Internet Forensics

In: Computers and Technology

Submitted By eniac
Words 1947
Pages 8
IP Addresses IP Addresses
• IP Address – numerical label of a device IP Address numerical label of a device participating in a network • IPv4 32 bit x x x x IPv4 – 32 bit – x.x.x.x • IPv6 – 128 bit hex – x.x.x.x.x.x.x.x • Static vs. Dynamic • Address lease expiration, “sticky dynamic IPs” p , y y

Internet Registries Internet Registries
• ARIN – North America, part of the Caribbean, Sub‐Saharan Africa • RIPE – Europe, Middle East, parts of Africa and Asia • APNIC – Asia‐Pacific Asia Pacific • LACNIC – Latin America, Caribbean • Private IP Ranges:
IPv4 : IP 4 192.168.0.0 192 168 0 0 10.0.0.0 172.16.0.0 FEC ‐ FEF FE8 ‐ FEB

IPv6 : IP 6 Site‐local: Link‐local:

DNS
• DNS (Domain Name System) – hierarchical S( o a a e Syste ) e a c ca naming system for any resource connected to a network or Internet. • Maintains the domain namespace and provides translation services between the IP and DN namespaces • DNS Server maintains:
– (A) Add (A) Address records d – (NS) Name server records – (MX) Mail exchanger records (MX) Mail exchanger records

DNS on the Internet DNS on the Internet
• ICANN – Internet Corporation of Assigned Names and Numbers
• • • • IP address allocation Protocol identifier assignment Country code / top‐level domain management Root server management

• Top‐Level Domain – highest hierarchical level in DNS
– – – – Category ‐ .com, .net, .org, .biz, .name, .pro Country ‐ .ua, .ru, .cn, .us, .ca Sponsored ‐ .aero, .jobs, .travel, .mobi, .edu, .gov, .mil Infrastructure – .arpa, .localhost, .test, .example, .invalid

• Domain Name Registry – database of all domains registered to a top‐level domain t l ld i • Domain Name Registrar – agency accredited by ICANN to manage domain name reservations (GoDaddy, TwoCows, Network Solutions, etc.) etc )

DNS Concerns DNS Concerns
• • DNS Cache Poisoning ‐ is a maliciously created or…...

Similar Documents

Twitter Forensics

...Twitter Forensics CSC 585: Topics in Computer Forensics Final Paper Department of Computer Science University of Rhode Island Abstract Social network service (SNS) recently has been popular and lots of information is shared through this service, such as Facebook, Twitter, Linkedin, and etc. Since SNSs have grown, people started being interested in criminal evidences in the services. Twitter is a real-time information network that connects you to the latest information about what you find interesting similar to Facebook. There has been a research about Facebook Forensics, but not about Twitter yet. This paper aims to find crime evidences from Twitter by tracking footprints in memory, or browser caches. 1 1. Introduction Twitter is a website, owned and operated by Twitter Inc. Twitter offers a social networking and microblogging service that enables its users to share information by sending and reading other users' messages called tweets. Users can post Tweets that are text-based posts of up to 140 characters. Users may subscribe to other author tweets by following. Twitter supports compatible external applications, such as smartphone applications, or Short Message Service (SMS) that allow users to send and to receive tweets via the Twitter website. Since its creation in 2006 by Jack Dorsey, Twitter has gained notability and popularity worldwide and currently has more than 100 million users worldwide. It is sometimes described as the "SMS of the......

Words: 3601 - Pages: 15

Forensic

...Restoration of Obliterated Marks in Forensic Science Practice and Investigations R. Kuppuswamy Forensic Science Programme, School of Health Sciences, Universiti Sains Malaysia Malaysia 1. Introduction 1.1 The problem A problem of common occurrence in forensic science is the restoration of obliterated serial numbers on the chassis and engine of stolen motor vehicles, firearms, jewellery, valuable tools, and machinery (Nickols, 1956; Wolfer & Lee, 1960; Jackson, 1962; Cunliffe & Piazaa, 1980; De Forest & Gaensslen, 1983; Schaefer, 1987; O’Hara & O’Hara, 1994; Moenssens et al (1995); Heard, 1997; Petterd, 2000; Lyle, 2004; Katterwe, 2006; Seigel, 2007; Mozayani & Noziglia, 2006; Jackson et al (2008); Levin, 2010). Serial numbers or other markings, which are unique to that particular item, are usually marked on the above metal surfaces during the manufacturing process. Criminals alter or obliterate these identification marks during thefts or other illegal uses in order to prevent their identity. On many occasions a fraudulent number would be introduced after removing the original one. In abandoned vehicles all serial numbers are verified in order to detect alterations in the identity of the vehicle (Svensson et al, 1981). Sometimes the serial numbers on firearms are removed more professionally making it hard to distinguish whether the numbers are original or not (Shoshani et al, 2001). Restoration of the original obliterated numbers provides important forensic evidence in......

Words: 10345 - Pages: 42

Forensics

...files of a source drive, to save space on the target drive. Hashing helps check the integrity of the data. Various tools can integrate metadata into the image file But there exits an inability to share an image between different vendors’ computer forensics analysis tools. Like ILook imaging tool IXimager produces IDIF, IRBF, and IEIF but can be read only by ILook. Proprietary format tools produce a segmented file of 650 MB. Maximum file size per segment can be 2 GB. 2. Disk-to-disk copy: UNIX/Linux dd command does disk-to-disk copy. dd command is very easy and effective in a Linux machine. But for that we need equal or larger space in the target disk to copy full image from the source disk. Raw formatting is a technique in which we use dd command to generate image files which are split into smaller segments and are exact bit-by-bit replica of the original disk. These are sequential flat files of the source drive. Hardware and software duplicators are available for disk to disk copy. Hard duplicators like Logicube Talon,etc and software duplicators like SafeBack, EnCase, etc. Raw format is faster data transfers and has the ability to disregard minor data read errors. Versatility is a big deal as the output because many forensics tools can read the raw format, making it a universal acquisition format for most tools. It needs equal storage space as compression option is unavailable. Freeware versions, sometimes might not collect marginal (bad) sectors on the source......

Words: 937 - Pages: 4

Forensic

...Subspecialties of forensic psychologySubspecialties of forensic psychologySubspecialties of forensic psychology Forensic psychology is defined as the application of psychological knowledge to the legal system (Bartol & Bartol, 2012: 6). The concept of forensic psychology can be misunderstood, because the definition does not explain much. The easiest way to explain forensic psychology is to break it down into its subspecialties and describe where psychological knowledge can be applied. There are five subspecialties of forensic psychology, namely police psychology, psychology of crime and delinquency, victimology and victim services, legal psychology and correctional psychology. I will discuss legal psychology and correctional psychology. · Legal psychology Legal psychology is the study of human behavior relevant to the law. This subspecialty of forensic psychology consists of those theories that describe, explain and predict human behavior by reference to the law. Bartol & Bartol (2012) described that early in a case when attorneys are preparing for a trial and gathering information psychologist can be called in to testify. Main roles of a forensic psychologist in the USA includes, acting as a consultant to law enforcement, acting as trial consultants (jury selection, case preparation and pre-trial publicity), presenting psychology to appeal courts, doing forensic assessment and acting as an expert witness (insanity defense, competence to stand trial, sentencing, eyewitness...

Words: 1988 - Pages: 8

Forensic

...Forensic Psychology Abstract: U.S. Supreme Court Rules in Kumho Tire Co. v. Carmichael Case (No. 97—1709. Argued December 7, 1998–Decided March 23, 1999) On March 23, the U.S. Supreme Court ruled in Kumho Tire Co. v. Carmichael, No. 97-1709, that all types of expert evidence are subject to the relevance and reliability ‘gatekeeping’ function that the Supreme Court had articulated with respect to scientific evidence in Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993). The Court further held that trial judges have substantial discretion or ‘considerable leeway’ to determine how to evaluate relevance and reliability and to make a determination on whether to admit the expert evidence. While this decision will make it more difficult when judges are hostile to the type of expert testimony being offered by plaintiffs, there were some helpful aspects to the Court’s opinion that lawyers for plaintiffs should know and emphasize: • The Court rejected arguments that all, or even one, of the four Daubert factors (testing, peer review, error rates, and scientific acceptability) must be satisfied for the testimony to be admissible, noting that even in scientific evidence cases the Daubert factors ‘do not all necessarily apply’; • The Court endorsed the idea that expert testimony from reliable fields of study that conforms with the standards used in that discipline should be admissible (In doing so, the Court was......

Words: 395 - Pages: 2

Forensic

...medical examiners use similar phrases. Most people enjoy watching CSI, Criminal minds, and Law and Order. If you haven’t guessed by now, I am totally interested in crime scenes and how people die. A forensic pathologist is a great profession that requires hard work, dedication, and flexibility. A Forensic Pathologist is a person who examines the bodies of people who died suddenly, unexpectedly, or violently. They are in charge of determining a person death. A medical examiner perform autopsy and trace evidence from the body for further information. This profession works hand and hand with criminal law. As a medical examiner, you are responsible for finding the exact cause of death. “I wanted to be a forensic scientist for a long time. It's like putting the pieces of a puzzle together. Solving mysteries seemed like it would be fun, scary and exciting all at the same time.” Forensic Pathologist performs a full death investigation. As a coroner, evaluates crime scene evidence. There is a large vocabulary that forensic pathologist must learn. The terminology that medical examiners use is totally different from everyday language. They use medical terms that doctors use for body parts. Education is very important no matter what career path you choose. For a forensic pathologist, you will need plenty of education you must go to high school and college; you must also make good grades. In high school, you should strive to keep a B average. Asking your......

Words: 1117 - Pages: 5

Forensic

...antigen found on the surface of red blood cells 85% of human population is Rh+ Anibodies are Y-shaped proteins secreted by white blood cells that attach to foreign antigens to destroy them. If you have blood type A, you have Antigens on your red blood cells, and B antibodies in your blood plasma. Those B antibodies will clump if mixed with B antigens. Genotype I(b) I(b) Phenotype Blood type B Heterozygous I(a) I (i) Homozygous I(a) I(a) Chapter 10 Serology is used to describe a broad scope of laboratory tests that use specific antigen and serum antibody reactions The concept of specific antigen-antibody reactions has been applied to immunology techniques for the reaction of drugs of abuse in blood and urine. Forensics of Blood The determination of blood is best made by means of a preliminary color test. A-B-O vs. DNA Seminal stains- sexual contact Blood spatter analyst at crime sense Transfer of blood Arterial spurting----splash of blood---dribble down on the wall Blood drip onto blood---surface Violence of event (energy) Very energetic event-----gun shots Falling drop of blood Spherical------ hit at an angle Multiple blood droplets---plot backwards---point of convergence=source of blood...

Words: 269 - Pages: 2

Computer Forensics

...Computer Forensics The world of crime has expanded right along with the explosion of the internet. The modern cyber criminal has veritable global playground in which to steal money and information from unsuspecting victims. Computer forensics is a quickly emerging science against the increasingly difficult battle to bring criminals to justice who perpetrates crimes on others. The computer forensics field is a relatively new investigative tool but enjoys continual advances in procedures, standards, and methodology which is making the identification, preservation, and analyzing of digital evidence a powerful law enforcement apparatus. The job of the cyber forensic professional is to look for clues the attacker left behind on web sites, servers, and even the e-mail message itself that will unravel their sometimes carefully woven veil of secrecy. Attackers come in all forms and from a variety of different circumstances. For instance, an attacker can begin a phishing scam with only a web server they control with very little programming experience and a way to send a lot of e-mail messages. (Jones 4) In order to combat the waves of cyber-attackers, we must utilize Open Source Community applications to combat the continual onslaught of infections, exploitations, and trickery employed everyday against our systems and networks. Today's attacker uses a variety of technologies to employ their methods and understanding those abilities is integral to preparing for an......

Words: 2742 - Pages: 11

Forensic

...Forensic Pathology In the many months I’ve researched Forensic Pathology, I’ve found so many roads that I have to take in order to get there. I have been pursuing this dream since my freshmen year. I found so many interesting, shocking, and yet some upsetting things. I realized that not everything is positive when it comes to choosing your career. When actually seeing, physically what Forensic Pathology really is, you’ll be shocked about it. Since reading about it and actually doing the job, it’s so different it never crossed my mind that it would be so much work. There are many steps to becoming a Forensic Pathologist. The education for it takes many years, but yet it is possible. A forensic pathologist (which is known to most people as a medical examiner), is heavily involved in the criminal justice system and medical system. The medical examiner's main job is to conduct an autopsy on the victim of any unnatural form of death. Their primary task in potential criminal cases is to find the cause of death and confirm if it was homicidal, suicidal, or an accident. They perform autopsies, write out autopsy reports, look over victim's medical records, and interview the victim's next of kin. They also have to be trained in the legal system and to be able to testify in court cases involving death or injury (“Forensic Pathology,” 2009). Most forensic pathologist start as a resident, then after residency they awarded the title medical examiner. They can continue working to......

Words: 363 - Pages: 2

Forensics

...this research paper was to analyze three anti-forensic techniques for potential methods of mitigating their impact on a forensic investigation. Existing research in digital forensics and anti-forensics was used to determine how altered metadata, encryption, and deletion impact the three most prominent operating systems. The common file systems for these operating systems were analyzed to determine if file system analysis could be used to mitigate the impact of the associated anti-forensic technique. The countermeasures identified in this research can be used by investigators to reduce the impact of anti-forensic techniques on an investigation. Also, the results could be used as a basis for additional research. File system analysis can be used to detect and mitigate the impact of the three methods of anti-forensics researched under the right circumstances. Some areas of anti-forensics and file systems have been relatively well-researched. However continued research is necessary to keep pace with changes in file systems as well as anti-forensic techniques. Keywords: Cybersecurity, Albert Orbinati, Windows, Linux, Macintosh, file table. MITIGATING THE IMPACT OF ANTI-FORENSIC TECHNIQUES THROUGH FILE SYSTEM ANALYSIS by Gabriel A. Flynn A Capstone Project Submitted to the Faculty of Utica College August 2012 in Partial Fulfillment of the Requirements for the Degree of Master of Science Cybersecurity – Intelligence & Forensics © Copyright 2012 by Gabriel Flynn All......

Words: 11835 - Pages: 48

Forensics

...___ 2 Body 2 Computer Forensics 2 Internet Security 2 Conclusion_________________________________________________________________ 4 Sources 5 Introduction In this report I will be writing on two jobs: computer forensics and information Security. I am writing on these two due to the fact that these are two job considerations for my degree. I will be discussing benefits of each job, average pay, and description of each job. I will take time to go into detail into each of the jobs that I would like to have. I will be going into the origin of each job, degrees required for each job, and the different fields that these jobs cover. Purpose The purpose of this report is to educate others and myself on what these two jobs are about. To better inform others of the importance of each of these jobs in the digital world. It will hopefully allow others to have a better understanding of the two jobs that I have chosen. There are many things about each of these jobs that people would deem as boring or not interesting, but the digital world is a very interesting place. It is like another world laid on top of this one, there but just out of reach unless you have the technology to access it. There are many things one can gleam from the internet and the digital world, and I will expound upon these in this report. Methodology The method of research done for this report was mainly internet based. I used google......

Words: 1629 - Pages: 7

Forensics

...In the article it was discussing all the different types of forensics there are. People think there is just one type of forensics, but there’s a wide range of all different types. I also picked this article because I think people should realize that forensics is a very hard field to go into. You really have to really have heart to be able to go into this field. Investigator’s really have to go into detail about every little thing. In the investigations you really cannot miss a single detail. The article also goes in depth about what sciences are required to take, and for that person to really know. To be in the field you really have to love what you do. Many people often misunderstand Forensic Science and believe it is much more capable than it really is. People typically think that what they watch on T.V. is 100% true. Actually what you see on T.V. is mainly false or over exaggerated in some way. Criminal Investigation is the largest and most known form of Forensic Science. More of the known areas that people know about Forensics are; Fingerprinting, DNA Identification, Fiber Samples, Computer Animation, etc. What people see on T.V. is that it takes about an hour for the people on the NCIS, or Law & Order to figure everything. Typically it takes months at a time, and most of the time aren’t even accurate concepts. This article relates to my life, because forensics is really all about a puzzle. I feel like my life is like a puzzle. But in a good way. This article......

Words: 314 - Pages: 2

Forensic Evidence in It

...U.S. Department of Justice Office of Justice Programs National Institute of Justice APR. 04 Special REPORT Forensic Examination of Digital Evidence: A Guide for Law Enforcement U.S. Department of Justice Office of Justice Programs 810 Seventh Street N.W. Washington, DC 20531 John Ashcroft Attorney General Deborah J. Daniels Assistant Attorney General Sarah V. Hart Director, National Institute of Justice This and other publications and products of the U.S. Department of Justice, Office of Justice Programs, National Institute of Justice can be found on the World Wide Web at the following site: Office of Justice Programs National Institute of Justice http://www.ojp.usdoj.gov/nij APR. 04 Forensic Examination of Digital Evidence: A Guide for Law Enforcement NCJ 199408 Sarah V. Hart Director This document is not intended to create, does not create, and may not be relied upon to create any rights, substantive or procedural, enforceable at law by any party in any matter civil or criminal. Opinions or points of view expressed in this document represent a consensus of the authors and do not represent the official position or policies of the U.S. Department of Justice. The products, manufacturers, and organizations discussed in this document are presented for informational purposes only and do not constitute product approval or endorsement by the U.S. Department of Justice. This document was prepared under Interagency Agreement #1999–IJ–R–094......

Words: 22743 - Pages: 91

Forensics

...DNA is a molecule that contains the body’s genetic information. ”DNA typing is also known as DNA profiling and genetic fingerprinting. Forensic investigators use this method to identify the suspects involved in a criminal case(s). “Although 99.9% of human DNA sequences are the same in every person, enough of the DNA is different to distinguish one individual from another.” (Accessexcellence.org) A Mr. Alec Jefferys first documented the DNA typing procedure in 1984 at the University of Leicester in England. Inside ones DNA, we find what is called Short Tandem Repeats (STR). It is known why STR exist, but what is significant is that over 30 percent of human DNA is made up by these STR. “STRs are locations on the chromosome that contain short sequence elements that repeat themselves with in the DNA molecule.”(Saferstein, R pg.397) With Polymerase Chain Reaction or PCR technology, DNA research has made leaps and bounds. This method greatly enhances a single piece of DNA and makes thousands of copies of that particular DNA sequence. Another reason PCR is proven beneficial is that it moves shorter strands of DNA that are supposed to be more stable and less subjected to degradation, as oppose to the longer strand that break in bad environment atmospheres. Particularly PCR can enhance the STRs found in individuals blood and can be used to tell the difference between different individuals DNA, thereby proving a person innocent or guilty. In criminal investigations today DNA is used...

Words: 1256 - Pages: 6

Forensic

...Forensic Toxicology     It was during the years of 1998 and 2001 that a very demure and innocent looking woman named Van le Thahn began her killing spree. Thahn was 49 years old  at the time and was from the city of Ho Chi Minh in Vietnam. Van le Thahn successfully poisoned 13 people with cyanide. Named the Vietnamese Black Widow, Van would intentionally place herself in situations that would allow her to interact with people who were rich and affluent. After gaining access to the circle, Van would befriend those that she thought would be easy targets and victims to her scheme. She would cook for her new found “friends” and provide drinks that contained cyanide which ultimately ended their lives. Van did not discriminate when it came to her targets in some cases. It is estimated that Van killed thirteen people during the years of her killing spree, among the thirteen people she killed included was her mother-in-law, brother-in-law, and two ex-husbands. It is speculated that the killing of the members of Van’s extended family was due to ongoing family problems. Van’s main goal for the selection of her targets and killing them was to take their most valuables items for her possession or sell them for the money. It is estimated that Van was able to steal more than twenty thousand US dollars from her victims. Because of the nature of these killings it made finding out that Van was the killer hard. It is without a doubt that had it not been for the expertise of a Forensic......

Words: 1979 - Pages: 8