2. Ojectives
• Phishing
• Internet Protocol (IP) addresses
• Domain Name System (DNS) names
• Analyse “From” addresses
• Analyse URL’s
• Trace the e-mail
3. Phishing
• E-mail utilizing social engineering
• Induces the recipient to reveal desired
personal information
• Bank account
• SSN
• Address
• Etc.
• Sometimes entices the recipient to go to a
malicious web site
4. IP Addressing
• Each interface on a network is assigned a 32-bit IP address
• The address has a prefix and suffix
● Network and host ID
5. Finding Your IP Address
• Examples
– 3.5.1.193
– 140.211.91.175
– 192.168.0.1
• Finding your own address
– Open a Command window
– Type ipconfig/all on Windows
9. Who Owns an IP Address
• Managed by the Internet Assigned Numbers
Authority (IANA)
• Users are assigned IP addresses by Internet
Service Providers (ISPs)
• ISPs obtain allocations of IP addresses from
their appropriate Regional Internet Registry
(RIR)
10. Regional Internet Registries (RIR)
• APNIC (Asia Pacific Network Information Centre)
• AfriNIC (African Network Information Center)
• ARIN (American Registry for Internet Numbers) –
North America
• LACNIC (Regional Latin-American and Caribbean
IP Address Registry) – Latin America and parts of the
Caribbean
• RIPE NCC (Réseaux IP Européens) – Europe, parts
of the Middle East and Asia
14. URL’s
Uniform Resource Locater
• The name of a web site
• http://www.geobytes.com/IpLocator.htm
• First name – Top Level Domain
.com .biz
.edu .net
.gov .org
.mil .etc
15. Family Tree
• http://www.geobytes.com/IpLocator.htm
• Second name is the organization’s name
• Third name www is particular web server of
Geobytes
• After the / is the directory and document to
be displayed
• IpLocator.htm
• Default is index.html
16. Domain Name System
• Associates URL Names to IP addresses
• Examples
– ww.sou.edu = 140.211.107.34
• The Domain Name System (DNS) is a set of
servers that together know all the names
used on the Internet
• More about this later…
20. Email Header Info
• Header info can be faked
– From
– Reply to
– Return-path
– Subject
– Date
• Don't believe it!
21. Long Headers
NOT EASY
• Different for each e-mail client
• Sometimes impossible
• www.aeicomputertech.com/forensics_mail_header_info.php
• http://www.abika.com/Reports/Samples/emailheaderguide.htm
• For campus Groupwise
• Open e-mail
• Click on “Message Source”
22. AOL
1. Open AOL
2. Open the e-mail that you wish to check by
double-clicking it
3. Under the To: line, there should be a “Sent from
the Internet (Details)” line
4. Single left click the word “Details” to open an
Internet Information window
5. This should display the full e-mail header
information
23. Gmail
1. Log into the Gmail account
2. Open the e-mail message in question
3. To the right of the sender’s e-mail message will be a
“show details” hyperlink and to the right of that is a
“Reply” button (I.e., Reply is the default option at least
of 10/15/2007). To the right of the word “Reply” is a
pipe mark (I.e. |) and a down arrow. Single left-click the
down arrow to display a small window of options.
4. Single left-click the word “show option”
5. The e-mail headers, in their entirety, will now be
displayed in a new window
24. Hotmail
1. Log into your Hotmail account single left-click
the “View Source” option.
2. Single, right-click the e-mail you wish to inspect
3. Single, ;eft-click the “View Source” option
4. The e-mail will now be displayed in its native
HTML-based format with the e-mail header
information at the very top.
25. MS Outlook
• Open Microsoft Outlook
• Open the e-mail that you wish to check the mail header information by double-clicking
it
• Looking at the Office 2007 horizontal "ribbon" menu, move your cusor to the "Options"
square
• Underneath the three icons for Categorize, Followup, & Mark as Unread, there is the
word "Options" and to the right of it is a small three-sided square with a diagonal arrow
in it
• Hovering over this miniature icon produces a popup with the wording "Message
Options"
• Single, left-click the miniature icon
• A "Message Options" window will display
• The selected e-mail header information will be at the bottom of the window to the left of
"Internet headers:"
26. Yahoo!
• Login to the Yahoo! e-mail account in question
• Single, left-click the "Options" hyperlink text from the top menu
• Single, left-click the "General Preferences" hyperlink text
• Scroll down to the Messages section of the page and place a dot in the
second radio button option that reads "Show all headers on incoming
messages"
• Scroll down to the bottom of the page and single, left-click the "Save"
button
• Navigate to and open the e-mail message in question
• The full e-mail header information will now be displaye
27. Reading Long Header Info
• Check path by looking at “received” list
• Read it upside down (originator is at the
bottom of the list)
• Uses the passive voice, so can be confusing
42. Summary
• IANA assigns IP addresses
• Regional Registries assign addresses for
regions
• Start with ARIN when researching
– ARIN will tell you where to go for non-
American addresses
• Turn on long headers in email
• Don't fall for silly stuff in the body of the
email