1 / 35

Grover Kearns, PhD, CPA, CFE

Class 11. Grover Kearns, PhD, CPA, CFE. Email Videos. How email works http://www.youtube.com/watch?v=YBzLPmx3xTU Email Spoofing http://lybio.net/household-hacker-hacking-email-spoofing-101/science-technology/ SMTP Spoofing http://www.youtube.com/watch?v=Up6XcxEilp4&feature=related

bao
Télécharger la présentation

Grover Kearns, PhD, CPA, CFE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Class 11 • Grover Kearns, PhD, CPA, CFE

  2. Email Videos How email works http://www.youtube.com/watch?v=YBzLPmx3xTU Email Spoofing http://lybio.net/household-hacker-hacking-email-spoofing-101/science-technology/ SMTP Spoofing http://www.youtube.com/watch?v=Up6XcxEilp4&feature=related Tracing an email http://www.youtube.com/watch?v=hSvswzSy3oA

  3. Reading Email Headers From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net     (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP     id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>     for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com     (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;    Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)     \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain

  4. From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net     (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP     id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>     for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com     (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;    Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)     \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain Not required by SMTP

  5. From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net     (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP     id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>     for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com     (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;    Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)     \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain unique message ID

  6. From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net     (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP     id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>     for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com     (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;    Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)     \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain

  7. From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net     (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP     id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>     for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com     (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;    Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)     \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain

  8. From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009. verizon.net@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com     (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;    Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)     \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain

  9. From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net     (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP     id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>     for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com     (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;    Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)     \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain

  10. Another Example – Partial Header Delivered-To: gkearns@mail.usf.edu Received: by 10.68.58.39 with SMTP id n7cs40710pbq; … Return-Path: <stpetebay@yahoo.com> … Received: from [127.0.0.1] by omp1017.mail.bf1.yahoo.com with NNFMP; 20 Jun … Received: (qmail 38143 invoked by uid 60001); 20 Jun 2011 19:58:58 -0000 Message-ID: <391707.15764.qm@web161204.mail.bf1.yahoo.com> Received: from [70.126.236.236] by web161204.mail.bf1.yahoo.com via HTTP; Mon, 20 Jun 2011 12:58:58 PDT X-Mailer: YahooMailClassic/14.0.3 YahooMailWebService/0.8.111.304355 Date: Mon, 20 Jun 2011 12:58:58 -0700 (PDT) From: Grover Kearns <stpetebay@yahoo.com> Subject: Be Alert To: gkearns@mail.usf.edu MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Now get to work!

  11. Mobile Phone Forensics • Unauthorized photos, videos, audio recording • Digital fraud and data duplication • Industrial espionage • Acceptable use policy

  12. Mobile Phone Forensics SIM Cards- Subscriber Identity ModuleSD Cards- Secure Digital

  13. Mobile Phone Forensics Stored Data on SIM Cards • International Mobile Subscriber Identity • Integrated Circuit Card Identifier (ICC-ID) • Authentication Key (Ki) • Location Area Identity • SMS Message / Contacts

  14. Mobile Phone Forensics Stored Data on SD Cards Call logs Text Messages Electronic documents Phonebooks Videos Music Photos Calendar

  15. Smart Phone Videos • How to Save Data to a Phone's Micro SD Memory Card http://www.ehow.com/video_4756774_save-micro-sd-memory-card.html • SIM Card Reader http://www.proofpronto.com/cell-phone-spy.html?gclid=CIfqu8zqwqkCFYgW2god9AZacw • Hacking the iPhone http://www.youtube.com/watch?v=ZgITSfrEILQ

  16. Problems with Mobile Forensics • Lack of single standards • How cell phones store messages • Multitude of models • Generations: analog, PCS, 3G, 4G, ???

  17. Remote Phone Wipes All smart phones can be “wiped” remotely. Check the web for instructions for each phone.

  18. Securing Mobile Phones • Securing the mobile phone is the first action • Turning it off will lose RAM • If on it can be wiped remotely • Wrap multiple times in foil or • Place in empty paint bucket

  19. SIMCon • Reads SIM files • Analyzes file content • Recovers deleted text messages • Manages PIN codes • Exports data to spreadsheet files

  20. 3G Average download speed is 1 to 100 Mbps Allowed email and Internet access Allows apps with music downloads and video calling Applies to all smartphones 4G A set of standards that hasn't really been clearly defined Average download speeds are about twice as fast as 3G at 4-6 Mbps More apps, More secure Comparing 3G to 4G

  21. Digital Networks • CDMA – Uses full radio frequency spectrum. Sprint and Verizon use this. • GSM – Used by AT&T and T-Mobile and standard in Europe and Asia. • You can switch your SIM card with GSM! • OFDM – Probably will be the chosen technology for 4G.

  22. Smart Phones • Contain: RAM, ROM, microprocessor, radio module, hardware interfaces. • Many have memory cards (SIM). • Store system data in EEPROM. • OS is stored in ROM.

  23. Unlocking allows owner to switch SIM cards Could void warranty Jailbreaking allows owner to add apps that are not supported by vendor Not illegal Jailbreaking & Unlocking

  24. Recovering Deleted Files http://www.youtube.com/watch?v=5ShSIYRQnZY&feature=related

  25. Web Sites - Email • Email Spoofing http://lybio.net/household-hacker-hacking-email-spoofing-101/science-technology/ • Tracing an email http://www.youtube.com/watch?v=hSvswzSy3oA • How to find IP address and shutdown network computer http://www.youtube.com/watch?v=fFLd0EQR-uE&feature=related • Restoring deleted files http://www.youtube.com/watch?v=5ShSIYRQnZY&feature=related

  26. Web Sites – Mobile Phones • SIM Card Reader http://www.proofpronto.com/cell-phone-spy.html?gclid=CIfqu8zqwqkCFYgW2god9AZacw • Hacking iPhone http://www.youtube.com/watch?v=ZgITSfrEILQ • How to Save Data to a Phone's Micro SD Memory Card http://www.ehow.com/video_4756774_save-micro-sd-memory-card.html

More Related