Quick Revision

Unit I: Introduction to Cyber Crime - Summary

Classification of Cybercrimes

• Against Individuals: Identity theft, stalking, harassment, phishing
• Against Property: Hacking, vandalism, IP theft, piracy
• Against Organizations: Espionage, DDoS, ransomware, defacement
• Against Government: Cyber terrorism, warfare, infrastructure attacks

Attack Methodology

• Reconnaissance (Passive/Active)
• Scanning and Enumeration
• Gaining Access
• Maintaining Access
• Covering Tracks

Social Engineering Types

• Phishing: Fraudulent emails/websites for credentials
• Pretexting: Fabricated scenario for information
• Baiting: Enticing offers (infected USB drives)
• Vishing/Smishing: Voice/SMS-based phishing
• Tailgating: Physical following into secure areas

Botnets

• Network of compromised computers (bots/zombies)
• Controlled by botmaster via C&C server
• Uses: DDoS, spam, click fraud, crypto mining

Attack Vectors

Email, Web apps, Network, Removable media, Social engineering, Insider threats, Supply chain

Read full Unit I detail →

Unit II: Mobile and Wireless Security - Summary

Mobile Network Generations

Mobile Attacks

• Malware: Trojans, spyware, ransomware, banking trojans
• Network: MITM, rogue AP, Bluetooth attacks
• Application: Repackaged apps, overlay attacks
• Physical: Device theft, juice jacking, shoulder surfing

Bluetooth Attacks

• Bluejacking: Sending unsolicited messages
• Bluesnarfing: Unauthorized data access
• Bluebugging: Taking control of device

Authentication Methods

PIN/Password, Pattern, Fingerprint, Facial recognition, Iris scan, MFA

MFA Factors: Something you know/have/are

Organizational Measures

• MDM: Mobile Device Management
• MAM: Mobile Application Management
• Containerization, VPN, Encryption, Remote wipe

Read full Unit II detail →

Unit III: Tools and Methods - Summary

Proxy Types

• Transparent: No anonymity, identifies as proxy
• Anonymous: Hides IP, identifies as proxy
• Elite: Highest anonymity, no proxy identification

Phishing Types

Email phishing, Spear phishing (targeted), Whaling (executives), Vishing (voice), Smishing (SMS)

Password Cracking

• Brute Force: All possible combinations
• Dictionary: Common words list
• Rainbow Tables: Pre-computed hashes
• Defense: Salting, key stretching, MFA

Malware Comparison

DoS vs DDoS

• DoS: Single source, limited power, easy to block
• DDoS: Multiple sources (botnet), massive power, difficult to block
• Types: Volume-based, Protocol (SYN flood), Application layer

SQL Injection

• Exploits improper input handling
• Types: In-band, Blind, Out-of-band
• Prevention: Parameterized queries, input validation

Wireless Security

• WEP: Deprecated, easily cracked
• WPA: Superseded, TKIP vulnerabilities
• WPA2: Strong, widely used
• WPA3: Current standard, SAE handshake

Steganography vs Cryptography

• Steganography: Hides existence of message
• Cryptography: Makes message unreadable
• LSB technique common in image steganography

Read full Unit III detail →

Unit IV: Computer Forensics - Summary

Digital Forensics Life Cycle

1. Identification: Recognize incident, identify evidence sources
2. Preservation: Secure scene, prevent alteration
3. Collection: Gather evidence (volatile first)
4. Examination: Process and extract data
5. Analysis: Interpret, correlate, timeline
6. Presentation: Reports and testimony

Order of Volatility

1. CPU registers and cache
2. RAM
3. Network connections
4. Running processes
5. Hard disk
6. Remote logging data
7. Archival media

Types of Digital Evidence

• Volatile: Lost when power removed (RAM, processes)
• Non-Volatile: Persists after power off (HDD, SSD)
• Active: Currently accessible files
• Latent: Hidden or deleted data

Chain of Custody

• Chronological documentation of evidence handling
• Elements: Description, collector, transfers, storage
• Hash values for integrity verification
• Broken chain = potentially inadmissible evidence

Forensics Branches

Computer, Mobile, Network, Memory, Database, Cloud forensics

Challenges

• Encryption, anti-forensics, data volume
• Jurisdiction, privacy laws
• Cloud computing, IoT

Read full Unit IV detail →

Unit V: Security Policies and Cyber Laws - Summary

Important IT Act Sections

DPDP Act, 2023 Key Terms

• Data Principal: Individual whose data it is
• Data Fiduciary: Entity processing data
• Personal Data: Data identifying an individual
• Consent: Free, specific, informed, unambiguous

Data Principal Rights (DPDP)

Right to information, correction, erasure, grievance redressal, nomination

DPDP Penalties

• Security failure leading to breach: Rs. 250 crore
• Failure to notify breach: Rs. 200 crore
• Children's data violations: Rs. 200 crore

Intellectual Property Types

• Copyright: Lifetime + 60 years (literary, artistic works)
• Patents: 20 years (inventions)
• Trademarks: 10 years, renewable (distinctive signs)
• Trade Secrets: Indefinite (confidential info)

Security Policy Components

Purpose, Scope, Roles, Policy statements, Compliance, Enforcement, Review procedures

Cybercrime Reporting

• cybercrime.gov.in - National portal
• CERT-In for incidents
• Local cyber crime cells

Trademark Infringement Remedies

• Civil: Injunction, damages, account of profits, delivery up
• Criminal: 6 months–3 years (first offense); up to 7 years (repeat)
• Dispute Resolution: INDRP (.in domains), UDRP (international)

Privacy Threats

• Data harvesting, breaches, surveillance, spyware, cookie tracking
• Deepfakes, IoT surveillance, social media oversharing
• Privacy = Fundamental Right under Article 21 (K.S. Puttaswamy, 2017)

Read full Unit V detail →

Final Exam Revision Checklist

Unit I - Introduction to Cyber Crime

• Define cybercrime and information security
• Explain CIA triad
• List types of cybercriminals
• Classify cybercrimes by target and nature
• Describe attack methodology (5 phases)
• Explain social engineering types
• Define cyber stalking and legal provisions
• Explain botnet architecture and uses
• List common attack vectors
• Explain why cybersecurity is essential
• Compare cybercrime vs traditional crime
• Describe motivating factors (fuel) for cybercrime

Unit II - Mobile and Wireless Security

• Explain mobile device characteristics
• Describe mobile network generations (1G-5G)
• List security challenges in mobile computing
• Explain credit card fraud in mobile era
• Describe mobile attacks (malware, network, physical)
• Explain Bluetooth attacks
• Describe authentication methods for mobile
• Define MDM, MAM, containerization
• Explain organizational security policies for mobile
• Differentiate authentication vs authorization
• Describe how financial institutions combat mobile fraud
• Explain mobile phishing types and detection methods

Unit III - Tools and Methods

• Explain proxy servers and anonymizers
• Describe phishing types and prevention
• Explain password cracking techniques
• Define keyloggers and spyware
• Differentiate virus, worm, and Trojan
• Explain steganography vs cryptography
• Describe DoS and DDoS attacks
• Explain SQL injection and prevention
• Describe buffer overflow
• Explain wireless network attacks
• Define identity theft

Unit IV - Computer Forensics

• Define computer forensics and its need
• Explain digital forensics life cycle (6 phases)
• Describe types of digital evidence
• Explain order of volatility
• Define chain of custody and its importance
• Describe email forensics
• Explain network forensics
• List challenges in computer forensics
• Explain social media forensics

Unit V - Security Policies and Laws

• Explain need for security policy
• Describe IT Act, 2000 key sections
• Explain DPDP Act, 2023 provisions
• Define Data Principal and Data Fiduciary
• List Data Principal rights
• Describe DPDP penalties
• Explain intellectual property types
• Describe IP issues in cyberspace
• Explain cybercrime reporting mechanisms
• Describe trademark infringement prevention and remedies
• Explain privacy threats in cyberspace and India's legal response

Important Definitions to Remember

Quick Reference: Penalties Under IT Act