LIST OF EXPERIMENTS

1. Using open source tools like esoofer to check

vulnerability of email server.

2. Simulate Phishing attack.

3. Research a recent cyber attack against a country's
critical infrastructure or government networks, and
analyze the response of the affected country's
government. Evaluate the effectiveness of the
country's cybersecurity policy and incident response
capabilities, and identify areas for improvement.

4. IP Tracking

5.E-mail Tracking

6. Forensic Tool kit

7. Use computer forensics software tools to cross

validate findings in computer evidence-related cases.
8. Examine the role of international cooperation in
promoting cybersecurity and protecting
against cyber threats. Evaluate the effectiveness of
current international cyber security agreements and
initiatives and makes for how a country could better
engage in international cooperation to enhance its
cybersecurity posture.
Experiment 1: Checking Vulnerabilities of an Email
Server
Tools Used:
 Esoofer: An open source tool designed for security
testing and analysis.
Steps:
1. Setup and Configuration:
o Install and configure Esoofer on your local machine

or a server.
o Ensure you have permissions to scan and test

vulnerabilities on the email server.

2. Scan for Vulnerabilities:
o Use Esoofer to scan the email server for known

vulnerabilities.
o Esoofer might perform checks for common issues

such as outdated software versions,

misconfigurations, open ports, etc.
3. Output:
o Esoofer will generate a report detailing any

vulnerabilities found.
o Reports typically include severity levels (e.g.,

critical, high, medium, low), descriptions of

vulnerabilities, and recommended actions to
mitigate them.
o Example output might identify issues like open

SMTP relays, weak authentication methods, or

outdated software susceptible to known exploits.
4. Action:
o Based on the report, take necessary actions to fix

identified vulnerabilities.
 o This may involve updating software, adjusting
configurations, or implementing additional security
measures.
o

Experiment 2: SIMULATED PHISHING

ATTACK
To launch a simulated phishing attack, do the
following steps:
1.In the Microsoft Defender portal
at https://security.microsoft.com, go to Email
& collaboration > Attack simulation
training > Simulations tab. Or, to go
directly to the Simulations tab,
use https://security.microsoft.com/attacksimul
ator?viewid=simulations.
2.On the Simulations tab, select Launch a
simulation to start the new simulation
wizard.
Experiment Setup:
1. Objective: Define the objective of the experiment. For
example, the objective could be to assess the
susceptibility of employees to phishing attacks and
evaluate the effectiveness of existing awareness training.
2. Simulation Design:
o Target Audience: Decide on the target audience for

the phishing simulation (e.g., employees of a

specific department or across the organization).
 o Phishing Scenario: Develop a realistic phishing
email scenario. This could involve creating an email
that mimics a common type of phishing attempt
(e.g., a fake HR announcement, a security alert, or a
promotional offer).
o Payload: Decide on the payload of the phishing

email (e.g., a link to a fake login page, a malicious

attachment, or a request for sensitive information).
3. Execution Plan:
o Distribution: Send out the phishing email to the

selected target audience.

o Monitoring: Monitor the responses or actions taken

by recipients (e.g., clicks on links, opening of

attachments, or submission of credentials).
Conducting the Phishing Attack:
1. Sending the Phishing Email:
o Ensure the phishing email is sent to the selected

recipients at an appropriate time.

o Use tools or email services that allow tracking of

interactions (e.g., opening rates, click rates).

2. Monitoring Responses:
o Track responses to the phishing email in real-time

(if possible) or periodically.

o Record data such as how many recipients opened

the email, how many clicked on links, and how

many entered credentials or downloaded
attachments.
Analysis of Results:
1. Quantitative Analysis:
 oCalculate metrics such as click-through rate (CTR),
conversion rate (percentage of recipients who
submitted information), and response times.
o Compare these metrics with industry benchmarks if

available.
2. Qualitative Analysis:
o Analyze any patterns or trends observed in recipient

behavior.
o Assess the effectiveness of existing security

awareness training based on the responses.

3. Report Findings:
o Summarize the findings of the phishing simulation

experiment.
o Provide insights into areas of vulnerability and

potential risks to the organization.

o Make recommendations for improving

cybersecurity awareness and training programs

based on the experiment results.
Output of the Experiment:
 Phishing Simulation Report: A detailed report
documenting the experiment setup, execution process,
and analysis of results.
 Metrics and Analysis: Quantitative and qualitative data
on recipient responses, including CTR, conversion rates,
and behavioral insights.
 Recommendations: Actionable recommendations for
strengthening organizational defenses against phishing
attacks, based on identified vulnerabilities and
observations.
EXPERIMENT 3:
Analyzing a recent cyber attack against a country's critical
infrastructure or government networks involves several steps.
Here’s a structured approach to fulfill this request:
Recent Cyber Attack Example:
1. Cyber Attack Incident: Describe the recent cyber attack
against a country's critical infrastructure or government
networks. For instance, let's consider the cyber attack on
[Country X]'s government networks in [Month, Year].
2. Nature of the Attack: Detail the nature of the cyber
attack - whether it was ransomware, a DDoS attack,
espionage, etc. Include information on the targets
affected and the extent of the damage caused.
3. Response of the Affected Country's Government:
o Immediate Response: How did the government

respond in the immediate aftermath of the attack?

What measures were taken to contain the attack and
mitigate its impact?
o Public Communication: How did the government

communicate the incident to the public and other

stakeholders?
o Coordination: Describe the coordination efforts

between government agencies, cybersecurity firms,

and possibly international partners.
4. Effectiveness of Cybersecurity Policy and Incident
Response:
o Policy Assessment: Evaluate the effectiveness of

the country's cybersecurity policies in preventing

such attacks. Discuss relevant policies on critical
infrastructure protection, incident reporting, and
response frameworks.
 oIncident Response Evaluation: Assess the
effectiveness of the country's incident response
capabilities. Did they follow established protocols?
Were there any delays or gaps in response?
o Technical Capabilities: Evaluate the technical

capabilities demonstrated during the response phase,

such as forensic analysis, malware identification,
and network recovery.
5. Areas for Improvement:
o Policy Gaps: Identify any shortcomings or gaps in

existing cybersecurity policies that the attack

exposed.
o Operational Improvements: Suggest

improvements in operational readiness, such as

enhancing threat intelligence sharing, establishing
clearer protocols for public-private partnerships in
cybersecurity, or investing in advanced
cybersecurity technologies.
o Training and Awareness: Discuss the importance

of continuous training and awareness programs for

government personnel and critical infrastructure
operators.
Output of Research:
 Detailed Incident Analysis: A comprehensive report
detailing the cyber attack incident, its impact, and the
response of the affected country's government.
 Policy and Capability Evaluation: A critical
assessment of the effectiveness of the country's
cybersecurity policy and incident response capabilities.
 Recommendations for Improvement: Concrete
recommendations for enhancing cybersecurity resilience
 and response capabilities, based on identified areas for
improvement.

EXPERIMENT 4:
Conducting the IP Tracking Experiment:
1. Implement IP Tracking:
o Set up the chosen tracking tool to start monitoring

IP addresses.
o Ensure that logging or data collection is enabled to

capture relevant information.

2. Capture Data:
o Monitor incoming connections or visits over a

specified period.
o Record IP addresses, timestamps, and any additional

metadata depending on your experiment’s

objectives.
Analysis of Results:
1. Data Analysis:
o Compile the captured data into a format suitable for

analysis (e.g., CSV file, database).

o Use tools like Excel, Python scripts, or specialized

analytics software to analyze the data.

2. Interpret Results:
o Identify patterns or trends in the IP addresses

tracked. For example, analyze geographic

distribution, frequency of connections, or patterns of
activity.
o Look for anomalies or suspicious behavior that may

warrant further investigation.

3. Generate Insights:
 o Summarize findings and insights derived from the
analysis.
o Interpret the implications of the tracked IP
addresses for the experiment’s objectives (e.g.,
understanding user behavior, identifying potential
security risks).
Output of the Experiment:
 IP Tracking Report: A detailed report documenting the
experiment setup, methodology, data collected, analysis
process, and findings.
 Data Visualizations: Charts, graphs, or maps to
visualize IP address distribution or patterns observed.
 Recommendations: Actionable recommendations based
on the experiment’s findings, such as enhancing network
security measures, optimizing website performance, or
refining marketing strategies.
Example Output:
 Summary: The experiment tracked incoming
connections to a website over a month-long period.
 Findings: Identified a significant portion of visitors from
specific geographical regions, with a spike in traffic
during weekends.
 Recommendations: Suggested optimizing website
content for targeted regions, improving load balancing
for peak traffic times, and reviewing security measures to
protect against potential threats identified.

EXPERIMENT 5:
Conducting an email tracking experiment involves monitoring
and analyzing various aspects of email interactions, such as
opens, clicks, and conversions. Here’s a step-by-step guide to
simulate and analyze such an experiment:
Experiment Setup:
1. Objective: Define the objective of the experiment. For
instance, you might want to assess the effectiveness of an
email campaign, track recipient engagement, or analyze
email deliverability.
2. Tools and Resources:
o Email Marketing Platform: Choose an email

marketing platform that supports tracking features.

Popular options include Mailchimp, HubSpot, or
specialized tools like SendGrid.
o Tracking Settings: Ensure tracking features like

open tracking and link tracking are enabled in your

email platform.
3. Email Design:
o Create an email template suitable for your

experiment’s objective. This could be a promotional

email, newsletter, or informational message.
o Include trackable elements such as links and images

to gather engagement data.

Conducting the Email Tracking Experiment:
1. Send Test Emails:
o Send the designed email to a test group or actual

recipients, depending on the scale and purpose of

your experiment.
o Ensure that each email is properly tagged for

tracking purposes.
2. Monitor Metrics:
o Track key metrics such as:
  Open Rate: Percentage of recipients who
opened the email.
 Click-through Rate (CTR): Percentage of

recipients who clicked on links within the

email.
 Conversion Rate: Percentage of recipients

who completed a desired action (e.g., making a

purchase, signing up for a webinar) after
clicking on a link.
 Bounce Rate: Percentage of emails that were

not successfully delivered to recipients’

inboxes.
 Unsubscribe Rate: Percentage of recipients

who opted out of future emails.

3. Collect Data:
o Use the reporting features of your email marketing

platform to gather data over a specified period.

o Export the data for further analysis if needed.

Analysis of Results:
1. Data Analysis:
o Analyze the collected data to understand recipient

behavior and engagement patterns.

o Use tools like Excel, Google Sheets, or the analytics

dashboard provided by your email platform to

perform detailed analysis.
2. Interpret Results:
o Identify trends or insights from the metrics. For

example, determine which subject lines or content

types generated higher engagement.
o Assess the effectiveness of the email campaign in

achieving its objectives (e.g., driving traffic to a

website, generating sales).
 3. Generate Insights:
o Summarize findings and insights derived from the

analysis.
o Provide actionable recommendations for optimizing

future email campaigns based on the experiment’s

results.
Output of the Experiment:
 Email Tracking Report: A comprehensive report
documenting the experiment setup, methodology, metrics
collected, analysis process, and findings.
 Data Visualizations: Charts, graphs, or tables to
visualize key email metrics and trends observed.
 Recommendations: Actionable recommendations for
improving email marketing strategies, enhancing
engagement, or optimizing email deliverability.
Example Output:
 Summary: The experiment tracked the performance of a
promotional email campaign over a two-week period.
 Findings: Identified a high open rate but relatively low
click-through rate, suggesting potential improvements in
call-to-action (CTA) design.
 Recommendations: Proposed testing different subject
lines, optimizing email content for mobile devices, and
segmenting the audience based on engagement levels for
future campaigns.

EXPERIMENT 6:
Conducting forensic experiments using a toolkit involves
using specialized software and techniques to investigate
digital evidence for legal purposes. Here’s how you can set up
and execute forensic experiments with a toolkit, along with
the expected output:
Experiment Setup:
1. Objective: Define the objective of the forensic
experiment. For example, you may aim to recover
deleted files, analyze a compromised system for
malware, or investigate unauthorized access to digital
assets.
2. Forensic Toolkit Selection:
o Choose a suitable forensic toolkit based on your

experiment’s objectives. Popular forensic toolkits

include:
 Autopsy: An open-source digital forensics

platform that supports analysis of disk images,

memory dumps, and mobile devices.
 EnCase Forensic: A commercial forensic

toolkit used for collecting and analyzing digital

evidence from various sources.
 FTK (Forensic Toolkit): Another commercial

toolkit known for its robust file system analysis

and recovery capabilities.
3. Evidence Collection:
o Identify the sources of digital evidence relevant to

your experiment (e.g., hard drives, USB drives,

memory dumps, network traffic logs).
o Ensure proper handling and preservation of

evidence to maintain chain of custody.

Conducting the Forensic Experiment:
 1. Image Acquisition:
o Create forensic images of the storage devices or

systems containing the evidence. This involves

making a bit-by-bit copy of the original data to
ensure integrity.
2. Analysis and Examination:
o Use the forensic toolkit to analyze the acquired

images. Perform tasks such as:

 File Recovery: Retrieve deleted files and

folders from the image.

 Metadata Analysis: Examine file metadata

(creation dates, user information) for clues.

 Keyword Search: Search for specific terms or

artifacts within the image.

 Timeline Analysis: Construct a timeline of

events based on file timestamps and system

logs.
 Registry Analysis: Investigate system registry

entries for evidence of installed software or

user activity.
3. Reporting and Documentation:
o Document each step of the analysis process

thoroughly.
o Record findings, including any artifacts discovered,

anomalies identified, and potential implications for

the investigation.
Analysis Output:
1. Forensic Analysis Report:
o A detailed report summarizing the experiment’s

objectives, methodology, tools used, and findings.

 oInclude information on the digital evidence
analyzed, such as file system structures, recovered
files, and analysis results.
2. Findings and Interpretations:
o Present findings in a clear and concise manner,

highlighting significant discoveries and potential

implications.
o Interpret the findings within the context of the

experiment’s objectives and any relevant legal or

investigative frameworks.
3. Recommendations:
o Provide recommendations based on the findings,

such as further investigative steps, additional data

sources to explore, or improvements in digital
security measures.
Example Output:
 Summary: The experiment utilized EnCase Forensic to
analyze a disk image from a suspected compromised
system.
 Findings: Recovered deleted files containing
incriminating documents and identified unauthorized
user access through timestamp analysis.
 Recommendations: Suggested conducting further
analysis on network logs to trace the origin of
unauthorized access attempts and strengthening access
controls to prevent future incidents.

EXPERIMENT 7:
Cross-validating findings in computer evidence-related cases
involves using multiple forensic software tools to ensure the
accuracy and reliability of the analysis. Here’s a step-by-step
outline to conduct such an experiment:
Experiment Setup:
1. Objective: Define the objective of the experiment. For
instance, you may aim to validate the presence of
specific files, analyze user activity logs, or verify
timestamps of critical events.
2. Forensic Tool Selection:
o Choose at least two different forensic software tools

with complementary functionalities. Examples

include:
 Autopsy: Open-source platform for analyzing

disk images and mobile devices.

 EnCase Forensic: Commercial toolkit known

for its comprehensive file system analysis and

data recovery capabilities.
 FTK (Forensic Toolkit): Another commercial

tool that provides robust search and recovery

features.
3. Evidence Collection:
o Identify the digital evidence sources relevant to

your experiment (e.g., hard drive image, memory

dump, network logs).
o Ensure proper acquisition and preservation of

evidence to maintain its integrity.

Conducting the Experiment:
1. Image Acquisition:
o Create forensic images of the storage devices or

systems containing the evidence using both forensic

tools. Ensure the images are identical to maintain
consistency.
 2. Analysis and Examination:
o Use each forensic tool independently to analyze the

acquired images. Perform tasks such as:

 File Recovery: Recover deleted files and

folders.
 Metadata Analysis: Examine file attributes

and timestamps.
 Keyword Search: Search for specific terms or

artifacts within the image.

 Timeline Analysis: Construct a timeline of

events based on system logs and file

timestamps.
 Registry Analysis: Investigate system registry

entries for software installations and user

activities.
3. Cross-validation:
o Compare and contrast the findings obtained from

each forensic tool:

 Identify Consistencies: Note findings that are

consistent across both tools, such as the

presence of specific files or timestamps.
 Highlight Discrepancies: Identify any

discrepancies or differences in findings

between the tools. This could indicate areas for
further investigation or potential errors in
analysis.
 Resolution: If discrepancies arise, attempt to

resolve them by revisiting the analysis process

or conducting additional tests.
Analysis Output:
1. Cross-validation Report:
 oDocument the experiment setup, methodologies
used, and findings from each forensic tool.
o Present a comparison of findings, highlighting areas

of agreement and discrepancy.

o Provide explanations or interpretations for

discrepancies and outline any necessary follow-up

actions.
2. Findings and Interpretations:
o Summarize the overall findings and their

implications for the case.

o Discuss the reliability and accuracy of the forensic

tools based on the experiment results.

o Make recommendations for improving future

forensic investigations or methodologies based on

lessons learned.
Example Output:
 Summary: The experiment utilized Autopsy and EnCase
Forensic to analyze a disk image from a computer
involved in a digital theft case.
 Findings: Both tools identified suspicious file downloads
on specific dates, supporting the prosecution’s timeline
of events.
 Discrepancy: Autopsy initially missed a hidden folder
containing critical evidence, which was later discovered
by EnCase Forensic.
 Recommendations: Emphasized the importance of using
multiple forensic tools to ensure comprehensive analysis
and recommended refining search parameters to avoid
overlooking hidden data in future cases.
 Experiment 8:
International cooperation plays a crucial role in promoting
cybersecurity and defending against cyber threats in today's
interconnected world. Here’s an examination of its role,
evaluation of current initiatives, and suggestions for
improvement:
Role of International Cooperation in Cybersecurity
1. Information Sharing and Collaboration: Countries can
share threat intelligence, vulnerabilities, and best
practices through international cooperation. This helps in
identifying emerging threats and implementing timely
defenses.
2. Standardization and Norms: Agreeing on international
standards and norms for cybersecurity promotes
consistency in defense strategies and facilitates better
coordination during cyber incidents.
3. Capacity Building: Developing countries benefit from
capacity-building programs offered by more advanced
nations or international organizations. This includes
training cybersecurity professionals and establishing
secure infrastructures.
4. Legal Frameworks: International cooperation aids in
harmonizing legal frameworks concerning cybercrime,
extradition of cybercriminals, and jurisdictional issues,
enabling more effective law enforcement across borders.
Evaluation of Current Initiatives
1. Effectiveness: While initiatives like the Budapest
Convention and regional agreements (e.g., EU's NIS
Directive) promote cooperation, their effectiveness varies
 due to uneven participation and differing national
priorities.
2. Challenges: Lack of trust between countries, differing
interpretations of cybersecurity threats, and varying
levels.
3. Emerging Threats: Rapidly evolving cyber threats,
including sophisticated cyber-attacks and hybrid threats,
highlight the need for agile and effective international
responses.
Strategies for Better Engagement
4. Strategic Alignment: Align national cybersecurity
strategies with international frameworks and standards.
Participate actively in global forums