See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/358629659

Analyzing Cyber Trends in Online Financial Frauds Paper

Conference Paper in International Journal of Innovative Technology and Exploring Engineering · July 2020
DOI: 10.35940/ijitee.I7185.079920

CITATIONS READS

0 156

2 authors, including:

Simriti Koul
George Mason University
5 PUBLICATIONS 7 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Flower Species Detection Over Large Dataset Using Convolution Neural Networks and Image Processing Techniques View project

All content following this page was uploaded by Simriti Koul on 16 February 2022.

The user has requested enhancement of the downloaded file.

 International Journal of Innovative Technology and Exploring Engineering (IJITEE)
ISSN: 2278-3075, Volume-9 Issue-9, July 2020

Analyzing Cyber Trends in Online Financial

Frauds using digital Forensics Techniques
Simran Koul, Yash Raj, Simriti Koul

 Online frauds refer to the usage of Internet services or other

Abstract: Online financial frauds are one of the leading issues open-source software requiring Internet access to frame users
in the fields of digital forensics and cyber-security today. Various or to otherwise take advantage of them. Finance-related flaws
online firms have been employing several methodologies for the are becoming quite commonplace today. The most common
prevention of finance-related malpractices. This domain of
criminal activity is becoming increasingly common in the present types of online financial frauds include:
cyberspace. In this paper, we will try to implement an online Phishing: Here, the fraudsters acquire users’ sensitive data
financial fraud investigation using the digital forensics tool: such as passwords and credit card credentials through email
Autopsy. A few existing cyber-security techniques for the messages, fraud websites, and phone calls.
investigation of such crimes, namely the Formal Concept Analysis Card Skimming: This crime involves the illegal extraction
and Confirmatory Factor Analysis; have been analyzed and
reviewed. These techniques are primarily based on mathematical
of the user’s sensitive financial details on the magnetic stripe
cyber-security concepts. Henceforth, it has been tried to find out from ATMs, debit, and credit cards. This is usually done by
whether the investigation of similar crimes can be done the installation of malware on the card reader used by the
satisfactorily using the readily-accessible digital forensics tool: victim.
Autopsy. Also, it has been explored whether the aforementioned SMiShing: It involves the extracting of a user’s bank
cyber-security techniques can be embedded along with the digital
account details through the exchange of text messages over
forensics tool to achieve the best results, through training a bot to
automatically perform accurate investigations of such crimes. the cell phone.
Thus, it has been tried to automate the process of online financial Vishing: It is the theft of sensitive data using information
fraud investigation. interchange over the phone; either by messaging, instant
Keywords: Autopsy analysis, Cyber Security techniques, Cyber messaging, or phone calls, etc.
Crimes, Digital Forensics, Digital Investigation, EnCase analysis, SIM Swap fraud: Here, the attackers replace the victim’s
Report Generation, Software Tools, Timeline Analysis.
SIM card with a false one; they can somehow install spyware
on the original SIM card – which enables them to access all of
I. INTRODUCTION
the user’s phone data, including those related to finances.
Identity theft: In this crime, the criminal, using some basic
A few existing cyber-security techniques for the stolen credentials of the victim, such as Date of Birth, phone
investigation of such crimes, such as the Formal Concept number, addresses, and credit card numbers, builds up a fake
Analysis, Cross Drive Analysis, and Confirmatory Factor identity posing as the original victim. Internet-based financial
Analysis; have been analyzed and reviewed. These techniques crimes steal millions of dollars each year from the victims and
are primarily based on mathematical cyber-security concepts. continue to terrorize the Internet through various approaches.
The main real-time issues that affect the current generation is • Digital Forensics:
missing from the studied literary papers and our paper will be Digital forensics is a subsidiary of the main discipline
novel and up to date with the latest cases and methodologies. “Forensic Science”. While forensic science includes all
Henceforth, it will be tried to find out whether the studies, techniques, and findings related to various types of
investigation of similar crimes can be done satisfactorily crimes in all domains; the field of digital forensics is solely
using the two readily-accessible digital forensics tools: concerned with the investigations involved in the sphere of
Autopsy and Encase. The major features, as well as cyber-crime. It is used for the recovery and analysis of the
limitations of each of the techniques, will be highlighted. various computational devices suspected to be involved in the
Also, it will be explored whether the aforementioned crime; or found at the crime scene.
cyber-security techniques can be embedded within the digital • Cyber Security:
forensics concepts to achieve the best results. Cyber-security is a discipline that is primarily aimed at the
The terminologies are: overall protection of computer systems within an
• Online Frauds and Financial Frauds: organization. This includes the security of the system
software, hardware as well as data stored in the system
Revised Manuscript Received on June 30, 2020. database. Thus, it protects computational assets from online
* Correspondence Author
Simran Koul*, School of Computer Science and Engineering, Vellore
and cyber-attacks. There are various techniques employed for
Institute of Technology, Vellore, Tamil Nadu, India. the fulfillment of the purpose of safety of the cyberspace, such
Email: simran.koul@yahoo.com as computer access control, insertion of safety codes,
Yash Raj, School of Computer Science and Engineering, Vellore compulsory authentication, encryption, firewall, etc.
Institute of Technology, Vellore, Tamil Nadu, India.
Email: yashraj.vit01@gmail.com
Simriti Koul, School of Computer Science and Engineering, Vellore
Institute of Technology, Vellore, Tamil Nadu, India.
Email: simriti.koul@yahoo.com

Published By:
Retrieval Number: I7185079920/2020©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.I7185.079920
446 & Sciences Publication
 Analyzing Cyber Trends in Online Financial Frauds using digital Forensics Techniques

• Formal Concept Analysis: Nisarg Trivedi and Dhruv Patel (2015) in the paper
Formal Concept Analysis is a mathematical cyber-security “Digital Evidence Handling Using Autopsy”, discussed the
technique. It works by first structuring the input dataset into a various features provided by the forensic tool: Autopsy. They
concept lattice, and then the division of these formed lattices analyzed the software’s efficiency using various test cases.
into a binary lattice. This binary lattice can be then used to They have also described the functioning of the software for
verify which data is fake; and which one is presumably fraud. the cases they investigated using it. They concluded that
This technique has already been applied to the field of online Autopsy was fairly well-performing when it came to
financial fraud investigations, with satisfactorily good conduction of digital investigations; with limited number of
performances. issues. [3]
• Cross Drive Analysis: Peter Prudon (2015) in the journal article “Confirmatory
In the Confirmatory Factor Analysis, the primarily Factor Analysis as a Tool in Research Using Questionnaires:
quantitative-type data analyzed by the investigators are then A Critique” provided a detailed explanation and criticism
checked with the previously-existing similar data records; to related to the usage of the Confirmatory Factor Analysis
“confirm” the consistency of the result interpretation. In case technique in investigation procedures. He talked about how
the deviations are very small, this technique is extremely the methodology of calculating deviation between the
useful to predict the forensic results. This technique has also predicted results and the previously-known results (relating to
already been used in the field of online financial crime similar research cases) could be used to determine the
investigation. accuracy of a particular prediction. Such a prediction can be
• Autopsy: used in investigative sciences. Also, the extent of accuracy of
Autopsy is a fairly popular digital forensics tool. It serves results was discussed; which was satisfactory. [4]
as a platform as well as a graphical interface for digital-crime Tommie W. Singleton (2006), in the publication “Digital
investigation purposes. It is a much simpler part of the Sleuth Evidence in a Fraud Investigation” talked about the
Kit forensics software. It is primarily used by corporate significance of cyber evidence in various criminal activities,
organizations, law enforcement agencies, and to some extent, including financial malpractices. He concluded that digital
by the military forces – for online crime inspection. It can be forensics is an increasingly important area in the investigation
used to extract the past events that occurred on a particular of several crimes using forensic sciences. According to him,
computer system. It provides features such as the creation of digital evidence should not be neglected as it can give new
disk images to prevent evidence loss, analysis of user activity, directions to any legal proceedings. Also, the digital
analysis of the discovered data on the system, retrieval of the investigation should not be limited to just the victim and
deleted data items, etc. It is supported by most operating accused’s computational devices; but also, be extended to
system platforms; such as Windows, Ubuntu, Linux, Unix, other peripherals. [5]
etc. It can also be run on the cell phone platform of Android; At the Digital Forensics Research Workshop (DRFWS)’s
using the specialized “Autopsy: Mobile Forensics” toolkit. conference proceedings held in 2006 in the USA, Dr.Simson
• EnCase: Garfinkel proposed the technique of Cross Drive Analysis for
Encase is the most popular and top-performing software digital crime investigation. In this method, data could be
tool used in the field of computer forensics. It is the leading accumulated from various suspect drives (or other sources).
tool used by professional investigator teams, law agencies, The accumulated data was then statistically analyzed and
corporate CSIRT teams, military intelligence officers, etc. correlation between them was found out. This trained the
model to correlate any input data with a particular pre-defined
II. LITERATURE SURVEY category. [6]Frano Škopljanac-Mačina, et al (2013), in the
Matthew Kul and Nick Waler (2017) in the publication paper “Formal Concept Analysis – Overview and
“Cyber-security and Fraud Management Convergence” talked Applications” discussed this mathematical investigative
about the growing importance of cyber-security techniques procedure in detail. In this paper, the working of the technique
and tools, concerning the rapid spurt of growth of cyber and its basic principle was briefed. According to the paper,
frauds, especially financial frauds. They also discussed the the technique generates “concept lattices” based on the input
various challenges involved the domain of cyber-security, datasets, in which similar inputs are grouped into one lattice.
such as legal permissions, unresolved technical issues, etc. [1] Thus, the input data can be divided or classified under various
Benjamin E. Onodi, et al (2015) in the paper “The Impact label names, which makes it a useful tool for forensic sciences
of Forensic Investigative Methods on Corporate Fraud as well. [7] Waziri et al (2014) in the paper “e-Fraud
Deterrence in Banks in Nigeria”, explored Garfinkel’s Forensics Investigation Techniques with Formal Concept
technique of Cross Drive Analysis for investigation of Analysis” discussed the application of the mathematical cyber
financial cyber-crimes. For the implementation of this security-based technique of using Formal Concept Analysis
experimentation, data comprising of credit card numbers, (FCA) for the binary classification of the input dataset into
email addresses, and other kinds of confidential information either genuine or fraud. In this model, The FCA technique
was accumulated from various victimized hard drives and was used to analyze the various data gathered from victim as
other sources; and their correlation with the perpetrator’s well as suspects’ mobile communication devices such as cell
communication messages, geographical coordinates, etc. was phone, tablets etc.
found out. This gave a significantly clear idea about the actual
perpetrator. [2]

Published By:
Retrieval Number: I7185079920/2020©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.I7185.079920
447 & Sciences Publication
 International Journal of Innovative Technology and Exploring Engineering (IJITEE)
ISSN: 2278-3075, Volume-9 Issue-9, July 2020

Then, the visualization of the relationship between the 9. This email is used to track down the suspect’s IP
crime occurrences within different proximal geographical address, which is then used to track the suspect’s location
areas was achieved successfully. This helped to develop a which is in turn used to track the suspect’s location
pre-trained model which, when given similar whenever he connects to the internet.
crime-investigation input as well as geographical area, could 10. Finally, even if the suspect uses a VPN, the police
classify the data as fraud or not. This would greatly help will be able to see his activity through the suspect ISP and
financial firm websites. [8] contact the VPN Company to disclose the suspect location.
Peter Prudon (2015) in the journal article “Confirmatory The process carried out is illustrated in the flowchart in Fig.
Factor Analysis as a Tool in Research Using Questionnaires: 1.
A Critique” provided a detailed explanation and criticism ii. Extraction of evidence (victim’s credentials) from the
related to the usage of the Confirmatory Factor Analysis suspect’s computer drive:
technique in investigation procedures. He talked about how 1. First, create a new Autopsy case for the suspect’s
the methodology of calculating deviation between the computer seized in the investigation.
predicted results and the previously-known results (relating to 2. Create an image of the suspect’s hard drive.
similar research cases) could be used to determine the 3. Add this image as the data source for this new case.
accuracy of a particular prediction. Such a prediction can be 4. Perform keyword searches for victim’s stolen
used in investigative sciences. Also, the extent of accuracy of credentials, such as credit card numbers, passwords, etc.
results was discussed; which was satisfactory. [9] 5. Go to Views >> Deleted Files and browse through the
Dr. Simson Garfinkel (2010) in an article named “Digital emails.
forensics research: The next 10 years” discussed about the 6. Search for the deleted items in the unallocated disk
features provided by the forensic tool: EnCase. He discussed space.
its working, versions, features, limitations, etc. On the whole, 7. Go to results>> Extracted contents and browse
he concluded that, as of now, EnCase is one of the topmost through the web history, cookies, search history and
available forensics tools, which is heavily reliable and easily bookmarks.
accessible for various types of cyber-crime cases. [10] 8. Any evidence found against the suspect must be
carefully documented.
III. PROPOSED METHODOLOGY The process carried out is illustrated in the flowchart in Fig.
Most finance-related online crimes are committed by first 2.
provoking the user to somehow give out their credentials,
IV. MERGING CYBER-SECURITY
such as credit card numbers, passwords, etc. Thus, the crime
can be detected in two major steps: This section deals with “Embedding of cyber-security
• Extraction of emails and messages found to be provoking techniques with the functioning of Autopsy”.
the victim to give out his credentials: This can be done on the Design of automation (bots) for online finance-based fraud
victim’s computer or phone. With the help of this step, the investigation:
fraud email-id or phone number can be identified, which will AI bots can be trained to utilize Autopsy for email and
ultimately help to track down the location of the criminal. information retrieval, and then classify the emails as
• Once the crime suspects are identified, their computer’s suspicious or not (Formal Concept Analysis). Then, the bots
hard drive must be scanned for the victim’s credit card may also display the accuracy of their prediction, based on the
information as well as evidence of sending messages to the source used for email extraction (Confirmatory Factor
victim in the first place. Analysis). This algorithm devised is as follows:
The methodologies involved in the analysis of digital crime 1. Bot retrieves suspected emails/ messages from the
are divided into two major steps: victim’s hard drive using the Confirmatory Factor
i. Extraction of emails and messages found to be Analysis.
provoking the victim to give out his credentials: 2. Depending upon the location from where the emails
1. First, create a new Autopsy case for the victim’s were retrieved (Outlook.pst, Windows Mail, etc.), the
computer seized in the investigation. emails are classified as more suspicious or less suspicious
2. Then create the image of the victim’s computer or (Supervised learning- Formal Concept Analysis).
phone hard drive. 3. The most suspicious emails will be used to track the IP
3. Further, the image is added as the data source for the address (and hence location) of the suspect for further
new case. enquiry).
4. Perform keyword searches with the terms commonly 4. On the suspect’s hard drive, the bot searches for the
used by fraudsters to provoke users to give out credentials. victim’s stolen credentials or any records of money
5. Further, got to Outlook.pst >> Email and browse transfer; by retrieving the deleted items.
through the retrieved emails. 5. Then a match between the victims’ stolen credentials
6. Go to Windows Mail and browse through the emails. and the information retrieved from the suspect’s drive is
7. By now, the messages sent by the suspect to the victim carried out.
are retrieved.
8. The time sent and email id is recovered. Sometimes,
the cell phone number may also get recovered.

Published By:
Retrieval Number: I7185079920/2020©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.I7185.079920
448 & Sciences Publication
 Analyzing Cyber Trends in Online Financial Frauds using digital Forensics Techniques

Using the Confirmatory Factor Analysis, the bot gives

the percentage accuracy with which one can say that the
suspect is the real criminal.
The functioning of the proposed bot is explained as
follows:
1. Initially, the bot will create a disk image file of the
victim’s computer hard drive; and feed it to the Autopsy
software as the input source file.
2. Then, using the steps mentioned before, the bot will
retrieve all the emails which contain the suspected keywords
(the emails which provoked the victim to disclose his bank
credentials).
3. These emails are retrieved primarily either from the
location “Outlook.pst” or “Windows mail”. Based on
previous similar cases, the bot has been trained (through
supervised learning), to classify which emails are more
suspicious and important (based on the number and type of
keywords, and the location from where they are retrieved).
This binary classification is a cyber-security technique called
Formal Concept Analysis.
4. The most suspicious emails are then used to track the
sender’s IP address. Subsequently, whenever the criminal
connects to the internet, his location will be disclosed. Even if
he uses a VPN (Virtual Private Network), the ISP (Internet
Service Provider) can retrieve which VPN is being used, and
the VPN Company can disclose the suspect’s location.
5. Then, after the suspect’s computer drive is seized, the
bot will retrieve all the deleted files, and search the entire
system for information related to the victim (such as personal
credentials, etc.), and the crime (such as emails relating to
theft, etc.). This is done using the Autopsy software.
6. The bot then carries out a similarity test between the
information retrieved from the victim as well as suspect’s
drives. This helps to predict the accuracy of the prediction (as
to whether the suspect is the actual criminal or not). The
accuracy calculation is done by the bot using the
cyber-security technique called as Confirmatory Factor Fig. 1. Extraction of emails and messages found to be
Analysis, in which accuracy is predicted based on past similar provoking the victim to give out his credentials.
cases. The process that is carried out by the bot is illustrated in
the flowchart in Fig. 3.

V. FLOWCHARTS

Published By:
Retrieval Number: I7185079920/2020©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.I7185.079920
449 & Sciences Publication
 International Journal of Innovative Technology and Exploring Engineering (IJITEE)
ISSN: 2278-3075, Volume-9 Issue-9, July 2020

identification are pondered upon. All the vital immediate

steps to be done for extraction and identification including
seizure scan and preservation is formulated. This ensures
proper handling of the evidence after the crime is committed
and identified.
Next, two methodologies were formulated related to both
the victim and the culprit. These included creating a separate
copy of the evidence for safekeeping, performing the keyword
search using deep neural network and natural language
processing by the software used. The initial search for the
evidence in suspect’s computer, followed by recovery of hard
drives with the analytical procedure was formulated next,
ensuring the completion of the entire digital forensic process.
Finally, the merging of cyber-security through the usage of
bots which would automate the entire process of digital
forensic ensured the desired merge that is essential in these
times of virtual reality. The functioning of the proposed bot
included the additional functionality of tracking the IP
address and using the ISP of the suspects and victims seized
systems to ensure a well-rounded investigation. This helped to
analyze the accuracy of the prediction (as to whether the
suspect is the actual criminal or not). The accuracy calculation
is done by the bot using the cyber-security technique called as
Confirmatory Factor Analysis, in which accuracy is predicted
based on past similar cases.
Finally, the merged bot introduced in the digital forensic
Fig. 2. Extraction of evidence (victim’s credentials) from procedure of analyzing the cyber trends in online financial
the suspect’s computer drive.
frauds proved much more efficient and time-saving.

VII. CONCLUSION
We can conclude that to handle such a large number of
finance-related cyber-crimes, AI bots can be trained to predict
who has committed the crime. This can be done by embedding
the forensics software “Autopsy” within the bot’s processor;
as well as training the bot (via supervised learning) to classify
the emails and predict the accuracy of the results obtained
using cyber-security techniques (Formal Concept Analysis
and Confirmatory Factor Analysis).
This mechanism will have several advantages. Usage of the
digital forensics tool alone does not guarantee the accuracy of
the results, and usage of the cyber-security technique alone is
a lengthy process. Moreover, the use of bots would save a lot
of time and manpower.
The disadvantage of the proposed bot design technique is
that it is highly resource-intensive. The Development of AI
bots alone requires a lot of technical resources. Providing
them further training would incur even greater costs. Plus, as
the system is new – it is more prone to glitches, which will be
eventually resolved over time.
Thus, if such a bot is successfully designed to investigate the
online financial frauds, it would be greatly helpful to the
Fig. 3. The functioning of the proposed bot is explained investigating agencies.
in this figure.

VI. RESULT AND DISCUSSION

The real problem that threatens millions today is that of
cyber fraud and digital malpractices that needs immediate
curb. This research paper analyzed how we can do so. First
the major two crime detection technique, extraction and

Published By:
Retrieval Number: I7185079920/2020©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.I7185.079920
450 & Sciences Publication
 Analyzing Cyber Trends in Online Financial Frauds using digital Forensics Techniques

REFERENCES
1. G. Eason, B. Noble, and I. N. Sneddon, “On certain integrals of
Lipschitz-Hankel type involving products of Bessel functions,” Phil.
Trans. Roy. Soc. London, vol. A247, pp. 529–551, April 1955.
(references)
2. J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd ed.,
vol. 2. Oxford: Clarendon, 1892, pp.68–73.
3. I. S. Jacobs and C. P. Bean, “Fine particles, thin films and exchange
anisotropy,” in Magnetism, vol. III, G. T. Rado and H. Suhl, Eds. New
York: Academic, 1963, pp. 271–350.
4. K. Elissa, “Title of paper if known,” unpublished.
5. R. Nicole, “Title of paper with only first word capitalized,” J. Name
Stand. Abbrev., in press.
6. Y. Yorozu, M. Hirano, K. Oka, and Y. Tagawa, “Electron spectroscopy
studies on magneto-optical media and plastic substrate interface,”
IEEE Transl. J. Magn. Japan, vol. 2, pp. 740–741, August 1987
[Digests 9th Annual Conf. Magnetics Japan, p. 301, 1982].
7. M. Young, The Technical Writer’s Handbook. Mill Valley, CA:
University Science, 1989.
8. Prajval Mohan, Pranav Narayan, Lakshya Sharma, Tejas Jambhale,
Simran Koul, "Iterative SARSA: The Modified SARSA Algorithm for
Finding the Optimal Path". International Journal of Recent Technology
and Engineering (IJRTE). ISSN: 2277-3878, Volume-8 Issue-6, March
2020.
9. Prajval Mohan, Adiksha Sood, Lakshya Sharma, Simran Koul, Simriti
Koul, “PC-SWT: A Hybrid Image Fusion Algorithm of Stationary
Wavelet Transform and Principal Component Analysis”. International
Journal of Engineering and Advanced Technology (IJEAT)’, ISSN:
2249-8958, Volume-9 Issue-5, June 2020.
10. Simran Koul, “Contribution of Artificial Intelligence and Virtual
Worlds Towards Development of Super Intelligent AI Agents”

AUTHORS PROFILE

Simran Koul was born in Jammu, India, on

10th November 1998. She completed her senior
high school in FAIPS DPS, Ahmadi, Kuwait. She is
currently pursuing for her Bachelor’s Degree in
Computer Science and Engineering at Vellore
Institute of Technology, Vellore, India. She is
currently working on projects which involve
concepts of Digital Forensics, Robotics, Artificial
Intelligence and Natural Language Processing.

Yash Raj was born in Tatanagar on 16th

November 1997. He completed his Senior High
School from DAV Public School, Tatanagar.
Yash is currently in his seventh semester with a
GPA of 9.22 pursuing his B. Tech in Computer
Science and Engineering from Vellore Institute of
Technology, Vellore, India. Yash has been the
winner of the prominent VIT Hack and has been
awarded for the same by the chancellor and board of directors. His areas of
interest include MEAN Stack Development, Machine Learning, Artificial
Intelligence, Digital Forensics and Database Management. Yash has
advanced knowledge of the python programming language and has been
certified by Hackerrank. Yash has interned with leading companies like JP
Morgan & Co. and Tata Steel Ltd. He is currently working on COVID-19
web portal analysis and forensic cyber-security.

Simriti Koul was born in Jammu, India, on 10th

November 1998. She completed her senior high
school in FAIPS DPS, Ahmadi, Kuwait. She is
currently pursuing her Bachelor's Degree in
Computer Science Engineering at Vellore Institute
of Technology, Vellore, India. She is currently
working on projects which involve concepts of
Artificial intelligence, Data Analytics, Digital
Forensics and Natural Language Processing.

Published By:
Retrieval Number: I7185079920/2020©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.I7185.079920
View publication stats
451 & Sciences Publication