K Kalaiselvi
Dept. of Computer Applications,
Koshy’s Institute of Management Studies, Bangalore.
kalaiselvi76@yahoo.com
What is Network Forensics?
 Captures, records, analysis n/w events
 Discovers sources of security attacks
 Collection &...
Forensic Techniques
 Email Forensics
 Web Forensics
 Packet Sniffers
 IPTraceBack Technique
 Honey Pots and Honey Nets
Email Forensics
Increased network connectivity progressively
increases
 Data theft, Identity theft
 Spam email threat & ...
 emailTrackpro
 SmartWhoIs
Email Forensics – Tools
 Trace email sender
 Studies source & content of email
 Identifies date/time etc., of sender & recipient
 Trace path t...
emailTrackpro
 Analyzes the email header
 Detects the IP address of the system
 Msg header provides audit trail of ever...
Web Forensics
Analyzes
 Duration of each web visit
 Files uploaded/downloaded from visited website
 Reveals the browsin...
Web Forensics - Tools
 Mandiant webHistorian
 Index.dat analyzer
Mandiant Web Historian
 Reviews the website URL
 Reveals what/when/where/how the intruders looked
into the sites
 Can p...
Index.dat Analyser
 Examines & deletes the content of index.dat
 Views browsing history,cookies & cache
 Provides direc...
Packet Sniffers
 s/w that captures , analyze the data exchanges from
different systems in n/w
 Intrusion Detection Syste...
Packet Sniffers – Tools
 Ethereal
 WinPcap and AirPcap
Ethereal
 Captures,filters live packets
 Displays the header information of all the protocols used
in the transmission o...
winPcap and airPcap
 winPcap ----captures intercepted packet at the n/w
interface in windows
 airPcap----captures
 cont...
IPtraceback
Trace back from the victim to the source of
attack
Masquerade attacks thro’ Spoofing
IPtraceback - Tools
Input Debugging : recognizes the signature pattern in
all attacked packets
 Sends to upstream router ...
HoneyPots & HoneyNets
 n/w designed for being compromised
 Observes the activities & behaviour of the intruder
 Allows ...
 Honeywall-captures & monitors data traffic
entering & leaving the honeypot
 Sebek-logging s/w that intercepts the data ...
Conclusion
 Exhaustive survey on tools & techniques to conduct
network forensics are the need of the hour.
 Various fore...
Future work
 Future research involves deploying and analyzing
the effectiveness of commercial tools ,to detect all
kinds ...
THANK YOU
Upcoming SlideShare
Loading in …5
×

A Research on Challenges in Cybercrime and Scope of Criminal Networks in Cyberspace Implementing Cyber Forensic Tools :An Exploratory Study

4,354 views

Published on


Abstract- Network forensics deals with the capture, recording and analysis of network events in order to discover evidential information about the source of security attacks in a court of law. This paper discuss the different tools and techniques available to conduct network forensics. Some of the tools under discussion include: eMailTrackerPro–to identify the physical location of an email sender;WebHistorian–to find the duration of each visit and the files uploaded and downloaded from the visited website;packetsniffers like Ethereal–to capture and analyze the data exchanged among the different computers in the network.

The second half of the paper presents a survey of different IPtraceback techniques like packet marking that help a forensic investigator to identify the true sources of the attacking IP packets. We also discuss the use of Honey pots and Honey nets that gather intelligence about the enemy and the tools and tactics of network intruders.

The growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information.
Self-protection, while essential, is not sufficient to make cyberspace a safe place to conduct business. The rule of law must also be enforced. Countries where legal protections are inadequate will become increasingly less able to compete in the new economy. As cyber crime increasingly breaches national borders, nations perceived as havens run the risk of having their electronic messages blocked by the network .National governments should examine their current statutes to determine whether they are sufficient to combat the kinds of crimes discussed in this report. Where gaps exist, governments should draw on best practices from other countries and work closely with industry to enact enforceable legal protections against these new crimes.
This report analyzes the state of the law in 52 countries. It finds that only ten of these nations have amended their laws to cover more than half of the kinds of crimes that need to be addressed. While many of the others have initiatives underway, it is clear that a great deal of additional work is needed before organizations and individuals can be confident that cyber criminals will think twice before attacking valued systems and information.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,354
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
38
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Link layer---Different MAC address than originalN/w layer---Different src IP address than originalTransport layer---Different TCP/IP Application layer---Different email address
  • A Research on Challenges in Cybercrime and Scope of Criminal Networks in Cyberspace Implementing Cyber Forensic Tools :An Exploratory Study

    1. 1. K Kalaiselvi Dept. of Computer Applications, Koshy’s Institute of Management Studies, Bangalore. kalaiselvi76@yahoo.com
    2. 2. What is Network Forensics?  Captures, records, analysis n/w events  Discovers sources of security attacks  Collection & analysis of data from n/ws, computers, communication streams
    3. 3. Forensic Techniques  Email Forensics  Web Forensics  Packet Sniffers  IPTraceBack Technique  Honey Pots and Honey Nets
    4. 4. Email Forensics Increased network connectivity progressively increases  Data theft, Identity theft  Spam email threat & Network hacking
    5. 5.  emailTrackpro  SmartWhoIs Email Forensics – Tools
    6. 6.  Trace email sender  Studies source & content of email  Identifies date/time etc., of sender & recipient  Trace path traversed by message  Identifies Phishing emails Email Forensics – How it works?
    7. 7. emailTrackpro  Analyzes the email header  Detects the IP address of the system  Msg header provides audit trail of every machine the mail passes through.  Has built-in location –database which tracks the country/regions/area map  Copy & paste the email header in emailtrackpro tool & start.  Generates reports with IP ,domain content information(reg.website address)
    8. 8. Web Forensics Analyzes  Duration of each web visit  Files uploaded/downloaded from visited website  Reveals the browsing history  Cookies setup during visits  In IE ----index.dat  In Firefox,Mozilla, Netscape browsers----history.dat  Explores the browsing history & gathers the critical information of a crime
    9. 9. Web Forensics - Tools  Mandiant webHistorian  Index.dat analyzer
    10. 10. Mandiant Web Historian  Reviews the website URL  Reveals what/when/where/how the intruders looked into the sites  Can parse a specific history  Can recursively search through a given folder or drive  Generates single report for all browsers available
    11. 11. Index.dat Analyser  Examines & deletes the content of index.dat  Views browsing history,cookies & cache  Provides direct visit to the website listed in o/p analyzer  Opens the uploaded/downloaded files from the website
    12. 12. Packet Sniffers  s/w that captures , analyze the data exchanges from different systems in n/w  Intrusion Detection System-collects initial information from packets,collects traffic in /out of n/w  Explores hidden information in the different headers of TCP/IP  N/w engineers ,admin, security professionals monitors n/w
    13. 13. Packet Sniffers – Tools  Ethereal  WinPcap and AirPcap
    14. 14. Ethereal  Captures,filters live packets  Displays the header information of all the protocols used in the transmission of the packet headers  Supports Windows,Linux & Unix  Protocols used –TCP,UDP,Address Resolution Protocol(ARP)
    15. 15. winPcap and airPcap  winPcap ----captures intercepted packet at the n/w interface in windows  airPcap----captures  control frames (ACK,RTS,CTS)  mgmt frames(request/response,Authentication)  data frames follows IEEE 802.11 background wireless LAN interfaces ,currently for windows
    16. 16. IPtraceback Trace back from the victim to the source of attack Masquerade attacks thro’ Spoofing
    17. 17. IPtraceback - Tools Input Debugging : recognizes the signature pattern in all attacked packets  Sends to upstream router till it reaches the source  Filters & blocks the pattern Controlled flooding: change in the rate of packets in the upstream router is tested recursively Packet marking: samples the path one node at a time rather than taking the entire path
    18. 18. HoneyPots & HoneyNets  n/w designed for being compromised  Observes the activities & behaviour of the intruder  Allows detailed analysis of the tools used by intruders  Inbound connection to Honeypot –needs probe  Outbound connection -Hop compromised
    19. 19.  Honeywall-captures & monitors data traffic entering & leaving the honeypot  Sebek-logging s/w that intercepts the data after the attackers’ encryption s/w decrypts it(identifies the signature of the attackers)  Virtual Honeypots- simulated machine ,modelled to behave as required with different IP address.
    20. 20. Conclusion  Exhaustive survey on tools & techniques to conduct network forensics are the need of the hour.  Various forensics techniques were explored which are not efficient for all the attacks in network.  Iptraceback mechanism,Honeypots,Honeynets architecture ,virtual Honey pots were discussed briefly  Detection of malicious attacks, protection of production system by the forensic professional are to be made more effective.  Self protection remains the first line of defense and a model approach is needed.
    21. 21. Future work  Future research involves deploying and analyzing the effectiveness of commercial tools ,to detect all kinds of attacks  Comprehensive forensic analysis for wireless networks  Identifying the tools for the same
    22. 22. THANK YOU

    ×