Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forensic Science and the Internet Part 1

Published byMiles Wood Modified over 6 years ago

Similar presentations

Presentation on theme: "Forensic Science and the Internet Part 1"— Presentation transcript:

1 Forensic Science and the Internet Part 1
The Internet and the World Wide Web

2 Forensic Science and the Internet
Learning Objectives Understand how the Internet is structured Know how to search for information on the Internet Describe information retrieval sources, such as mailing lists and newsgroups, available through the Internet Learn how to retrieve information about forensic science on the Internet

3 Forensic Science and the Internet
Learning Objectives Relate various areas found on the computer where a user’s Internet activities can be investigated Describe how s, chat, and instant messages on the Internet can be traced and recovered List and describe three locations where investigators may pinpoint the origin of a hacker

4 The Internet A single network consists of two or more computers that are connected to share information. The Internet can be defined as a “network of networks” – it connects thousands of networks so information can be exchanged worldwide.

5 The Internet At one time, connection to the Internet was made through a modem, a device that allows computers to exchange and transmit information through telephone lines. Higher speed broadband connections are available through cable lines or through DSL telephone lines.

6 The Internet Computers can be linked or networked through wired or wireless (Wi-Fi) connections. Computers that participate in the Internet have a unique numerical Internet protocol (IP) address and usually a name.

7 The World Wide Web Web browsers allow the user to explore information stored on the Web and to retrieve Web pages the viewer wishes to read. Hypertext is highlighted text or graphics on a Web page that, when clicked, links to other Web sites.

8 The World Wide Web Hypertext has given rise to the expressions browsing and surfing the Net. Several directories and indexes on the Internet, known as “search engines”, help users find information on a particular topic from the millions of websites located on the Internet.

9 Forensic Science and the Internet Part 2
More About the Forensics of the Internet

10 Forensic Analysis of Internet Data
It’s important from the investigative standpoint to be familiar with the evidence left behind from a user’s Internet activity. A forensic examination can reveal quite a bit of data about these activities. Forensic CSIs would access and examine the following areas to determine a suspect’s internet behavior: internet cache cookies internet history bookmarks and favorite places

11 Even if deleted, these cache files can often be recovered.
Internet Cache When a user accesses a web site, data is transferred from the server at that site to the user’s computer. To expedite web browsing and make it more efficient, most web browsers use an internet cache that stores, or caches, portions of the pages visited on the local HDD. This way, if the page is revisited, portions of it can be reconstructed more quickly from this saved data, rather than having to pull it yet again from the Internet and use bandwidth. This cache is a potential source of evidence for the computer investigator. Even if deleted, these cache files can often be recovered.

12 Cookie files can be a valuable source of evidence.
Cookies Internet “cookies” are another area where potential evidence can be found. Cookies are placed on the local HDD by Web sites the user has visited, if the browser is set to allow this to happen The Web site uses cookies to track certain information about its visitors. This information can be anything from history of visits and purchasing habits to passwords and personal information used to recognize the user for later visits. Cookie files can be a valuable source of evidence. They are plain text files that can be opened with a standard text viewer or word processing program. A typical cookie might resemble the following: , from which we can assume that someone accessed the website for our textbook

13 Internet Explorer uses the index.dat file to store this information.
Internet History Most Web browsers track the history of Web page visits for the computer user. The Internet history provides an accounting of sites most recently visited, sometimes storing weeks worth of visits. Users can go back and access sites they recently visited by going through the browser’s history. Internet Explorer uses the index.dat file to store this information. Most popular computer forensic software packages can locate and read this file.

14 Bookmarks and Favorite Places
Another way that users can access Web sites quickly is to store them in their bookmarks or “favorite places.” Web sites allow users to bookmark sites for future visits.

15 Forensic Investigation of Internet Communications
Computer investigations often begin with or are centered on Internet communication.

16 Forensic Investigation of Internet Communications
Whether it is a chat conversation among many people, an instant message conversation between two people, or the back-and-forth of an exchange, human communication has long been a source of evidentiary material. Regardless of the type, investigators are typically interested in communication

17 Forensic Science and the Internet Part 3
The Role of the IEP , Chat, and Instant Messaging

18 The Role of the ISP A device than can communicate on the Internet must have an assigned Internet protocol (IP) address. The Internet Service Provider (ISP) provides this IP address. Thus, the IP address may lead to the identity of a real person, the owner of the computer with that IP address. That person can therefore be identified on the Internet.

19 Verizon in this case would provide Mr. Smith’s IP address.
The Role of the ISP For example, let’s say a user on the Internet, John Smith, connects to the net from his home by way of a Verizon DSL connection. Verizon in this case would provide Mr. Smith’s IP address. Verizon owns a bank of IP addresses to service its customers; these addresses were issued by a regulatory body designed to track the usage of IP addresses, so no two addresses are ever used at the same time.

20 The Role of the ISP Suppose that Smith, while connected to the Internet, decides to threaten an ex-girlfriend by sending her an telling her he is going to kill her. That must first pass through the servers of Mr. Smith’s ISP (Verizon) on its way to its destination, the ex-girlfriend. The would be stamped by the servers it passes through, and this stamp would include the IP address given to Smith by Verizon for his session on the Internet

21 The Role of the ISP An investigator tracking the e- mail would locate the originating IP address stamped on the e- mail header. That IP address could be researched using one of many Internet sites to determine which ISP was given this IP as part of their block to service their customers. The investigator then files a subpoena with Verizon asking which of its customers was using that IP address at that date and time.

22 E-mail, Chat, and Instant Messaging
can be read by a number of software programs called “clients.” The two most popular clients today are Microsoft Outlook and Web-based clients. s through Outlook are stored in a compound file (several layers.) Most forensic computer software applications can view these compound files so that the and any attachments can be seen. Investigators must be aware that in a computer network environment, the user’s Outlook files may not reside on the sender’s workstation computer, but on a central mail or file server.

23 E-mail, Chat, and Instant Messaging
Most accounts offer the ability to access through a Web-based interface as well. This allows users to access their through computers other than their own. The Web interface coverts the into a document suitable for reading in a Web browser.

24 E-mail, Chat, and Instant Messaging
Much of the evidence from Internet communication is also derived from chat and instant message technology. This is particularly true in the world of child sexual exploitation over the Internet. Various technologies provide chat and instant message services, most of which are not saved by the parties involved. Therefore, conversations of this nature typically exist in the volatile world of RAM. Many commercial forensics software packages can capture this data.

25 To find your computer's IP address, do the following:
Click the Start button. Click Control Panel. In the search box, type adapter. Under Network and Sharing Center, click View network connections. Select an active network connection, and then, in the toolbar, click View status of this connection. (You might need to click the chevron  to find this command.) Click Details. Your computer's IP address appears in the Value column, next to IPv4 Address.

26 Forensic Science and the Internet Part 4
Domains Hacking Forensic Science and the Internet Part 4

27 provide the means by which most internet investigations are conducted.
Domains IP addresses take the form ###.###.###.###, with the ###s being any number from 000 to 255. These IP addresses: provide the means by which data can be routed to the appropriate location provide the means by which most internet investigations are conducted.

28 Domains Having to remember strings of numbers is a very inefficient and inconvenient way to access sites on the Internet. For this reason, every IP address is also assigned a “domain” name. Domains are human-readable names assigned to IP addresses. A domain name usually consists of two or more labels separated by dots. For example, is the registered domain name for the New York Times newspaper.

29 Domains The right-most label is a domain name is the top-level domain.
The following are the most common abbreviations by which a top-level domain name is identified on the Internet: .gov – government .mil – military .edu – educational institution .com – commercial provider .org – nonprofit organizations .net - organizations involved in networking technologies

30 Domains Domain names serve to identify Internet resources, such as computers, networks, and services, with a text-based label that is easier to memorize than the numerical addresses used in the Internet protocols. A domain name may represent entire collections of such resources or individual instances. Individual Internet host computers use domain names as host identifiers, also called host names. The term host name is also used for the leaf labels in the domain name system, usually without further subordinate domain name space. Host names appear as a component in Uniform Resource Locators (URLs) for Internet resources such as web sites (e.g., en.wikipedia.org).

31 Domains Domain names are also used as simple identification labels to indicate ownership or control of a resource. Such examples are the realm identifiers used in the Session Initiation Protocol (SIP), the Domain Keys used to verify DNS domains in   systems, and in many other Uniform Resource Identifiers (URIs). An important function of domain names is to provide easily recognizable and memoizable names to numerically addressed Internet resources. This abstraction allows any resource to be moved to a different physical location in the address topology of the network, globally or locally in an intranet. Such a move usually requires changing the IP address of a resource and the corresponding translation of this IP address to and from its domain name.

32 Domains Domain names are used to establish a unique identity. Organizations can choose a domain name that corresponds to their name, helping Internet users to reach them easily. A generic domain is a name that defines a general category, rather than a specific or personal instance, for example, the name of an industry, rather than a company name. Some examples of generic names are books.com, music.com, and travel.info. Companies have created brands based on generic names, and such generic domain names may be valuable.

33 The use of domain names in commerce may subject them to trademark law.
Domains Domain names are often simply referred to as domains and domain name registrants are frequently referred to as domain owners, although domain name registration with a registrar does not confer any legal ownership of the domain name, only an exclusive right of use for a particular duration of time. The use of domain names in commerce may subject them to trademark law.

34 Hacking “Hacking” is unauthorized computer intrusion.
Hackers penetrate computer systems for a number of reasons. corporate espionage bragging rights within the hacker community rogue or disgruntled employees with some knowledge of the computer network looking to cause chaos. Whatever the motivation, corporations frequently turn to law enforcement to investigate and prosecute these cases.

35 Additionally, the router may contain log files detailing connections.
Hacking When investigating hacking, CSIs generally concentrate their efforts in three locations: log files, RAM, and network traffic. Most servers on the Internet track connections made to them through the use of logs. Additionally, the router may contain log files detailing connections.

36 Hacking A firewall, hardware or software designed to protect against intrusions into a computer network, may contain log files listing computers that were allowed access to the network or an individual system. If a network user didn’t send out a request for Internet traffic, the firewall should block its entry. If the log files captured the IP address of the intruder, then the intruder can be revealed.

Download ppt "Forensic Science and the Internet Part 1"

Similar presentations

® Microsoft Office 2010 Browser and Email Basics.

® Microsoft Office 2010 Browser and Basics.
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
What Is A Web Page? An Introduction to the Internet.

What Is A Web Page? An Introduction to the Internet.
The Internet, Intranets, & Extranets Chapter 7. IS for Management2 The Internet (1) A collection of networks that pass data around in packets, each of.

The Internet, Intranets, & Extranets Chapter 7. IS for Management2 The Internet (1) A collection of networks that pass data around in packets, each of.
Lecturer: Ghadah Aldehim

Lecturer: Ghadah Aldehim
Lesson 2 — The Internet and the World Wide Web

Lesson 2 — The Internet and the World Wide Web
Introducing the Internet Source: Learning to Use the Internet.

Introducing the Internet Source: Learning to Use the Internet.
Introduction to the Internet. What is the Internet The Internet is a worldwide group of connected networks that allows public access to information and.

Introduction to the Internet. What is the Internet The Internet is a worldwide group of connected networks that allows public access to information and.
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Introduction to Internet

Introduction to Internet
Network Installation. Internet & Intranets Topics to be discussed Internet. Intranet. E-Mail.

Network Installation. Internet & Intranets Topics to be discussed Internet. Intranet. .
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
Lecture 10: 9/26/2002CS149D Fall 20021 CS149D Elements of Computer Science Ayman Abdel-Hamid Department of Computer Science Old Dominion University Lecture.

Lecture 10: 9/26/2002CS149D Fall CS149D Elements of Computer Science Ayman Abdel-Hamid Department of Computer Science Old Dominion University Lecture.
COMPREHENSIVE Windows Tutorial 4 Working with the Internet and E-mail.

COMPREHENSIVE Windows Tutorial 4 Working with the Internet and .
Windows Tutorial 4 Working with the Internet and

Windows Tutorial 4 Working with the Internet and
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Similar presentations

Ads by Google