Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Slides:



Advertisements
Similar presentations
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
Advertisements

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Layer 7- Application Layer
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Lesson 19 Internet Basics.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
Chapter Overview TCP/IP Protocols IP Addressing.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Process-to-Process Delivery:
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Data Communications and Networks
Forensic and Investigative Accounting
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
Chapter 9.
Chapter 6: Packet Filtering
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.
Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.
Copyright © 2002 Pearson Education, Inc. Slide 3-1 CHAPTER 3 Created by, David Zolzer, Northwestern State University—Louisiana The Internet and World Wide.
CCNA1 v3 Module 11 v3 CCNA 1 Module 11 JEOPARDY S Dow.
Huda AL_Omairl - Network 71 Protocols and Network Software.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
1 Version 3.0 Module 11 TCP Application and Transport.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
An Overview of the Internet: The Internet: Then and Now How the Internet Works Major Features of the Internet.
TCP/IP Transport and Application (Topic 6)
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.
Internet Protocol B Bhupendra Ratha, Lecturer School of Library and Information Science Devi Ahilya University, Indore
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Cisco – Chapter 15 Application Layer closest to you as an end-user, when you are interacting with software.
INTERNET PROTOCOLS. Microsoft’s Internet Information Server Home Page Figure IT2031 UNIT-3.
TCP =Transmission Control Protocol IP = Internet Protocol TCP/IP Protocol.
Cisco Discovery Semester 1 Chapter 6 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Transmission Control Protocol (TCP) Internet Protocol (IP)
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Application layer tcp/ip
Instructor Materials Chapter 5 Providing Network Services
Computer Networks.
Some bits on how it works
Understand the OSI Model Part 2
Networking for Home and Small Businesses – Chapter 6
Web Development & Design Chapter 1, Sections 4, 5 & 6
Networking for Home and Small Businesses – Chapter 6
Process-to-Process Delivery:
Networking Theory (part 2)
Protocols 2 Key Revision Points.
Networking for Home and Small Businesses – Chapter 6
Protocol Application TCP/IP Layer Model
Computer Networks Protocols
Networking Theory (part 2)
Objectives: 1.Identify different internet protocol (IP) 2.Configure sample of IP address 3.Appreciate and relate protocol in our life.
Presentation transcript:

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave. Chicago, IL A WoltersKluwer Company

Chapter 14Forensic and Investigative Accounting2 Hacker Defined A hacker is generally defined as an individual or group whose intent is to gain access to a computer network for malicious purposes.

Chapter 14Forensic and Investigative Accounting3 Collecting Clues and Evidence A forensic investigator needs to be familiar with the protocols used on the Internet to be able to collect clues about either internal or external attackers. In addition, when law enforcement officials send requests or subpoenas for information about a company’s logs, the forensic analyst must understand the type of information being sought.

Chapter 14Forensic and Investigative Accounting4 Protocols Internet protocols are those rules allowing different operating systems and machines to communicate with one another over the Internet.

Chapter 14Forensic and Investigative Accounting5 Transmission Control Protocol (TCP) and Internet Protocol (IP) TCP/IP protocols are the communication guidelines used and widely supported over the Internet. TCP/IP protocols are the communication guidelines used and widely supported over the Internet. Almost every packet of information sent over the Internet uses the datagrams contained within a TCP/IP envelope. The datagrams consist of layers of information needed to verify the packet and get the information from the sender’s to the receiver’s location following traffic control guidelines. Almost every packet of information sent over the Internet uses the datagrams contained within a TCP/IP envelope. The datagrams consist of layers of information needed to verify the packet and get the information from the sender’s to the receiver’s location following traffic control guidelines.

Chapter 14Forensic and Investigative Accounting6 Transmission Control Protocol (TCP) and Internet Protocol (IP) Application Layer Transportation Layer Network Layer Data Link Layer Hardware Layer Electronic Impulse Layered Operating System Interconnection (OSI) Model

Chapter 14Forensic and Investigative Accounting7

Chapter 14Forensic and Investigative Accounting8 IP Address Defined An IP address is a 32-bit number (four bytes) that identifies the sender and recipient who is sending or receiving a packet of information over the Internet. The 32-bit IP address is known as dotted decimal notation. The minimum value for an octet is 0, and the maximum value for an octet is 255. illustrates the basic format of an IP address.

Chapter 14Forensic and Investigative Accounting9 TCP/IP Connections A three-way handshake synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers. This mechanism also guarantees that both sides are ready to transmit data and know that the other side is ready to transmit as well. A three-way handshake synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers. This mechanism also guarantees that both sides are ready to transmit data and know that the other side is ready to transmit as well.

Chapter 14Forensic and Investigative Accounting10 Popular Protocols DNS: The Domain Name System DNS: The Domain Name System Finger: Used to determine the status of other hosts and/or users Finger: Used to determine the status of other hosts and/or users FTP: The File Transfer Protocol allows a user to transfer files between local and remote host computers FTP: The File Transfer Protocol allows a user to transfer files between local and remote host computers HTTP: The Hypertext Transfer Protocol is the basis for exchange of information over the World Wide Web HTTP: The Hypertext Transfer Protocol is the basis for exchange of information over the World Wide Web

Chapter 14Forensic and Investigative Accounting11 Popular Protocols IMAP: The Internet Mail Access Protocol defines an alternative to POP as the interface between a user's mail client software and an server, used to download mail from the server to the client IMAP: The Internet Mail Access Protocol defines an alternative to POP as the interface between a user's mail client software and an server, used to download mail from the server to the client Ping: A utility that allows a user at one system to determine the status of other hosts and the latency in getting a message Ping: A utility that allows a user at one system to determine the status of other hosts and the latency in getting a message POP: The Post Office Protocol defines a simple interface between a user's mail client software and an server POP: The Post Office Protocol defines a simple interface between a user's mail client software and an server

Chapter 14Forensic and Investigative Accounting12 Popular Protocols SSH: The Secure Shell is a protocol that allows remote logon to a host across the Internet SSH: The Secure Shell is a protocol that allows remote logon to a host across the Internet SMTP: The Simple Mail Transfer Protocol is the standard protocol for the exchange of electronic mail over the Internet SMTP: The Simple Mail Transfer Protocol is the standard protocol for the exchange of electronic mail over the Internet SNMP: The Simple Network Management Protocol defines procedures and management information databases for managing TCP/IP-based network devices SNMP: The Simple Network Management Protocol defines procedures and management information databases for managing TCP/IP-based network devices Telnet: Short for Telecommunication Network, a virtual terminal protocol allowing a user logged on to one TCP/IP host to access other hosts Telnet: Short for Telecommunication Network, a virtual terminal protocol allowing a user logged on to one TCP/IP host to access other hosts

Chapter 14Forensic and Investigative Accounting13 Web Log Entries One important method for finding the web trail of an attacker is in examining web logs. One important method for finding the web trail of an attacker is in examining web logs. Recorded network logs provide information needed to trace all website usage. Recorded network logs provide information needed to trace all website usage. Web Log = Blog Web Log = Blog Also check transaction logs and server logs Also check transaction logs and server logs

Chapter 14Forensic and Investigative Accounting14 Web Log Entries Information provided in a log includes the visitor’s IP address, geographical location, the actions the visitor performs on the site, browser type, time on page, and the site the visitor used before arriving. Information provided in a log includes the visitor’s IP address, geographical location, the actions the visitor performs on the site, browser type, time on page, and the site the visitor used before arriving. Logs should be stored on a separate computer from the web server hosting the site so they cannot be easily altered. Logs should be stored on a separate computer from the web server hosting the site so they cannot be easily altered.

Chapter 14Forensic and Investigative Accounting15 TCPDUMP TCPDUMP is a form of network sniffer that can disclose most of the information contained in a TCP/IP packet. TCPDUMP is a form of network sniffer that can disclose most of the information contained in a TCP/IP packet. Windows uses WinDUMP Windows uses WinDUMP A sniffer is a program used to secretly capture datagrams moving across a network and disclose the information contained in the datagram’s network protocols. A sniffer is a program used to secretly capture datagrams moving across a network and disclose the information contained in the datagram’s network protocols.

Chapter 14Forensic and Investigative Accounting16 Decoding Simple Mail Transfer Protocol (SMTP) SMTP is the protocol used to send over the Internet. SMTP is the protocol used to send over the Internet. SMTP server logs can be used to check the path of the from the sending host to the receiving host. SMTP server logs can be used to check the path of the from the sending host to the receiving host.

Chapter 14Forensic and Investigative Accounting17 Decoding Simple Mail Transfer Protocol (SMTP) Most of the important information about the origin of an message is in the long form of the header. The most important data for tracing purposes is the IP addresses and the message ID.

Chapter 14Forensic and Investigative Accounting18 Tracing and Decoding IP Addresses Traceroute Traceroute Whois Whois Ping Ping Finger searches Finger searches

Chapter 14Forensic and Investigative Accounting19 Narrowing the Search Preliminary Incident Response Form Preliminary Incident Response Form John Doe subpoena John Doe subpoena

Chapter 14Forensic and Investigative Accounting20 Informational Searches Internet databases Internet databases –General searches –Name, telephone number, and address search engines –Internet relay chat (IRC), FTP, and Listserv searches –Usenet postings search –Legal records –Instant messaging (IM) Web page searches Web page searches Government data searches Government data searches Miscellaneous searches Miscellaneous searches

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.