1 / 29

Ethics, Privacy and Computer Forensics

Ethics, Privacy and Computer Forensics Chap 8 Digital Forensics on the Internet What is happening The internet has given people the false sense of security as they surf the net Not realizing that eavesdropping is a reality The risks are plentiful

johana
Télécharger la présentation

Ethics, Privacy and Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ethics, Privacy and Computer Forensics Chap 8 Digital Forensics on the Internet

  2. What is happening • The internet has given people the false sense of security as they surf the net • Not realizing that eavesdropping is a reality • The risks are plentiful • The digital data never goes away, it remains in some form some place

  3. Role of Internet in Investigation • Internet fits the category of instrumentality or information as evidence • Criminals use the internet as an instrument to commit their crime • E.g. using the internet to convince a person to kill • Internet related data is used to locate offenders, spies and missing people as well

  4. Internet Services • Applications that we use and take for granted • Email • WWW • Newsgroup • Live chats • Peer to peer

  5. World Wide Web • Came to life in early 1991 • People and organizations can make information and commodities available to anyone in the world • Used to steal from individuals and even steal identities • Drug traffic and money laundering • Communicate with other criminals • Terrorism • Sex abuse and child pornography

  6. WWW, Email & Web boards • Some web servers use redirect to hide their IP address • Investigators must be careful to what and where the redirection is going • What evidence do they need to look for • Email header containing information about origin and receipt • Possible to trace email back to sender • With encryption it becomes very hard to decrypt • If a criminal can prove that his email was spoofed it may convince a jury that s/he is innocent • Web board are used by criminals to exchange critical information – Asynchronous communication

  7. E-MAIL • Based on Client/Server Model • Remains the most popular internet application by usage • Clients include MS Outlook, MS Outlook Express, and Eudora • E-mail transfer protocol is text based.

  8. E-MAIL • Binary Files attached using MIME (Multipurpose Internet Mail Extensions) • MIME was developed by the IETF • MIME is an extension to SMTP • MIME encodes binary data into ASCII and then it is decoded at the destination

  9. E-MAIL • E-mail server has a list of accounts (post office boxes) • Server adds new mail to mailbox (appends to existing .txt file or posts into a back-end relational data base) • SMTP server code listens on port 25 for mail being sent by clients (always on) • POP3 server code listens on port 110 for mail to be stored (delivered)

  10. Sending an e-mail message—SMTP servers at two different domains.

  11. E-MAIL • Mailing List – send an email to a data base of people who subscribe to the list • Listserv – a type of mailing list; anyone on the list can send to the entire list • Distribution Lists – public or private lists of email addresses • Broadcast Messages – sent to everyone on the network.

  12. Instant Messaging • IM – Synchronous chats/communication • Investigators count on remains of chats in the swap spaces of the chat server • These are peer to peer connection that once the chat server (e.g. IRC) sets up the channel they are mainly private • No registration in general • Some require registration like “I seek you (ICQ)” and hotmail etc. • In ICQ users ask to join each other in a separate chat room • IM using mobile phone technology • Good news, we can now monitor all of that

  13. E-MAIL • Newsgroup – a continuous, electronic discussion forum; organized hierarchically by topic; distributed data base model; subscription based • Usenet – original newsgroup, still around • Moderated Newsgroup – all messages read before posting • Un-moderated Newsgroup – all messages immediately posted • Thread – an ongoing conversation in a newsgroup

  14. Chat and Instant Messaging (IM) • Chat Room – software that allows a group of people to type messages seen by everyone in the group in real time • IRC – Internet Relay Chat – earliest Chat Room; messages relayed from one IRC server to the next • IRC topics are called “channels”

  15. The spanning tree structure of IRC.

  16. Search Tools • Three major tasks: • Search Internet based on keyword or phrase • Index words/phrases and their location (URL) • Provide links to those URLs • Boolean operations help restrict search results

  17. Chat and Instant Messaging (IM) • IM – a chat room for two people at a time; instant access • ICQ – I seek you – first successful IM; expanded overnight • AOL introduced AIM and acquired ICQ in 1998 • MSN and Yahoo also have IM • Not yet standardized and thus hard for Internet Portals to inter-communicate

  18. Examples of common Boolean operators.

  19. Search Tools • Subject Directory – built by human subject matter experts and organized into searchable categories • Gateway pages – special subject directories containing links to web pages, built again by a human SME • Invisible Web – unsearchable by normal means

  20. Example of a metasearch engine (Metacrawler).

  21. Example of a subject directory (infomine.ucr.edu).

  22. Example of a commercial gateway (subject directory) (Yahoo!).

  23. The invisible web database.

  24. Example of a natural-language query site (ask.com).

  25. Online Investigation • Risk and Exposure to investigators • Death threats • Computer threats & harassment • Internal affair complaints • Complaints to district attorney • Attempts to blackmail • Media exposure

  26. Techniques to Delay or Hide • Concealing IP addresses using proxies • Good for security • Used by criminals to hide activities • IRC invisibility features • Limited protection • Encryption • A problem • Anonymous and pseudonymous • Email information is removed from header • Because most people who email want a response, there is always some type of evidence to reconstruct • Freenet • Each subscriber to the service becomes a node on the network and open up file share to download and upload • Encryption is used • Regularly move data from one server to another • Anonymous Cash • V-Cash and Internet Cash

  27. Some Web Capture Tools • Look for online people to be witnesses • Get help from groups fighting abuse • Get assistance from activists & those who are willing • Check sources • Tools that capture web sites • Web whacker: www.webwahacker.com • Httrack: www.httrack.com • Websnake: www.websnake.com

  28. Internet as an investigative tool • Must learn how to search the internet effectively • Look for online resources in a particular area • Search online web boards, newspapers, chat rooms etc. that are dedicated to a specific area will narrow down the search • You are looking for unknown activities in a known area • Search within a particular organization, sub-organization, department etc. • Search for nicknames, names, full email addresses • Focus search on unusual interests of a victim or a criminal • This is also known as INTELLIGENCE sometimes • Look for archives on search engines and hosting facilities

  29. Homework • Set alerts on internet abuse cases to get to you once a day • http://news.google.com/intl/en/options/ • Pick one for next week and discuss it • Give me on example of each of the following types of search engines (other than the ones discussed in class) • Natural language • Invisible web site • Write a 4 slides profile on the following software packages • Vontu, Vericept and Reconnex

More Related