Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Technology Crime Investigation for Managers.

Published byDarrell Watts Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding Technology Crime Investigation for Managers."— Presentation transcript:

1 Understanding Technology Crime Investigation for Managers

2 Session 3 A grounding in technology concepts (Tracing e-mail & Instant Messages)

3 How e-mail works E-mail cannot be sent directly from computer to computer (think about what would happen if the destination computer was turned off?) It works in a similar way to real mail – it passes through a series of servers (post offices) until it is near the destination. Then when it is appropriate (ie the end user requests to download the mail), it is delivered to the recipient.

4 Tracing e-mail – breadcrumbs! Every time an e-mail is received by a server it stamps the message with details of the server that it received the mail from. This effectively leaves a trail which can be used to return to the e-mail originator Confused……?

5 Mail Server with IP: 218.102.20.130 User sends e-mail from IP address:123.45.67.89 Mail server stamps the e-mail header with originating IP: 123.45.67.89 Recipient downloads e- mail: the last stamp contains the IP of the Mail Server

6 Tracing e-mail – e-mail headers Why can’t you see this information in an e- mail? Information is stored in extended e-mail headers We need to know how to access (and read) these headers…. Demo!

7 Simple e-mail faking It’s very easy to create a (superficially) fake e-mail E-mail software does not check that you have entered the correct identity information when you set up an e-mail account Demo!

8 Simple e-mail faking Exercise Use the e-mail client Outlook Express to create a new account on your computer You must use the correct mail server settings, but you can choose a fake identity Send a e-mail to your neighbour Open the e-mail that you receive & see how it looks – view the e-mail header and then trace the originating IP address.

9 E-mail content Of course, being able to trace the e-mail is extremely important. However, we also need to understand the nature of the e-mail content E-mails can be received in two ways –Plain text –HTML encoded with multimedia addins

10 E-mail content Of course, being able to trace the e-mail is extremely important. However, we also need to understand the nature of the e-mail content E-mails can be received in two ways –Plain text –HTML encoded with multimedia addins

11 E-mail content If you receive an e-mail in plain text, then wysiwyg However, e-mails in HTML coding can be used to hide true content and location of any hyperlinks Thus they are commonly used to perpetrate frauds

12 E-mail Fraud A good example is in your manual (P.59) This involves a case where a large US ISP’s website was faked The fraudsters then sent out a huge volume of e-mails hoping that at least some of them would be received by Earthlink customers The e-mails directed victims to the fake website and instructed them to submit personal details

13 E-mail Fraud

14

15 <a href="https://www.earthlink.net%00@211.154.171.106/li_pin/verifica tion/step1_e.htm"> https://earthlink.net/payment/verification.cgi

16 <a href=“https://www.earthlink.net%00@211.154.171.106/li_pin/veri fication/step1_e.htm”> https://earthlink.net/payment/verification.cgi

17 <a href="https://www.earthlink.net%00@211.154.171.106/li_pin/verifica tion/step1_e.htm"> https://earthlink.net/payment/verification.cgi

18 <a href=“https://www.earthlink.net%00@211.154.171.106/li_pin/verific ation/step1_e.htm”> https://earthlink.net/payment/verification.cgi

19 <a href=“https://www.earthlink.net%00@211.154.171.106/li_pin/verific ation/step1_e.htm”> https://earthlink.net/payment/verification.cgi

20 E-mail Fraud

21

22 Instant Messaging Real time text chat facilities Many people (especially youngsters) use as a complement or replacement for e-mail Therefore may contain criminal communications

23 Instant Messaging Real time text chat facilities Many people (especially youngsters) use as a complement or replacement for e-mail Therefore may contain criminal communications

24 Instant Messaging Example of when a trace of instant messaging may be required Example (see page 65 of manual)

25 E-Mail as a Spy Tool or for undercover work (extra topic)

26 Normal E-mail Tracing After receiving the e-mail, we view the header and use the information to trace the originating IP address BUT… What if you are conducting an undercover operation and want to trace a suspect e-mail address without receiving an e-mail from the suspect?

27 Tracking E-mails How to spy on someone using e-mails? Commercial services are available which claim to: –Prove the e-mail was opened –Show the time that the e-mail was opened –Show the IP address of the computer used –Show if any links were clicked in the message –Show if the e-mail was forwarded…

28 ReadNotify.com

29 How does it Work? Readnotify allows a short free trial Using this it is possible to analyse how it works A freemail account with www.hongkong.com was used to register www.hongkong.com To send tracked mail, we just need to add.readnotify.com to the end of the target e-mail address

30 Demo A Test E-mail was sent using the freemail account hkjacko@mail.hongkong.comhkjacko@mail.hongkong.com Addressed to paj@hongkong.compaj@hongkong.com When received, it looks like this…

31 Demo

32 The e-mail was received by MS Outlook and viewed using the preview pane A check was then made at realnotify website to see if this had been recorded…

33 Demo

34 A new demo – this time to PEN

35

36

37 Once again, we check with the ReadNotify website to see if they have a record… This time though, it has no record to report – even though the e-mail has been opened. However, if “launch” is selected instead of file viewer, this opens ‘Netscape’ web browser

38 A new demo – this time to PEN

39 This time, the ReadNotify website tells us that the e-mail has been opened.

40 A new demo – this time to PEN

41 So, what is happening? We now know that the e-mail tracking will only work in web-enabled e-mail clients. Therefore, if the e-mail is html, we need to look at the code behind it…

42 So, what is happening?

43

44 Final example in a non- html e-mail client (Linux)

45

46

47

48

49

50

51

52

53 Conclusions (from an investigation p.o.v.) This method is a very good way of tracing e-mail addresses in a covert way The user must be using html enabled e-mail, but nowadays it is very unusual not to be This includes web-mail as well as POP mail Unfortunately, need to subscribe if using for a long period

54 Conclusions (from a personal p.o.v.) This tool shows how easy it is for spammers to know if you receiving and viewing their mail Others can know if you are forwarding the mail and to whom! Privacy is being compromised This is why many people are insisting on using non-html e-mail

55 Summary

Download ppt "Understanding Technology Crime Investigation for Managers."

Similar presentations

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
® Microsoft Office 2010 Browser and Email Basics.

® Microsoft Office 2010 Browser and Basics.
Sterling Heights Public Library Agenda n We’ll learn how to “clean up” the computers n We’ll review how SLC’s mail system works n We’ll review SpamLion.

Sterling Heights Public Library Agenda n We’ll learn how to “clean up” the computers n We’ll review how SLC’s mail system works n We’ll review SpamLion.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
Online Collaboration Applications ADE100- Computer Literacy Lecture 28.

Online Collaboration Applications ADE100- Computer Literacy Lecture 28.
Basic Communication on the Internet: E-Mail Integrated Browser E-Mail Programs and Web-Based E-Mail Services Tutorial 3.

Basic Communication on the Internet: Integrated Browser Programs and Web-Based Services Tutorial 3.
How Clients and Servers Work Together. Objectives Web Server Protocols Examine how e-mail server and client software work Use FTP to transfer files Initiate.

How Clients and Servers Work Together. Objectives Web Server Protocols Examine how server and client software work Use FTP to transfer files Initiate.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
CSCI 4550/8556 Computer Networks Comer, Chapter 3: Network Programming and Applications.

CSCI 4550/8556 Computer Networks Comer, Chapter 3: Network Programming and Applications.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
Your Website Chat & Live Customer Support Solution Instant Customer GratificationSM Brought to you by: Affordable Business Productivity and Communications.

Your Website Chat & Live Customer Support Solution "Instant Customer GratificationSM" Brought to you by: Affordable Business Productivity and Communications.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
Using Microsoft Outlook: E-mail Basics. Objectives Guided Tour of Outlook –Identification –Views E-mail Basics –Contacts –Folders –Web Access Q&A.

Using Microsoft Outlook: Basics. Objectives Guided Tour of Outlook –Identification –Views Basics –Contacts –Folders –Web Access Q&A.

Similar presentations

Ads by Google