Guide to Computer Forensics and Investigations Fourth Edition Unit 8 E-mail Investigations.

Slides:



Advertisements
Similar presentations
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Advertisements

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
The Internet 8th Edition Tutorial 3 Using Web-Based Services for Communication and Collaboration.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Guide to Computer Forensics and Investigations Fourth Edition
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
Integrated Imaging and Document Management System Product Demonstration.
Using Folders to Organize Files
Basics. 2 Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services –Acquiring an account.
Basic Communication on the Internet: Integrated Browser Programs and Web-Based Services Tutorial 3.
XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Computer & Network Forensics Xinwen Fu Chapter 13 Investigations.
Guide to Computer Forensics and Investigations Third Edition Chapter 12 Investigations.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
COS 413 Day 17. Agenda Quiz 2 corrected –2 A’s, 6 B’s & 1 C Assignment 5 corrected –5 B’s, 2 C’s, 1 non-submit & 1 corrupt file that I cannot read Lab.
Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
FIRST COURSE Creating Web Pages with Microsoft Office 2007.
Guide to Computer Forensics and Investigations, Second Edition
Practical PC, 7 th Edition Chapter 9: Sending and Attachments.
Hands-on: Capturing an Image with AccessData FTK Imager
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
Technology ICT Option: . Electronic mail is the transmission of mainly text based messages across networks This can be within a particular.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Computer Concepts 2014 Chapter 7 The Web and .
Pasewark & Pasewark 1 Outlook Lesson 1 Outlook Basics and Microsoft Office 2007: Introductory.
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
Backup Local Online For secure offsite storage of your , and making it available from any computer or smart phone. Backup accessed with.
8. Internet and . Topics Internet Web browsers and evidence they create function and forensics Chat and social networking evidence.
Communication Through Internet ADE100- Computer Literacy Lecture 25.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.
Guide to Computer Forensics and Investigations, Second Edition Chapter 13 Investigations.
and Webmail Forensics. 2 Objectives Understand the flow of electronic mail across a network Explain the difference between resident e- mail client.
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Windows Tutorial 4 Working with the Internet and
Basics. 2 Professional Development Centre Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services.
What is and How Does it Work?  Electronic mail ( ) is the most popular use of the Internet. It is a fast and inexpensive way of sending messages.
Unit 2—Using the Computer Lesson 14 and Electronic Communication.
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 1 1 Browser Basics Introduction to the Web and Web Browser Software Tutorial.
ITEC 1001 Tutorial 1 Browser and Basics. Web browser software & Web pages The Web is a collection of files that reside on computers, called Web.
Pasewark & Pasewark Microsoft Office 2003: Introductory 1 INTRODUCTORY MICROSOFT OUTLOOK Lesson 1 – Outlook Basics and .
Chapter 9 Sending and Attachments. 2Practical PC 5 th Edition Chapter 9 Getting Started In this Chapter, you will learn: − How works − How.
The Internet 8th Edition Tutorial 3 Using Web-Based Services for Communication and Collaboration.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Living Online Lesson 3 Using the Internet IC3 Basics Internet and Computing Core Certification Ambrose, Bergerud, Buscge, Morrison, Wells-Pusins.
Technical Awareness on Analysis of Headers.
Amanda Fristy Damara Thea Bayu Gerhana Yuda Evita Fitri Ila Uswatun Hasanah Putri Ayuning Kartika Presented by :
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
The Internet, Fourth Edition-- Illustrated 1 The Internet – Illustrated Introductory, Fourth Edition Unit B Understanding Browser Basics.
Chapter 9 Sending and Attachments. Sending and Attachments FAQs: – How does work? – How do I use local ? – How do I use Web-based.
Guide to Computer Forensics and Investigations Fifth Edition
SAK 4801 INTRODUCTION TO COMPUTER FORENSICS Chapter 9 Tracking s and Investigating Crimes Mohd Taufik Abdullah Department of Computer Science.
is short for electronic mail!. What is ? An electronic message sent from one computer to another. saves money and time compared to regular.
Spring 2011AOU. Spring 2011AOU 2 Section 1: Joining The Online World 1.1 and computer-based forums 1.2 Computer Mediated Communication.
Objectives Understand the flow of electronic mail across a network
is short for electronic mail!
Guide to Computer Forensics and Investigations Fifth Edition
Services Course 9/9/2018 3:37 PM Services Course Windows Live SkyDrive Participant Guide © 2008 Microsoft Corporation. All rights reserved.
Technology ICT Option: .
ICT Communications Lesson 5: Communicating Using
Unit-V Investigations
Technology ICT Option: .
Guide to Computer Forensics and Investigations Third Edition
Presentation transcript:

Guide to Computer Forensics and Investigations Fourth Edition Unit 8 Investigations

Guide to Computer Forensics and Investigations2 Exploring the Role of in Investigations With the increase in scams and fraud attempts with phishing or spoofing –Investigators need to know how to examine and interpret the unique content of messages Phishing s are in HTML format –Which allows creating links to text on a Web page One of the most noteworthy scams was 419, or the Nigerian Scam Spoofing can be used to commit fraud

Guide to Computer Forensics and Investigations3 Exploring the Roles of the Client and Server in Send and receive in two environments –Internet –Controlled LAN, MAN, or WAN Client/server architecture –Server OS and software differs from those on the client side Protected accounts –Require usernames and passwords

Guide to Computer Forensics and Investigations4 Exploring the Roles of the Client and Server in (continued)

Guide to Computer Forensics and Investigations5 Exploring the Roles of the Client and Server in (continued) Name conventions –Corporate: –Public: –Everything belongs to the domain name Tracing corporate s is easier –Because accounts use standard names the administrator establishes

Guide to Computer Forensics and Investigations6 Investigating Crimes and Violations Similar to other types of investigations Goals –Find who is behind the crime –Collect the evidence –Present your findings –Build a case

Guide to Computer Forensics and Investigations7 Investigating Crimes and Violations (continued) Depend on the city, state, or country Examples of crimes involving s –Narcotics trafficking –Extortion –Sexual harassment –Child abductions and pornography

Guide to Computer Forensics and Investigations8 Examining Messages Access victim’s computer to recover the evidence Using the victim’s client –Find and copy evidence in the –Access protected or encrypted material –Print s Guide victim on the phone –Open and copy including headers Sometimes you will deal with deleted s

Guide to Computer Forensics and Investigations9 Examining Messages (continued) Copying an message –Before you start an investigation You need to copy and print the involved in the crime or policy violation –You might also want to forward the message as an attachment to another address With many GUI programs, you can copy an by dragging it to a storage medium –Or by saving it in a different location

Guide to Computer Forensics and Investigations10 Viewing Headers Learn how to find headers –GUI clients –Command-line clients –Web-based clients After you open headers, copy and paste them into a text document –So that you can read them with a text editor Headers contain useful information –Unique identifying numbers, IP address of sending server, and sending time

Guide to Computer Forensics and Investigations11 Viewing Headers (continued) Outlook –Open the Message Options dialog box –Copy headers –Paste them to any text editor Outlook Express –Open the message Properties dialog box –Select Message Source –Copy and paste the headers to any text editor

Guide to Computer Forensics and Investigations12 Viewing Headers (continued) Hotmail –Click Options, and then click the Mail Display Settings –Click the Advanced option button under Message Headers –Copy and paste headers Apple Mail –Click View from the menu, point to Message, and then click Long Header –Copy and paste headers

Guide to Computer Forensics and Investigations13 Viewing Headers (continued) Yahoo –Click Mail Options –Click General Preferences and Show All headers on incoming messages –Copy and paste headers

Guide to Computer Forensics and Investigations14 Examining Headers Gather supporting evidence and track suspect –Return path –Recipient’s address –Type of sending service –IP address of sending server –Name of the server –Unique message number –Date and time was sent –Attachment files information

Guide to Computer Forensics and Investigations15 Examining Headers (continued)

Guide to Computer Forensics and Investigations16 Examining Additional Files messages are saved on the client side or left at the server Microsoft Outlook uses.pst and.ost files Most programs also include an electronic address book In Web-based –Messages are displayed and saved as Web pages in the browser’s cache folders –Many Web-based providers also offer instant messaging (IM) services

Guide to Computer Forensics and Investigations17 Tracing an Message Contact the administrator responsible for the sending server Finding domain name’s point of contact – – – – Find suspect’s contact information Verify your findings by checking network logs against addresses

Guide to Computer Forensics and Investigations18 Understanding Servers Computer loaded with software that uses protocols for its services –And maintains logs you can examine and use in your investigation storage –Database –Flat file Logs –Default or manual –Continuous and circular

Guide to Computer Forensics and Investigations19 Understanding Servers (continued) Log information – content –Sending IP address –Receiving and reading date and time –System-specific information Contact suspect’s network administrator as soon as possible Servers can recover deleted s –Similar to deletion of files on a hard drive

Guide to Computer Forensics and Investigations20 Using Specialized Forensics Tools Tools include: –AccessData’s Forensic Toolkit (FTK) –ProDiscover Basic –FINAL –Sawmill-GroupWise –DBXtract –Fookes Aid4Mail and MailBag Assistant –Paraben Examiner –Ontrack Easy Recovery Repair –R-Tools R-Mail

Guide to Computer Forensics and Investigations21 Using Specialized Forensics Tools (continued) Tools allow you to find: – database files –Personal files –Offline storage files –Log files Advantage –Do not need to know how servers and clients work

Guide to Computer Forensics and Investigations22 Using AccessData FTK to Recover FTK –Can index data on a disk image or an entire drive for faster data retrieval –Filters and finds files specific to clients and servers To recover from Outlook and Outlook Express –AccessData integrated dtSearch dtSearch builds a b-tree index of all text data in a drive, an image file, or a group of files

Guide to Computer Forensics and Investigations23 s are very important. When anyone sends an or receives an they’ve received a piece of an evidentiary chain. The doesn’t necessarily get deleted when a user deletes it from their computer for several reasons. For one, it may exist on another mail server while in transition or while waiting to be downloaded by the receiver. At the very least, evidence that the passed through one or more mail servers is maintained in server logs. Second, the may exist on the receiver’s computer and third, it may exist in a backup anywhere along the line between the original sender and the ’s final destination. One should never assume that they have the only copy of an ..

Guide to Computer Forensics and Investigations24 Creating an archive of s is important. If one is diplomatic in their s and doesn’t have anything pejorative to conceal, then by deleting messages, one potentially places themselves in the position of appearing as if they were attempting to hide possible evidence. A lack of documentation, especially if another party has copies of s, can actually hurt oneself when embroiled in a heated court case. On the flipside, if the other side has attempted to hide or delete possible evidence, then by maintaining a copy of s, you’ll have the advantage.

Guide to Computer Forensics and Investigations25 In the corporate environment, maintaining one’s own servers is vital. The importance of such an act is fundamental in providing detailed mail logs as well as understanding what the mail logs record. When a corporation employs its own knowledgeable IT staff to oversee its own internal mail servers, the IT administration will know how best to make backups of the logs in order to maintain not only an evidentiary chain, but also the format of the logs and what is contained within them. This saves time and money in the event that the logs need to be inspected. Also, third party mail servers usually will not maintain lengthy backups as they have no need to. Important evidence may be deleted in a third-party mail server environment whereas, internal mail server administration would be more apt to maintain lengthy archives of mail records (including offsite archives).

Guide to Computer Forensics and Investigations26 Digital Identification is a very important consideration when sending and receiving sensitive corporate-related information. Digital IDs work by tagging an with a specific marker. If the structure or the body of the changes after it has been sent, the marker will fail a validation check. This would prove that an had been tampered with and at the very least will demonstrate that it is not in the same format as when it had left the sender’s mail client. Copyright

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.