300 likes | 1.04k Vues
Ethics, Privacy and Computer Forensics Chap 8 Digital Forensics on the Internet What is happening The internet has given people the false sense of security as they surf the net Not realizing that eavesdropping is a reality The risks are plentiful
E N D
Ethics, Privacy and Computer Forensics Chap 8 Digital Forensics on the Internet
What is happening • The internet has given people the false sense of security as they surf the net • Not realizing that eavesdropping is a reality • The risks are plentiful • The digital data never goes away, it remains in some form some place
Role of Internet in Investigation • Internet fits the category of instrumentality or information as evidence • Criminals use the internet as an instrument to commit their crime • E.g. using the internet to convince a person to kill • Internet related data is used to locate offenders, spies and missing people as well
Internet Services • Applications that we use and take for granted • Email • WWW • Newsgroup • Live chats • Peer to peer
World Wide Web • Came to life in early 1991 • People and organizations can make information and commodities available to anyone in the world • Used to steal from individuals and even steal identities • Drug traffic and money laundering • Communicate with other criminals • Terrorism • Sex abuse and child pornography
WWW, Email & Web boards • Some web servers use redirect to hide their IP address • Investigators must be careful to what and where the redirection is going • What evidence do they need to look for • Email header containing information about origin and receipt • Possible to trace email back to sender • With encryption it becomes very hard to decrypt • If a criminal can prove that his email was spoofed it may convince a jury that s/he is innocent • Web board are used by criminals to exchange critical information – Asynchronous communication
E-MAIL • Based on Client/Server Model • Remains the most popular internet application by usage • Clients include MS Outlook, MS Outlook Express, and Eudora • E-mail transfer protocol is text based.
E-MAIL • Binary Files attached using MIME (Multipurpose Internet Mail Extensions) • MIME was developed by the IETF • MIME is an extension to SMTP • MIME encodes binary data into ASCII and then it is decoded at the destination
E-MAIL • E-mail server has a list of accounts (post office boxes) • Server adds new mail to mailbox (appends to existing .txt file or posts into a back-end relational data base) • SMTP server code listens on port 25 for mail being sent by clients (always on) • POP3 server code listens on port 110 for mail to be stored (delivered)
Sending an e-mail message—SMTP servers at two different domains.
E-MAIL • Mailing List – send an email to a data base of people who subscribe to the list • Listserv – a type of mailing list; anyone on the list can send to the entire list • Distribution Lists – public or private lists of email addresses • Broadcast Messages – sent to everyone on the network.
Instant Messaging • IM – Synchronous chats/communication • Investigators count on remains of chats in the swap spaces of the chat server • These are peer to peer connection that once the chat server (e.g. IRC) sets up the channel they are mainly private • No registration in general • Some require registration like “I seek you (ICQ)” and hotmail etc. • In ICQ users ask to join each other in a separate chat room • IM using mobile phone technology • Good news, we can now monitor all of that
E-MAIL • Newsgroup – a continuous, electronic discussion forum; organized hierarchically by topic; distributed data base model; subscription based • Usenet – original newsgroup, still around • Moderated Newsgroup – all messages read before posting • Un-moderated Newsgroup – all messages immediately posted • Thread – an ongoing conversation in a newsgroup
Chat and Instant Messaging (IM) • Chat Room – software that allows a group of people to type messages seen by everyone in the group in real time • IRC – Internet Relay Chat – earliest Chat Room; messages relayed from one IRC server to the next • IRC topics are called “channels”
Search Tools • Three major tasks: • Search Internet based on keyword or phrase • Index words/phrases and their location (URL) • Provide links to those URLs • Boolean operations help restrict search results
Chat and Instant Messaging (IM) • IM – a chat room for two people at a time; instant access • ICQ – I seek you – first successful IM; expanded overnight • AOL introduced AIM and acquired ICQ in 1998 • MSN and Yahoo also have IM • Not yet standardized and thus hard for Internet Portals to inter-communicate
Search Tools • Subject Directory – built by human subject matter experts and organized into searchable categories • Gateway pages – special subject directories containing links to web pages, built again by a human SME • Invisible Web – unsearchable by normal means
Example of a commercial gateway (subject directory) (Yahoo!).
Online Investigation • Risk and Exposure to investigators • Death threats • Computer threats & harassment • Internal affair complaints • Complaints to district attorney • Attempts to blackmail • Media exposure
Techniques to Delay or Hide • Concealing IP addresses using proxies • Good for security • Used by criminals to hide activities • IRC invisibility features • Limited protection • Encryption • A problem • Anonymous and pseudonymous • Email information is removed from header • Because most people who email want a response, there is always some type of evidence to reconstruct • Freenet • Each subscriber to the service becomes a node on the network and open up file share to download and upload • Encryption is used • Regularly move data from one server to another • Anonymous Cash • V-Cash and Internet Cash
Some Web Capture Tools • Look for online people to be witnesses • Get help from groups fighting abuse • Get assistance from activists & those who are willing • Check sources • Tools that capture web sites • Web whacker: www.webwahacker.com • Httrack: www.httrack.com • Websnake: www.websnake.com
Internet as an investigative tool • Must learn how to search the internet effectively • Look for online resources in a particular area • Search online web boards, newspapers, chat rooms etc. that are dedicated to a specific area will narrow down the search • You are looking for unknown activities in a known area • Search within a particular organization, sub-organization, department etc. • Search for nicknames, names, full email addresses • Focus search on unusual interests of a victim or a criminal • This is also known as INTELLIGENCE sometimes • Look for archives on search engines and hosting facilities
Homework • Set alerts on internet abuse cases to get to you once a day • http://news.google.com/intl/en/options/ • Pick one for next week and discuss it • Give me on example of each of the following types of search engines (other than the ones discussed in class) • Natural language • Invisible web site • Write a 4 slides profile on the following software packages • Vontu, Vericept and Reconnex