Download presentation
Presentation is loading. Please wait.
Published byMadlyn Davis Modified over 8 years ago
1
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein
2
18-2 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein The Internet, often referred to as the “information superhighway,” has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe. No subject or profession remains untouched by the Internet, and this is so for forensic science. A major impact of the Internet will be to bring together forensic scientists from all parts of the world, linking them into one common electronic community.
3
18-3 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein The Internet is often described as a “network of networks” The Internet connects thousands of networks through a modem. A modem is a device that allows computers to exchange information through telephone lines. Cable lines help with higher speed connections
4
18-4 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Computers can be linked or networked through wire or wireless (WI-Fi) connections. Computers that participate in the Internet have a unique numerical Internet Provider (IP) address and usually a name.
5
18-5 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein The World Wide Web is a collection of pages stored in the computers. Each page has a specific web browser that makes his accessible to the public. (They also have a specific URL) Many web pages can be found by using search engines. You can search thousands of topics by typing in keywords.
6
18-6 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein The service that is most commonly used in conjunction with the Internet is electronic mail (e-mail). This communication system can transport messages across the world in a matter of seconds. In order to send and receive e-mails, you must have an e-mail address.
7
18-7 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein It is important from the investigative standpoint to be familiar with the evidence left behind from a user’s Internet activity. A forensic examination of a computer system will reveal quite a bit of data about a user’s Internet activity.
8
18-8 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Evidence of Internet web browsing exists in abundance on the user’s computer. This web browsing Internet cache is a potential source of evidence for the computer investigator. Even if the files have been deleted, they can still be recovered. Allows investigators to recreate some or all of a visited webpage.
9
18-9 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Cookies are placed on the local hard disk drive by the web site the user has visited. (only if the website is set up to allow them to be placed.) A cookie is used by the web site to track certain information about its visitors. They can store history of visits or purchasing habits, to passwords and personal information used for later visits.
10
18-10 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Most web browsers track the history of web page visits for the computer user. The internet history creates a list of websites most recently visited, some storing weeks worth of visits. The history file can be located and read with most popular computer forensic software packages.
11
18-11 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Another way users can access websites quickly is to store them in their “bookmarks” or “favorite places.” A bookmark can reveal a person’s interests or hobbies. It can also reveal any criminal activity that they have saved.
12
18-12 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Computer investigations often begin or are centered around Internet communication. It may be: › a chat conversation amongst many people, › an instant message conversation between just two individuals, › or the back and forth of an e-mail exchange.
13
18-13 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein in order to communicate on the Internet a device needs to be assigned an Internet Protocol (IP) address. The IP address is provided by the Internet Service provider from which the device accesses the Internet. This means that the IP address might lead to the identity one specific person, making them valuable to computer investigators everywhere.
14
18-14 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein IP addresses are not always found in the same place. They may not be seen right away, and it may take some searching to reveal it. In the case of an Instant Message or Chat session, the particular provider would be contacted to provide the users IP address. (an IP address comes in a sequence of numbers. The numbers can be any number from 0 to 255. ex: 66.94.244.13)
15
18-15 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Finding IP addresses may be difficult. ›E-mail can be read through a number of clients or software programs. ›Often the majority of chat and instant message conversations are not saved by the parties involved. Each application needs to be researched and the computer forensic examination guided by an expert with an understanding of how it functions.
16
18-16 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Hacking is penetrating another person’s computer without authorization. A hacker may have many motives: In some cases the hacker wants information, and other times it’s merely to show off skills. An employee may also hack a network to do some form of damage to a company
17
18-17 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Generally speaking, when investigating an unauthorized computer intrusion, investigators will concentrate their efforts in three locations: › log files › volatile memory › network traffic
18
18-18 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Logs will typically document the IP address of the computer that made the connection. Most servers that exist on the Internet track connections made to them through the use of logs. Firewalls might contain logs of who was allowed access to that specific network. The router might hold log files of connections
19
18-19 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein The technique that the computer is hacked with might lead to an identity. When intruding, the intruder might have to capture volatile data(located in RAM), providing clues to their identity Data only stores in RAM if connected to power, so pulling the plug could erase all data in RAM. Data from instant messages may possibly remain.
20
18-20 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein An investigator can also document all installed and running programs. This may lead to discovery of malicious software used to hack the system. This process involves using special software designed to document these items
21
18-21 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein Live network traffic travels in “data packets” and also contain the source and destination IP address. This is useful if the attack required two way communication. (ex: A hacker steals data that needs to be transmitted back to his/her computer.)
22
18-22 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein To get there, the destination IP address is needed. Once this is learned, the investigation can focus on that system. Moreover, the type of data that is being transmitted on the network may be a clue as to what type of attack is being launched, if any important data is being stolen, or types of malicious software, if any, that are involved in the attack.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.