Ethics privacy and computer forensics l.jpg
Advertisement
This presentation is the property of its rightful owner.
1 / 29

Ethics, Privacy and Computer Forensics PowerPoint PPT Presentation

Ethics, Privacy and Computer Forensics Chap 8 Digital Forensics on the Internet What is happening The internet has given people the false sense of security as they surf the net Not realizing that eavesdropping is a reality The risks are plentiful

Related searches for Ethics, Privacy and Computer Forensics

Download Presentation

Ethics, Privacy and Computer Forensics

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ethics privacy and computer forensics l.jpg

Ethics, Privacy and Computer Forensics

Chap 8 Digital Forensics on the Internet


What is happening l.jpg

What is happening

  • The internet has given people the false sense of security as they surf the net

  • Not realizing that eavesdropping is a reality

  • The risks are plentiful

  • The digital data never goes away, it remains in some form some place


Role of internet in investigation l.jpg

Role of Internet in Investigation

  • Internet fits the category of instrumentality or information as evidence

  • Criminals use the internet as an instrument to commit their crime

    • E.g. using the internet to convince a person to kill

  • Internet related data is used to locate offenders, spies and missing people as well


Internet services l.jpg

Internet Services

  • Applications that we use and take for granted

    • Email

    • WWW

    • Newsgroup

    • Live chats

    • Peer to peer


World wide web l.jpg

World Wide Web

  • Came to life in early 1991

  • People and organizations can make information and commodities available to anyone in the world

  • Used to steal from individuals and even steal identities

  • Drug traffic and money laundering

  • Communicate with other criminals

  • Terrorism

  • Sex abuse and child pornography


Www email web boards l.jpg

WWW, Email & Web boards

  • Some web servers use redirect to hide their IP address

  • Investigators must be careful to what and where the redirection is going

  • What evidence do they need to look for

  • Email header containing information about origin and receipt

  • Possible to trace email back to sender

  • With encryption it becomes very hard to decrypt

  • If a criminal can prove that his email was spoofed it may convince a jury that s/he is innocent

  • Web board are used by criminals to exchange critical information – Asynchronous communication


E mail l.jpg

E-MAIL

  • Based on Client/Server Model

  • Remains the most popular internet application by usage

  • Clients include MS Outlook, MS Outlook Express, and Eudora

  • E-mail transfer protocol is text based.


E mail8 l.jpg

E-MAIL

  • Binary Files attached using MIME (Multipurpose Internet Mail Extensions)

  • MIME was developed by the IETF

  • MIME is an extension to SMTP

  • MIME encodes binary data into ASCII and then it is decoded at the destination


E mail9 l.jpg

E-MAIL

  • E-mail server has a list of accounts (post office boxes)

  • Server adds new mail to mailbox (appends to existing .txt file or posts into a back-end relational data base)

  • SMTP server code listens on port 25 for mail being sent by clients (always on)

  • POP3 server code listens on port 110 for mail to be stored (delivered)


Sending an e mail message smtp servers at two different domains l.jpg

Sending an e-mail message—SMTP servers at two different domains.


E mail11 l.jpg

E-MAIL

  • Mailing List – send an email to a data base of people who subscribe to the list

  • Listserv – a type of mailing list; anyone on the list can send to the entire list

  • Distribution Lists – public or private lists of email addresses

  • Broadcast Messages – sent to everyone on the network.


Instant messaging l.jpg

Instant Messaging

  • IM – Synchronous chats/communication

  • Investigators count on remains of chats in the swap spaces of the chat server

  • These are peer to peer connection that once the chat server (e.g. IRC) sets up the channel they are mainly private

  • No registration in general

  • Some require registration like “I seek you (ICQ)” and hotmail etc.

  • In ICQ users ask to join each other in a separate chat room

  • IM using mobile phone technology

  • Good news, we can now monitor all of that


E mail13 l.jpg

E-MAIL

  • Newsgroup – a continuous, electronic discussion forum; organized hierarchically by topic; distributed data base model; subscription based

  • Usenet – original newsgroup, still around

  • Moderated Newsgroup – all messages read before posting

  • Un-moderated Newsgroup – all messages immediately posted

  • Thread – an ongoing conversation in a newsgroup


Chat and instant messaging im l.jpg

Chat and Instant Messaging (IM)

  • Chat Room – software that allows a group of people to type messages seen by everyone in the group in real time

  • IRC – Internet Relay Chat – earliest Chat Room; messages relayed from one IRC server to the next

  • IRC topics are called “channels”


The spanning tree structure of irc l.jpg

The spanning tree structure of IRC.


Search tools l.jpg

Search Tools

  • Three major tasks:

    • Search Internet based on keyword or phrase

    • Index words/phrases and their location (URL)

    • Provide links to those URLs

  • Boolean operations help restrict search results


Chat and instant messaging im17 l.jpg

Chat and Instant Messaging (IM)

  • IM – a chat room for two people at a time; instant access

  • ICQ – I seek you – first successful IM; expanded overnight

  • AOL introduced AIM and acquired ICQ in 1998

  • MSN and Yahoo also have IM

  • Not yet standardized and thus hard for Internet Portals to inter-communicate


Examples of common boolean operators l.jpg

Examples of common Boolean operators.


Search tools19 l.jpg

Search Tools

  • Subject Directory – built by human subject matter experts and organized into searchable categories

  • Gateway pages – special subject directories containing links to web pages, built again by a human SME

  • Invisible Web – unsearchable by normal means


Example of a metasearch engine metacrawler l.jpg

Example of a metasearch engine (Metacrawler).


Example of a subject directory infomine ucr edu l.jpg

Example of a subject directory (infomine.ucr.edu).


Example of a commercial gateway subject directory yahoo l.jpg

Example of a commercial gateway (subject directory) (Yahoo!).


The invisible web database l.jpg

The invisible web database.


Example of a natural language query site ask com l.jpg

Example of a natural-language query site (ask.com).


Online investigation l.jpg

Online Investigation

  • Risk and Exposure to investigators

    • Death threats

    • Computer threats & harassment

    • Internal affair complaints

    • Complaints to district attorney

    • Attempts to blackmail

    • Media exposure


Techniques to delay or hide l.jpg

Techniques to Delay or Hide

  • Concealing IP addresses using proxies

    • Good for security

    • Used by criminals to hide activities

  • IRC invisibility features

    • Limited protection

  • Encryption

    • A problem

  • Anonymous and pseudonymous

    • Email information is removed from header

    • Because most people who email want a response, there is always some type of evidence to reconstruct

  • Freenet

    • Each subscriber to the service becomes a node on the network and open up file share to download and upload

    • Encryption is used

    • Regularly move data from one server to another

  • Anonymous Cash

    • V-Cash and Internet Cash


Some web capture tools l.jpg

Some Web Capture Tools

  • Look for online people to be witnesses

  • Get help from groups fighting abuse

  • Get assistance from activists & those who are willing

  • Check sources

  • Tools that capture web sites

    • Web whacker: www.webwahacker.com

    • Httrack: www.httrack.com

    • Websnake: www.websnake.com


Internet as an investigative tool l.jpg

Internet as an investigative tool

  • Must learn how to search the internet effectively

  • Look for online resources in a particular area

  • Search online web boards, newspapers, chat rooms etc. that are dedicated to a specific area will narrow down the search

  • You are looking for unknown activities in a known area

  • Search within a particular organization, sub-organization, department etc.

  • Search for nicknames, names, full email addresses

  • Focus search on unusual interests of a victim or a criminal

  • This is also known as INTELLIGENCE sometimes

  • Look for archives on search engines and hosting facilities


Homework l.jpg

Homework

  • Set alerts on internet abuse cases to get to you once a day

    • http://news.google.com/intl/en/options/

    • Pick one for next week and discuss it

  • Give me on example of each of the following types of search engines (other than the ones discussed in class)

    • Natural language

    • Invisible web site

  • Write a 4 slides profile on the following software packages

    • Vontu, Vericept and Reconnex


  • Login