Your SlideShare is downloading. ×
File000146
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

File000146

199

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
199
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Module XXXIII – Investigating Internet Crimes
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Fraud Investigation Leads to Charges Date: August 09, 2008 Following a two-year investigation into international Internet fraud, a Kelowna man has been arrested. The Calgary Police Service and Royal Canadian Mounted Police conducted a two-year investigation related to a series of Internet frauds, in which victims in the United States and Sweden were defrauded of hundreds of thousands of dollars through Internet auctions for vintage automobiles. The investigation indicates these Internet frauds may have been part of a larger scheme, where victims were lured into bidding on Internet auction sites for vintage automobiles. Victims would then send their money, usually in the tens of thousands of dollars, by wire transfer to bank accounts held in Calgary. The victims would either fail to receive a purchased vehicle or received a vehicle that was not the same as the item purchased. The money that was received from victims into holding company bank accounts was then directed elsewhere. Source: http://www.bclocalnews.com/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Does the Internet Need its Own Police Force? Sunday, December 21, 2008 5:32 AM PST 2008 has been a year of growth in malware, infections, botnets and criminal profits. Recently, some security experts called for the punishment of these criminal activities. Malware tripled in 2008 In its 'End of Year Data Security Wrap-up for 2008', Finland-based security company F-Secure said their detection count tripled in one year, which means that the total amount of malware accumulated over the previous 21 years increased by 200 per cent in the course of just one year. Criminal activity for financial gain remains the driver for the massive increase in Internet threats. Today's malware is produced by highly organised criminal gangs using increasingly sophisticated techniques. This year has seen increasing botnet activity around the world. These remotely controlled networks of infected computers remain a major challenge to the IT security industry because it is their vast computing power that is behind the unprecedented level of spam e-mail and malware distribution. Roy Ko, a computer security expert based in Hong Kong, has seen an overall decrease in the number of virus incidents and phishing spyware, but an increased number of alerts in the past year. Ko is the manager of Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) at the Hong Kong Productivity Council. Daniel Eng, a computer forensics expert, said the contemporary public IT security issues include data leakage, misuse of Foxy, potential security issues with Apple's 3G iPhone, the growth of Bonets, the vulnerability in Flash videos called 'Clickjacking' (viewers' computers put under attack upon clicking on flash videos), and anti-forensics tools. Source: http://www.pcworld.com
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Internet Crimes • Internet Forensics • DNS Record Manipulation • Email Headers Forging • Switch URL Redirection • Downloading a Single Page or an Entire Website • HTTP Headers • Examining Information in Cookies This module will familiarize you with:
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Internet Crimes Internet Forensics HTTP HeadersDNS Record Manipulation Switch URL Redirection Examining Information in Cookies Email Headers Forging Downloading a Single Page or an Entire Website
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crimes • Phishing is a method in which an attacker sends email to collect the information from the recipients • It uses different types of social engineering and spoofing techniques to steal the information from the recipients Phishing: • Spamming is populating the user’s inbox with unsolicited or junk emails • Spam email contains malicious computer programs such as viruses and Trojans which change the computer settings or track the system Spamming: • Internet identity theft is the identity theft using Internet • Attacker steals other’s identity by stealing email, eavesdropping other’s transactions over Internet, or stealing the information from computer databases Internet Identity Theft: Internet crime is a crime committed on the Internet, using the Internet and by means of the Internet Internet crimes include:
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crimes(cont’d) • In the credit card fraud , an attacker illegally uses the other’s credit card for purchasing goods and other services Credit Card Frauds: • It refers to harassing a victim through email or Instant messaging • Internet, e-mail, or other electronic communication devices can be used to stalk victims Cyberstalking: • Cyber terrorism refers to usage of information technology by the terrorists for developing their agenda Cyber Terrorism: • Accesses other’s computer in an unauthorized way • Attacker uses different hacking tools or password cracking tools to get access to other’s system Computer Hacking:
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crimes (cont’d) • Child Pornography is defined as a visual depiction of any kind, including a drawing, cartoon, sculpture, or painting, photograph, film, video, or computer- generated image of sexually explicit conduct, where it depicts a minor engaged in sexually explicit conduct Child Pornography: • It refers to unauthorized copying and distribution of software, music’s, or movies over the Internet Internet Piracy: • Non-delivering the product • Triangulation • Misrepresentation • Shill bidding • Trading black market products • Fee stacking • Bid shielding or multiple bidding Internet Auction Fraud: Creation and/or distribution of Viruses, Trojans, and Spam
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Forensics Internet Forensics is the application of scientific and legally sound methods for the investigation of Internet crimes It uses a combination of advanced computing techniques and human intuition to uncover clues about people and computers involved in Internet crime
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Why Internet Forensics Underlying Internet protocols were not designed to address the problems Electronic evidence is fragile in nature It is difficult to verify the source of a message or the operator of a website
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Goals of Investigation To ensure that all applicable logs and evidence are preserved To understand how the intruder is entering the system To discover why the intruder has chosen the target machine To gather as much evidence of the intrusion as possible To obtain information that may narrow your list of suspects To document the damage caused by the intruder Gather enough information to decide if law enforcement should be involved
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steps to Investigate Internet Crimes 1 • Obtain a search warrant and seize the victim’s apparatus 2 • Interview the victim 3 • Prepare bit-stream copies 4 • Identify the victim’s configuration 5 • Acquire the evidence 6 • Examine and analyze 7 • Generate the report
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Obtain a Search Warrant The search warrant application should describe clearly how to perform the on- site examination of the computer and the network device Seize all the devices suspected to be used in crime including: • Victim’s computer • Router • Webcam • Switch • Other network device Forensic tests should be performed on all equipment listed in the search warrant
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Interview the Victim Interview the victim about the incident Ask him/her the following question: • What incident occurred with the victim? • From where did the intruder enter the network? • What was the purpose of the attack? • What are the major losses from this incident?
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Prepare Bit-Stream Copies Prepare a copy of the memory and configuration of the affected computer using a tool such as Safe Back Never work directly on the original evidence
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check the Logs Check the offsite or remote logs Check the system, email and web server, and firewall log files Check log files of the chat sessions if attacker monitored or had conversation with the victim through IRC services
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Identify the Source of the Attack Trace the source of the attack from where the attack originated • Website • Email id The source can be the following:
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IP Address Each computer communicating over the Internet is assigned a unique 32-bits numeric address, which is written as four numbers separated by periods • Example 183.154.216.212 • Class A • For large networks with many devices • Class B • For medium-sized networks • Class C • For small networks (fewer than 256 devices) • Class D • Multicast addresses • Class E • Reserved for future use There are five different address formats or classes: 32 bits Network Host Network HostHostNetwork 8 bits 0-255 0-255 0-255 0-255 8 bits 8 bits 8 bits
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Assigned Numbers Authority IANA assigns the globally unique number called an IP address It is the entity that oversees global IP address allocation, DNS root zone management, media types, and other Internet protocol assignments It is operated by the ICANN, whose headquarters are in Los Angeles, California, US
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Regional Internet Registry (RIR) RIR is an organization overseeing the allocation and registration of Internet number resources within a particular region of the world • American Registry for Internet Numbers (ARIN) for North America and parts of the Caribbean • RIPE Network Coordination Centre (RIPE NCC) for Europe, the Middle East and Central Asia • Asia-Pacific Network Information Centre (APNIC) for Asia and the Pacific region • Latin American and Caribbean Internet Address Registry (LACNIC) for Latin America and parts of the Caribbean region • African Network Information Centre (AfriNIC) for Africa There are currently five RIRs in operation:
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Service Provider Internet Service Providers are commercial vendors that provide Internet service They may reserve blocks of IP addresses that can be assigned to their users
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Trace the IP Address of the Attacker’s Computer Examine the email headers and get the IP address of the attacker’s system Access a website that allows you to find IP address information Use IP address locating tools such as WhoisIP to find out the location of the attacker The IP address identifies the computer that is used to send the message to other computers within the Internet
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Domain Name System (DNS) DNS is a distributed Internet directory service It translates domain names to IP addresses and vice versa It enables you to assign authoritative names without the need to communicate with a central registrar Source: http://nirlog.com/ www.example.com 145.214.158.216
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DNS Record Manipulation • Mail Server - MX • DNS Server - NS • Network Host - A • Alias - CNAME • Reverse Host Record - PTR • Text Record - TXT DNS uses several different records for converting domain names into IP addresses such as: • DNS Poisoning: • In a DNS poisoning attack, DNS servers are manipulated to fetch updated, incorrect DNS records from a server • DNS Pharming : • Pharming is a term used for different approaches for manipulating DNS records DNS Record manipulation techniques:
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DNS Lookup A process which converts a unique IP address into a domain name and vice-versa A DNS Lookup service also gives the following information: • Details of Domain Name Servers • Registrars of domain name • Regional Internet Registries Example of online DNS Lookup services: • www.dnsstuff.com • http://www.bankes.com/nslookup.htm • http://www.network-tools.com/
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Nslookup Nslookup is a program to query Internet domain name servers and also displays information that can be used to diagnose Domain Name System (DNS) infrastructure It helps to find additional IP addresses if authoritative DNS is known from whois
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Analyze the Whois Information Analyze the IP address information from the Whois database, which shows information from the RIR database Look for the physical address, telephone number, and other contact information from the registry
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Whois Whois is the client utility that communicates with WHOIS servers located around the world to obtain information about domain registration It supports IP address queries and automatically selects the appropriate Whois server for IP addresses
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Example Whois Record
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Whois Tools and Utilities http://www.dnsstuff.com/ http://whois.domaintools.com/ http://network-tools.com/ http://centralops.net/co/ http://www.betterwhois.com/ Samspade, http://samspade.org/
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Samspade http://samspade.org/ Samspade is an integrated network query tool for Windows • Nslookup: This utility gives the details of Domain Name Server • Whois lookup: Whois lookup provides all the details of a domain name • Name and contact details of registrar: Name and contact details of domain name owner • Traceroute: This utility traces the route to the Domain Name Server and gives the details of all the intermediate gateways between the DNS and a specified computer connected to the system • SMTP verification utility: Simple Mail Transfer Protocol (SMTP) verifies the origin of emails Functions:
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SamSpade Report
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IP Address Locator http://www.geobytes.com/IpLocator.htm?Getlocation IP address Locator assists in locating the geographical location of an IP Address
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IP Address Locator: Screenshot
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited www.centralops.net: Tracing Geographical Location of a URL • Email Dossier • Ping • Traceroute • NsLookup • AutoWhois • TcpQuery • AnalyzePath www.centralops.net is a collection of Internet utilities developed by Hexillion for:
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited DNS Lookup Result: centralops.net
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Traceroute Traceroute works by exploiting a feature of the Internet Protocol called TTL (Time To Live) It reveals the path IP packets travel between two systems by sending out consecutive UDP packets with ever-increasing TTLs As each router processes an IP packet, it decrements the TTL; When the TTL reaches zero, it sends back a "TTL exceeded" message (using ICMP) to the originator Routers with DNS entries reveal the name of routers, network affiliation, and geographic location
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collect the Evidence • Running processes (ps or the /proc file system) • Active network connections (netstat) • ARP cache (arp) • List of open files (lsof) • Virtual and physical memory (/dev/mem, /dev/kmem) Volatile and important sources of evidence on live systems, and the commands used to capture the evidence • Guidance Software’s EnCase (:www.guidancesoftware.com) • Accessdata’s Forensic Toolkit (www.accessdata.com) Computer Forensic Tools for Data Collection include:
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examining Information in Cookies Cookies are used for authenticating, tracking, and maintaining specific information about users Syntax of a Set-Cookie header looks like: •Set-Cookie: <NAME>=<CONTENT>; expires=<TIMESTAMP>; path=<PATH>; domain=<DOMAIN>; • Identifies cookie NAME • String of information that has some specific meaning to the server. CONTENT • Denotes date, time , and duration of cookie (Wdy, DD-Mon-YYYY HH:MM:SS GMT) TIMESTAMP • Denotes the directories on the target site PATH • Defines hosts within a domain that the cookie applies to DOMAIN
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Viewing Cookies in Firefox 1. Go to Tools -> Options 2. Click on Show Cookies
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Cookie Viewer http://www.karenware.com/ Cookie Viewer automatically scans your computer, looking for "cookies" created by Microsoft's Internet Explorer, Netscape's Navigator and Mozilla Project's Firefox web browsers It displays the data stored in each one and also deletes any unwanted cookies stored by these browsers
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Switch URL Redirection URL redirection is a technique where many URLs point to a single web page It is done by posting the address of one site and redirecting the traffic it receives to the target address It can be done in two basic ways: • Page-based redirection: • Adding a special tag to a web page on the proxy site that tells the browser to go to the target • Server-based redirection • Adding a line to the web server configuration file to intercept the request for a specific page that tells the browser to fetch it from the target location
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Javascript for Page- based Redirection var version = navigator.appVersion; // sets variable = browser version if (version.indexOf("MSIE") >= -1) // checks to see if using IE { window.location.href="ie.htm" /* If using IE, it shows this page replace ie.htm with page name */ } else window.open("other.htm", target="_self") /* else open other page replace other.html with page name */
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Embedded JavaScript Embedded JavaScript is used by attackers to cover tracks • Hide source HTML for a page • Manipulate the URL displayed in the status bar and browser history Java scripts can be used to :
  • 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Downloading a Single Page or an Entire Web Site To save a page from browser, Go to File -> Save Page As • Grab-a-Site • SurfOffline 1.4 • My Offline Browser 1.0 Following tools can be used to save an entire web site:
  • 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Downloading a Single Page or an Entire Web Site (cont’d) Grab-a-Site is a file-based Offline Browser that combines speed, stability, and powerful filtering capabilities SurfOffline is a fast and convenient website download software
  • 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: My Offline Browser http://www.newprosoft.com My Offline Browser is a multithreaded website downloader • Download and save entire websites to your hard disk • Change all links in the HTML code to relative local links • Support multithreaded downloading (up to 50 threads) • Automatically re-execute all tasks (Project scheduler) • Support proxy server • Built-in browser • Limit the downloading by URL filter, maximum crawling depth, and maximum file size • Export all the URLs into a text file(ASCII), Excel file Features:
  • 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited My Offline Browser: Screenshot
  • 49. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Recovering Information from Web Pages In IE, go to View -> Source In Firefox, go to View -> Page Source
  • 50. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: WayBack Machine http://www.archive.org/ Wayback Machine is a web-based utility to browse through 85 billion web pages archived from 1996 to a few months ago • Go to www.archive.org • Type in the web address of a site or page • Press enter or click on Take Me Back • Click on the desired date from the archived dates available • Resulting pages point to other archived pages to nearest date as possible To view the history of a website:
  • 51. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Trace the Email Trace the email address to determine the source of email Tools and utilities: • Samspade, http://www.samspade.org/ • Visualroute, http://visualroute.visualware.com/ • www.centralops.net • https://www.abika.com/forms/Verifyemailaddress.asp
  • 52. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited https://www.abika.com/forms/ Verifyemailaddress.asp
  • 53. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HTTP Headers • Entity • Meta information about an entity body or resource. • General • Applicable for use in both request and in response to messages • Request • Sent by a browser or other client to a server • Response • Sent by a server in response to a request Types of Headers: • Accept • Specifies which Internet media types are acceptable for the response and assigns preferences to them • Accept-Charset [Request] • Specifies which character encodings are acceptable for the response and assigns preferences to them • Accept-Encoding [Request] • Specifies which data format tranformations, confusingly called content (en)codings • Accept-Ranges [Response] • Indicates the server's acceptance of range requests for a resource Headers include the following information:
  • 54. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited HTTP Headers (cont’d) • Gives the sender's estimate of the amount of time since the response (or its revalidation) was generated at the origin of the serverAge [Response] • Lists the set of methods supported by the resource identified by the Request-URIAllow [Entity] • Consists of credentials containing the authentication information of the client for the realm of the resource being requestedAuthorization [Request] • Specifies directives that must be obeyed by all caching mechanisms along the request/response chainCache-Control [General] • Specifies options that are desired for the particular connection and must not be communicated by proxies over further connectionsConnection [General] • Used as a modifier to the media-typeContent-Encoding [Entity] • Specifies the natural language(s) of the intended audience for the enclosed entityContent-Language [Entity] • Indicates the size of the entity-body that is sent or that would have been sent if it had been requestedContent-Length [Entity]
  • 55. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Email Headers Forging 1. Open a command prompt by clicking Start-> Run -> type cmd. 2. Find out the name of your ISP's mail server from email client settings (mail.isp.com or smtp.isp.com ) 3. Type SMTP commands after the mail server responds 4. Continue with the address you want the mail to come FROM 5. For example, to forge mail from XYZ , type 'MAIL FROM: XYZ@abc.com' 6. Type 'RCPT TO: yourenemy@isp.com after 'Sender Ok’ message 7. Type 'DATA' and press enter after 'Recipient Ok’ message 8. On the first line type 'Subject: yoursubject' and press enter twice, that will be the subject 9. Type message and press enter 10. The server should say 'Message accepted for delivery' 11. You are done
  • 56. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Viewing Header Information Header information reveals original source of a email View and trace mail header to find the real source address of threatening or malicious mails which are generally spoofed
  • 57. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tracing Back Spam Mails • Use tracing tools such as eMailTrackerPro to trace the email header Examine header information: Source: http://www.emailtrackerpro.com
  • 58. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tracing Back Spam Mails (cont’d)
  • 59. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited VisualRoute http://www.visualroute.com/ VisualRoute analyzes Internet connections to quickly locate where an outage or slowdown occurs It identifies the geographical location of IP addresses and web servers on a global map It helps to identify network intruders and Internet abusers VisualRoute's traceroute provides three types of data: • An overall analysis • Data table • A geographical view of the routing
  • 60. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited NeoTrace (Now McAfee Visual Trace) NeoTrace shows the traceroute output visually – map view, node view and IP view
  • 61. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited NetScanTools Pro http://www.netscantools.com/ NetScanTools Pro is an advanced Internet information gathering program for Windows 2003/XP/2000 It can be used to research for IP addresses, hostnames, domain names, email addresses, or URLs automatically or with manual tools • Requires lesser time to gather information about Internet or local LAN users, network devices, IP addresses, ports, and many other network specifics • Removes guesswork from an Internet investigation by automating research requiring multiple network tools • Produces clear, concise results reports in the format that you prefer - web page or a file easily imported by a spreadsheet • Enhances many standard network tools Benefits:
  • 62. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited NetScanTools Pro: Screenshot
  • 63. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Generation Name of the investigator List of router evidence Documents of the evidence and other supporting items List of tools used for investigation List of devices and setup used in the examination Brief description of the examination steps Details about the findings: • Information about the files • Internet related evidence • Data and image analysis Conclusion of the investigation
  • 64. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Internet crimes are crimes committed over the Internet or by using the Internet Internet Forensics is the application of scientific and legally sound methods for the investigation of Internet crimes URL redirection is a technique where many URLs point to a single web page Attackers use embedded JavaScript to cover tracks Cookies are used for authenticating, tracking, and maintaining specific information about users DNS lookup is a process which converts a unique IP address into a domain name and is frequently used by the webmasters to research listings contained in the server log files
  • 65. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 66. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

×