Unit 6 Tracking Internet Crime. E-Mail Tracing In general, email is also going to be one of the easiest forms to track and trace. Email service providers.

Slides:

Advertisements

Similar presentations

Advertisements

The Internet and the Web

Vodacom Microsoft Hosted Lync

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

Understanding and Building Basic Networks Chapter 3 The Other Internet.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

T.Sharon-A.Frank Multimedia Internet/Web MM Interaction Tools.

HUNTINGTON BEACH PUBLIC LIBRARY Basics. What is ? short for electronic mail send & receive messages over the internet.

Lesson 19 Internet Basics.

Understanding Basics Computer Concepts Unit A.

Choosing an Internet Service Providers (ISP) A SeniorNet Workshop SeniorNet is a service program of the Lutheran Service Society of Western Pennsylvania.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.

Tutorial Video basic skills basic skills Next page -->

TCP/IP (Transmission Control Protocol / Internet Protocol) : The Protocol That Made the Internet Possible. By Albert Kalim (lecture materials quoted by.

CLIENT A client is an application or system that accesses a service made available by a server. applicationserver.

ICT at Work Global Communication.

Introduction to Skype A. Name -. Applies to Skype for home and small business accounts.

Unit 9 Communication Services

Guide to Computer Forensics and Investigations, Second Edition Chapter 13 Investigations.

This presentation will be all about s, etiquette and software. I will be going through each one of these individually and thoroughly step.

This presentation will be all about s, etiquette and software. I will be going through each one of these individually and thoroughly step.

Lecturer: Ghadah Aldehim

Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.

Discovering Computers 2010 Chapter 2 The Internet and World Wide Web.

WXET1143 Lecture7: , Chat and Messaging. Introduction  Electronic mail is everywhere.  Now many people in business, government, and education use.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.

Guide to Computer Forensics and Investigations Fourth Edition Unit 8 Investigations.

Chapter 3 Social Media Revolution Video. 1. Guidelines a. Determine the information you need. b. Consider who is likely to have the info. c. Communicate.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

What is and How Does it Work?  Electronic mail ( ) is the most popular use of the Internet. It is a fast and inexpensive way of sending messages.

Unit 2—Using the Computer Lesson 14 and Electronic Communication.

Understanding Technology Crime Investigation for Managers.

6 th Annual Focus Users’ Conference 6 th Annual Focus Users’ Conference Communication Tools Presented by: Lauren Velazquez Presented by: Lauren Velazquez.

An Overview of the Internet: The Internet: Then and Now How the Internet Works Major Features of the Internet.

Using Skype to Communicate with Family and Friends Presented by: Karla Lechuga.

Visiting Angels Presenter: Social Angel Facebook.com/VisitingAngelsCorporate Social Care.

Communication, Networks, The internet and the Worldwide Web.

Networks CS105. What is a computer network? A computer network is a collection of computing devices that are connected in various ways so that they can.

advantages The system is nearly universal because anyone who can access the Internet has an address. is fast because messages.

Tracking Changes in MS Word. Track Changes Allows you to keep track of the changes you make to a document Extremely helpful when more than one person.

Microsoft Office Illustrated Introductory, Second Edition Started with Outlook 2003 Getting.

Phishing Lab. Lab 9: Phishing ● Step 1: Acquire Some Data ● Open the Phishing_Evidence document. This is the original in its initial format as.

© 2008 Pearson Education, Inc. Prentice Hall Upper Saddle River, NJ Investigating High-Tech Crime By Michael Knetzger and Jeremy Muraski Tracing.

Basic Features and Options Accessing  Means of communicating electronically via the Internet.  Used by individuals, businesses,

1 UNIT 13 The World Wide Web Lecturer: Kholood Baselm.

The Internet 8th Edition Tutorial 3 Using Web-Based Services for Communication and Collaboration.

Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 2 1 Evaluating an Program and a Web-Based Service Basic Communication.

Securing and Sharing Workbooks Lesson 11. The Review Tab Microsoft Excel provides several layers of security and protection that enable you to control.

Amanda Fristy Damara Thea Bayu Gerhana Yuda Evita Fitri Ila Uswatun Hasanah Putri Ayuning Kartika Presented by :

RYAN HICKLING. WHAT IS AN An messages distributed by electronic means from one computer user to one or more recipients via a network.

Do Now: Describe the steps used to access the comments tool in MS Word. ( review your notes for the answer) Ex: Step 1. Select the text or item you want.

Revision Unit 1 – The Online World Online Services Online Documents Online Communication Cloud Computing The Internet Internet Infrastructure Internet.

The Internet Technological Background. Topic Objectives At the end of this topic, you should be able to do the following: Able to define the Internet.

1 UNIT 13 The World Wide Web. Introduction 2 Agenda The World Wide Web Search Engines Video Streaming 3.

1 UNIT 13 The World Wide Web. Introduction 2 The World Wide Web: ▫ Commonly referred to as WWW or the Web. ▫ Is a service on the Internet. It consists.

Step 1 Lead Notifications Dear Partner, New leads have been assigned to your organization based on customer preference and are available for you.

Electronic mail News File transfer protocol Chat Instant messaging Online services Online shopping.

GroupRocket.net. Years back checking s in the morning was the first ever thing most of the professionals would start their day with. And with the.

18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.

THE NEED FOR DNS DOMAIN NAME SYSTEM

Basics HURY DEPARTMENT OF COMPUTER SCIENCE M.TEJASWINI.

Basic Features and Options

Basic Features and Options

Presentation transcript:

Unit 6 Tracking Internet Crime

Tracing In general, is also going to be one of the easiest forms to track and trace. service providers plan for and provide online mailbox storage of the messages, usually for the sender and the recipient. Secondly, messages have the source and destination information encoded right into them to ensure proper routing. This encoded addressing scheme is usually not seen by the average user.

Contd’ Most users generally only see lines such as To:, From:, Re:, and the date. This information is commonly referred to as brief headers. Behind the scenes in the full header (i.e. full headers), the actual message routing code is present. When someone views the full header, he or she can examine the source and destination information in its entirety. Additionally, as the message travels across the Internet, it will pass through other computers (routers) as it travels to the recipient. Each routing server or other PC it touches will generally also add code to the header with the IP address of the server and a timestamp for when it passed through that system.

Beginning the trace It would stand to reason that the first step in tracing any would be to examine the full header. There is one prior step that should be taken, however, as is the case with all other digital evidence. To ensure that we do not modify, alter, or destroy digital evidence, it should be standard operating procedure to first make an exact digital copy or clone of the evidence, or, in this case, the message. In some major cases this will mean cloning an entire hard drive. In the case of a lower-level case, it could mean simply saving the to a disk or other storage device, such as a USB key. Some jurisdictions may have adopted their state’s harassment statute as a municipal ordinance violation.

Tracing Contd’ Once we have ensured the safety of at least one exact copy, we can then begin to analyze an evidentiary copy. In our evidence copy, then, the first step is to analyze the full headers of that address. Most programs by default only display the brief headers (To, From, RE:, Date, etc.), but all types of , including web-based such as Hotmail ® and Yahoo! ® mail, can be set up to display the full headers by selecting that option.

Tracing Many lines of data, including names of servers, addresses, IP addresses, and timestamps. The investigator will need to go through this material in chronological order to see how the message traveled. Generally speaking, we will work from the most recent timestamp (the recipient) backwards to the oldest timestamp (the sender). The first timestamp occurred when the sender hit the send button on his or her application and the message first touched the server for the sender’s Internet service provider. This will list the IP address the sender’s personal computer had at the time it connected and sent that message.

Working Backwards The next IP address and timestamp in the line will generally be the IP address of the sender’s Internet service provider’s server. The third will usually be the server of the recipient’s ISP. The final IP address will be the IP address that was assigned to the recipient’s computer at the time that the recipient got the message from the ISP server to his or her PC. Once an investigator has isolated the IP addresses and timestamps in the full header of an , the next step is to verify who is responsible for that IP address.

On the Internet, domain name information and IP address information can be tracked using a WHOIS query. There are many agencies that are responsible for the sale and registration of IP addresses and domain names. One of the most wide-reaching agencies is the American Registry for Internet Numbers (ARIN), which can be accessed by going to Investigators can type any domain name or IP address into a WHOIS search function, and the databases of the registry will give them registration information, including what company owns or maintains a given IP address or range of addresses.

The easiest scenario would be the case where a user has his or her Internet service and accounts with the same company. Many users will, however, have many different accounts, used for different purposes. It is not uncommon for one person to use the cable company for Internet connection, have an address through their cable company, and have several separate address accounts with online mail providers such as Yahoo ®, and Hotmail ®.

Once the responsible provider and Internet service provider have been determined, the investigator can draft a subpoena for records from the companies. Some companies can be served with the subpoena at the mailing address provided in their WHOIS search results. Other companies have different procedures, ranging from very strict procedures, such as AOL™, to more lax approaches. AOL subpoenas and search warrants have to be served locally in Virginia. Some other companies will accept a fax of the document and begin processing the request immediately. Each company should have a designated point of contact for questions regarding subpoenas and search warrants.

Instant Messaging & Chat Instead of waiting for a user to receive, open, and read an message before responding, two users can meet online to type text back and forth to each other in real time. Extremely fast and is limited only by the distance the electrical impulses have to travel between users. Even users on opposite continents might only see a delay of a few seconds, hence the name “instant messaging.” There are various types of instant messaging, including personal messaging and chat rooms. One of the most popular versions of IM is ICQ, which is slang for “I seek you.”

Investigative Challenges Instant Messaging, VOIP, and video conferencing investigations all have one major hurdle and several smaller problems to overcome. Records of these conversations are only kept for a very short time by Internet service providers. Service providers can literally have millions or billions of instant messages per day pass through their servers. They simply do not have enough storage capacity to store them all for any length of time.

Challenges Contd’ Secondly, it takes very little information to sign up for an account or instant-messaging service. One can literally sign up for a screen name with completely bogus information, and signing up may only take a few minutes. A user could easily create dozens of online profiles in an afternoon. The only information someone might have about someone who communicates with him or her via IM is the sender’s screen name or address. It becomes much harder, therefore, to trace back an instant communication to the person sending it. Time is not on the investigator’s side.

Timely Investigative Options Once the screen name or address of the sender is determined, a subpoena for records can be drafted to get all records the company has on the person with that name or address. Investigators should again pay close attention to the time and date of the offending communication. If they can narrow that down, the company might have a record of what the offending user’s IP address was at the time the message was sent. Investigators can WHOIS that IP address to determine what Internet service provider the offender was using and subpoena name, address, and billing information from that Internet service provider. A confirmed could also be sent to verify the user’s IP address.

Records Unless a violation is immediately reported and immediately investigated, there may be little an investigator can go on. One piece of good news, however, is that many instant messaging programs save logs or transcripts of all chat sessions right on the victim’s PC. Some have this feature enabled by default, while others require the user to specifically turn on that feature. During a child enticement investigation it will clearly document conversations between the victim and offender, and may even contain specific statements of the offender’s criminal intent. Can be on the victim’s PC, the suspect’s PC, or both.