1 / 22

FORENSIC SCIENCE AND THE INTERNET

FORENSIC SCIENCE AND THE INTERNET. Chapter 18. Introduction. The Internet, often referred to as the “information superhighway,” has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe.

reneo
Download Presentation

FORENSIC SCIENCE AND THE INTERNET

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FORENSIC SCIENCE AND THE INTERNET Chapter 18

  2. Introduction • The Internet, often referred to as the “information superhighway,” has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe. • No subject or profession remains untouched by the Internet, and this is so for forensic science. • A major impact of the Internet will be to bring together forensic scientists from all parts of the world, linking them into one common electronic community. THE INTERNET

  3. A Network of Networks • The Internet is often described as a “network of networks” • The Internet connects thousands of networks through a modem. • A modem is a device that allows computers to exchange information through telephone lines. • Cable lines help with higher speed connections THE INTERNET

  4. A Network of Networks(Cont) • Computers can be linked or networked through wire or wireless (WI-Fi) connections. • Computers that participate in the Internet have a unique numerical Internet Provider (IP) address and usually a name. THE INTERNET

  5. The World Wide Web • The World Wide Web is a collection of pages stored in the computers. • Each page has a specific web browser that makes his accessible to the public. (They also have a specific URL) • Many web pages can be found by using search engines. • You can search thousands of topics by typing in keywords. THE INTERNET

  6. Electronic Mail (e-Mail) • The service that is most commonly used in conjunction with the Internet is electronic mail (e-mail). • This communication system can transport messages across the world in a matter of seconds. • In order to send and receive e-mails, you must have an e-mail address. THE INTERNET

  7. Forensic Analysis of the Internet • žIt is important from the investigative standpoint to be familiar with the evidence left behind from a user’s Internet activity. • žA forensic examination of a computer system will reveal quite a bit of data about a user’s Internet activity. THE INTERNET

  8. Internet Cache • Evidence of Internet web browsing exists in abundance on the user’s computer. • žThis web browsing Internet cache is a potential source of evidence for the computer investigator. • Even if the files have been deleted, they can still be recovered. • Allows investigators to recreate some or all of a visited webpage. THE INTERNET

  9. Internet Cookies • žCookies are placed on the local hard disk drive by the web site the user has visited. (only if the website is set up to allow them to be placed.) • žA cookie is used by the web site to track certain information about its visitors. • žThey can store history of visits or purchasing habits, to passwords and personal information used for later visits. THE INTERNET

  10. Internet History • Most web browsers track the history of web page visits for the computer user. • žžThe internet history creates a list of websites most recently visited, some storing weeks worth of visits. • žžThe history file can be located and read with most popular computer forensic software packages. THE INTERNET

  11. Bookmarks and Favorite Places • žAnother way users can access websites quickly is to store them in their “bookmarks” or “favorite places.”   •  A bookmark can reveal a person’s interests or hobbies. • It can also reveal any criminal activity that they have saved. THE INTERNET

  12. Internet Communications • Computer investigations often begin or are centered around Internet communication. • It may be: • a chat conversation amongst many people, • an instant message conversation between just two individuals, • or the back and forth of an e-mail exchange. THE INTERNET

  13. Value of the IP address • in order to communicate on the Internet a device needs to be assigned an Internet Protocol (IP) address. • žThe IP address is provided by the Internet Service provider from which the device accesses the Internet. • žThis means that the IP address might lead to the identity one specific person, making them valuable to computer investigators everywhere. THE INTERNET

  14. IP Address Locations • žIP addresses are not always found in the same place. • They may not be seen right away, and it may take some searching to reveal it. • žIn the case of an Instant Message or Chat session, the particular provider would be contacted to provide the users IP address. (an IP address comes in a sequence of numbers. The numbers can be any number from 0 to 255. ex: 66.94.244.13) THE INTERNET

  15. Difficulty with IP Addresses • žFinding IP addresses may be difficult. • ›E-mail can be read through a number of clients or software programs. • ›Often the majority of chat and instant message conversations are not saved by the parties involved. • žEach application needs to be researched and the computer forensic examination guided by an expert with an understanding of how it functions. THE INTERNET

  16. Hacking • Hacking is penetrating another person’s computer without authorization. • A hacker may have many motives: • In some cases the hacker wants information, and other times it’s merely to show off skills. • An employee may also hack a network to do some form of damage to a company THE INTERNET

  17. Locations of Concentration • Generally speaking, when investigating an unauthorized computer intrusion, investigators will concentrate their efforts in three locations: • log files • volatile memory • network traffic THE INTERNET

  18. Logs • žLogs will typically document the IP address of the computer that made the connection. • žMost servers that exist on the Internet track connections made to them through the use of logs. • Firewalls might contain logs of who was allowed access to that specific network. • The router might hold log files of connections THE INTERNET

  19. Use of Volatile Data • The technique that the computer is hacked with might lead to an identity. • When intruding, the intruder might have to capture volatile data(located in RAM), providing clues to their identity • Data only stores in RAM if connected to power, so pulling the plug could erase all data in RAM. • Data from instant messages may possibly remain. THE INTERNET

  20. An Additional Standard Tactic • An investigator can also document all installed and running programs. • This may lead to discovery of malicious software used to hack the system. • This process involves using special software designed to document these items THE INTERNET

  21. Live Network Traffic • Live network traffic travels in “data packets” and also contain the source and destination IP address. • This is useful if the attack required two way communication. • (ex: A hacker steals data that needs to be transmitted back to his/her computer.) THE INTERNET

  22. The Destination IP Address • To get there, the destination IP address is needed. • Once this is learned, the investigation can focus on that system. • Moreover, the type of data that is being transmitted on the network may be a clue as to what type of attack is being launched, if any important data is being stolen, or types of malicious software, if any, that are involved in the attack. THE INTERNET

More Related