ethics privacy and computer forensics l.
Skip this Video
Loading SlideShow in 5 Seconds..
Ethics, Privacy and Computer Forensics PowerPoint Presentation
Download Presentation
Ethics, Privacy and Computer Forensics

Loading in 2 Seconds...

play fullscreen
1 / 29

Ethics, Privacy and Computer Forensics - PowerPoint PPT Presentation

  • Uploaded on

Ethics, Privacy and Computer Forensics Chap 8 Digital Forensics on the Internet What is happening The internet has given people the false sense of security as they surf the net Not realizing that eavesdropping is a reality The risks are plentiful

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Ethics, Privacy and Computer Forensics' - johana

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
ethics privacy and computer forensics

Ethics, Privacy and Computer Forensics

Chap 8 Digital Forensics on the Internet

what is happening
What is happening
  • The internet has given people the false sense of security as they surf the net
  • Not realizing that eavesdropping is a reality
  • The risks are plentiful
  • The digital data never goes away, it remains in some form some place
role of internet in investigation
Role of Internet in Investigation
  • Internet fits the category of instrumentality or information as evidence
  • Criminals use the internet as an instrument to commit their crime
    • E.g. using the internet to convince a person to kill
  • Internet related data is used to locate offenders, spies and missing people as well
internet services
Internet Services
  • Applications that we use and take for granted
    • Email
    • WWW
    • Newsgroup
    • Live chats
    • Peer to peer
world wide web
World Wide Web
  • Came to life in early 1991
  • People and organizations can make information and commodities available to anyone in the world
  • Used to steal from individuals and even steal identities
  • Drug traffic and money laundering
  • Communicate with other criminals
  • Terrorism
  • Sex abuse and child pornography
www email web boards
WWW, Email & Web boards
  • Some web servers use redirect to hide their IP address
  • Investigators must be careful to what and where the redirection is going
  • What evidence do they need to look for
  • Email header containing information about origin and receipt
  • Possible to trace email back to sender
  • With encryption it becomes very hard to decrypt
  • If a criminal can prove that his email was spoofed it may convince a jury that s/he is innocent
  • Web board are used by criminals to exchange critical information – Asynchronous communication
e mail
  • Based on Client/Server Model
  • Remains the most popular internet application by usage
  • Clients include MS Outlook, MS Outlook Express, and Eudora
  • E-mail transfer protocol is text based.
e mail8
  • Binary Files attached using MIME (Multipurpose Internet Mail Extensions)
  • MIME was developed by the IETF
  • MIME is an extension to SMTP
  • MIME encodes binary data into ASCII and then it is decoded at the destination
e mail9
  • E-mail server has a list of accounts (post office boxes)
  • Server adds new mail to mailbox (appends to existing .txt file or posts into a back-end relational data base)
  • SMTP server code listens on port 25 for mail being sent by clients (always on)
  • POP3 server code listens on port 110 for mail to be stored (delivered)
e mail11
  • Mailing List – send an email to a data base of people who subscribe to the list
  • Listserv – a type of mailing list; anyone on the list can send to the entire list
  • Distribution Lists – public or private lists of email addresses
  • Broadcast Messages – sent to everyone on the network.
instant messaging
Instant Messaging
  • IM – Synchronous chats/communication
  • Investigators count on remains of chats in the swap spaces of the chat server
  • These are peer to peer connection that once the chat server (e.g. IRC) sets up the channel they are mainly private
  • No registration in general
  • Some require registration like “I seek you (ICQ)” and hotmail etc.
  • In ICQ users ask to join each other in a separate chat room
  • IM using mobile phone technology
  • Good news, we can now monitor all of that
e mail13
  • Newsgroup – a continuous, electronic discussion forum; organized hierarchically by topic; distributed data base model; subscription based
  • Usenet – original newsgroup, still around
  • Moderated Newsgroup – all messages read before posting
  • Un-moderated Newsgroup – all messages immediately posted
  • Thread – an ongoing conversation in a newsgroup
chat and instant messaging im
Chat and Instant Messaging (IM)
  • Chat Room – software that allows a group of people to type messages seen by everyone in the group in real time
  • IRC – Internet Relay Chat – earliest Chat Room; messages relayed from one IRC server to the next
  • IRC topics are called “channels”
search tools
Search Tools
  • Three major tasks:
    • Search Internet based on keyword or phrase
    • Index words/phrases and their location (URL)
    • Provide links to those URLs
  • Boolean operations help restrict search results
chat and instant messaging im17
Chat and Instant Messaging (IM)
  • IM – a chat room for two people at a time; instant access
  • ICQ – I seek you – first successful IM; expanded overnight
  • AOL introduced AIM and acquired ICQ in 1998
  • MSN and Yahoo also have IM
  • Not yet standardized and thus hard for Internet Portals to inter-communicate
search tools19
Search Tools
  • Subject Directory – built by human subject matter experts and organized into searchable categories
  • Gateway pages – special subject directories containing links to web pages, built again by a human SME
  • Invisible Web – unsearchable by normal means
online investigation
Online Investigation
  • Risk and Exposure to investigators
    • Death threats
    • Computer threats & harassment
    • Internal affair complaints
    • Complaints to district attorney
    • Attempts to blackmail
    • Media exposure
techniques to delay or hide
Techniques to Delay or Hide
  • Concealing IP addresses using proxies
    • Good for security
    • Used by criminals to hide activities
  • IRC invisibility features
    • Limited protection
  • Encryption
    • A problem
  • Anonymous and pseudonymous
    • Email information is removed from header
    • Because most people who email want a response, there is always some type of evidence to reconstruct
  • Freenet
    • Each subscriber to the service becomes a node on the network and open up file share to download and upload
    • Encryption is used
    • Regularly move data from one server to another
  • Anonymous Cash
    • V-Cash and Internet Cash
some web capture tools
Some Web Capture Tools
  • Look for online people to be witnesses
  • Get help from groups fighting abuse
  • Get assistance from activists & those who are willing
  • Check sources
  • Tools that capture web sites
    • Web whacker:
    • Httrack:
    • Websnake:
internet as an investigative tool
Internet as an investigative tool
  • Must learn how to search the internet effectively
  • Look for online resources in a particular area
  • Search online web boards, newspapers, chat rooms etc. that are dedicated to a specific area will narrow down the search
  • You are looking for unknown activities in a known area
  • Search within a particular organization, sub-organization, department etc.
  • Search for nicknames, names, full email addresses
  • Focus search on unusual interests of a victim or a criminal
  • This is also known as INTELLIGENCE sometimes
  • Look for archives on search engines and hosting facilities
  • Set alerts on internet abuse cases to get to you once a day
    • Pick one for next week and discuss it
  • Give me on example of each of the following types of search engines (other than the ones discussed in class)
    • Natural language
    • Invisible web site
  • Write a 4 slides profile on the following software packages
    • Vontu, Vericept and Reconnex