Week 5 Assignment download Assignment 5, open it and enter your answers directly in the document

Anonymous
timer Asked: Jul 2nd, 2018
account_balance_wallet $15

Question description

Week 5 Assignment Details:

Upon reading chapter 6 in your book, you should be able to provide information regarding the below question. You are required to answer the question using at least the book.


1. What is URL redirection?the chain of custody?
2. Describe the different classes of IP addresses.

Assignment Rubric ( 100 Points)

Synthesis of Concepts

60

Writing Standards - APA format

20

Timeliness

20

Investigating Internet Crime After completing this chapter, you should be able to: ● Understand Internet crimes ● Understand Internet forensics ● Understand DNS record manipulation ● Examine information in cookies ● Switch URL redirection ● Download a single page or an entire Web site ● Understand e-mail header forging ● Understand and read HTTP headers Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 147 148 Chapter 6 What If? A Kelowna, British Columbia, man was arrested after a two-year investigation into an interna- tional Internet fraud case. The Calgary Police Service and Royal Canadian Mounted Police conducted the investigation. The victims were defrauded of millions of dollars through Internet auctions for vintage automobiles. The investigation shows that these Internet frauds were part of a larger scheme where victims were attracted into bidding on Internet auctions for vintage automobiles. The victims sent tens of thousands of dollars through online transfer to bank accounts held in Calgary. But they would either fail to receive the purchased vehicle or receive a vehicle that was not the same as the item purchased. The money that was sent by the victims to the hold- ing company bank accounts was then directed elsewhere. ● How could the victims have prevented losing their money? ● looked for to have saved them What tell-tale signs might the victims have from this loss and embarrassment? Introduction to Investigating Internet Crime This chapter focuses on investigating Internet crimes. It starts by describing the different types of Internet crimes. It then discusses the different forensic methods and tools investigators use when investigating Internet crimes. Internet Crimes Internet crimes are crimes committed over the Internet or by using the Internet. The executor or perpetrator commits criminal acts and carries out wrongful activities on the Web in a vari- ety of ways. The following are some of the different types of Internet crimes: ● Phishing: Phishing is an e-mail fraud method in which the perpetrator sends out official-looking e-mail to the possible victims, pretending to be from their ISP, bank, or retail establishment, to collect personal and financial information. It is also known as “brand spoofing,” which is a trick to steal valuable information such as passwords, credit card numbers, Social Security numbers, and bank account numbers that the authorized organization already has. During this process, users are asked by e-mail to visit a Web site to update their personal information. ● Identity theft: Identity theft is a crime where a person’s identity is stolen. The perpe- trator then uses the victim’s personal data—such as Social Security number, bank accounts, or credit card numbers—to commit fraud. Identity thieves obtain the names, addresses, and birth dates of victims, and may apply for loans in the name of their victims. In other instances, attackers acquire information such as user-names and passwords to login and steal valuable information and e-mails. Multiple methods are used to commit these frauds, such as purse or wallet theft, or posing as fake Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Investigating Internet Crime 149 marketing executives. The Internet is the easiest and most effective way to carry out identity theft. It is simple for criminals to use a person’s credit card information to make purchases because transactions over the Internet occur quickly and without prior personal interaction. It is quite easy for any person to get another’s personal details if a victim is careless. Shoulder surfing is a method by which a thief looks over a person’s shoulder to see the person’s password or PIN. Identity thieves also use phishing to acquire personal information. ● Credit card fraud: In credit card fraud, attackers illegally use another’s credit card for purchasing goods and other services over the Internet. Attackers can steal personal details using different techniques such as phishing, eavesdropping on a user’s transac- tions over the Internet, or using social engineering techniques. In social engineering, an attacker extracts personal details from a user through social interactions. ● Illegal downloading: Illegal downloading is an offense under the cyber laws. Down- loading from an authorized Web site is acceptable; however, an unauthorized orga- nization or individual cannot sell any product that is copyright protected. Illegal downloading affects the sales of that product. This type of crime is rampant because of the availability of tools for cracking software. Different types of services are pro- vided for customer satisfaction but are misused. There are many issues that lead to illegal downloading. These include: ‫ﰀ‬ Getting products at low cost or for free ‫ﰀ‬ No personal information required ‫ﰀ‬ Readily available throughout the world The following are the types of items downloaded illegally most often: ‫ ﰀ‬Music ‫ ﰀ‬Movies ‫ ﰀ‬Software ‫ﰀ‬ Confidential or defense information ● Corporate espionage: Espionage means collecting information about an enemy or a competitor through spies. Corporate espionage is all about collecting information such as client lists to perpetrate frauds and scams in order to affect a rival financially. For this reason, companies focus specifically on such crimes and take special care to prevent such situations. Experts have sketched out a two-pronged strategy for over- coming this situation as follows: ‫ﰀ‬ Knowledge of employees: Conducting background checks on new employees and keeping a check on employees who have been assigned sensitive projects is crucial. ‫ﰀ‬ Access control: Information about the business that is critical or important should not be stored on a computer that is connected to a network. Data that is highly critical should be encrypted. ● Child pornography: Child pornography is any work that focuses on children in a sexual manner. The global community has realized that children are at risk and can suffer from negative effects because of pornographic exploitation. Rapidly expanding computer technology has given access to the production and distribution of child pornography. Not only girls and boys but also infants are becoming victims of such Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 6 150 Chapter 6 offensive activity. Pornographers make use of poor children, disabled minors, and sometimes neighborhood children for sexual exploitation. Children who are sexually exploited through pornography suffer from mental depression, emotional withdrawal, mood swings, fear, and anxiety. ● Luring children via chat rooms: Kidnappers often use chat rooms to turn children into victims. A kidnapper tries to build a relationship with children by showing them car- toons, interesting art clips, and offering them sweets. This is known as grooming. With many people of different ages, including children and youth, having access to the Internet, children are easily trapped and kidnapped because of their innocence and trust. ● Scams: The Internet is globally uniform and serves as the best-known market to pro- mote businesses and services for customers around the world. Yet it is difficult to track and differentiate between legal and fake sellers on the Internet. Fake sellers cheat people by using various options available on the Internet, such as e-mail, chat rooms, and e-commerce sites. ● Cyber terrorism: Cyber terrorism is committed using computer and electronic attacks. Cyber terrorists can sit on one system and carry out attacks on computers worldwide. ● Creation and distribution of viruses and spam: A virus is a program that spreads from machine to machine, usually causing damage to each system. These are some forms of viruses: ‫ﰀ‬ A polymorphic virus is one that produces varied but operational copies of itself. ‫ﰀ‬ while active, hides the modifications it has made to files A stealth virus is one that, or boot records. ‫ﰀ‬ A fast infector infects programs not just when they are run, but also when they are simply accessed. ‫ﰀ‬ A slow infector will only infect files when they are created or modified. The following are some of the reasons individuals create viruses: ‫ﰀ‬ It is a way of attracting attention. ‫ﰀ‬ Virus writers gain a sense of fulfillment from creating something that impacts a vast number of people. ‫ﰀ‬ of It is motivated by financial gain. ‫ﰀ‬ Virus writers may get excited about every bit of junk e-mail they get as a result their virus. The following are some of the forms in which a virus can be distributed: ‫ﰀ‬ Removable disks: This includes floppy disks, CD-ROMs, and USB drives. ‫ﰀ‬ Crack sites: These are sites that provide information on how to crack different applications and software. ‫ﰀ‬ Unsecured sites: These are Web sites that do not use the HTTPS protocol. ‫ﰀ‬ common way of spreading a virus. This is a Flash Flash greetings: This is the most animation or video that hides a virus. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Investigating Internet Crime 151 ‫ﰀ‬ E-mail attachments: Users should not open attachments from unknown persons or Web sites. ‫ﰀ‬ Downloading: Users should check Web sites to make sure they are legitimate before downloading. Internet Forensics Internet forensics is the application of scientific and legally sound methods for the investiga- tion of Internet crimes, whose focus ranges from an individual system to the Internet at large. The computer forensics expert works on a different level than the person he or she is investi- gating. Internet forensics experts use different tools and engage in the same set of activities as the person he or she is investigating. Internet forensics experts use a combination of advanced computing techniques and human intuition to uncover clues about people and computers involved in Internet crime. In Internet forensics, it is usually the case that forensics experts go through the same level of education and training as the hacker, but the difference is one of morals, not skill. Computer forensics deals with physical things, while Internet forensics deals with ephemeral factors. Something that is ephemeral is transient or short-lived in nature, as in network evidence, or ephemeral ports (ports above the well-known ports [0–1023] that are temporarily assigned for application communication). Why Internet Forensics? The large-scale and unregulated nature of the Internet provides a breeding ground for all kinds of scams and schemes. The purpose of Internet forensics is to uncover the origins of the spammers, con artists, and identity thieves that plague the Internet. Internet forensics techniques aid in unearthing the information that lies hidden in every e-mail message, Web page, and Web server on the Internet. Internet forensic procedures are necessary because underlying Internet protocols were not designed to address the problems that complicate the process of identifying real sources of Internet crime. It is difficult to verify the source of a message or the operator of a Web site. Electronic evidence is fragile in nature and requires expert handling. Goals of Investigation The following are the goals of Internet forensic investigations: ● To ensure that all applicable logs and evidence are preserved ● system ● To discover why the intruder has chosen the target machine ● possible ● ● To understand how the intruder is entering the To gather as much evidence of the intrusion as To obtain information that may narrow the list of suspects ● To document the damage caused by the intruder To gather enough information to decide if law enforcement should be involved Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 6 152 Chapter 6 Steps for Investigating Internet Crime The following are the steps involved in investigating Internet crime: 1. Obtain a search warrant and seize the victim’s equipment. 2. Interview the victim. 3. Prepare bit-stream copies. 4. Identify the victim’s configuration. 5. Acquire the evidence. 6. Examine and analyze the evidence. 7. Generate a report. Obtain a Search Warrant The search warrant application should describe clearly that the investigators are to perform an on-site examination of the computer and network devices. The warrant needs to permit the seizure of all devices suspected to have been used in the crime, including the following: ● Victim’s equipment ● Router ● Webcam ● ● Other network device Investigators should perform forensic examinations on all equipment permitted in the search Switch warrant. Interview the Victim Investigators need to interview the victim about the incident. While interviewing the victim, the investigator should ask the following questions: ● What incident occurred? ● How did the intruder get into the network? ● What are the major losses from this incident? What was the purpose of the attack? ● Prepare Bit-Stream Copies Investigators need to prepare bit-stream copies of all storage devices attached to the affected computer, using a tool such as SafeBack. Investigators should never directly work on original copies of evidence. Check the Logs Investigators need to remember to do the following when checking logs: ● Check the off-site or remote logs. ● Check the system, e-mail and Web server, and firewall log files. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Investigating Internet Crime 153 ● Check log files of chat sessions if the attacker monitored or had conversations with the victim through IRC services. Identify the Source of the Attack Investigators need to trace the source of the attack. The following are some of the possible initial sources: ● Web site ● E-mail address IP Addresses IPv4 Each computer on the Internet has a unique IP address. Information is transmitted using the TCP/IP protocol suite. An IP address is a 32-bit integer value that is divided into four 8-bit integers separated by periods, as depicted in Figure 6-1. Each number is in the range from 0 to 255; these numbers can be used in different ways to identify the particular network and particular host on that network. An example of an IP address is 172.30.201.8. The Internet Assigned Numbers Authority (IANA) allocates blocks of addresses to Regional Internet Registries (RIRs). The following are the five RIRs in the world: ● ARIN (American Registry for Internet Numbers) ● APNIC (Asia Pacific Network Information Centre) ● RIPE NCC (Réseaux IP Européens Network Coordination Centre) ● LACNIC (Latin American and Caribbean Internet Addresses Registry) ● AfriNIC (African Network Information Center) Each of these RIRs doles out subblocks of IP addresses to the national registries and Internet service providers (ISPs). They assign smaller blocks of addresses to smaller ISPs and single IP addresses to personal computers. The following are the four different classes of IP addresses: 1. Class A: This class is for large networks with many devices. It supports 16 million computers on each of 126 networks. The class A address range is from 1.0.0.0 to 126.255.255.255. 32 bits Network Host 8 bits Network Network Host Host 8 bits 0–255 0–255 8 bits 0–255 8 bits 0–255 Figure 6-1 An IP address is made up of four 8-bit integers. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 6 154 Chapter 6 2. Class B: This is for medium-sized networks. It supports 65,000 computers on each of 16,000 networks. The class B address range is from 128.0.0.0 to 191.255.255.255. 3. Class C: This class is for small networks (fewer than 256 devices) on each of 2 million networks. The class C address range is from 192.0.0.0 to 223.255.255.255. 4. Class D: These addresses are the multicast addresses. Class D ranges from 224.0.0.0 to 239.255.255.255. IPv6 IPv6 (Internet Protocol version 6) is the latest level of the Internet Protocol and is now included as part of the IP support in many products, including most major computer operating systems. Formally, IPv6 is a set of specifications from the Internet Engineering Task Force (IETF). It was designed as an evolutionary set of improvements to IP version 4. Network hosts and intermediate nodes with either IPv4 or IPv6 can handle packets formatted for either level of the Internet Protocol. Users and service providers can update to IPv6 independently without coordinating with each other. Expandable Address Space With a 128-bit address space, IPv6 provides expandable address space, solving the address depletion problem in IPv4. The purpose of the large address space was to permit many levels of address allocation within an organization, from Internet to individual subnets. Despite the fact that only a relatively small number of addresses are presently allocated for host utilization, a bigger address space is available for future use. Mandatory IP Security IPSec is mandatory in the IPv6 implementation. IPv4 also supports IPSec, but it is optional. Internet Protocol Security (IPSec) is a framework of open standards developed by the IETF. It provides secure transmission of sensitive data over an unprotected medium like the Internet. From the network layer, IPSec protects and authenti- cates IP packets. The following factors provide IPv6 with the potential for information technology growth: 1. Address space (large and diverse): This provides more addresses to the numerous new devices—such as mobile phones, personal digital assistants (PDAs), new Internet appli- ances, and personal computers— and to the numerous users of heavily populated coun- tries like India, China, and Indonesia. 2. Autoconfiguration ability (plug-and-play): Self-configuring nodes for local links, autoconfiguration for site links, cost-saving route advertisement, and centralized management. 3. Mobility: Improves mobility model in the wireless networking world. 4. End-to-end security: Provides end-to-end security with basic support for payload encryp- tion and authentication, which offers a high comfort factor for all Internet networking environments. 5. Extension headers (offer enormous potential): Because options are now placed in sepa- rate headers— namely, extension headers—the problem of routers having to look at the number of options is solved. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Investigating Internet Crime 155 IPv6 Header The IPv6 header is simpler and more streamlined, compared to the IPv4 header. In this header, some unnecessary fields are removed, providing enhanced support to real-time traffic. IPv6 headers contain the following fields: 1. Version: The version of IP is indicated with 4 bits. 2. Traffic class: This 8-bit field is similar to the type-of-service field of the IPv4 header. 3. Flow label: This 20-bit field is set to zero for handling default routing. This field is used for non-default quality-of-service connections. 4. Payload length: This field is 16 bits and includes extension headers and upper-layer PDU indicating the length of the IPv6 payload, which is approximately 65,535 bytes long. If the IPv6 payload is longer than 65,535 bytes, then this field is set to zero. 5. Next header: This field is 8 bits and indicates either an upper-layer protocol like TCP or UDP, or the extension header. 6. Hop limit: This field is 8 bits and indicates the highest number of links over which the IPv6 packet can travel before being discarded. 7. Source IP address: This field is 128 bits and stores IPv6’s originating host address. 8. Destination IP address: This field is 128 bits and stores IPv6’s destination host address. This field is set to the final destination address in most cases. IPv6’s header format is illustrated in Figure 6-2. 32 bits IPv6 Header Figure 6-2 IPv6 header format. 40 bytes Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source IP Address Destination IP Address Features of IPv6 In IPv6, there are 128-bit expanded addressing and routing capabilities, which provide 2,218 addresses for solving the problem of address depletion. With the use of a scope field, scalability of multicast routing is possible. The simplified header format provides greater flexibility by reducing the protocol overhead of IPv6. With IPv6 extension headers, the IPv4 40-byte limit on options is removed. Security in IPv6 is the key feature and enables authentication and encryption through inte- grated security support. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 6 156 Chapter 6 IPv6 supports authentication and privacy, which is mandatory for authentication, header, data integrity, and payload encryption. The autoconfiguration facilities of IPv6 have detached the configuring node complications that exist in IPv4, bringing the protocol one step closer to true plug-and-play functionality. IPv6 supports the Source Demand Routing Protocol, making data routing easy for both sender and receiver, as both can share the same packet route for sending and receiving data packets. Supporting the present IPv4 standards, IPv6 supports quality of service. For better traffic flow, a new 20-bit field has been introduced. Internet Assigned Numbers Authority (IANA) The Internet Assigned Numbers Authority (IANA) plays an important role in the functioning of the Internet. It is responsible for coordinating one of the key elements that makes the Internet work. IANA is the entity that oversees global IP address allocation, DNS root zone management, media types, and other Internet protocol assignments. IANA actively participates in regular meetings with Regional Internet Registries, top-level domain operators, and other relevant communities. Internet Service Provider (ISP) Internet service providers are the commercial ven- dors that provide Internet service in a region or a country. An ISP provides its users with e- mail accounts that allow them to communicate with other users by sending and receiving electronic messages through the ISP’s servers. ISPs can reserve blocks of IP addresses that they can assign to their users. Trace the IP Address of the Attacker Computer The steps to trace the IP address of an attacker computer are as follows: 1. Examine the e-mail header, and get the IP address of the attacker’s system. 2. Access a Web site that allows users to find out IP address information. 3. Use an IP address–locating tool, such as WhoisIP, to find out the location of the attacker. Domain Name System (DNS) A domain name system translates the host name of a computer into an IP address. When a user enters a host name into a browser as a URL, the browser translates that name into its corresponding IP address. It uses that IP address to communicate with a Web server. The DNS server looks for the name in its database and gives the numeric address to the browser. For example, the domain name www.exampass.com might translate into 198.105.232.4. A DNS server contains two tables of data and the software required to query them. The first table consists of a list of host names and their corresponding IP addresses. The second table consists of a list of IP addresses and the host names to which they map. It is not possible to store the IP address of every computer on each server, so DNS distributes this data among a number of servers around the world. If a browser sends a request for a host name to the server, and if the server does not carry data for it, then that server forwards that request to other servers until it gets a response. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Investigating Internet Crime 157 There is a series of 13 name servers strategically located around the world to provide the names and IP addresses of all authoritative top-level domains. These servers are called the DNS root name servers. These servers implement the root namespace domain for the Internet. Figure 6-3 is an example of a domain name. It is made up of the sequence www, kernel-panic, it, and the root’s null label, and is therefore written as www.kernel-panic.it. com net sourceforge users dev '' '' org openbsd www ca www edu de ftp it kernel-panic www mail 6 Figure 6-3 A domain name is made up of different hierarchical parts. DNS Records DNS records are stored in zone files. Zone files are ASCII text files. A zone file contains full source information on a zone, including the domain name’s name server and mail server information, and is stored on the primary DNS server for the zone. For constructing zone files, two types of control entries are used, which simplifies construct- ing the file and standard resource records. The resource records describe the domain data present in the zone file. There are various types of standard resource records, but only the following two control statements: ● $INCLUDE : It identifies the data present in the zone file. ● put more than one domain name in $ORIGIN : It is used to the zone file. Resource Records The set of resource information associated with a particular name is composed of separate resource records (RRs). The order of RRs in a set is not significant and need not be preserved by name servers, resolvers, or other parts of the DNS. A specific RR contains the following information: ● Owner: The domain name where the RR is found ● Type: An encoded 16-bit value that specifies the type of the resource in this resource record. Types refer to abstract resources. The following are the different types: ‫ﰀ‬ A: A host address ‫ﰀ‬ CNAME: Identifies the canonical name of an alias Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-202 Source: http://www.kernel-panic.it/openbsd/dns/dns2.html. Accessed 2/2007. (EC-Council 147-157) EC-Council. Computer Forensics: Investigating Network Intrusions and Cybercrime (CHFI), 2nd Edition. Cengage Learning, 20160506. VitalBook file.

Tutor Answer

mariam90
School: UC Berkeley

Hey, buddy!This ...

flag Report DMCA
Review

Anonymous
Excellent job

Similar Questions
Hot Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors