive rights to
creations of the mind.
 Under intellectual property law, owners are granted certain exclusive rights
to a variety of intangible assets, such as musical, literary, and artistic works;
discoveries and inventions; and words, phrases, symbols, and designs.
 Intellectual Property Rights (IPR), are rights granted to creators and owner
of works that are results of human intellectual creativity.
 These works can be in the industrial, scientific, literary and artistic domains,
which can be in form of an invention, a manuscript, a suite of software or a
business name.
 The agreement provides norms and standards for protection and enforcement
of IPRS in member countries, in respect to following areas patents,
copyrights, trademarks, industrial designs, layout designs of integrated
circuits etc.
 IPR is an important consideration in issues concerning licensed software.

7. Legal System of Information Technology

 Computer technology has revolutionized the world. It has removed
restrictions of geographical proximity in communication and business.
However, with every great invention, also come its follies.
 That is the reason why Security plays a big part in today‗s world of
computers, ecommerce and the Internet.
 With this development of security for computers, came the need for a
legal system to prosecute perpetrators. Also, with the recent boom in
Ecommerce, it has become pertinent to have legal systems and laws in
place, to protect and uphold contracts, business transactions, data
processing and development over the Internet.
 Legal system plays a vital part in the upholding a secure information
technology infrastructure. Jurisdiction is a major stumbling block for
the legal system when it comes to dealing with computers, networks
and their security, across the globe.
 It is important that security administrators understand the support they
have from the legal system in order to adequately protect their
computer systems.
 At the same time, it is important that companies develop healthy
computer ethics to minimize intrusions from within.
  It is a well known fact that most instances of computer crime occur
from the inside, and thus creating a culture of ethical computer
behavior is vital deterrent to underhand computer related activities.

8. Mail Bomb
 Email ―bombing" is characterized by abusers repeatedly sending an
identical email message to a particular address.
 A mail bomb is the sending of a massive amount of email to a
specific person or system.
 A huge amount of mail may simply fill up the recipient‗s disk space
on the server or, in some cases, may be too much for a server to
handle and may cause the server to stop functioning.
 Mail bombs not only inconvenience the intended target but they are
also likely to inconvenience everybody using the server.
 Senders of mail bombs should be wary of exposing themselves to
reciprocal mail bombs or to legal actions.

9. Bug Exploits
 An exploit is a piece of software, a chunk of data, or a sequence of
commands that takes advantage of a bug, glitch or vulnerability in
order to cause unintended or unanticipated behavior to occur on
computer software, hardware, or something electronic (usually
computerized).
 Such behavior frequently includes things like gaining control of a
computer system.

10.Spam
 Spam or Junk mail, is the (unwanted) sending out of mass emails for
commercial or fraudulent purposes, which is unethical and illegal.
 Anti- Spam laws are being enforced in most countries which will hopefully
limit the use of annoying electronic communications.

11.Spying
 Credit Card copying (Skimming) is another cyber crime that comes under
spying as well as fraud.
 As a person swipes his card at the ATM, or presents his card at a restaurant
or shop for billing, the swipe machine may have a skimmer attached to it
which transfers confidential information to the card to a third party, other
than the credit card company
 12.Offensive contents
 Obscenity becomes a criminal activity where creating, distributing,
accessing and spreading obscene material exploits human beings in any
manner, especially when it is accessed by children.

Cyber Crime Investigation

Cybercrime investigation process:

 The computer crime investigation should start immediately following the
report of any alleged criminal activity. Many processes ranging from
reporting and containment to analysis and eradication should be
accomplished as soon as possible after the attack.
 An incident response plan should be formulated, and a Computer Emergency
Response Team (CERT) should be organized before the attack.
 The incident response plan will help set the objective of the investigation
and will identify each of the steps in the investigative process.

1. Detection and Containment

Before any investigation can take place, the system intrusion or abusive conduct
must first be detected.

2. Report to Management
All incidents should be reported to management as soon as possible. Prompt
internal reporting is imperative to collect and preserve potential evidence. It is
important that information about the investigation be limited to as few people as
possible.

3. Determine if Disclosure is Required

Determine if a disclosure is required or warranted due to laws or regulations.
Investigation Considerations
Once the preliminary investigation is complete and the victim organization has
made a decision related to disclosure, the organization must decide on the next
course of action.

4. Obtaining and Serving Search Warrants.

If it is believed that the suspect has crucial evidence at his or her home or
office, a search warrant will be required to seize the evidence.

5. Surveillance
Two forms of surveillance are used in computer crime investigations: physical
and computer.
 Physical surveillance can be generated at the time of the abuse, through
CCTV security cameras, or after the fact.
  Computer surveillance is achieved in a number of ways. It is done
passively through audit logs or actively by way of electronic monitoring.

The goal of the investigation is to identify all available facts related to the
case. The investigative report should provide a detailed account of the incident,
highlighting any discrepancies in witness statements.

The report should be a well-organized document that contains a description of

the incident.
Computer forensics is the study of computer technology as it relates to the law.
This generally means analyzing the system by using a variety of forensic tools
& processes, and that the examination of the suspect system may lead to other
victims and other suspects.

4.3 Introduction Cyber Laws- Introduction to IT act 2000 and IT act 2008,
Introduction to the cyber laws

Need of Cyber Law

 "The modern thief can steal more with a computer than with a gun. Tomorrow's
terrorist may be able to do more damage with a keyboard than with a bomb".
 Internet has dramatically changed the way we think, the way we govern, the way
we do commerce and the way we perceive ourselves.
 Information technology is encompassing all walks of life all over the world.
 Cyber space creates moral, civil and criminal wrongs. It has now given a new
way to express criminal tendencies.
 Cyberspace is open to participation by all
 “IT” has brought Transition from paper to paperless world
 The laws of real world cannot be interpreted in the light of emerging cyberspace
to include all aspects relating to different activities in cyberspace
 Internet requires an enabling and supportive legal infrastructure in tune with the
times
Cyber Law

Cyber Law : It is the law governing cyber space.

Cyber space: It includes computers, networks, software's, data storage devices (such as
hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such
as cell phones, ATM machines etc.

Cyber Law deals with:

 Cyber Crimes
 Electronic or Digital Signatures
 Intellectual Property
 Data Protection and Privacy
IT Act-2000:
Due to misuse of internet & increase of cyber crimes, the Govt. of India made a act for
safeguarding the internet users. And this is IT act 2000. Also known as ITA2000
The Information Technology Act, 2000 (IT Act), came into force on 17 October 2000.
The primary purpose of the Act is to provide legal recognition to electronic commerce
and to facilitate filing of electronic records with the Government.
Information Technology Act 2000 consisted of 94 sections segregated into 12 chapters.
Objectives & scope of ITact2000:

Chapters of IT act2000
Advantages of IT act2000:

Disadvantages of IT act2000:

IT Act Amendment-2008:

• ITA-2008, is a new version of IT Act 2000.

• It is Information Technology Amendment Act 2008 also called as ITA-2008
• It is a considerable addition to the previous law i.e ITA-2000 & is administered by the
Indian Computer Emergency Response Team(CERT-In) in year 2008.
• It is developed for IT Industries to control E-commerce, to stop cyber crime attacks etc.
 • Provides additional focus on Information Security.
• Added several new sections on offences including Cyber Terrorism and Data Protection.
• It has 124 sections and 14 chapters.

Modifications from IT act 2000 to IT Act 2008:

The modification are made to address some issues like the original bill failed to cover, to
accommodate the development of IT Industries & security of e-commerce transaction.

Redefinitions of terms like communication device which reflect the current use.

Validation of electronic signatures & contracts

The owner of an IP address is responsible for content that are accessed or distributed through it.

Organizations are responsible for implementation of effective data security practices.

Digital signature has been replaced with Electronic signature.

Section 67 of the old Act is amended.

Characteristics of IT Act 2008:

Focusing on data privacy

Focusing on Information Security