Guide to Computer Forensics and Investigations, Second Edition Chapter 13 E-mail Investigations.

Slides:



Advertisements
Similar presentations
Kalpesh Vyas & Seward Khem
Advertisements

Guide to Computer Forensics and Investigations Fourth Edition
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
Basics. 2 Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services –Acquiring an account.
Basic Communication on the Internet: Integrated Browser Programs and Web-Based Services Tutorial 3.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
How Clients and Servers Work Together. Objectives Web Server Protocols Examine how server and client software work Use FTP to transfer files Initiate.
XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Computer & Network Forensics Xinwen Fu Chapter 13 Investigations.
Guide to Computer Forensics and Investigations Third Edition Chapter 12 Investigations.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
COS 413 Day 17. Agenda Quiz 2 corrected –2 A’s, 6 B’s & 1 C Assignment 5 corrected –5 B’s, 2 C’s, 1 non-submit & 1 corrupt file that I cannot read Lab.
Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Guide to Operating System Security Chapter 10 Security.
POP Configuration Microsoft Outlook Express 6.x.
Welcome to the St James POA website navigation tool. Learn how to navigate the website, edit your profile and learn what’s going on in St James!
GroupWise Tutorial What is GroupWise? GroupWise is an and calendar service (much like Microsoft outlook) for Collin College faculty and staff.
Setting up in Outlook Express. Select “Tools” from the toolbar menu.
Free Powerpoint Templates Page 1 MICROSOFT OFFICE OUTLOOK 2007 PRESENTED BY: BRANDO P. DUMALI.
-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
POP Configuration Microsoft Outlook What is POP? Short for Post Office Protocol, a protocol used to retrieve from a mail server. Most.
Using Microsoft Outlook: Basics. Objectives Guided Tour of Outlook –Identification –Views Basics –Contacts –Folders –Web Access Q&A.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Hands-on: Capturing an Image with AccessData FTK Imager
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
Technology ICT Option: . Electronic mail is the transmission of mainly text based messages across networks This can be within a particular.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Pasewark & Pasewark 1 Outlook Lesson 1 Outlook Basics and Microsoft Office 2007: Introductory.
Chapter 5 Configuring, Managing, and Troubleshooting Resource Access
Prepared by: Ms Melinda Chung Chapter 3: Basic Communication on the Internet: .
Backup Local Online For secure offsite storage of your , and making it available from any computer or smart phone. Backup accessed with.
8. Internet and . Topics Internet Web browsers and evidence they create function and forensics Chat and social networking evidence.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.
Module 8: Managing Client Configuration and Connectivity.
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Computer Networks26-1 Chapter 26. Remote Logging, Electronic Mail and File Transfer.
and Webmail Forensics. 2 Objectives Understand the flow of electronic mail across a network Explain the difference between resident e- mail client.
-III Outlook How To Topics CS-3505 Outlook form Office 2003 Wb_ -II.ppt.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Guide to Computer Forensics and Investigations Fourth Edition Unit 8 Investigations.
Microsoft Outlook 2007 Basics Distance Learning (860) 343 – 5756 Chapman 633/632 Middlesex Community College Visit
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
(or ?) Short for Electronic Mail The transmission of messages over networks.
Basics. 2 Professional Development Centre Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Unit 2—Using the Computer Lesson 14 and Electronic Communication.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Two Installing and Configuring Exchange Server 2003.
Pasewark & Pasewark Microsoft Office 2003: Introductory 1 INTRODUCTORY MICROSOFT OUTLOOK Lesson 1 – Outlook Basics and .
Microsoft Office Illustrated Introductory, Second Edition Started with Outlook 2003 Getting.
Microsoft Outlook 2010 Chapter 3 Managing Contacts and Personal Contact Information with Outlook.
The Internet 8th Edition Tutorial 3 Using Web-Based Services for Communication and Collaboration.
Setting up Web-based or Local Computer Program.
XP Browser and Basics COM111 Introduction to Computer Applications.
NetTech Solutions Microsoft Outlook and Outlook Express Lesson Four.
  is a system of electronic communication that allows the user to exchange messages over the internet  Everyone’s address is unique  Two.
NetTech Solutions Troubleshooting Office Applications Lesson Seven.
Guide to Computer Forensics and Investigations Fifth Edition
SAK 4801 INTRODUCTION TO COMPUTER FORENSICS Chapter 9 Tracking s and Investigating Crimes Mohd Taufik Abdullah Department of Computer Science.
Guide to Operating Systems, 5th Edition
Objectives Understand the flow of electronic mail across a network
Internet Business Associate v2.0
Guide to Computer Forensics and Investigations Fifth Edition
Exchange Configuration on Outlook Express
Technology ICT Option: .
Unit-V Investigations
Technology ICT Option: .
Guide to Computer Forensics and Investigations Third Edition
Presentation transcript:

Guide to Computer Forensics and Investigations, Second Edition Chapter 13 Investigations

Guide to Computer Forensics and Investigations, 2e2 Objectives Explore the roles of the client and server in Investigate crimes and violations Understand servers Use specialized computer forensics tools

Guide to Computer Forensics and Investigations, 2e3 Exploring the Roles of the Client and Server in Two environments –Internet –Controlled LAN, MAN, or WAN Client/server architecture –Server OS and software differ from those on the client side Protected accounts –Require usernames and passwords

Guide to Computer Forensics and Investigations, 2e4 Exploring the Roles of the Client and Server in (continued)

Guide to Computer Forensics and Investigations, 2e5 Exploring the Roles of the Client and Server in (continued) Name conventions –Corporate: –Public: –Everything belongs to the domain name Tracing corporate s is easier

Guide to Computer Forensics and Investigations, 2e6 Investigating Crimes and Violations Similar to other types of investigations Goals –Find who is behind the crime –Collect the evidence –Present your findings –Build a case

Guide to Computer Forensics and Investigations, 2e7 Identifying Crimes and Violations Depend on the city, state, or country –Spam –Always consult with an attorney Becoming commonplace Examples of crimes involving s: –Narcotics trafficking –Extortion –Sexual harassment

Guide to Computer Forensics and Investigations, 2e8 Examining Messages Access victim’s computer and retrieve evidence Use victim’s client –Find and copy evidence in the –Access protected or encrypted material –Print s Guide victim on the phone –Open and copy including headers Sometimes you will deal with deleted s

Guide to Computer Forensics and Investigations, 2e9 Examining Messages (continued)

Guide to Computer Forensics and Investigations, 2e10 Viewing Headers Learn how to find headers –GUI clients –Command-line clients –Web-based clients Headers contain useful information –Unique identifying numbers –IP address of sending server –Sending time

Guide to Computer Forensics and Investigations, 2e11 Viewing Headers (continued) Outlook –Open the Message Options dialog box –Copy headers –Paste them to any text editor Outlook Express –Open the message properties dialog box –Select Message Source –Copy and paste the headers to any text editor

Guide to Computer Forensics and Investigations, 2e12 Viewing Headers (continued)

Guide to Computer Forensics and Investigations, 2e13 Viewing Headers (continued)

Guide to Computer Forensics and Investigations, 2e14 Viewing Headers (continued)

Guide to Computer Forensics and Investigations, 2e15 Viewing Headers (continued) Eudora –Click the BLAH BLAH BLAH button –Copy and paste the header Pine and ELM –Check enable-full-headers AOL headers –Open Details dialog window –Copy and paste headers

Guide to Computer Forensics and Investigations, 2e16 Viewing Headers (continued)

Guide to Computer Forensics and Investigations, 2e17 Viewing Headers (continued)

Guide to Computer Forensics and Investigations, 2e18 Viewing Headers (continued)

Guide to Computer Forensics and Investigations, 2e19 Viewing Headers (continued) Hotmail –Click Options, Preferences in menu –Click Advanced Headers –Copy and paste headers Juno –Click Options and select Show Headers –Copy and paste headers

Guide to Computer Forensics and Investigations, 2e20 Viewing Headers (continued)

Guide to Computer Forensics and Investigations, 2e21 Viewing Headers (continued)

Guide to Computer Forensics and Investigations, 2e22 Viewing Headers (continued) Yahoo –Click Mail Options –Click General Preferences and Show All headers on incoming messages WebTV –Send the message to yourself –Open it with your regular client –Message will contain the headers

Guide to Computer Forensics and Investigations, 2e23 Examining Headers Gather supporting evidence and track suspect –Return path –Recipient’s address –Type of sending service –IP address of sending server –Name of the server –Unique message number –Date and time was sent –Attachment files information

Guide to Computer Forensics and Investigations, 2e24 Examining Headers (continued)

Guide to Computer Forensics and Investigations, 2e25 Examining Additional Files messages are saved on the client side or left at the server Microsoft Outlook.pst and.ost files Personal address book UNIX groups –Members read same messages Web-based mail files and folders –History, Cookies, Cache, Temp files

Guide to Computer Forensics and Investigations, 2e26 Tracing an Message Contact those responsible for the sending server Finding domain names point of contact – – – – Find suspect’s contact information Verify your findings against network logs

Guide to Computer Forensics and Investigations, 2e27 Using Network Logs Related to Confirm route Router logs –Record all incoming and outgoing traffic –Have rules to allow or disallow traffic Firewall logs –Filter traffic –Verify whether the passed through You can use any text editor or specialized tools

Guide to Computer Forensics and Investigations, 2e28 Using Network Logs Related to (continued)

Guide to Computer Forensics and Investigations, 2e29 Understanding Servers Computer running server OS and package storage –Database –Flat file Logs –Default or manual –Continuous and circular

Guide to Computer Forensics and Investigations, 2e30 Understanding Servers (continued) Log information – content –Sending IP address –Receiving and reading date and time –System-specific information Contact suspect’s network as soon as possible Servers can recover deleted s –Similar to deletion of files on a hard drive

Guide to Computer Forensics and Investigations, 2e31 Understanding Servers (continued)

Guide to Computer Forensics and Investigations, 2e32 Examining UNIX Server Logs /Etc/Sendmail.cf –Configuration information for Sendmail /Etc/Syslog.conf –Specifies how and which events Sendmail logs /Var/Log/Maillog –SMTP and POP3 communications IP address and time stamp Check UNIX main pages for more information

Guide to Computer Forensics and Investigations, 2e33 Examining UNIX Server Logs (continued)

Guide to Computer Forensics and Investigations, 2e34 Examining UNIX Server Logs (continued)

Guide to Computer Forensics and Investigations, 2e35 Examining UNIX Server Logs (continued)

Guide to Computer Forensics and Investigations, 2e36 Examining Microsoft Server Logs Microsoft Exchange Server (Exchange) –Uses a database –Based on Microsoft Extensible Storage Engine Information Store files –Database files *.edb Responsible for MAPI information –Database files *.stm Responsible for non-MAPI information

Guide to Computer Forensics and Investigations, 2e37 Examining Microsoft Server Logs (continued) Transaction logs –Keep track of databases Checkpoints –Keep track of transaction logs Temporary files communication logs –RES#.log Tracking log

Guide to Computer Forensics and Investigations, 2e38 Examining Microsoft Server Logs (continued)

Guide to Computer Forensics and Investigations, 2e39 Examining Microsoft Server Logs (continued) Troubleshooting or diagnostic log –Log events –Use Windows Event Viewer –Open the Event Properties dialog box for more details about an event

Guide to Computer Forensics and Investigations, 2e40 Examining Novell GroupWise Logs Up to 25 databases for users –Stored on the Ofuser directory object –Referenced by a username, an unique identifier, and.db extension Shares resources with server databases Mailboxes organizations –Permanent index files –QuickFinder

Guide to Computer Forensics and Investigations, 2e41 Examining Novell GroupWise Logs (continued) Folder and file structure can be complex –It uses Novell directory structure Guardian –Directory of every database –Tracks changes in the GroupWise environment –Considered a single point of failure Log files –GW\volz\*.log

Guide to Computer Forensics and Investigations, 2e42 Using Specialized Forensics Tools Tools –AccessData’s FTK –EnCase –FINAL –Sawmill-GroupWise –DBXtract –MailBag –Assistant –Paraben

Guide to Computer Forensics and Investigations, 2e43 Using Specialized Forensics Tools (continued) Tools allow you to find: – database files –Personal files –Off-line storage files –Log files Advantage –Do not need to know how servers and clients work

Guide to Computer Forensics and Investigations, 2e44 Using Specialized Forensics Tools (continued) FINAL –Scans database files –Recovers deleted s –Search computer for lost or delete s FTK –All-purpose program –Filters and finds files specific to clients and servers

Guide to Computer Forensics and Investigations, 2e45 Using Specialized Forensics Tools (continued)

Guide to Computer Forensics and Investigations, 2e46 Summary Send and receive via Internet or a LAN –Both environments use client/server architecture investigations are similar to other kinds of investigations Access victim’s computer to recover evidence Copy and print the message involved in the crime or policy violation Find headers

Guide to Computer Forensics and Investigations, 2e47 Summary (continued) Investigating abuse –Be familiar with server’s and client’s operations Check: – message files – headers – server log files

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.