Presentation is loading. Please wait.

Presentation is loading. Please wait.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

Similar presentations


Presentation on theme: "COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing."— Presentation transcript:

1 COS/PSA 413 Day 17

2 Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing e-Mail investigations –Chap 11 in 1e, Chap 13 in 2e Lab 10 in OMS tomorrow –11-1, 11-2, 11-3, 11-4,11-6 –Make sure you know what is you will be doing before you get to the lab –You will need your maine.edu account info User/password

3 E-mail Investigations Chapter 11

4 Learning Objectives Understand Internet Fundamentals Explore the Roles of the Client and Server in E- mail Identify and Investigate E-mail Crimes and Violations Understand E-mail Servers Use Specialized E-mail Computer Forensic Tools

5 Understand Internet Fundamentals Internet Service Provider (ISP) – Provides a service or membership that allows you to access the information available on the Internet. Dialup Connection – A connecting device to a network via modem or a public telephone network. Dialup access acts just like a phone connection, except that the two connecting parties are computers instead of people.

6 Understand Internet Fundamentals

7 Code – A group of specialized characters combined in a sequence to provide instructions to a program on how to perform a specific action. Web Browser – A software program used to locate and display web pages. HTML – The authoring language used to create documents on the World Wide Web. It defines the structure and layout of a Web document by using a variety of tags and attributes.

8 Understand Internet Fundamentals

9 Domain Name Service (DNS) – An Internet service that translates domain names to IP addresses. Open Systems Interconnect (OSI) – A standard for worldwide communications that defines a networking framework for implementing protocols in seven layers.

10 Understand Internet Fundamentals Simple Mail Transfer Protocol (SMTP) – A protocol used for sending e-mail messages between servers. Post Office Protocol Version 3 (POP3) – A protocol used to retrieve e-mail messages from an e-mail server. Internet Message Access Protocol version 4 (IMAP) – A protocol for retrieving e-mail messages. Supports more features than POP3.

11 Explore the Roles of the Client and Server in E-mail

12 Mail to and from

13 Email end to end

14 Explore the Roles of the Client and Server in E-mail Universal Naming Convention (UNC) – A PC format that specifies the location of resources on a local area network. It uses the following format: \\servername\shared\\servername\shared resource-pathname.

15 Identify and Investigate E-mail Crimes and Violations To Copy an E-Mail Message from Outlook 1.Insert formatted floppy disk into the drive. 2.Start Outlook. 3.Making sure the folders list is open, click the folder that contains the file you would like to copy. 4.Resize the Outlook window so that you can see the message you want to copy and the icon for the floppy disk. 5.Click and drag the message from Outlook to the floppy disk drive.

16 Identify and Investigate E-mail Crimes and Violations

17 Investigation Process -Copy the e-mail you would like to investigate. -Print the e-mail message. -View the file header. -Examine the file header and body of the e-mail. -Open any attachments. -Trace the e-mail, record all IP Addresses. -Document all findings.

18

19

20

21

22

23

24

25

26

27

28 Identify and Investigate E-mail Crimes and Violations Router – A network device that connects a number of local area networks together. Routers use the IP address to determine the destination of a packet.

29 Identify and Investigate E-mail Crimes and Violations

30 Understand E-mail Servers E-mail Server – A computer that is running an operating system such as UNIX or Windows 2000 that is loaded with software to manage the transmission and holding of e-mail messages.

31 Understand E-mail Servers

32

33

34

35

36

37

38 GroupWise – The Novell e-mail server software; a database server like Microsoft Exchange and UNIX Sendmail.

39 Using Specialized E-mail Forensic Tools Tools That Can Investigate E-mail Messages -EnCase -FTK -FINALe-mail -Sawmill-GroupWise -Audimation for Logging

40 Using Specialized E-mail Forensic Tools

41

42 Chapter Summary - Because e-mail programs employ some protocols used with the internet to exchange messages, you should understand the fundamentals of the Internet to realize how e- mail works. -You can send and receive e-mail via the Internet and local area network. Client computers access e-mail servers to receive messages. -Investigating crimes or policy violations with e- mail is similar to other computer crimes and abuses.

43 Chapter Summary -Once you have determined that a crime has been committed using e-mail, first access the victims computer to recover any evidence, then copy the e-mail messages from the victims computer. -Be sure to copy and print any e-mail messages that will be used in the investigation. -Examine the e-mail header, trace the IP address from the sending computer, and record the date and time stamps of the e-mail message.

44 Chapter Summary -To investigate e-mail, you should know how an e-mail server records and handles e-mail messages. E-mail servers are databases of user information and e-mail messages. All e-mail servers contain a log file which can tell valuable information when investigating a crime. -For many e-mail investigations, you can rely on the message files, e-mail headers, and e-mail server log files to investigate e-mail crimes.


Download ppt "COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing."

Similar presentations


Ads by Google