CCFIS Researches

Cyborg Cyber Forensics and Information Security Pvt. Ltd.(CCFIS) has been build up on the core belief that Cyber security is a growing concern worldwide because of information technology in personal life and in business. Hence it is mandatory to secure and protect our nation as well as national technological infrastructure to safe the future. All recent days problems related to information security and digital forensic is our prime focus of our research team.The on going various research area is mention in our website. Federal law and CCFIS policy provide specific guidance for protecting identifiable research information.

Critical Infra-Structure Protection

Critical infrastructure is the backbone of our nation’s economy, security and health. We know it as the power we use in our homes, the water we drink, the transportation that moves us, and the communication systems we rely on to stay in touch with friends and family.

Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the India that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.

The system and networks that make up the infrastructure of society are often taken for granted, yet a disruption to just one of those systems can have ominous consequences across other sectors. In today’s world mankind relies critically on roads, rails, airways, electricity, communication, water supply system, banking systems etc, without which survival would be considered almost impossible. These are therefore termed as Critical Infrastructure. Any disruption in its working would lead to chaotic effects in the country’s economic, political and social well-being. Thus the security of Critical Infrastructure of the country is necessary for national security. Almost all these Critical Infrastructures are in some way or the other a part of the cyber space and hence are vulnerable to cyber- attacks and hackings, in addition to any kind of physical threats. Therefore Critical Infrastructure Protection (CIP) has become a necessity, from the physical as well as cyber threats. Supervisory Control And Data Acquisition (SCADA) systems are meant for monitoring, and remotely controlling, geographically widely distributed processes such as water treatment and distribution, oil and gas pipelines, electrical power transmissions, flood gates of damns, railways and airways etc. being futuristic, cyber wars are a very likely phenomenon and all the countries are gearing up for this cyber warfare. Critical Infrastructure is likely to be prime target during cyber warfare and thus their protection is very essential for the survival of a country or state during war.

At CCFIS, we aim at protecting such Critical Infrastructure on cyber front. We intend to identify vulnerabilities in their existing critical infrastructure and submit the report with recommendations to secure their infrastructure to their governing bodies. We also intent to create a system for regular/periodic security assessment. A training will also be provided, so that organizations can understand importance of cyber and information security for their critical infrastructure. Some step includes use of powerful systems as firewall to filter out as much of threat as possible, allowing only the necessary and safe traffic to pass through. Thorough examination of every system on the network is done to identify non necessary ports and close them. CCFIS Sensor will be deployed inside the organization to distract attackers and further trace the attacker. We also aim to contact governing central bodies of critical sectors for security/vulnerability assessment and suggest them to create central guidelines to be incorporated by all organizations/companies governed by them.

Digital Image Forensics

Now day’s digital visual media (Image or video) represent one of the principal media for communication as well as most prominent evidences for any case. But, now the reliability of digital visual information has been questioned, due to the ease in counterfeiting both its origin and content. Digital image forensics is a brand new research field which aims at validating the authenticity of images by recovering information about their history . Actually it’s a verification process to identify the originality.

The two main parameters are addressed: the identification of the imaging device (for the case of image its camera) that captured the image, and the detection of traces of forgeries. Nowadays, digital image forensics represents an appealing investigation domain for many researchers to identify the image authenticity. Even some times, we can able to retrieve the original information up to 90%. The present and the future of digital image forensics have a great career option as well as we can also able to protect our self from the existence digital world and the upcoming digitalized world.

The trustworthiness of photographs has an essential role in many areas, including: forensic investigation, criminal investigation, surveillance systems, intelligence services, medical imaging, and journalism. The art of making image fakery has a long history. But, in today’s digital age, it is easily possible to change the information represented by an image without leaving any obvious traces of tampering.

Our research is based on all latest issues that are arising including:
  • Detecting traces of re-sampling
  • Detecting near–duplicated image regions
  • Noise inconsistencies analysis
  • Application of cyclostationarity analysis to image forensics

Malware Analysis

We have developed a virtualized sandbox environment to research on different malwares available and 0-day malwares captured by our CCFIS sensor, we monitor and study their behaviors and activities. Our research include viruses, worms, Trojans, adwares, spywares, backdoors, rootkits for various Microsoft based operating systems. Our research on malwares are confidential but can be presented to LEAs, government agencies, defense organizations, research organizations, MNCs, individual researchers on request. Our research explains the effects of malware when they get installed over the system.

We have developed a virtualized sandbox environment to research on different malwares available and 0-day malwares captured by our CCFIS sensor, we monitor and study their behaviors and activities. Our research include viruses, worms, Trojans, adwares, spywares, backdoors, rootkits for various Microsoft based operating systems. Our research on malwares are confidential but can be presented to LEAs, government agencies, defense organizations, research organizations, MNCs, individual researchers on request. Our research explains the effects of malware when they get installed over the system.

Our research is based on six steps of the incident response process:
  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons learned

By following these six steps, our research team provide the scenario in which they can recover from an incident with as little time and money as possible, while also ensuring that the incident will not happen again. During the preparation phase, it is an important component of in-depth security strategy. When an incident occurs, malware analysis enables the security team to analyze and interpret events, thus helping prevent losses and restore normal operations as quickly as possible. We provide Post-incident malware analysis, helps identify ways to improve security architecture and prevent similar incidents. Our course includes two key techniques for examining malicious code — static analysis and dynamic analysis.

Our research is based on the following analysis:

Vulnerability analysis: Our research includes how vulnerabilities are discovered and exploited. Our team will explore various languages and the compilation process in order to understand what protections can be automatically applied against vulnerabilities within the constraints of the language.

Malware analysis: Our research includes current malware, as well as develops techniques for creating malware that is resilient against defensive techniques.

Defense analysis: We will explore defenses as found in practice, and as proposed by researchers while investigating the limitations of defenses.

ATM Fraud

In today’s world, computers also make more mundane types of fraud possible such as: take the automated teller machine (ATM) through which many people now get cash. In order to access an account, a user supplies a card and personal identification number (PIN). Criminals have developed means to intercept both the data on the card’s magnetic strip as well as the user’s PIN. Our research is based on the information that is used to create fake cards that are then used to withdraw funds from the unsuspecting individual’s account.

We performed several research related to ATM frauds based on skimmers and card readers and submitted report to concerned agencies. We keep on researching on ATM frauds, credit cards frauds and share our research thorough online portal for spreading awareness. We have also created an updated Dos and Don’ts list for teenagers and common people for using cards online safely and how to deal with fake monetary schemes.

Our research is based on the following issues:
  • Card and Currency Fraud.
  • Skimming which includes External card skimming, Internal card skimming and Vestibule card skimming.
  • Card Trapping/Fishing.
  • Logical or data Attacks which includes Malware and Hacking

Our team is continuously working on the prevention techniques for the ATM frauds. We try to provide better solutions to the agencies regarding any issue that can down their reputation or make the customer to lose their confidence in using ATM services in future. The nature and extent of precautionary measures to be adopted will, however, depend upon the requirements of the respective banks.

Software Development

At CCFIS we have a dedicated software development team which helps us in development of our concept softwares. We have in-house softwares for security testing and vulnerability assessment. We also intend to develop prototype of concept software, based on artificial intelligence from security perspective.

We believe in giving back to InfoSec community and hence most of our softwares are free of cost and open source. Our software can be distributed to LEAs, governments, research organizations, independent researchers, companies on demand.

Our research team is continuously focusing on the different methodologies that should be adapted to enhance the feature of software. Research is been carried in such a manner that should follow all the characteristics of a good software development such as: Analytical mind, Big-picture perception of software, Business oriented approach to software development, Teamwork eagerness.

We try to provide the level of customization which is perhaps the biggest benefit of custom software. Our research team is continuously trying to meet up with all the latest exact specifications that can cover every aspect of today’s business world without unnecessary extras. It gives our team a greater control, which is important if your business has specific needs that your average commercial product can’t fulfill. Having customized software should also make the interface more familiar and easy to use.

In-house software is developed by a team of your choice, that’s why it also gives you access to knowledgeable support by our research team. Rather than dealing with technicians who may not understand your unique situation our research team try to develop software firsthand. Our team understands any subtle nuances and minimizes downtime from technical errors.

At CCFIS, our team is working for both the basic and sophisticated software while removing all the bugs and glitches. We are continuously working on the scalability and upgrades that can be troublesome because technology is constantly evolving. Thus, we are adapting to new platforms which is the need for secure future. Although developed software may work for well for a while, it could become defunct in a few years. This can force you to spend more money on developing new software.

Hardware Test Bed

We have established a hardware test bed at CCFIC for providing platform and for experimenting different available hardware varying from computer components to network equipment. It allows us to perform security testing on different hardware and come up with latest vulnerabilities and exploits in current technologies in an isolated fashion. This also helps in reviewing different hardware from security perspective and provide shielded from the hazards of testing in a live or production environment.

Our test bed includes different hardware, software and network components essential for any commercial hardware test bed. We further implement those researches in improving our services and securing IT infrastructure.

We monitor different networking hardware to analyze different factors that affect the end-to-end data transfer throughput on a network, such as number of parallel streams, buffer size, CPU and I/O speeds at the end systems (source and destination). We conduct our research using both TCP and UDP by adding scanners at each Internet gateway to scan for the presence of malicious code such as viruses, Trojans or hostile Java, ActiveX applets and many more. Viruses that have infected secure email transmission may be removed at the gateway, allowing the original message to continue as a clean transmission.

We have carried out our research on firewall hardware including the three types of firewall tests that we have performed and the types that surprisingly aren’t necessary, to ensure we choose the best firewall for your organization. We divided our research for testing firewalls into three distinct phases:

  • Subjective evaluation,
  • Efficacy (effectiveness) of threat mitigation and
  • Performance testing.

We try to find all the little issues that are there to overcome. Numbers of issues are there such as: regarding the limitation of a hardware component, scalability issues in hardware, traditional failure of hardware components. We as team try to test hardware to our best knowledge and come up with all the latest vulnerabilities that are there to damage your hardware and the network.

Storage Media Analysis

Our continuous research in cyber forensics over various digital storage media has resulted into developed of in-house tools and techniques for recovering data and performing forensics analysis of almost any storage media varying from NAS to USB drive. Our continuous research on current technology helps us in identifying, acquiring, authenticating, preserving, analyzing and reporting the devices.

Some of the research areas where we are contributing:
  • Un-Recoverable Sectors
  • Readable Sectors
  • Recoverable Sectors
  • To extract data on real world behaviour
  • Statistic data has been gathered on real damaged media under several different conditions.

We implement the bad area skipping algorithm of safe-copy quite efficiently to avoid unrecoverable sectors within a set of unrecoverable sectors on a single track. Skipping over entire bad areas in a first rescue attempt is done via a relatively dump approach (-stage 1 skips 10% of the disk regardless of the size of the erroneous area). Thus, we are researching to overcome this flaw. Since, finding the end of an oscillating bad area efficiently is a non trivial process if the disk geometry is not known. A heuristic algorithm that efficiently determines those could therefore increase the data rescue effectiveness of safe-copy.

For rescuing within a bad area, a probabilistic approach would pro-actively avoid accessing sectors if they have a high likeliness of being unreadable. It will treat them like unreadable sectors, to be accessed in a later safe-copy run.

As we know all digital storage media devices have a short life stamp. We are continuously researching in order to increase their life by implementing the methodologies which help us to keep our data safe and secure for a longer period of time. That is the only reason that digital preservation requires active management and regular migration regarding the content in it from old storage devices to new storage devices.

Geo Tagging in GPS

Our research is focused on the concept of Geo tagging in GPS enabled smartphones and cameras. Geo tagging is an area of controversy due to privacy concerns. Geo tagging uses the global position system (GPS) now a standard feature on most phones to keep a track on the user’s location and then share that location with others. This means photographs taken on the phone can have the GPS co-ordinates of the user automatically embedded within them to show where the pictures were taken. Some apps also use the location information of the user which can be shared with others at real time. Allowing anyone with access to internet to locate and track the user raising a big privacy concern. During our a research we analyzed and identified a geo tagged file’s metadata with various softwares which instructed the image to give out the data embedded in them and displaying the exact information in terms of the latitude and the longitude coordinates and then feeding those co-ordinates to a map revealing the exact location where the image was taken.

The information of yours and your family is something which you don’t want to disclose in public, as it could create a problem for you in future. Geo tagging gives the hacker the benefit to use their skills to get access of your personal information. Our research team is continuously working in finding out all the vulnerabilities that are there which could create hassle among you.

Mostly all the newer smartphones, cameras and other technologies are having this technology available. It is imperative that companies and individuals who are serious about security including information, corporate, physical and personal re-evaluate their use of this type of technology. Our team is researching on designing a system which could be location aware and at the same time also offering maximum protection against all the privacy violation.

Sometimes it can happen that a person is on sick leave and somebody tagged him at some place where he is not present, in actual. This information can create difficulty in a situation if his/her boss came to know about it. Thus, geo tagging has no doubt has advanced your devices with the blooming technology but at the same several steps as are still to be taken to make geo tagging fully secure. Secure in such a manner that a person should not think to switch off its location tracker before going out somewhere and clicking some pictures which could reveal some of their personal information which they don’t want to.

Internet and Social Network Affects

Internet and its usage in has become a part of our daily life these days. With the launch of smart phones and mobile internet, its utility has increased many folds. Now, anyone can browse web pages, use GPS navigation, chat online, use social networking, play games and do lot more apart from just "talking", which used to be the only feature in mobile phones earlier.

Internet usage, whether on a computer or on a Smart-phone, is getting more and more popular among teenagers and children. Due to its wide applications, it has positive and negative implications among these youngsters. Internet is just like a sword which cuts from both sides.

Social networking has evolved rapidly in last decade. It has provided some benefits and at the same time some issues are also coming out on regular bases which are termed as the negative effects of social networking. Such as:

  • Reduced learning and research capabilities
  • Multitasking reduces focus
  • Reduction in real human contact
  • Reduces command over language use age and creative writing skills
  • Time wastage
  • Loss of motivation in students
  • Effect on health

We as a research team are continuously monitoring all the latest issues that are arising regarding the safety and trying to provide remedies which could make our internet and social network more safer and secure to use.

Mobile Devices Forensics

At CCFIS, our research team is very much familiar with computer forensic and especially mobile device forensics, our team has the core knowledge and skills that a Digital Forensic Investigator needs to process cell phones, PDAs, and other mobile devices. Mobile device forensics is a rapidly evolving field, creating exciting opportunities for practitioners in corporate, criminal, and military settings. Mobile phones facilitate everything from voice/video calls to text messaging, Web surfing, shopping and GPS navigation, music player, video recording and image/video editing. More memory is being added to mobile phones, which makes their storage capacity greater than ever. As a result, they also provide rich data and evidence for legal investigations. Call records logs, texts messages, video, internet surfing log, GPS log files and pictures help with cases ranging from ethics investigations to murder prosecutions. Our research team of mobile forensics professionals recovers mobile phone evidence so that law enforcement agencies and lawyers can build or defend against cases. As with any forensic science, mobile forensics requires various technical and legal training.

Our main focus is on manual or automatic extraction of data to be carried out by the mobile phone forensic experts. Our research team works on automatic extraction when the device is compatible with one or more pieces of forensic software and manual extraction is necessary when no compatible software is present. A manual verification is then required to confirm the extracted data is complete and correct.

Our research team also determines and creates awareness whether activities performed through Smartphone’s social networking applications are stored on the internal memory of these devices or whether these data can be recovered. The goal of our study is to achieve experiments on a number of Smartphone. We research on how to relate our data synchronization with social networking sites. How this data sharing is beneficial as well as harmful to all of us.