18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein FORENSIC SCIENCE AND.

Slides:



Advertisements
Similar presentations
The Internet and the Web
Advertisements

The Internet By Rory Gallagher. What is The Internet? The internet is a worldwide, publicly accessible network of interconnected computer networks. The.
® Microsoft Office 2010 Browser and Basics.
BlueRedGreenPurpleOrange.
 2008 Pearson Education, Inc. All rights reserved Web Browser Basics: Internet Explorer and Firefox.
Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.
Files, Folders, Telecommunications, & Services Dreamweaver for Business & College Mrs. Wilson.
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
The Internet and the World Wide Web. Una DooneyThe Internet and WWWSlide 2 What is the Internet? A collection of networks (LANS and WANS) around the world.
Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Lesson 19 Internet Basics.
Computer Networks IGCSE ICT Section 4.
CHAPTER THE INTERNET, THE WEB, AND ELECTRONIC COMMERCE 22.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
The Internet. What is the internet? a vast network designed to transfer data from one computer to another.
By: Bihu Malhotra 10DD.   A global network which is able to connect to the millions of computers around the world.  Their connectivity makes it easier.
With Internet Explorer 8© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 Go! with Internet Explorer 8 Getting Started.
INTERNET CHAPTER 12 Information Available The INTERNET contains a huge amount of information a huge amount of information information on any topic you.
18-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein COMPUTER FORENSICS.
CHAPTER 2 Communications, Networks, the Internet, and the World Wide Web.
Connecting one computer to another computer creates a network.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Chapter 8 The Internet: A Resource for All of Us.
Internet Application. understanding Addresses Routing of Instant Messaging Collaborative Computing Grid Social networking Forums Societies.
IT Introduction to Information Technology. The Internet & World Wide Web Began in 1969 with the ARPANET (Advanced Research Project Agency Network)
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
>> Introduction To The Internet Mr. Garel St. BACHS.
An Overview of the Internet: The Internet: Then and Now How the Internet Works Major Features of the Internet.
Computer and Information Science Ch1.3 Computer Networking Ch1.3 Computer Networking Chapter 1.
Introduction to Computers COMP 900 St. Lawrence College Lecture Two: Networking and the Internet.
Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.
Communication, Networks, The internet and the Worldwide Web.
Networks CS105. What is a computer network? A computer network is a collection of computing devices that are connected in various ways so that they can.
Internet Research Tips Daniel Fack. Internet Research Tips The internet is a self publishing medium. It must be be analyzed for appropriateness of research.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
Chapter 6 Data Communications. Network Collection of computers Communicate with one another over transmission line Major types of network topologies What.
INTERNET. Objectives Explain the origin of the Internet and describe how the Internet works. Explain the difference between the World Wide Web and the.
Topic 5: Basic Security.
The Internet Teaching Learning Seminar Computer Studies.
MODULE 3 Internet Basics © Paradigm Publishing, Inc.1.
XP Browser and Basics COM111 Introduction to Computer Applications.
Networking Basics Objectives: 1. Utilize appropriate vocabulary to communicate effectively in a technological society. 6. Describe uses of a networked.
CPT 499 Internet Skills for Educators Overview of the Internet Session One.
Lesson No:12 Introduction to Internet CHBT-01 Basic Micro process & Computer Operatio.
THE INTERNET INTRODUCTION TO BUSINESS TECHNOLOGY.
The Internet  Define the internet  Discuss advantages of the internet  List requirement needed to access the internet.
and Internet Explorer.  The transmission of messages and files via a computer network  Messages can consist of simple text or can contain attachments,
Computers Are Your Future Eleventh Edition Chapter 6: The Internet and the World Wide Web Copyright © 2011 Pearson Education, Inc. Publishing as Prentice.
COM: 111 Introduction to Computer Applications Department of Information & Communication Technology Panayiotis Christodoulou.
INTERNET AND . WHAT IS INTERNET The Internet can be defined as the wired or wireless mode of communication through which one can receive, transmit.
18-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein COMPUTER FORENSICS.
1 UNIT 13 The World Wide Web. Introduction 2 Agenda The World Wide Web Search Engines Video Streaming 3.
1 UNIT 13 The World Wide Web. Introduction 2 The World Wide Web: ▫ Commonly referred to as WWW or the Web. ▫ Is a service on the Internet. It consists.
The Internet and the WWW IT-IDT-5.1. History of the Internet How did the Internet originate? Goal: To function if part of network were disabled Became.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Computer network Ch.5.
ICT Communications Lesson 1: Using the Internet and the World Wide Web
Forensic Science and the Internet Part 1
Introduction to Computer Concept
(Discussion – The Internet and the World Wide Web)
E-commerce Infrastructure Web Servers / Web Clients / Web Browsers
Chapter 18 FORENSIC SCIENCE ON THE INTERNET
The Internet and Electronic mail
Presentation transcript:

18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein FORENSIC SCIENCE AND THE INTERNET Chapter 18

18-2 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Introduction The Internet, often referred to as the “information superhighway,” has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe. No subject or profession remains untouched by the Internet, and this is so for forensic science. A major impact of the Internet will be to bring together forensic scientists from all parts of the world, linking them into one common electronic community.

18-3 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein A Network of Networks The Internet can be defined as a “network of networks.” –A single network consists of two or more computers that are connected to share information. –The Internet connects thousands of these networks so all of the information can be exchanged worldwide. Connections can be made through a modem, a device that allows computers to exchange and transmit information through telephone lines. Higher speed broadband connections are available through cable lines or through DSL telephone lines.

18-4 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein A Network of Networks Computers can be linked or networked through wire or wireless (WI-Fi) connections. Computers that participate in the Internet have a unique numerical Internet Provider (IP) address and usually a name.

18-5 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein The World Wide Web The most popular area of the Internet is the World Wide Web. It is considered a collection of pages stored in the computers connected to the Internet throughout the world. Web browsers allow the user to explore information stored on the Web and to retrieve Web pages the viewer wishes to read. Several directories and indexes on the Internet, known as search engines, are available to assist the user in locating a particular topic from the hundreds of thousands of web sites located on the Internet. Commercial Internet service providers connect computers to the Internet while offering the user an array of options. –A keyword or phrase entered into a search engine will locate sites on the Internet that are relevant to that subject.

18-6 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Electronic Mail ( ) The service that is most commonly used in conjunction with the Internet is electronic mail ( ). This communication system can transport messages across the world in a matter of seconds. Extensive information relating to forensic science is available on the Internet. The types of Web pages range from simple explanations of the different fields of forensics to intricate details of forensic science specialties.

18-7 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Forensic Analysis of the Internet It is important from the investigative standpoint to be familiar with the evidence left behind from a user’s Internet activity. A forensic examination of a computer system will reveal quite a bit of data about a user’s Internet activity. The data described on the next few slides would be accessed and examined utilizing the forensic techniques outlined in Chapter 17.

18-8 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Internet Cache Evidence of Internet web browsing typically exists in abundance on the user’s computer. Most web browsers (Internet Explorer, Netscape, and Firefox) utilize a system of caching to expedite web browsing and make it more efficient. This web browsing Internet cache is a potential source of evidence for the computer investigator. Portions of, and in some cases, entire visited web pages can be reconstructed. Even if deleted, these cached files can often be recovered.

18-9 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Internet Cookies To appreciate the value of the “cookie” you must first understand how they get onto the computer and their intended purpose. Cookies are placed on the local hard disk drive by the web site the user has visited. This is, of course, if the particular web browser being used is set to allow this to happen. A cookie is used by the web site to track certain information about its visitors. This information can be anything from history of visits or purchasing habits, to passwords and personal information used to recognize the user for later visits.

18-10 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Internet History Most web browsers track the history of web page visits for the computer user. This is probably done merely for a matter of convenience. Like the “recent calls” list on a cell phone, the Internet history provides an accounting of sites most recently visited, with some storing weeks worth of visits. Users have the availability to go back and access sites they most recently visited, just by accessing them through the browser’s history. The history file can be located and read with most popular computer forensic software packages.

18-11 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Bookmarks and Favorite Places Another way users can access websites quickly is to store them in their “bookmarks” or “favorite places.” Like a pre-set radio station, Internet browsers allow a user to bookmark websites for future visits. A lot can be learned from the bookmarked sites of a person. Perhaps you might learn what online news a person is interested in or what type of hobbies he/she has. You may also see that person’s favorite child pornography or computer hacking sites bookmarked.

18-12 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Internet Communications Computer investigations often begin or are centered around Internet communication. It may be: –a chat conversation amongst many people, –an instant message conversation between just two individuals, –or the back and forth of an exchange. Human communication has long been a source of evidentiary material. Regardless of the type, investigators are typically interested in communication.

18-13 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Value of the IP address In our earlier discussion, it was stated that in order to communicate on the Internet a device needs to be assigned an Internet Protocol (IP) address. The IP address is provided by the Internet Service provider from which the device accesses the Internet. Thus it is the IP address that might lead to the identity of a real person. If an IP address is the link to the identity of a real person, then it would quite obviously be very valuable for identifying someone on the Internet.

18-14 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein IP Address Locations IP addresses are located in different places for different mediums of communications. will have the IP address in the header portion of the mail. –This may not be readily apparent and may require a bit of configuration to reveal. –Each client is different and needs to be evaluated on a case by case basis. In the case of an Instant Message or Chat session, the particular provider (the one providing the mechanism of chat - AOL, Yahoo, etc.) would be contacted to provide the users IP address).

18-15 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Difficulty with IP Addresses Finding IP addresses may be difficult. – can be read through a number of clients or software programs. –Most accounts offer the ability to access through a web-based interface as well. –Often the majority of chat and instant message conversations are not saved by the parties involved. Each application needs to be researched and the computer forensic examination guided by an understanding of how it functions.

18-16 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Hacking Unauthorized computer intrusion, more commonly referred to as hacking, is the concern of every computer administrator. Hackers penetrate computer systems for a number of reasons. –Sometimes the motive is corporate espionage and other times it is merely for bragging rights within the hacker community. –Most commonly though, it is a rogue or disgruntled employee, with some knowledge of the computer network, who is looking to cause damage. Despite the motivation, Corporate America is frequently turning to law enforcement to investigate and prosecute these cases.

18-17 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Locations of Concentration Generally speaking, when investigating an unauthorized computer intrusion, investigators will concentrate their efforts in three locations: –log files –volatile memory –network traffic

18-18 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Logs Logs will typically document the IP address of the computer that made the connection. Logs can be located in several locations on computer network. Most servers that exist on the Internet track connections made to them through the use of logs. Additionally the router, ( the device responsible for directing data) might possibly contain logs files detailing connections. Similarly, devices known as firewalls might contain log files which list computers that were allowed access to the network or an individual system.

18-19 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Use of Volatile Data Many times, in cases of unlawful access to a computer network, some technique is used by the perpetrator to cover the tracks of his IP address. Advanced investigative techniques might be necessary to discover the true identity. Where an intrusion is in progress the investigator might have to capture volatile data (data in RAM). The data existing in RAM at the time of an intrusion may provide valuable clues into the identity of the intruder, or at the very least the method of attack. In the case of the instant message or chat conversation, the data that exists in RAM needs to be acquired.

18-20 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein An Additional Standard Tactic Another standard tactic for investigating intrusion cases is documenting all programs installed and running on a system. By doing this the investigator might discover malicious software installed by the perpetrator to facilitate entry. This is accomplished utilizing specialized software designed to document running processes, registry entries, and any installed files.

18-21 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein Live Network Traffic The investigator may want to capture live network traffic as part of the evidence collection and investigation process. Traffic that travels the network does so in the form of data packets. In addition to containing data these packets also contain source and destination IP addresses. If the attack requires two-way communication, as in the case of a hacker stealing data, then it needs to be transmitted back to the hacker’s computer.

18-22 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein The Destination IP Address To get there, the destination IP address is needed. Once this is learned, the investigation can focus on that system. Moreover, the type of data that is being transmitted on the network may be a clue as to what type of attack is being launched, if any important data is being stolen, or types of malicious software, if any, that are involved in the attack.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.