Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Slides:



Advertisements
Similar presentations
Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.
Advertisements

Network Layer and Transport Layer.
The Internet Useful Definitions and Concepts About the Internet.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
Lesson 19 Internet Basics.
©Brooks/Cole, 2003 Chapter 6 Computer Networks. ©Brooks/Cole, 2003 Understand the rationale for the existence of networks. Distinguish between the three.
Chapter Overview TCP/IP Protocols IP Addressing.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Process-to-Process Delivery:
15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.
Internet Vulnerabilities & Criminal Activities 1.2 – 9/12/2011 Structure of Internet Communications 1.2 – 9/12/2011 Structure of Internet Communications.
Module 1: Reviewing the Suite of TCP/IP Protocols.
Forensic and Investigative Accounting
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:
Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
Chapter 9.
Presentation on Osi & TCP/IP MODEL
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.
Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.
TCP/IP Yang Wang Professor: M.ANVARI.
Copyright © 2002 Pearson Education, Inc. Slide 3-1 CHAPTER 3 Created by, David Zolzer, Northwestern State University—Louisiana The Internet and World Wide.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Chapter Three Network Protocols By JD McGuire ARP Address Resolution Protocol Address Resolution Protocol The core protocol in the TCP/IP suite that.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources.
An Overview of the Internet: The Internet: Then and Now How the Internet Works Major Features of the Internet.
The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.
1 Networking Chapter Distributed Capabilities Communications architectures –Software that supports a group of networked computers Network operating.
Internet Protocol B Bhupendra Ratha, Lecturer School of Library and Information Science Devi Ahilya University, Indore
CHAPTER 5 TCP/IP PROTOCOLS. P ROTOCOL STANDARDS Protocols are formal rules of behavior When computers communicate, it is necessary to define a set of.
1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.
Networking Fundamentals Network Protocols. Protocol Rule for how networks communicate Each OSI layer handled by one or more protocols Protocol Suites.
TCP/IP (Transmission Control Protocol / Internet Protocol)
S305 – Network Infrastructure Chapter 5 Network and Transport Layers.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
INTERNET PROTOCOLS. Microsoft’s Internet Information Server Home Page Figure IT2031 UNIT-3.
TCP =Transmission Control Protocol IP = Internet Protocol TCP/IP Protocol.
Protocol Layering Chapter 11.
2.1 Chapter 2 Network Models – cont. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Topic 6, Lesson 3: The Internet Computer Communications and Networking.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
The OSI Model. Understanding the OSI Model In early 1980s, manufacturers began to standardize networking so that networks from different manufacturers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Chapter 5 Network and Transport Layers
LESSON Networking Fundamentals Understand TCP/IP.
The OSI Model and the TCP/IP Protocol Suite
Networking for Home and Small Businesses – Chapter 6
Lecture 6: TCP/IP Networking By: Adal Alashban
Web Development & Design Chapter 1, Sections 4, 5 & 6
Networking for Home and Small Businesses – Chapter 6
The OSI Model and the TCP/IP Protocol Suite
Topic 5: Communication and the Internet
I. Basic Network Concepts
Network Protocol Layers
Process-to-Process Delivery:
Chapter Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of various network.
Networking Theory (part 2)
Networking for Home and Small Businesses – Chapter 6
Protocol Application TCP/IP Layer Model
The OSI Model and the TCP/IP Protocol Suite
Kyle Broussard, Alexandra Mikolai,
Networking Theory (part 2)
Networking Theory (part 2)
Presentation transcript:

Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Chapter 14Forensic and Investigative Accounting2 Hacker Defined A hacker is generally defined as an individual or group whose intent is to gain access to a computer network for malicious purposes.

Chapter 14Forensic and Investigative Accounting3 Collecting Clues and Evidence A forensic investigator needs to be familiar with the protocols used on the Internet to be able to collect clues about either internal or external attackers. In addition, when law enforcement officials send requests or subpoenas for information about a company’s logs, the forensic analyst must understand the type of information being sought.

Chapter 14Forensic and Investigative Accounting4 Protocols Internet protocols are those rules allowing different operating systems and machines to communicate with one another over the Internet.

Chapter 14Forensic and Investigative Accounting5 Transmission Control Protocol (TCP) and Internet Protocol (IP) TCP/IP protocols are the communication guidelines used and widely supported over the Internet. TCP/IP protocols are the communication guidelines used and widely supported over the Internet. Almost every packet of information sent over the Internet uses the datagrams contained within a TCP/IP envelope. The datagrams consist of layers of information needed to verify the packet and get the information from the sender’s to the receiver’s location following traffic control guidelines. Almost every packet of information sent over the Internet uses the datagrams contained within a TCP/IP envelope. The datagrams consist of layers of information needed to verify the packet and get the information from the sender’s to the receiver’s location following traffic control guidelines.

Chapter 14Forensic and Investigative Accounting6 Transmission Control Protocol (TCP) and Internet Protocol (IP) Message encapsulation is used in sending the packets. In message encapsulation, each layer of information in the sent packet is interpreted by the same layer at the receiving end of the transmission. Additionally, each layer can only communicate with the one directly above or below it.

Chapter 14Forensic and Investigative Accounting7 Transmission Control Protocol (TCP) and Internet Protocol (IP) Application Layer Transportation Layer Network Layer Data Link Layer Hardware Layer Electronic Impulse Layered Operating System Interconnection (OSI) Model

Chapter 14Forensic and Investigative Accounting8 Transmission Control Protocol (TCP) and Internet Protocol (IP) The application layer issues the commands that define the operations. The application layer issues the commands that define the operations. The transportation layer functions to provide reliable message delivery. The transportation layer functions to provide reliable message delivery. The network layer controls the route the data takes to get to its destination. The network layer controls the route the data takes to get to its destination. (continued on next slide)

Chapter 14Forensic and Investigative Accounting9 Transmission Control Protocol (TCP) and Internet Protocol (IP) The data link layer transfers the datagram from one network node to another. The data link layer transfers the datagram from one network node to another. The hardware layer (or physical layer) provides the means of sending and receiving data on a network by converting bits into voltages for transmission to a coax cable. The hardware layer (or physical layer) provides the means of sending and receiving data on a network by converting bits into voltages for transmission to a coax cable.

Chapter 14Forensic and Investigative Accounting10 IP Address Defined An IP address is a 32-bit number (four bytes) that identifies the sender and recipient who is sending or receiving a packet of information over the Internet.

Chapter 14Forensic and Investigative Accounting11 New Version of IP Addresses IPv4 is being replaced with IPv6. IPv4 is being replaced with IPv6. The reason for the change is that the 32 bit version has run out of IP addresses. The reason for the change is that the 32 bit version has run out of IP addresses. IPv6 uses 64-bits. IPv6 uses 64-bits. IPv6 provides for approximately 340,282,366,920,938,000,000,000,000, 000,000,000,000 unique IP addresses. IPv6 provides for approximately 340,282,366,920,938,000,000,000,000, 000,000,000,000 unique IP addresses.

Chapter 14Forensic and Investigative Accounting12 Web Log Entries One important method for finding the web trail of an attacker is in examining web logs. One important method for finding the web trail of an attacker is in examining web logs. Recorded network logs provide information needed to trace all website usage. Recorded network logs provide information needed to trace all website usage.

Chapter 14Forensic and Investigative Accounting13 Web Log Entries Information provided in a log includes the visitor’s IP address, geographical location, the actions the visitor performs on the site, browser type, time on page, and the site the visitor used before arriving. Information provided in a log includes the visitor’s IP address, geographical location, the actions the visitor performs on the site, browser type, time on page, and the site the visitor used before arriving. Logs should be stored on a separate computer from the web server hosting the site so they cannot be easily altered. Logs should be stored on a separate computer from the web server hosting the site so they cannot be easily altered.

Chapter 14Forensic and Investigative Accounting14 TCPDUMP TCPDUMP is a form of network sniffer that can disclose most of the information contained in a TCP/IP packet. TCPDUMP is a form of network sniffer that can disclose most of the information contained in a TCP/IP packet. A sniffer is a program used to secretly capture datagrams moving across a network and disclose the information contained in the datagram’s network protocols. A sniffer is a program used to secretly capture datagrams moving across a network and disclose the information contained in the datagram’s network protocols.

Chapter 14Forensic and Investigative Accounting15 Decoding Simple Mail Transfer Protocol (SMTP) SMTP is the protocol used to send over the Internet. SMTP is the protocol used to send over the Internet. SMTP server logs can be used to check the path of the from the sending host to the receiving host. SMTP server logs can be used to check the path of the from the sending host to the receiving host.

Chapter 14Forensic and Investigative Accounting16 Decoding Simple Mail Transfer Protocol (SMTP) Most of the important information about the origin of an message is in the long form of the header. The most important data for tracing purposes is the IP addresses and the message ID.

Chapter 14Forensic and Investigative Accounting17 Tracing and Decoding IP Addresses Traceroute Traceroute Whois Whois Ping Ping Finger searches Finger searches

Chapter 14Forensic and Investigative Accounting18 Narrowing the Search Preliminary Incident Response Form Preliminary Incident Response Form John Doe subpoena John Doe subpoena

Forensic Audit The forensic audit is an audit performed to determine whether fraud is being committed in the executive boardroom. The monitoring methods used in a forensic audit are investigative, directed at top-level executives, and do not rely on a traditional accounting audit practices. The forensic audit is an audit performed to determine whether fraud is being committed in the executive boardroom. The monitoring methods used in a forensic audit are investigative, directed at top-level executives, and do not rely on a traditional accounting audit practices. Chapter 14Forensic and Investigative Accounting19

Chapter 14Forensic and Investigative Accounting20 Due Diligence Searches Internet databases Internet databases –General searches –Name, telephone number, and address search engines –Internet relay chat (IRC), FTP, and Listserv searches –Usenet postings search –Legal records –Instant messaging (IM) Web page searches Web page searches Government data searches Government data searches Miscellaneous searches Miscellaneous searches

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.