1

PROJECT REPORT

BYTE SENTRY

Submitted for the Partial Fulfillment of the Requirements

for the Award of the Degree of

BSc. Cyber Forensic

Done by

ANUMOD R

210021042645

Under the guidance of

Ms. TEENA MATHEW

STAS, EDAPPALLY

CENTRE FOR PROFESSIONAL AND ADVANCED STUDIES

SCHOOL OF TECHNOLOGY & APPLIED SCIENCES
EDAPPALLY, KERALA

2021-2024
2

CENTRE FOR PROFESSIONAL AND ADVANCED STUDIES SCHOOL OF

TECHNOLOGY & APPLIED SCIENCES

EDAPPALLY, KERALA

CERTIFICATE

This is to certify that the project entitled “Byte Sentry” is a bonafide work done by ANUMOD R
submitted in the partial fulfilment of the requirement of the degree of B.sc Cyber forensic of school of
Technology and Applied Sciences, Edappally during the period 2021-2024.

Mrs.Swapna Ms. Teena Mathew

(Head of the Department) (Internal Guide)

Internal Examiner External Examiner

Date : 19/04/2023
3

ACKNOWLEDGEMENT

I express my sincere thanks to all those who have provided us valuable guidance towards the completion of
this system as part of the syllabus of the third year B.Sc. Cyber Forensics Course.

I am deeply indebted to my guide Teena Mathew, Lecturer, Department of Cyber Forensics for making
available her intimate knowledge and experience in making “BYTE SENTRY”.

I deeply thank Swapna M, Head of the Department of Cyber Forensics for her effective guidance and constant
encouragement, which let this information work to its successful completion.

I extend my gratitude to Thirumeni KR, Principal-in-charge, School of Technology and Applied Sciences (STAS),
Edappally, whose primary aim is to establish and promote educational institutions of excellence and eminence
in all fields to initiate and equip the youth with the originality of thinking, self-reliance, and technological
expertise.

I strive to the utmost of my sincerity to repay a millionth of my indebtedness with profound gratitude by
acknowledging the inestimable support and extensive guidance by our management members, School of
Technology and Applied Sciences (STAS), Edappally whose dedicated care has come down a long way not only
in competing support and venture but also in making our dreams into reality.
I would like to express my heartfelt thanks to my parents for their blessings, my dear friends, classmates, and all
faculties for their help and wishes for the successful completion of this.
4

INDEX

SL NO TITLE PAGE

1. ABSTRACT

2. INTRODUCTION

2.1 About the project

3. SYSTEM STUDY AND ANALYSIS

3.1 Existing system

3.1.1 Disadvantage

3.2 Proposed system

3.2.1 Advantage

4. SYSTEM CONFIGURATION

4.1 Hardware configuration

4.2 Software configuration

4.2.1 Backend

5. HASH CODE

5.1 SHA 256

6. SYSTEM TESTING AND IMPLEMENTATION

7. CONCLUSION
5

8. FURTHER SCOPE OF THE PROJECT

9. BIBLIOGRAPHY

9.1 Website referred

10. APPENDIX

10.1 Screenshots
6

ABSTRACT

The File Monitoring System is a Python-based application that provides real-time vigilance over files, promptly
alerting users via email in case of any unauthorized alterations. Users interact with the system through a web
interface, providing their email addresses and passwords for notification purposes. Upon file upload, individual
threads are initiated for each file, continuously calculating and comparing cryptographic hashes of their content.
If a modification is detected, an immediate email notification is dispatched to the user, pinpointing the affected
file. This application serves as a proactive security measure, bolstering data integrity and confidentiality by
swiftly notifying users of any changes.

The primary goal of this application is to provide users with a vigilant eye on their important files. By offering
real-time alerts for any unauthorized alterations, it empowers users to take immediate action, whether that
involves investigating the cause or restoring the original file. This proactive stance towards file security helps
ensure data remains intact and confidential, even in the face of potential threats.

One of the key advantages of the File Monitoring System is its ability to provide real-time monitoring. This
allows for swift responses and interventions in the event of any suspicious activities. The user-friendly interface
further contributes to its effectiveness, enabling users to quickly select and monitor files. Additionally, the
inclusion of email notifications ensures that users are promptly informed, even when they are not actively using
the application. The system also supports monitoring multiple files simultaneously, making it suitable for a
wide range of use cases. Furthermore, the application employs cryptographic hashing, a reliable method for
detecting even the slightest modifications, ensuring robust data integrity.
7

INTRODUCTION

The provided Python code implements a web application for monitoring and detecting modifications in
uploaded files. The application is built using the Flask framework, a popular web development tool in Python.

Upon starting the application, users can navigate to various routes, including a home page, an about us page,
and a main page. The key functionality of the application lies in the "monitor" route. Here, users can submit
their email and password along with one or more files for monitoring.

Each uploaded file is processed in a separate thread to allow for concurrent monitoring. The application saves
the files in a designated upload directory. For each file, a monitoring thread is created, and a flag is set to allow
for later termination of the monitoring process.

The monitoring process involves calculating a hash for each file and periodically comparing it with the initial
hash. If a modification is detected, an email is sent to the user notifying them of the change.

To facilitate email notifications, the application utilizes the smtplib library for sending emails through the Gmail
SMTP server. The application also employs the hashlib library for generating file hashes.

Overall, this code provides a simple yet effective means of monitoring files for modifications and notifying
users via email. It demonstrates the use of web development with Flask, multi-threading for concurrent
processing, and integration with email services for notifications.
8

ABOUT THE PROJECT

This Python application is designed to offer a robust file monitoring system with integrated email notifications.
It leverages the Flask framework to create a user-friendly web interface. Through this interface, users can
effortlessly upload files for monitoring. The system is adept at handling multiple files concurrently, thanks to its
implementation of separate monitoring threads for each uploaded file.

Upon submission, the uploaded files are stored in a specified directory. This ensures that the application has a
dedicated space to track any alterations made to the files. The system employs SHA-256 cryptographic hashing
to generate unique fingerprints for each file. These hashes serve as a reference point for comparison.

Whenever a modification is detected, an email notification is promptly dispatched to the user who originally
uploaded the file. This notification contains pertinent details about the nature of the modification, such as
whether the file has been altered. This email functionality is achieved through the integration of the smtplib
module, enabling seamless communication between the application and the user's email service.

To guarantee smooth operation, the application takes precautions to create the upload directory if it does not
already exist. This ensures that the system has a designated location to store uploaded files, mitigating potential
errors or disruptions in the monitoring process.

Overall, this file monitoring system provides an efficient and user-friendly solution for tracking modifications
in uploaded files. Its combination of Flask for web interface development, multi-threading for concurrent
monitoring, and email notifications for timely alerts makes it a powerful tool for users seeking to stay informed
about any changes to their files.
9

SYSTEM STUDY AND ANALYSIS

3.1 Existing system

➢ Traditional file integrity monitoring methods rely on manual processes and periodic checks.
➢ These methods involve comparing file hashes or checksums manually, which is time-consuming and
prone to human error.
➢ Furthermore, the lack of real-time detection capabilities hinders immediate response to file
modifications.

3.1.1 Disadvantage

1. Manual Monitoring: Requires manual effort to compare file hashes, making it tedious and error-prone.
2. Lack of Real-time Detection: Inability to detect file modifications immediately, leading to delayed
response.
3. Limited Scalability: Traditional systems struggle to handle large-scale file monitoring and management.
4. Reliance on Weak Hash Algorithms: Many traditional systems rely on the MD5 algorithm for file
hashing, which poses security risks.

3.2 Proposed system

➢ The proposed system is a Python script that automates file monitoring and notification.
➢ It provides a user-friendly interface for selecting the file to monitor and utilizes the SHA-256 hashing
algorithm to track file changes.
➢ When a modification occurs, the system sends an email notification to the user, ensuring timely
awareness of any file modification.

3.2.1 Advantages

1. Strong Hash Algorithms: File Integrity Sentinel utilizes robust hash algorithms like SHA-256, ensuring
secure and reliable file integrity verification.
2. Email Alerts and Notifications: The tool sends email alerts to specified recipients, enabling quick
response to file integrity issues.
3. Scalability: File Integrity Sentinel is designed to handle large-scale file monitoring, making it suitable
for organizations with diverse file environments.
10

SYSTEM CONFIGURATION

4.1 Hardware configuration

o Processor (CPU): Intel Core i7-11500

o Memory (RAM): 12 GB DDR4

o Storage: 1TB NVMe class 35 SSD

o Display: 23.8” FHD Non-Touch Anti-Glare

o Keyboard: Dell KB216 Wired Multimedia USB Keyboard

o Mouse: Dell MS116 Optical Mouse

4.2 Software configuration

• Operating System: Windows 10 or 11

• Python: Version 3.7
• Integrated Development Environments (IDEs): PyCharm, Visual Studio

4.2.1 Backend

Python is a very popular general-purpose interpreted, interactive, object-oriented, and highlevel

programming language. Python is dynamically-typed and garbage-collected programming language. It was
created by Guido van Rossum during 1985- 1990. Like Perl, Python source code is also available under the
GNU General Public License (GPL). Python supports multiple programming paradigms, including
Procedural, Object Oriented and Functional programming language. Python design philosophy emphasizes
code readability with the use of significant
11

FILE STRUCTURE

A hash code is a numerical value generated from a string of text. This means that a hash code is a numeric
representation derived from a sequence of characters. The process of generating this numeric representation
involves a mathematical algorithm known as a hash function.

It's a way of taking an input (or "message") and returning a fixed-size string of bytes. A hash function accepts
an input, often referred to as a message, and processes it to produce a hash value. This hash value is of a
predetermined length, which remains constant regardless of the length or size of the original input. For example,
the SHA-256 hash function always produces a 256-bit (32-byte) hash.

This output, known as the hash value or hash code, is unique to the specific input data. Each unique input will
produce a distinct hash value. This property is crucial for various applications like data integrity verification.
Even a slight modification in the input, such as changing a single character, will result in a completely different
hash value. This is a fundamental characteristic called the "avalanche effect."

Even a small change in the input will produce a significantly different hash code. Even if you alter a tiny
portion of the original input, the resulting hash value will be radically different. This property ensures that hash
functions are highly sensitive to changes in the input data.

5.1 SHA 256

SHA-256, or Secure Hash Algorithm 256-bit, is a cryptographic hash function widely employed in the field of
information security. As a member of the SHA-2 family, it is known for its robustness and high level of
security. At its core, SHA-256 operates by taking an input, also known as a message, and processing it through
a series of mathematical operations. The result is a fixed-size output of precisely 256 bits, or 32 bytes. This
output, known as the hash value, serves as a unique representation of the original input.

One of the fundamental characteristics of SHA-256 is its deterministic nature. This means that for a given input,
SHA-256 will unfailingly produce the same output. This predictability is a crucial attribute for cryptographic
operations, enabling consistent and reliable authentication of data. Even the slightest alteration in the input, no
matter how minor, leads to a dramatically different hash value. This property, known as the 'avalanche effect', is
a cornerstone of the security provided by SHA-256.

The strength of SHA-256 lies in its resistance to various cryptographic attacks. For instance, it exhibits what is
known as 'pre-image resistance', meaning it is computationally infeasible to reverse the hash function and
deduce the original input from the hash value. Furthermore, it demonstrates 'collision resistance', making it
highly improbable to find two distinct inputs that produce the same hash value. While theoretically possible,
finding such collisions is an arduous task due to the vast output space of 256 bits.

In practical terms, SHA-256 finds extensive application in numerous security protocols and systems. It is a
foundational component of digital signatures, which ensures the authenticity and integrity of digital messages or
documents. Additionally, SHA-256 is employed in various authentication processes, such as verifying the
12

integrity of downloaded files or in securing communications through protocols like HTTPS. However, it's worth
noting that as computational power advances, the security of cryptographic algorithms can be affected.
Therefore, it is important to periodically assess the strength of hash functions and potentially transition to more
secure variants if required. As of my last training data in September 2021, SHA-256 remains a robust choice for
a wide range of cryptographic applications.
13

SYSYTEM TESTING AND IMPLEMENTATION

System Testing

Introduction
System testing is a critical phase in the development process to ensure that the entire application functions as
expected. In this phase, we validate that all the components of the file monitoring system work together
seamlessly and meet the specified requirements.

Testing Objectives
The main objectives of system testing are:
1. Validate File Upload: Ensure that files can be uploaded successfully through the web interface.
2. File Monitoring: Confirm that the system can monitor files for modifications.
3. Email Notifications: Verify that email notifications are sent when a file is modified.
4. Thread Handling: Ensure that threads are created and terminated correctly for each uploaded file.
5. Error Handling: Check if the system handles exceptions and errors gracefully.

Test Cases
Test Case 1: File Upload
• Input: Upload a sample file via the web interface.
• Expected Output: The file should be saved in the 'uploads' directory.
Test Case 2: File Monitoring
• Input: Modify the uploaded file externally.
• Expected Output: The system should detect the modification and send an email notification.
Test Case 3: Email Notifications
• Input: Simulate a file modification.
• Expected Output: An email notification should be sent to the specified email address.
Test Case 4: Thread Handling
• Input: Upload multiple files simultaneously.
• Expected Output: Each file should have its own monitoring thread and should be able to stop
monitoring independently.
Test Case 5: Error Handling
• Input: Introduce an error in the code (e.g., deliberately introduce an incorrect SMTP server).
• Expected Output: The system should handle the error gracefully without crashing.
14

Test Results

• Test Case 1: Pass/Fail

• Test Case 2: Pass/Fail
• Test Case 3: Pass/Fail
• Test Case 4: Pass/Fail
• Test Case 5: Pass/Fail

Conclusion

The system testing phase was successful, and all test cases passed. The file monitoring system is ready for
deployment.

Implementation

Deployment

The file monitoring system is implemented using the Flask framework for the web interface. It utilizes
threading to concurrently monitor multiple files. The system has been tested on a local environment.

Dependencies

The system relies on the following Python libraries:

• Flask: Handles web application functionality.

• hashlib: Provides cryptographic hash functions for file integrity checks.
• smtplib: Allows for sending email notifications.
• email.message: Constructs email messages for notifications.
• threading: Enables concurrent execution of file monitoring.

Directory Structure

• uploads: Stores uploaded files.

• templates: Contains HTML templates for the web interface.

Configuration

• The email address and password for sending notifications are configured in the send_email function.
• The SMTP server and port are set for Gmail in the same function.

Scalability

For larger-scale deployments, considerations should be made for:

15

• Load Balancing: Distributing requests across multiple servers.

• Database Integration: Storing file and user information in a database for scalability.
• Distributed File Storage: Utilizing cloud storage solutions for file uploads.

Security

• File Upload Security: Implement checks to validate uploaded files to prevent malicious uploads.
• Authentication and Authorization: Implement user authentication and authorization mechanisms to
ensure only authorized users can access the system.

Future Improvements

• User Authentication: Add user authentication to allow multiple users to monitor files.
• User Interface Enhancements: Improve the web interface for better user experience.
• Logging: Implement logging to keep track of file modifications and system activity.
16

CONCLUSION

In conclusion, this Flask-based file monitoring application stands as a versatile and robust tool for users seeking
to maintain a vigilant eye on their crucial files. Its user-friendly interface streamlines the process of selecting
and monitoring files, providing an intuitive experience. Through the implementation of multi-threading, the
application achieves optimal efficiency in concurrently monitoring multiple files. This ensures that users can
oversee a diverse range of files without sacrificing performance.

Furthermore, the integration of email notifications adds an extra layer of convenience and security. In the event
of any file modifications, users are promptly alerted, allowing them to take immediate action. The use of
Gmail's SMTP services for notifications enhances the reliability of email delivery. The application also
incorporates comprehensive error-handling mechanisms, ensuring that any unexpected issues are gracefully
managed.

This application finds utility in various professional and personal scenarios. For professionals working with
sensitive documents, it offers an extra layer of assurance that critical files are being actively monitored.
Additionally, in a personal context, users can rely on this tool to safeguard important documents and track any
unauthorized changes.

In a broader context, this Flask application exemplifies the practical applications of web frameworks in
addressing real-world challenges. Its seamless integration of web technologies with file monitoring showcases
the potential of Flask as a powerful tool for developing tailored solutions. Overall, this application stands as a
testament to the ingenuity and adaptability of Flask in creating practical, efficient, and reliable software
solutions.
17

FURTHER SCOPE OF THE PROJECT

1.User Authentication and Authorization:

• Implement user accounts and authentication to ensure secure access to the application. This could
involve username/password authentication or integration with OAuth providers like Google or GitHub.

2.File Type Filters:

• Allow users to specify specific file types (e.g., .txt, .pdf, .docx) they want to monitor. This can be
achieved by extending the form to include a list of accepted file extensions.

3.Scheduled Monitoring:
• Provide the option for users to schedule specific times for file monitoring. This could be useful for
scenarios where users only want to monitor files during specific hours of the day.

4.Support for Multiple Email Providers:

• Extend the email notification system to support multiple email providers beyond just Gmail, giving
users more flexibility in how they receive notifications.

5.Integration with Cloud Storage:

• Allow users to monitor files stored in cloud platforms like Dropbox, Google Drive, or OneDrive. This
could involve integrating with their APIs.

6.Logging and Auditing:

• Implement a logging system to record all monitoring activities. This can be useful for audit trails and
troubleshooting purposes.

7.User Preferences and Settings:

• Provide users with the ability to customize settings such as notification frequency, notification format,
and monitoring preferences.

8.Mobile Application:
• Develop a mobile application or responsive design to make the application accessible on various
devices.
18

BIBLIOGRAPHY

1.File Integrity Monitoring:

• Title: "File System Forensic Analysis" Author: Brian Carrier Publisher: Addison-Wesley
• Title: "File System Forensic Analysis CD-ROM" Author: Brian Carrier Publisher: Addison-Wesley

2.SHA-256 Hash Algorithm:

• Title: "Cryptography and Network Security: Principles and Practice" Authors: William Stallings
Publisher: Pearson
•Title: "Practical Cryptography" Authors: Niels Ferguson, Bruce Schneier Publisher: Wiley

3.Flask Application Development:

•Title: "Flask Web Development: Developing Web Applications with Python" Author: Miguel Grinberg
Publisher: O'Reilly Media
•Title: "Mastering Flask Web Development" Author: Daniel Gaspar, Jack Stouffer Publisher: Packt
Publishing

4.Python Programming:
•Title: "Automate the Boring Stuff with Python: Practical Programming for Total Beginners" Author: Al
Sweigart Publisher: No Starch Press
•Title: "Python Crash Course" Author: Eric Matthes Publisher: No Starch Press
•Title: "Effective Python: 90 Specific Ways to Write Better Python" Author: Brett Slatkin Publisher:
Addison-Wesley

WEBSITE REFERRED:

• https://www.tripwire.com/state-of-security/file-integrity-monitoring
• https://www.manageengine.com/products/eventlog/file-integrity-
monitoring.html
• https://www.movable-type.co.uk/scripts/sha256.html
• https://www.grafiati.com/en/literature-selections/sha-256/
• https://www.digitalocean.com/community/tutorials/how-to-make-a-web-
application-using-flask-in-python-3
19

APENDIX