Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forensic and Investigative Accounting

Published byAshley Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "Forensic and Investigative Accounting"— Presentation transcript:

1 Forensic and Investigative Accounting
Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal

2 Forensic and Investigative Accounting
Protocols Internet protocols are those rules allowing different operating systems and machines to communicate with one another over the Internet. Chapter 14 Forensic and Investigative Accounting

3 The Internet Transmission Control Protocol (TCP) divides
electronic messages into “packets” of information and then reassembles these packets at the end. Internet Protocol (IP) assigns a unique address to each computer on the Internet. Chapter 14 Forensic and Investigative Accounting

4 Transmission Control Protocol (TCP) and Internet Protocol (IP)
TCP/IP protocols are the communication guidelines used and widely supported over the Internet. Almost every packet of information sent over the Internet uses the datagrams contained within a TCP/IP envelope. The datagrams consist of layers of information needed to verify the packet and get the information from the sender’s to the receiver’s location following traffic control guidelines. Chapter 14 Forensic and Investigative Accounting

5 Forensic and Investigative Accounting
OSI Model Data unit Layer Function Host layers Data Application Network process to application Presentation Data representation and encryption Session Interhost communication Segments Transport End-to-end connections and reliability (TCP) Media layers Packets Network Path determination and logical addressing (IP) Frames Data link Physical addressing (MAC & LLC) Bits Physical Media, signal and binary transmission Chapter 14 Forensic and Investigative Accounting

6

7 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

8 Forensic and Investigative Accounting
IP Address Defined An IP address is a 32-bit number (four bytes) that identifies the sender and recipient who is sending or receiving a packet of information over the Internet. The 32-bit IP address is known as dotted decimal notation. The minimum value for an octet is 0, and the maximum value for an octet is 255. illustrates the basic format of an IP address. Chapter 14 Forensic and Investigative Accounting

9 Forensic and Investigative Accounting
TCP/IP Connections A three-way handshake synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers. This mechanism also guarantees that both sides are ready to transmit data and know that the other side is ready to transmit as well. SYN  SYN/ACK  ACK  FIN Chapter 14 Forensic and Investigative Accounting

10 Forensic and Investigative Accounting
Popular Protocols DNS: The Domain Name System Finger: Used to determine the status of other hosts and/or users FTP: The File Transfer Protocol allows a user to transfer files between local and remote host computers HTTP: The Hypertext Transfer Protocol is the basis for exchange of information over the World Wide Web Chapter 14 Forensic and Investigative Accounting

11 Forensic and Investigative Accounting
Popular Protocols IMAP: The Internet Mail Access Protocol defines an alternative to POP as the interface between a user's mail client software and an server, used to download mail from the server to the client Ping: A utility that allows a user at one system to determine the status of other hosts and the latency in getting a message POP: The Post Office Protocol defines a simple interface between a user's mail client software and an server Chapter 14 Forensic and Investigative Accounting

12 Forensic and Investigative Accounting
Popular Protocols SSH: The Secure Shell is a protocol that allows remote logon to a host across the Internet SMTP: The Simple Mail Transfer Protocol is the standard protocol for the exchange of electronic mail over the Internet SNMP: The Simple Network Management Protocol defines procedures and management information databases for managing TCP/IP-based network devices Telnet: Short for Telecommunication Network, a virtual terminal protocol allowing a user logged on to one TCP/IP host to access other hosts Chapter 14 Forensic and Investigative Accounting

13 Forensic and Investigative Accounting
Web Log Entries One important method for finding the web trail of an attacker is in examining web logs. Recorded network logs provide information needed to trace all website usage. Web Log = Blog Also check transaction logs and server logs Chapter 14 Forensic and Investigative Accounting

14 Forensic and Investigative Accounting
Web Log Entries Information provided in a log includes the visitor’s IP address, geographical location, the actions the visitor performs on the site, browser type, time on page, and the site the visitor used before arriving. Logs should be stored on a separate computer from the web server hosting the site so they cannot be easily altered. Chapter 14 Forensic and Investigative Accounting

15 Forensic and Investigative Accounting
TCPDUMP TCPDUMP is a form of network sniffer that can disclose most of the information contained in a TCP/IP packet. Windows uses WinDUMP A sniffer is a program used to secretly capture datagrams moving across a network and disclose the information contained in the datagram’s network protocols. Chapter 14 Forensic and Investigative Accounting

16 Decoding Simple Mail Transfer Protocol (SMTP)
SMTP is the protocol used to send over the Internet. SMTP server logs can be used to check the path of the from the sending host to the receiving host. Chapter 14 Forensic and Investigative Accounting

17 Decoding Simple Mail Transfer Protocol (SMTP)
Most of the important information about the origin of an message is in the long form of the header. The most important data for tracing purposes is the IP addresses and the message ID. Chapter 14 Forensic and Investigative Accounting

18 Tracing and Decoding IP Addresses
Traceroute Whois Ping Finger searches Chapter 14 Forensic and Investigative Accounting

19 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

20 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

21 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

22 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

23 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

24 URL Directory of Tools Tracks Eraser Pro http://www.acesoft.net/
IP Lookup IP Lookup IP Visual Trace Best Software Downloads Mellisa Data Lookups

25 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

26 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

27 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

28 Forensic and Investigative Accounting
ipconfig /all Chapter 14 Forensic and Investigative Accounting

29 Forensic and Investigative Accounting
Chapter 14 Forensic and Investigative Accounting

30 Forensic and Investigative Accounting
Narrowing the Search Preliminary Incident Response Form John Doe subpoena Chapter 14 Forensic and Investigative Accounting

31 Informational Searches
Internet databases General searches Name, telephone number, and address search engines Internet relay chat (IRC), FTP, and Listserv searches Usenet postings search Legal records Instant messaging (IM) Web page searches Government data searches Miscellaneous searches Chapter 14 Forensic and Investigative Accounting

32 Forensic and Investigative Accounting
End Crumbley Ch. 14 Chapter 14 Forensic and Investigative Accounting

Download ppt "Forensic and Investigative Accounting"

Similar presentations

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.

Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
©Brooks/Cole, 2003 Chapter 6 Computer Networks. ©Brooks/Cole, 2003 Understand the rationale for the existence of networks. Distinguish between the three.

©Brooks/Cole, 2003 Chapter 6 Computer Networks. ©Brooks/Cole, 2003 Understand the rationale for the existence of networks. Distinguish between the three.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Process-to-Process Delivery:

Process-to-Process Delivery:
Data Communications and Networks

Data Communications and Networks
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:

Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:
Syllabus outcomes 5.2.1 Describes and applies problem-solving processes when creating solutions. 5.2.2 Designs, produces and evaluates appropriate solutions.

Syllabus outcomes Describes and applies problem-solving processes when creating solutions Designs, produces and evaluates appropriate solutions.
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.

Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.

 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Chapter 9.

Chapter 9.
Presentation on Osi & TCP/IP MODEL

Presentation on Osi & TCP/IP MODEL

Similar presentations

Ads by Google