View
639
Download
1
Category
Tags:
Preview:
DESCRIPTION
Citation preview
Chapter 19
Forensic Science and the Internet
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.2
Introduction
No subject or profession remains untouched by the Internet:
-forensic science
-one common electronic forensic community
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.3
A Network of Networks Internet: “network of networks.”
A single network consists of two or more computers that are connected to share information.
The Internet connects thousands of these networks so all of the information can be exchanged worldwide.
Modem: telephone lines Cable lines/DSL
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.4
A Network of Networks
Computers that participate in the Internet have a unique numerical Internet Provider (IP) address and usually a name.
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.5
The World Wide Web World Wide Web:-collection of pages stored in the computers
connected to the Internet throughout the world. -Web browsers: -explore information the Web -retrieve Web pages
Search engines:-directories/indexes -assist user in locating topics
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.6
Electronic Mail (e-Mail)
Most commonly used in conjunction with the Internet
-transport messages across the world
Web pages:-simple explanations of forensics -intricate details of forensic science
specialties
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.7
Internet Cache Cache system:
-expedite web browsing
-source of evidence
-Portions/entire web pages can be reconstructed
-deleted cached files can be recovered
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.8
Internet Cookies Cookies:-placed on the local hard disk drive by the
web site the user has visited. -used by the web site to track certain
information about its visitors -history of visits-purchasing habits-passwords -personal information
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.9
Internet History Most web browsers track the history of web
page visits for the computer user
-accounting of sites most recently visited
-weeks worth of visits
-history file located/read with computer forensic software packages
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.10
Bookmarks and Favorite Places
Bookmarks/favorite places -bookmark websites for future visits
Info from Bookmarks:-online news-hobbies-favorite child pornography-computer hacking sites
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.11
Internet Communications Computer investigations often begin or
are centered around Internet communication.
Chat
instant message (IM)
e-mail exchange
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.12
Value of the IP address IP address:
-provided by the Internet Service provider
-lead to the identity of a real person
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.13
IP Address Locations E-Mail:-IP address in the header portion
configuration to reveal. case by case basis.
IM/Chat:-Internet Service Provider (ISP):-AOL-Yahoo
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.14
Difficulty with IP Addresses Finding IP addresses may be difficult.
E-mail can be read through a number of clients or software programs.
Most accounts offer the ability to access e-mail through a web-based interface as well.
Often the majority of chat and instant message conversations are not saved by the parties involved.
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.15
Hacking Unauthorized computer intrusion:
corporate espionage bragging rights Rogue/disgruntled employee
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.16
Locations of Concentration Investigative sources:
log files volatile memory network traffic
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.17
Logs Logs:
-document the IP address of the computer that made the connection
-located in several locations on computer network
-router (the device responsible for directing data)-firewalls
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.18
Computer Intrusion Investigation Cover tracks of IP address
-capture volatile data (data in RAM).
-clues into the identity of the intruder/method of attack.
-IM/chat data in RAM needs to be acquired
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.19
Intrusion Investigation Document all programs installed/running
-malicious software installed by the perpetrator to facilitate entry
-specialized software designed to document running processes/registry entries/installed files.
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.20
Live Network Traffic Traffic that travels the network:
-data packets
-contain source and destination IP addresses
-two-way communication (stealing data)- transmitted back to hacker’s computer
Forensic ScienceRichard Saferstein
© 2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.21
The Destination IP Address Destination IP:-investigation can focus on that system Type of data-type of attack being launched-data being stolen-types of malicious software
Recommended