Presented By: Manpreet Singh Randhawa CSc 253. Chat Forensics Traditional Chat Forensics Web-based Chat Forensics IM Comparison Skype Security Skype Communication.

Slides:

Advertisements

Similar presentations

The Internet and the Web

Advertisements

Enabling Secure Internet Access with ISA Server

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

Vodacom Microsoft Hosted Lync

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.

Voice over IP Skype.

1 An Analysis of the Skype Peer-to- Peer Internet Telephony Protocol Speaker ： zcchen.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Hong-Kong, Mar Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

Skype & its protocol Aaron Loar CPE 401. Introduction Skype’s Background Topology 3 Node Types Questions.

T.Sharon-A.Frank Multimedia Internet/Web MM Interaction Tools.

The Internet 8th Edition Tutorial 1 Browser Basics.

Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.

Operating System & Application Files BACS 371 Computer Forensics.

1 Enabling Secure Internet Access with ISA Server.

11 CONFIGURE INTERNET EXPLORER Chapter 5. Chapter 5: Configure Internet Explorer2 CHAPTER OVERVIEW AND OBJECTIVES  Configuring Accessibility and Language.

Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

OS and Application Files BACS 371 Computer Forensics.

Hands-on: Capturing an Image with AccessData FTK Imager

Moodle Integration with Microsoft Seree Chinodom Kittisak Onuean BURAPHA UNIVERSITY Powerful Tool for MoodlePowerful Tool for Moodle.

Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.

CLIENT A client is an application or system that accesses a service made available by a server. applicationserver.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

Using Microsoft Office Communicator. Microsoft Office Communicator Office Communicator enables you to instantly communicate with your colleagues using.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Voice Over IP (VoIP) “On A Shoe String “

November 10, 2010 Washington, D.C.. Agenda Secure Component tool Secure Component tool Contacts and Messaging Contacts and Messaging Workspaces Workspaces.

The Internet, World Wide Web, and Computer Communication.

Chapter 7: Using Windows Servers to Share Information.

PC Maintenance: Preparing for A+ Certification Chapter 25: The Internet.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Unit 6 Tracking Internet Crime. Tracing In general, is also going to be one of the easiest forms to track and trace. service providers.

Microsoft Office Communicator A General Introduction.

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Discovering Computers 2010 Chapter 2 The Internet and World Wide Web.

Belkasoft Evidence Center Yuri Gubanov CEO, Belkasoft What the flagship Belkasoft product can do for you?

1 Chapter 2 & Chapter 4 §Browsers. 2 Terms §Software §Program §Application.

File Recovery and Forensics

Skype P2P Kedar Kulkarni 04/02/09.

Instant Messaging Alan Parker Robert Callow Brian Kearney Fortunato Macari Daniel Harrington Chang Gong Wang.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 1 1 Browser Basics Introduction to the Web and Web Browser Software Tutorial.

Choosing an Instant Messenger Would you like to send Instant Messages, but aren’t sure which tool to use? Here’s help to decide. Skip to Main Menu.

Decision Group Inc. E-DETECTIVE Decision Group Inc.

Introducing the Internet and The Web Computer Concepts Unit A What Is Internet.

NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.

The Internet CSC September 30, History of the Internet Developed for secure military communications Evolved from Advanced Research Projects.

An analysis of Skype protocol Presented by: Abdul Haleem.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

Kuliah Pengantar Teknologi Informasi Coky Fauzi Alfi cokyfauzialfi.wordpress.com Internet (2)

1 REMOTE CONTROL SYSTEM V7 2 Introduction.

Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.

External Messaging Services. Page 2 External Messaging: Extends the power of Presence and Instant Messaging outside corporate Network Provided only to.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.

Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.

Responder Field Edition & Pro

Computer Forensics 1 1.

Responder Field Edition & Pro

Skype For Business Introduction

Presentation transcript:

Presented By: Manpreet Singh Randhawa CSc 253

Chat Forensics Traditional Chat Forensics Web-based Chat Forensics IM Comparison Skype Security Skype Communication Framework Skype As A Threat To Enterprise Network Security Skype Forensics – Tools Paraben Chat Examiner Belkasoft Forensic IM Analyzer Legal Issues

More and more people are communicating through chat. Popularity and purported privacy of instant messaging exploited by criminals, especially online predators. Loads of digital evidence. Digital forensic examiners need to perform a thorough analysis of chat logs, registry keys and other artifacts. Several chat programs - ICQ, Yahoo, MSN, Trillian, AIM, Hello, Skype, Miranda, Google Talk, and more. Chat rooms where people from across the world can communicate using various methods: Text Messaging, Pictures, Audio, Video, Webcam, File Sharing, etc. 3

Instant messaging is the process of exchange of text messages, etc in real-time between two or more people logged into a particular instant messaging service. Client-based messaging programs such as AIM, MSN Messenger, Yahoo Messenger, etc. Require some form of installation on client machine. Users need to authenticate. Messaging server can archive the IP address of the user – pinpoint a user to a specific computer or geographical location. Conversations are not logged by messaging servers. Information can be recovered from suspect’s machine. 4

Chat logs saved on user machine as per user specification or at default location such as Program Files. Several evidentiary artifacts: Chat logs Registry keys File transfers Configuration files Archived/Deleted messages Stored “buddy” lists 5

Traditional messaging clients that can be accessed using only a web browser viz. AIM Express, Google Talk, Meebo, E-Buddy, etc. Real-time messaging between two or more people using a web interface (without access to a traditional client). Volatile nature of the data and artifacts created. After web browser is closed or machine is shut down, no records of user activity or chat log archives are retained. Programs do not write to registry keys or leave configuration files on client machine. Investigators can only look at remnants of whole or partial conversations dumped to page files or unallocated space on hard disk. 7

Artifacts partially recovered include time estimate, conversation details, screen names, and buddy list details. Browser forensics come in handy. Valuable information found in: Internet cache files History.IE5 Index.dat file Temporary Internet Files\Content.IE5 Cookies Pagefile.sys 8

Skype provides transport-layer security to ensure that message content traveling over Skype cannot be tapped or intercepted. Skype's encryption is always on and cannot be turned off. Skype employs strong end-to-end encryption using 256-bit AES, which is then authenticated by PKI cryptography, to guarantee authenticity, secrecy, and integrity of communication over Skype. Only username, version, and IP address are stored at servers. Skype does not record any content from communications. 11

Skype HTTP Server – HS; Skype Client – SC; Super Node – SN; Registration Super Node – RSN; Authentication Super Node – ASN; Location Super Node – LSN; Neighbour Super Node – NSN;

Peer-to-peer (P2P) voice over IP (VoIP) technology. Skype’s super node (SN) mechanism threatens network availability. Ability to traverse network address translation (NAT) mechanism. Ability to bypass corporate firewalls. Skype’s payload is encrypted end to end. Skype seems flawless but has one loophole – allows multiple logins for the same account. 13

14

15

Supports ICQ b, Yahoo, MSN 6.1, 6.2, 7.0, & 7.5, Trillian, Hello, Skype, & Miranda Chat Logs Auto-search function helps locate Chat Logs Complete bookmarking and reporting functionality Advanced filtering and searching options Open multiple chat databases in one workspace 16

Support for ICQ (all versions from 97a to ICQ6), Microsoft MSN/LiveMessenger, Skype, Yahoo! Messenger, MySpace IM, &RQ, Miranda, SIM, QIP, QIP Infium, Google Hello, Trillian, QQ and AIM. Intellectual search for history files in folders other than default IM history folders. Search can be performed on all computer's drives as well as on mapped network drives (including Encase mapped drives). 17

United States v. Jackson, 2007 WL (D. Neb. May 8, 2007). In a criminal case, the defendant filed a motion in limine to exclude evidence of chat room conversations. At the conclusion of each chat room session, an undercover police officer conducting the chat room conversation would cut-and- paste the entire conversation into a word document for later review. However, a computer forensics expert testified that this cut-and-paste method created several errors and that several portions of the defendant’s conversations were omitted. The defendant argued the omitted portions of the transcript contained evidence relating directly to his intent and should not be admitted as evidence. The court found that the cut-and-paste document was not admissible evidence at trial because it was not authentic under the Federal Rules of Evidence. 18

19 Thank You!