Week 4 Assignment:

Anonymous
timer Asked: Jun 25th, 2018
account_balance_wallet $15

Question description

  • After downloading Assignment 4, open it and enter your answers directly in the document
  • Assignments are due by 11:55 p.m. Eastern Time on Sunday
  • See the Evaluation Procedures section for additional information on assignments
  • Fill in your name in the attached document, put your full response below each question, save the file using file naming following file naming convention“ISSC457_Week4_Assignment_LastName_FirstName.doc” where LastName is your last name and FirstName is your first name, then return this document for grading.
    Assignment Rubric ( 100 Points)
    Synthesis of Concepts
    Writing Standards - APA format
    Timeliness

Tracking E-Mails and Investigating E-Mail Crime After completing this chapter, you should be able to: ● Understand e-mail systems ● Understand e-mail clients ● Understand e-mail servers ● Understand e-mail crime ● ● Understand spamming ● Understand identity theft and chain e-mails ● Enumerate common e-mail headers ● Understand Microsoft Outlook ● Understand U.S. laws against e-mail crime Investigate e-mail crimes and violations Trace an e-mail message ● Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 173 174 Chapter 7 What If? Sunand was chief financial officer at a new biogenetics firm that he had formed with his best friend, when he received an email reminder from his dentist reminding him of an upcoming appointment he did not remember making, and asking him to confirm the appointment. When he checked on the cancel button, nothing happened, but very soon after, his computer began acting strangely. Within days a major competitor of his company begin advertising a major breakthrough in gene therapy, that was almost exactly what his company had devel- oped. He immediately called for a professional computer forensic investigator, to come and examine both his computer and their secure network. The investigator discovered that he had been the victim of a Spear-Phishing attack, targeted specifically at him, to get access to their network data. ● What is phishing, and what are some of the signs that an email is actually a phishing attack? ● What should Sunand have done to protect his network? Introduction to Tracking E-Mails and Investigating E-Mail Crime The focus of this chapter is on how to investigate e-mail crimes and what countermeasures a user can take to prevent them. The chapter covers the different parts of an e-mail system before diving into a discussion of the different kinds of e-mail crimes. The chapter also dis- cusses the U.S. laws concerning e-mail crime. E-Mail Systems E-mail is a term derived from the phrase electronic mail. Users can send and receive messages over an electronic communication system, such as the Internet. An e-mail system consists of both the servers that send and receive e-mails on the network and the e-mail clients that allow users to view and compose messages. An e-mail system works in the following way: 1. A user—let’s call her Jane—composes a message using her mail user agent (MUA) and writes the e-mail address of her correspondent—Peter, in this example—and hits the Send button. 2. Jane’s MUA formats the message in the Internet e-mail format and uses SMTP to send the message to the local mail transfer agent (MTA). 3. The MTA looks at the destination address provided in SMTP. 4. Domain Name System to find the mail The MTA looks for this domain name in the exchange servers accepting messages for Peter’s domain. 5. The DNS server responds with a mail exchange record for Peter’s domain. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Tracking E-Mails and Investigating E-Mail Crime exchange server of Peter’s domain. 175 6. Jane’s SMTP server sends the message to the mail 7. Peter presses the Get Mail button in his MUA, which picks up the message using the Post Office Protocol (POP3). Peter then reads the message in his MUA. E-Mail Client An e-mail client, also known as a mail user agent (MUA), is a computer program for reading and sending e-mail. There are a number of stand-alone e-mail clients, including the following: ● Microsoft Outlook ● Windows 10 Mail App ● Eudora ● Pegasus ● Mozilla Firefox There are also a number of Web-based e-mail clients, including the following: ● Hotmail ● Yahoo! ● Gmail E-mail clients perform the following common functions: ● They display all the messages in a user’s inbox. The message header typically shows the date, time, subject of the mail, who sent the mail, and the mail’s size. ● A user can select a message and read the data in the message. ● A user can create e-mails and send them to others. ● A user can add a file attachment to a message and can also save any attachments received in other messages. E-Mail Server An e-mail server connects to and serves several e-mail clients. An e-mail server works in the following way: ● An e-mail server has a number of e-mail accounts; each person typically has one account. ● The server contains a text file for each account. This text file contains all the messages for that account. ● When a user presses the Send button in his or her e-mail client, the client connects to the e-mail server and passes the message and its accompanying information (including the sender and receiver) to the server. ● The server formats that information and attaches it to the bottom of the receiving user’s file. The server also saves the time, date of receipt, and subject line into the file. ● If the receiving user wants to see the message in an e-mail client, then he or she has to send a request to the server via the e-mail client. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 7 176 Chapter 7 SMTP Server Simple Mail Transfer Protocol (SMTP) is an Internet protocol for trans- mitting e-mail over IP networks. An SMTP server listens on port 25 and handles all outgo- ing e-mail. When a user sends an e-mail, the SMTP server from that user’s host interacts with the receiving host’s SMTP server. Consider an example where a user has an account with myicc.com, and he or she wants to send a mail to john@mybird.com through a client such as Outlook Express. The procedure works as follows: ● When the user clicks on the Send button, Outlook Express connects to the server of myicc.com at port 25. ● This client tells the SMTP server about the sender’s address, recipient’s address, and body of the message. ● The SMTP server breaks the recipient’s address into the following parts: ‫ﰀ‬ The recipient’s name (john) ‫ﰀ‬ about The domain name (mybird.com) ● This SMTP server contacts the DNS (Domain Name Service) server and asks the IP address of the SMTP server for mybird.com. ● The SMTP server from myicc.com connects to the SMTP server for mybird.com using port 25 and sends the message to it. The SMTP server at mybird.com gets the message and transfers it to the POP3 server. POP3 Servers Post Office Protocol version 3 (POP3) is an Internet protocol used to retrieve e-mail from a mail server. A POP3 server handles incoming mails. The server con- tains one text file for each e-mail account. The POP3 server acts as an intermediary between the e-mail client and this text file. When a message comes in, the POP3 server attaches that message to the bottom of the recipient’s file. POP3 servers require usernames and pass- words. An e-mail client connects with a POP3 server via port 110. The server opens the text file and permits the user to access it. It then deletes the messages from the server. A POP3 server can understand simple commands such as the following: ● USER: accept a user ID ● PASS: accept a password ● QUIT: quit the POP3 server ● messages and their sizes ● RETR: retrieve a message ● DELE: delete a message LIST: list the IMAP Servers Internet Message Access Protocol (IMAP) is an Internet protocol designed for accessing e-mail on a mail server. IMAP servers are similar to POP3 servers. Like POP3, IMAP handles incoming mails. An e-mail client connects to an IMAP server via port 143. Unlike POP3, this protocol keeps e-mails on the server after a user has downloaded them. A user can also arrange e-mails into folders and store the folders on the server. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Tracking E-Mails and Investigating E-Mail Crime 177 Importance of Electronic Records Management Electronic records management is the field of management responsible for the effi- cient and systematic control of the creation, receipt, maintenance, use, and disposition of electronic records, including the processes for capturing and maintaining evidence of and information for legal, fiscal, administrative, and other business purposes. The importance of electronic records management is as follows: ●●● It helps in the investigation and prosecution of e-mail crimes. It acts as a deterrent for abusive and indecent materials in e-mail messages. It helps in nonrepudiation of electronic communication so that someone cannot deny being the source of a particular communication. 7 E-Mail Crime E-mail crime is a serious offense. Over the past few years, e-mail has become the most pre- ferred method of communication because of its ease of use and speed. But these advantages have made e-mail a powerful tool for criminals. E-mail crimes and violations are identified by the cyber laws created by the government of the place from where the e-mail originates. For example, spamming is a crime in Washington State, but not in other states. E-mail crime can be categorized in two ways: crimes committed by sending e-mails and crimes supported by e-mails. The following are examples of crimes committed by sending e-mails: ● ● Fake e-mails ● Mail bombing ● Mail storms The following are examples of crimes supported by e-mail: ● Selling narcotics ● Stalking ● Fraud ● Child pornography Spamming ● Child abduction Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 178 Chapter 7 Spamming Unsolicited commercial e-mail (UCE), or junk e-mail, can be defined as spam. Spam mail involves sending the same content to a large number of addresses at the same time. Spam- mers often obtain these addresses from Usenet postings, DNS listings, and Web pages. Spam mail fills mailboxes and often prevents users from accessing their regular e-mails. These regu- lar e-mails start bouncing because the user exceeds his or her mail server quota. Spammers hide their identities by forging e-mail headers. To avoid getting annoyed responses, spammers provide misleading information in the “From” and “Reply-To” fields. Handling Spam When a user receives spam, he or she can send a short notice to the domain administrator of the sender’s ISP to take immediate action and stop the nuisance. The user can also send a copy of the spam to the ISP. If the spamming persists, the user can report it to the Federal Trade Commission (FTC). The user can send a copy of the spam message to spam@uce.gov. The FTC refers the spam mails stored in its database to law enforcement to pursue action against spammers. The FTC’s online complaint form is available at www.ftc.gov. Any complaint should include the e-mail header. The header information is important for consumer protection agencies to follow up on spam complaints. Network Abuse Clearinghouse at Abuse.Net The Network Abuse Clearinghouse is a mail-forwarding service that forwards abuse complaints to the system administrator for action. It is not a blacklist or spam analysis service. A domain name listed in abuse.net does not mean that the domain is involved in abusive activity. The Network Abuse Clearinghouse contact database has contact addresses for more than 200,000 domains. Responsible providers and domain managers submitted the domain con- tacts voluntarily, and abuse.net forwards messages to the listed addresses. A user can utilize e-mail forwarding only if he or she has registered with the service. To reg- ister, a user sends a mail to new@abuse.net and accepts the terms and conditions. After regis- tration, mail can be sent to domain-name@abuse.net, where domain-name is the name of the source responsible for the abuse. The Network Abuse Clearinghouse automatically e-mails the message back to the best reporting addresses for that domain, and proper action can then be taken against the abusive domain. Tool: SPAM Punisher This antispam tool makes the search for a spammer’s ISP address easy. It automatically detects forged addresses. SPAM Punisher supports various e-mail client programs such as Microsoft Outlook, AOL, Hotmail, and Eudora. SPAM Pun- isher generates and sends complaints to the ISP regarding spamming. Tool: Spam Arrest Spam Arrest protects accounts against spam. It uses challenge/ response antispam technology. It allows a user to access his or her e-mail from any Web browser, without having to install any additional software. Spam Arrest works with a user’s existing e-mail address, including AOL, Hotmail, and Yahoo! A user can also use Spam Arrest with Eudora, Thunderbird, and other stand-alone e-mail clients. The following are some of the features of Spam Arrest: ● Supports POP3/IMAP Copyright 20S1u7 pCepnogargtesLSeaMrninTgP. Alwl RigthtsaRuesteorvaeud.tMhaoyrnioztabteicoonpied, scanned, or duplicated, in whole or in part. WCN 02-200-202 ● Tracking E-Mails and Investigating E-Mail Crime ● Provides 1 GB of e-mail storage ● based on 179 Provides multiple whitelist options, including authorizing incoming messages sender e-mail, sender domain, recipient e-mail, mailing list e-mail, and more ● Allows a user to create an unlimited number of disposable addresses to help control and categorize e-mail ● Provides antivirus protection ● Provides antiphishing protection ● Allows a user to forward his or her Spam Arrest inbox to another e-mail account or wireless device ● Provides e-mail delivery confirmation Mail Bombing Mail bombing is the intentional act of sending multiple copies of identical content to the same recipient. The primary objective behind mail bombing is to overload the e-mail server and degrade the communication system by making it unserviceable. Usually, a mail bomber and the victim are known to each other in some way. Mail bombers also attack users whose newsgroup and forum postings do not agree with the mail bomber’s opinions. The target for a mail bomber can be either a specific machine or a particular person. Mail bombing is more abusive than spamming because it not only sends mails in excessive amounts to a particular person, but it also prevents other users using the same server from accessing their e-mails. Mail Storm A mail storm occurs when computers start communicating without human intervention. The flurry of junk mail, often sent by accident, is a mail storm. Usage of mailing lists, autofor- warding e-mails, automated response, and the presence of more than one e-mail address are the various causes for a mail storm. Malicious software code, such as the “Melissa, I- Love-u” message, is also written to create mail storms. Mail storms hinder communication systems and also make them inoperable. 7 Crime via Chat Rooms A chat room is a Web site or part of a Web site where a number of users, often with common interests, can communicate in real time. Online instant messaging and chat rooms have benefited children, but they are also potential sources of sexual abuse. Pedophiles use chat rooms to sexually abuse children by establishing online relationships with them. After establishing a steady relationship, they introduce children to pornography by providing images and videos that have sexually explicit material. Pedophiles exploit children for cybersex, which may lead to physical abuse. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 180 Chapter 7 Identity Theft Identity theft is the willful act of stealing someone’s identity for monetary benefits. Criminals obtain personal information about a person and misuse it, causing heavy financial loss to the victim. False shopping sites and spam mails that contain irresistible offers are common means used to obtain a victim’s credit card numbers. Criminals not only withdraw huge amounts from the victim’s bank accounts but can also make the victim bankrupt. Chain E-Mails A chain e-mail is a message that is sent successively to several e-mail users. It directs the recipients to circulate multiple copies of the e-mail, often promising rewards for this com- pliance, such as a blessing or good luck. A chain e-mail can be in the form of sympathy or threats. Phishing Phishing has emerged as an effective method to steal the personal and confidential data of users. It is an Internet scam that tricks users into divulging their personal and confidential information by making false statements and enticing offers. Phishers can attack users through mass mailings to millions of e-mail addresses around the world. A successful phishing attack deceives and convinces users with fake technical content and social engineering practices. The major task for phishers is to make the victims believe in the phishing sites. Most phishing attacks are initiated through e-mails, where the user gets an e-mail that prompts him or her to follow a link given in the e-mail. This link leads to a phish- ing Web site, though the e-mail says otherwise. The e-mail may contain a message stating that a particular transaction has taken place on the user’s account, and a link is provided to check his or her balance. Or the e-mail may contain a link to perform a security check on the user’s account. E-Mail Spoofing E-mail spoofing is the process of altering e-mail headers so that an e-mail appears to be from someone or somewhere other than the original source. Spammers and phishers use this tech- nique to conceal the origin of their e-mail messages. The following are the e-mail header fields that are most often changed during e-mail spoofing: ●●● From Return-Path Reply-To Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Tracking E-Mails and Investigating E-Mail Crime 181 Investigating E-Mail Crimes and Violations The steps involved in investigating e-mail crimes and violations are as follows: 1. Examine an e-mail message. 2. headers. 5. Copy the e-mail message. 3. Print the e-mail message. 4. View the e-mail Examine any attachments. 6. Trace the e-mail. Obtaining a Search Warrant and Seizing the Computer and E-Mail Account A search warrant application should include the proper language to perform on-site examina- tion of the suspect’s computer and the e-mail server used to send the e-mails under investiga- tion. The investigator should seize all computers and e-mail accounts suspected to be involved in the crime. Investigators can seize e-mail accounts by just changing the existing password of the email account either by asking the suspect his or her password or from the mail server. Examining E-Mail Messages After it is established that an e-mail crime has been committed, investigators require evidence to prove the crime. To obtain evidence, investigators need access to the victim’s computer so they can examine the e-mail that the victim received. As with all forensic investigations, anal- ysis should not be done on the original data. The investigator should image the victim’s com- puter first. Then, the investigator should physically access the victim’s computer and use the same e-mail program the victim used to read the e-mail. If required, the investigator can get the username and password from the victim and log on to the e-mail server. If physical access to a victim’s computer is not feasible, the investigator should instruct the victim to open and print a copy of an offending message, including the header. The header of the e-mail message has a key role to play in e-mail tracing because it contains the unique IP address of the server that sent the message. Copying an E-Mail Message An e-mail investigation can be started as soon as the offending e-mail message is copied and printed. Any e-mail client will allow an investigator to copy e-mail messages from the inbox folder to a flash drive. The following are the steps to copy an e-mail message using Microsoft Outlook or Outlook Express: 1. Insert a formatted flash drive. 2. Navigate to My Computer or Windows Explorer to view the flash drive. 3. Start Microsoft Outlook or Outlook Express. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 7 182 Chapter 7 4. Click the folder that contains the offending message, keeping the Folders list open. 5. Resize the Outlook window to see both the message to be copied and the flash drive contents. 6. Drag the message from the Outlook window to the flash drive. E-mail programs, such as Pine, that run from the command line have a command to copy an e-mail message. Printing an E-Mail Message The next step after copying the e-mail message is to print it. The following steps provide guidelines for printing an e-mail message in Outlook Express: 1. Go to My Computer or Windows Explorer and get the copy of the e-mail message received by the victim. 2. Open the message in the e-mail program. 3. Go to the File menu and click Print. 4. After selecting the settings for printing in the dialog box, click the Print button. For command line e-mail clients, an investigator can open the e-mail message and select the print option. Obtaining a Bit-by-Bit Image of E-Mail Information Investigators should make a bit-by-bit image of all the folders, settings, and configuration for the e-mail account for further investigation. They should then use MD5 hashing on the image to maintain integrity of the evidence. Viewing and Copying E-Mail Headers in Microsoft Outlook The procedure to view and copy headers in Microsoft Outlook is as follows: 1. Launch Outlook and open the copied e-mail message. 2. All. 4. Right-click on the message and click on Options. 3. Copy the header text and paste it into any text editor. 5. Right-click in the Internet Headers box and choose Select Save the text file. Viewing and Copying E-Mail Headers in AOL The procedure to view and copy headers in AOL is as follows: 1. 3. Click the DETAILS link. 4. Select the header text and copy it. 5. Launch the program. 2. Open the received message. Paste the text into any text editor and save the file. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Tracking E-Mails and Investigating E-Mail Crime 183 Viewing and Copying E-Mail Headers in Hotmail The procedure to view and copy headers in Hotmail is as follows: 1. Logon to Hotmail. 2. message. 3. Click View message source. 4. Select the header text and copy it. 5. Right-click on the received Paste the text into any text editor and save the file. Viewing and Copying E-Mail Headers in Gmail The procedure to view and copy headers in Gmail is as follows: 1. the More option. 4. file. Click on Show original. 5. Logon to Gmail. 2. Open the received mail. 3. Select the header text and copy it. 6. Click on Paste the text into any text editor and save the Viewing and Copying E-Mail Headers in Yahoo! Mail The procedure to view and copy headers in Yahoo! Mail is as follows: 1. mail. 3. Click on Full Header. 4. Select the header text and copy it. 5. Logon to Yahoo! Mail. 2. Open the received Paste the text into any text editor and save the file. Examining an E-Mail Header An investigator can acquire the IP address of the sender of an e-mail by examining the e-mail header. The e-mail header also provides additional information like the date and time the message was sent and any attachments included with the message. The message header can provide significant information if examined properly. Figure 7-1 shows a sample message header with added line numbers to explain the different parts of the header. This header was generated by qmail, a UNIX mail system. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 7 (EC-Council 173-183) EC-Council. Computer Forensics: Investigating Network Intrusions and Cybercrime (CHFI), 2nd Edition. Cengage Learning, 20160506. VitalBook file.
ISSC457 Week 4 Assignment Name: _________________________ Date: _____________ Fill in your name above, put your full response below each question, save the file using the file naming convention: “ISSC457_Week4_Assignment_LastName_FirstName.doc” where LastName is your last name and FirstName is your first name, then return this document for grading. Upon reading chapter 7 in your book, you should be able to provide information regarding the below question. You are required to answer the question(s) using at least the book. Assignment Rubric ( 100 Points) Synthesis of Concepts Writing Standards - APA format Timeliness 1. What is spam? 2. What is phishing? 60 20 20

Tutor Answer

masterjoe
School: UIUC

Thank you for working with me

ISSC457

Week 4 Assignment

Name: _________________________

1

Date: _____________

Fill in your name above, put your full response below each question, save the file using
the

file

naming

convention:

“ISSC457_Week4_Assignment_LastName_FirstName.doc” where LastName is your
last name and FirstName is your first name, then return this document for grading.

Upon reading chapter 7 in your book, you should be able to provide information
regarding the below question. You are required to answer the question(s) using at least
the book.

Assignment Rubric (100 Points)
Synthesis of Concepts

60

Writing Standards - APA format

20

Timeliness

20

ISSC457

Week 4 Assignment
1.

2

What is spam?

Sending an unsolicited bulk email or unsolicited commercial e-mail to different
email addresses at the same time is known as spam, it is also referred to as junk mail.
Spam email may have a disguising link that seems to be for familiar websites and also the
email message is commercial in nature. Spam email containing address may lead to a
phishing website that is hosting malware (Computer Forensics: Investigating Network
Intrusions and Cybercrime, 2009).
Usenet posting, web pages, and DNS lis...

flag Report DMCA
Review

Anonymous
Goes above and beyond expectations !

Similar Questions
Hot Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors