We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published bySolomon Darsey
Modified about 1 year ago
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 8: and Webmail Forensics
© Pearson Education Computer Forensics: Principles and Practices 2 In Practice: in Senate Investigations of Finance Companies Financial institutions helped Enron manipulate its numbers and mislead investors proved that banks such as JPMorgan Chase knew very well how Enron was hiding its debt
© Pearson Education Computer Forensics: Principles and Practices 3 Importance of as Evidence can be pivotal evidence in a case Due to its informal nature, it does not always represent corporate policy Many cases provide examples of the use of as evidence Knox v. State of Indiana Harley v. McCoach Nardinelli et al. v. Chevron Adelyn Lee v. Oracle Corporation
© Pearson Education Computer Forensics: Principles and Practices 4 Working with evidence typically used to corroborate or refute other testimony or evidence Can be used by prosecutors or defense parties Two standard methods to send and receive Client/server applications Webmail
© Pearson Education Computer Forensics: Principles and Practices 5 Working with (Cont.) data flow User has a client program such as Outlook or Eudora Client program is configured to work with one or more servers s sent by client reside on PC A larger machine runs the server program that communicates with the Internet, where it exchanges data with other servers
© Pearson Education Computer Forensics: Principles and Practices 6 Working with (Cont.) Sending User creates on her client User issues send command Client moves to Outbox Server acknowledges client and authenticates account Client sends to the server Server sends to destination server If the client cannot connect with the server, it keeps trying
© Pearson Education Computer Forensics: Principles and Practices 7 Working with (Cont.) Receiving User opens client and logs on User issues receive command Client contacts server Server acknowledges, authenticates, and contacts mail box for the account Mail downloaded to local computer Messages placed in Inbox to be read POP deletes messages from server; IMAP retains copy on server
© Pearson Education Computer Forensics: Principles and Practices 8 Working with (Cont.) Working with resident files Users are able to work offline with is stored locally, a great benefit for forensic analysts because the is readily available when the computer is seized Begin by identifying clients on system You can also search by file extensions of common clients
© Pearson Education Computer Forensics: Principles and Practices 9 Working with (Cont.) ClientExtensionType of File AOL.abi.aim.arl.bag AOL6 organizer file Instant Message launch Organizer file Instant Messenger file Outlook Express.dbx.dgr. .eml OE mail database OE fax page OE mail message OE electronic mail Outlook.pab.pst.wab Personal address book Personal folder Windows address book (Continued)
© Pearson Education Computer Forensics: Principles and Practices 10 Working with (Cont.) ClientExtensionType of File Lotus Notes.box.ncf.nsf Notes mailbox Notes internal clipboard Notes database Novell Groupwise.mlmSaved (using WP5.1 format) Eudora.mbxEudora message base
© Pearson Education Computer Forensics: Principles and Practices 11 Working with (Cont.) Popular clients: America Online (AOL)—users have a month to download or save before AOL deletes messages Outlook Express—installed by default with Windows Outlook—bundled with Microsoft Office Eudora—popular free client Lotus Notes—integrated client option for Lotus Domino server
© Pearson Education Computer Forensics: Principles and Practices 12 Working with Webmail Webmail data flow User opens a browser, logs in to the webmail interface Webmail server has already placed mail in Inbox User uses the compose function followed by the send function to create and send mail Web client communicates behind the scenes to the webmail server to send the message No s are stored on the local PC; the webmail provider houses all
© Pearson Education Computer Forensics: Principles and Practices 13 Working with Webmail (Cont.) Working with webmail files Entails a bit more effort to locate files Temporary files is a good place to start Useful keywords for webmail programs include: Yahoo! mail: ShowLetter, ShowFolder Compose, “Yahoo! Mail” Hotmail: HoTMail, hmhome, getmsg, doattach, compose Gmail: mail[#]
© Pearson Education Computer Forensics: Principles and Practices 14 Working with Webmail (Cont.) Type of ProtocolPOP3IMAPWebmail accessible from anywhere NoYes Remains stored on server No (unless included in a backup of server) YesYes, unless POP3 was used too Dependence on Internet ModerateVery strongStrong Special software required Yes No
© Pearson Education Computer Forensics: Principles and Practices 15 Examining s for Evidence Understanding headers The header records information about the sender, receiver, and servers it passes along the way Most clients show the header in a short form that does not reveal IP addresses Most programs have an option to show a long form that reveals complete details
© Pearson Education Computer Forensics: Principles and Practices 16 Examining s for Evidence (Cont.) Most common parts of the header are logical addresses of senders and receivers Logical address is composed of two parts The mailbox, which comes before sign The domain or hostname that comes after sign The mailbox is generally the userid used to log in to the server The domain is the Internet location of the server that transmits the
© Pearson Education Computer Forensics: Principles and Practices 17 Examining s for Evidence (Cont.) Reviewing headers can offer clues to true origins of the mail and the program used to send it Common header fields include: Bcc Cc Content-Type Date From Message-ID Received Subject To X-Priority
© Pearson Education Computer Forensics: Principles and Practices 18 Examining s for Evidence (Cont.) IP address registries: African Network Information Asia Pacific Network Information American Registry for Internet Number Latin American and Caribbean Internet Addresses Registry Réseaux IP Européens Network Coordination Centre
© Pearson Education Computer Forensics: Principles and Practices 19 Examining s for Evidence (Cont.) Understanding attachments MIME standard allows for HTML and multimedia images in Searching for base64 can find attachments in unallocated or slack space Anonymous r ers Allow users to remove identifying IP data to maintain privacy Stems from users citing the First Amendment and freedom of speech
© Pearson Education Computer Forensics: Principles and Practices 20 In Practice: Attempted Attack by Chinese Hackers In December 2005, s sent to the British embassy represented attempt to take control of embassy computers Filtering software logged addresses and identified origin of s in China A Trojan was hidden in attachments to s
© Pearson Education Computer Forensics: Principles and Practices 21 Working with Instant Messaging Most widely used IM applications include: Windows Messenger Google Talk AIM (AOL Instant Messenger) ICQ (“I Seek You”) Instant Messenger Newer versions of IM clients and servers allow the logging of activity Can be more incriminating than
© Pearson Education Computer Forensics: Principles and Practices 22 FYI: Vermont Supreme Court Affirms Conviction Based on IM Evidence Forensic investigator recovered IM conversations relating to photo shoot Expert noted that because IMs are not usually saved, storing them required a special effort
INTRODUCTION To Internet Concepts & Using Internet in Our Life.
The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .
Internet Basics Terminology Click the screen to advance slides. Click again to see the definition.
Copyright 2011 John Wiley & Sons, Inc2 - 1 Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons,
Web-based tools for collaborative working The key features of four tools, a comparison of each and a demonstration of one. David Hollands.
Desktop Self-Defense Instructor: Eileen OShea An Infopeople Workshop Fall/Winter 2005.
Version 4.1 CCNA Discovery 2– Chapter 7. Contents 7.1: ISP Services : TCP / IP Protocols 7.2: 7.3: DNS 7.3: 7.4: Application Layer Protocols 7.4.
Enabling Secure Internet Access with ISA Server. Enabling Secure Access to Internet Resources What Is Secure Access to Internet Resources? –Users can.
Chapter 11: The Internet. 2 Objectives Discuss the responsibilities of the Internet Protocol (IP) and how IP can be used to create a connection between.
WRAP and the Internet Presented by Anne Frank Anne Northeast WRAP Conference Amherst, MA 21 July 2005.
Chapter 8 Providing Services. Overview Understand the environment Understand protocols Administering the Microsoft Exchange.
Mozilla Thunderbird Management. Topic 1: Changing How is Organized Topic 2: Creating and Using Folders Topic 3: Attachments Topic 4: Organizing.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Internet/ INFORMATION TECHNOLOGY MANAGEMENT SERVICE Training & Research Division.
Systems Kalpesh Vyas & Seward Khem. Overview Basics Basics What Makes Up An What Makes Up An How Works How Works.
Computer Forensics. Introduction Topics to be covered –Defining Computer Forensics –Reasons for gathering evidence –Who uses Computer Forensics –Steps.
Jump to Contents Instructor Tutorial essignments.com Paperless assignment submission system.
CREATING AND SENDING AN Kamloops Adult Learners Society Copyright Del Turner, 2007.
Unit Using the Internet Unit Tech Talk: Going Online The Internet and the World Wide Web (pg. 86–87) Getting Connected (pg. 88–89) (pg. 90–92) Be.
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Microsoft ® Office Outlook ® 2007 Training Get out of your Inbox Sweetwater ISD presents:
COMPUTER NETWORKS. COMMUNICATION BETWEEN COMPUTERS For a computer to communicate with each other (which may be a completely different system) an interface.
/ 401 Internet Applications Ahmed M. Zeki Sem – / Chapter 1.
Windows 2008 Active Directory Configuration – Week 4 of 6 Microsoft Test: Mark McCoy MCSE, CNE, CISSP.
Your essential guide to student IT QMU QuickstartIT.
Migrating WVWC Content to a Personal G-Mail Account Moving messages, contacts, calendar events, and documents.
Chapter 10 Implementing Electronic Commerce Security Gary Schneider, 2003.
1 Electronic mail. 2 summary The following gives an overview of electronic mail: What it is Using through the WWW Using with a dedicated.
ViPNt ViPNet Product Presentation Infotecs GmbH 2008.
What is an Operating System? A program that acts as an intermediary between a user of a computer and the computer hardware. Operating system goals: Execute.
© 2016 SlidePlayer.com Inc. All rights reserved.