Ethics privacy and computer forensics
1 / 29

Ethics, Privacy and Computer Forensics - PowerPoint PPT Presentation

  • Updated On :

Ethics, Privacy and Computer Forensics Chap 8 Digital Forensics on the Internet What is happening The internet has given people the false sense of security as they surf the net Not realizing that eavesdropping is a reality The risks are plentiful

Related searches for Ethics, Privacy and Computer Forensics

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Ethics, Privacy and Computer Forensics' - johana

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ethics privacy and computer forensics l.jpg

Ethics, Privacy and Computer Forensics

Chap 8 Digital Forensics on the Internet

What is happening l.jpg
What is happening

  • The internet has given people the false sense of security as they surf the net

  • Not realizing that eavesdropping is a reality

  • The risks are plentiful

  • The digital data never goes away, it remains in some form some place

Role of internet in investigation l.jpg
Role of Internet in Investigation

  • Internet fits the category of instrumentality or information as evidence

  • Criminals use the internet as an instrument to commit their crime

    • E.g. using the internet to convince a person to kill

  • Internet related data is used to locate offenders, spies and missing people as well

Internet services l.jpg
Internet Services

  • Applications that we use and take for granted

    • Email

    • WWW

    • Newsgroup

    • Live chats

    • Peer to peer

World wide web l.jpg
World Wide Web

  • Came to life in early 1991

  • People and organizations can make information and commodities available to anyone in the world

  • Used to steal from individuals and even steal identities

  • Drug traffic and money laundering

  • Communicate with other criminals

  • Terrorism

  • Sex abuse and child pornography

Www email web boards l.jpg
WWW, Email & Web boards

  • Some web servers use redirect to hide their IP address

  • Investigators must be careful to what and where the redirection is going

  • What evidence do they need to look for

  • Email header containing information about origin and receipt

  • Possible to trace email back to sender

  • With encryption it becomes very hard to decrypt

  • If a criminal can prove that his email was spoofed it may convince a jury that s/he is innocent

  • Web board are used by criminals to exchange critical information – Asynchronous communication

E mail l.jpg

  • Based on Client/Server Model

  • Remains the most popular internet application by usage

  • Clients include MS Outlook, MS Outlook Express, and Eudora

  • E-mail transfer protocol is text based.

E mail8 l.jpg

  • Binary Files attached using MIME (Multipurpose Internet Mail Extensions)

  • MIME was developed by the IETF

  • MIME is an extension to SMTP

  • MIME encodes binary data into ASCII and then it is decoded at the destination

E mail9 l.jpg

  • E-mail server has a list of accounts (post office boxes)

  • Server adds new mail to mailbox (appends to existing .txt file or posts into a back-end relational data base)

  • SMTP server code listens on port 25 for mail being sent by clients (always on)

  • POP3 server code listens on port 110 for mail to be stored (delivered)

E mail11 l.jpg
E-MAIL domains.

  • Mailing List – send an email to a data base of people who subscribe to the list

  • Listserv – a type of mailing list; anyone on the list can send to the entire list

  • Distribution Lists – public or private lists of email addresses

  • Broadcast Messages – sent to everyone on the network.

Instant messaging l.jpg
Instant Messaging domains.

  • IM – Synchronous chats/communication

  • Investigators count on remains of chats in the swap spaces of the chat server

  • These are peer to peer connection that once the chat server (e.g. IRC) sets up the channel they are mainly private

  • No registration in general

  • Some require registration like “I seek you (ICQ)” and hotmail etc.

  • In ICQ users ask to join each other in a separate chat room

  • IM using mobile phone technology

  • Good news, we can now monitor all of that

E mail13 l.jpg
E-MAIL domains.

  • Newsgroup – a continuous, electronic discussion forum; organized hierarchically by topic; distributed data base model; subscription based

  • Usenet – original newsgroup, still around

  • Moderated Newsgroup – all messages read before posting

  • Un-moderated Newsgroup – all messages immediately posted

  • Thread – an ongoing conversation in a newsgroup

Chat and instant messaging im l.jpg
Chat and Instant Messaging (IM) domains.

  • Chat Room – software that allows a group of people to type messages seen by everyone in the group in real time

  • IRC – Internet Relay Chat – earliest Chat Room; messages relayed from one IRC server to the next

  • IRC topics are called “channels”

Search tools l.jpg
Search Tools domains.

  • Three major tasks:

    • Search Internet based on keyword or phrase

    • Index words/phrases and their location (URL)

    • Provide links to those URLs

  • Boolean operations help restrict search results

Chat and instant messaging im17 l.jpg
Chat and Instant Messaging (IM) domains.

  • IM – a chat room for two people at a time; instant access

  • ICQ – I seek you – first successful IM; expanded overnight

  • AOL introduced AIM and acquired ICQ in 1998

  • MSN and Yahoo also have IM

  • Not yet standardized and thus hard for Internet Portals to inter-communicate

Search tools19 l.jpg
Search Tools domains.

  • Subject Directory – built by human subject matter experts and organized into searchable categories

  • Gateway pages – special subject directories containing links to web pages, built again by a human SME

  • Invisible Web – unsearchable by normal means

Example of a metasearch engine metacrawler l.jpg
Example of a metasearch engine ( domains. Metacrawler).

Example of a subject directory infomine ucr edu l.jpg
Example of a subject directory ( domains.

Online investigation l.jpg
Online Investigation domains.

  • Risk and Exposure to investigators

    • Death threats

    • Computer threats & harassment

    • Internal affair complaints

    • Complaints to district attorney

    • Attempts to blackmail

    • Media exposure

Techniques to delay or hide l.jpg
Techniques to Delay or Hide domains.

  • Concealing IP addresses using proxies

    • Good for security

    • Used by criminals to hide activities

  • IRC invisibility features

    • Limited protection

  • Encryption

    • A problem

  • Anonymous and pseudonymous

    • Email information is removed from header

    • Because most people who email want a response, there is always some type of evidence to reconstruct

  • Freenet

    • Each subscriber to the service becomes a node on the network and open up file share to download and upload

    • Encryption is used

    • Regularly move data from one server to another

  • Anonymous Cash

    • V-Cash and Internet Cash

Some web capture tools l.jpg
Some Web Capture Tools domains.

  • Look for online people to be witnesses

  • Get help from groups fighting abuse

  • Get assistance from activists & those who are willing

  • Check sources

  • Tools that capture web sites

    • Web whacker:

    • Httrack:

    • Websnake:

Internet as an investigative tool l.jpg
Internet as an investigative tool domains.

  • Must learn how to search the internet effectively

  • Look for online resources in a particular area

  • Search online web boards, newspapers, chat rooms etc. that are dedicated to a specific area will narrow down the search

  • You are looking for unknown activities in a known area

  • Search within a particular organization, sub-organization, department etc.

  • Search for nicknames, names, full email addresses

  • Focus search on unusual interests of a victim or a criminal

  • This is also known as INTELLIGENCE sometimes

  • Look for archives on search engines and hosting facilities

Homework l.jpg
Homework domains.

  • Set alerts on internet abuse cases to get to you once a day


    • Pick one for next week and discuss it

  • Give me on example of each of the following types of search engines (other than the ones discussed in class)

    • Natural language

    • Invisible web site

  • Write a 4 slides profile on the following software packages

    • Vontu, Vericept and Reconnex