Short Term Certification Course ( Cyber-Crimes Investigation Using Open Source Intelligence (OSINT) Tools and Techniques)

Three Day Online Certificate Course on Cyber-Crimes Investigation using Open Source Intelligence (OSINT) Tools and Technique’s

About the Programme

The amount of data being pushed to the Internet each minute is staggering. There are millions of hours of videos, billions of images, and zitabits of text that cannot be indexed by a mere search engine algorithm. The indexing of the data is distributed complexly across the Web technologies - on Surface web, Deep web and Dark web of the internet. Understanding, capturing and investigating these kinds of data sources needs special skills in cybernetics; this is what this certification does. The course starts with the process of collecting and analysing data and then quickly moves into investigating techniques to gain access to un-indexed data. It explains and practically demonstrates a broad array of Open-Source Intelligence (OSINT) tools, such as setting up an OSINT analysis platform, accessing data from surface web and deep web and exploring the world of dark web using encrypted web browsers on the internet.

This certification, being a foundational course in open-source intelligence (OSINT) tools and techniques, teaches participants how to find, collect, and analyse data from the Internet. Far from being a beginner class, this course teaches participants the OSINT framework to be successful in finding and using online information, reinforced with over 30 hands-on bootcamp exercises.

Learning Objectives

• Usage of Social Media Intelligence paradigms on social media handles like Facebook. twitter, Instagram, LinkedIn etc
• Review, monitor and evaluate search engine information from Google, Bing, Yahoo, and others from dark web.
• Monitoring information on Websites, Directories, search engines, meta search engines as well as review user activity on digital platforms for gathering information of the entities involved in the crime scenes.
• Access old cached data from internet by means of Website analysis and data collection
• Identify fake profiles, sock puppets, and fake emails, as well as mail addresses from social networks, or Google results.
• Search for photographs and videos on common social photo sharing sites such as Flickr, Google Photos, etc. , by image analysis tools
• Use Google Maps and other open satellite imagery sources to retrieve images of users' geographic location and establish connection between the suspects involved in a cyber-crime as per their Digital Foot prints.

Learning Outcomes

The learning strategy is focused to enhance the capacity of participants to integrate OSINT tools into cyber investigations.

Upon completion of the course, the participants are expected to be able to:

• Provide a comprehensive overview on the main work processes and general techniques that are necessary for the accomplishment of intelligence gathering on Cyber Crime scenarios using OSINT;
• Create an identified/anonymous presence to be used to conduct online investigative research and data collection;
• Identify risks to users from OSINT data collection and explain countermeasures to be utilised in providing anonymity for users
• Enhance and customize the art of using OSINT techniques suitable for the collection of information for intelligence and counter intelligence purpose ;
• Strengthen the investigative methods, analysis, and distribution of information for the purpose of tackling all forms of crimes in clear web, social media, and dark web.

Learning Modules: Day Wise

Day -1 OSINT Basics:

• What is intelligence and OSINT
• Grey Areas and Ethics
• Robin Sage – A powerful Social Engineering experiment
• Information is Everywhere
• Lab 1: Using OSINT to build a fake/ puppet profile for intelligence gathering purposes and connecting with individuals of interest

Day-2: Tools and engines for use in your OSINT searches:

• Thinking and Analysis
• Looking at websites
• Google Custom Searches
• Disposable Search Engines
• FOCA, Cree.py & Maltego
• Lab 2: Building your own Google Custom Search Engine

Day -3: Technical Scenarios and Use Cases:

• Counter Intelligence and Defenses
• Fake BBC news site and spreading misinformation
• Attacking the Stock Market
• General Petraeus and Clinton
• Volkswagen emissions scandal
• Mossack Fonseca (Mossfon)
• Intelligence Gathering Recipe
• Lab 3: Gathering intelligence on an organization

Eligibility:

Candidates who are pursuing graduation or had graduated are eligible to register.

Duration: Three Days

Registration Process: Submission of Online Application Form along with the requisite fee.

Intake : 70 per batch. The admission will be first come first serve basis. In case, the number of enrolments’ exceeds 70 and if there are sufficient number of candidates for more number of batches, the University will continue the programme for more number of batches and the schedule will be intimated to the candidates immediately after closure of the admissions.

Mode of Delivery: Online Mode using Virtual Cyber Forensics Lab by assigning Virtual Machine’s to each enrolled Participant. The candidates should have a laptop / desktop with a minimum bandwidth speed of 1 Mbps during the programme.

Course Fee: Rs. 4,000/- (Rupee four thousand only)

Note: Course Fee once paid is not refundable.

Award of Certificate:

1. Course Completion Certificate
To be eligible for award of the ‘Course Completion Certificate’, the registered candidates should secure a minimum of 50% marks in the ‘Final Lab Assessment Test (FLAT)’ .  The FLAT  shall be conducted  tentaively one week after the last day of the course  in the form of  Take Home Assigment (THA). Submission due date  for Take Home Assigment (THA) shall be with 3-4 days window peroid. 

2. Certificate of Participation
‘Certificate of Participation’ will be awarded to the participants who have attended 50% or more sessions but failed to clear and / or appear in the Final Lab Assessment Test (FLAT).

Bootcamp exercises during Certificate offering

• Exercise 1 – Look up your MAC address
• Exercise 2 – Address Resolution Protocol
• Exercise 3 – Lookup your IP addresses
• Exercise 4 – DNS Lookup
• Exercise 5 – WHOIS Lookups
• Exercise 6 – Investigate counterfeiting websites
• Exercise 7 – Beware of Malicious JavaScript on websites
• Exercise 8 – Tracking Cookies
• Exercise 9 – Find analytical codes within the Source code
• Exercise 10 – Which VPN do I choose?
• Exercise 11 – Creating a “sock puppet”
• Exercise 12 – Select your target and persona
• Exercise 13 – Test Browser Leakage Exercise
• Exercise 14 – Referrer Header
• Exercise 15 – Autofill phishing
• Exercise 16 – Password strength checker
• Exercise 17 – HTTrack Website Copier
• Exercise 18– AOL Data Breach
• Exercise 19 – Using a search engine
• Exercise 20 – Check out the following search engines
• Exercise 21 – Google advanced search hacking Techniques
• Exercise 22 – Meta and Federated Search engines
• Exercise 23 – Open Source Intelligence websites
• Exercise 24 – Hacker and Carding Forums and Chatrooms
• Exercise 25 – Public Records Worldwide
• Exercise 26 –Metadata Deep Web search tools
• Exercise 27– Archive.org - Advanced searching exercise
• Exercise 28– Data Breaches – Archives
• Exercise 29 – Tor Relay Exercise
• Exercise 30 – Navigating the Dark We

OSINT Tools

SpiderFoot – an OSINT tool to scrape data from over 100 data sources on personal, network, and business entities.

Google Dorks – OSINT data gathering method using clever Google search queries with advanced arguments.

Shodan – a search engine for online devices and a way to get insights into any weaknesses they may have.

Maltego – an OSINT tool for gathering information and bringing it all together for graphical correlation analysis.

Recon-ng – an open-source web reconnaissance tool developed in Python and continues to grow as developers contribute to its capabilities.

Aircrack-ng – a wifi network security testing and cracking tool that can be used both defensively and offensively to find compromised networks.

Important Dates (Tentative) – & First Batch

For further details, please contact Dr.K.V.K.Santhy
Director
Center for Cyber Laws
and Forensic Sciences
Ph : 040 23498113 / 9985645594
Email :clfs@nalsar.ac.in
https://clfs.nalsar.ac.in/