E-mail Presentation

Anonymous
timer Asked: Oct 20th, 2018
account_balance_wallet $20

Question Description

Suppose there has been an incident at your organization that will require a forensic investigation of company computers and email. You have been asked by the head of your organization to prepare a presentation for the non-technical staff that explains how email works and the types of information that forensic email investigations attempt to uncover.

Consider the following when creating the presentation:

  • What is the appropriate level of detail for non-technical employees regarding the process of e-mail and forensic investigations?
  • What are qualities of an informational and appealing PowerPoint presentation?

Deliverable:

For this assignment, you are to:

  • Create a presentation that includes a graphic depiction of how e-mail works and discusses the types of information forensic e-mail investigations attempt to uncover.
  • Your presentation should be at least 6-8 slides in length, not including title and reference slides. Your presentation must adhere to the University academic writing standards and APA style guidelines, citing references as appropriate.


    Course's textbook:
    Easttom, C. (2019). System forensics, investigation, and response. Burlington, MA: Jones & Bartlett Learning.



Unformatted Attachment Preview

System Forensics, Investigation, and Response Lesson 7 Email Forensics © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective ▪ Summarize various types of digital forensics. System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Key Concepts ▪ Email clients and servers ▪ Email headers ▪ Email tracing ▪ Email server forensic examination ▪ Laws related to email investigations System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 How Email Works 1. Sender uses a mail client to send a message 2. Message travels to multiple mail servers • Each mail server sends the message closer to its destination 3. Destination mail server stores the message 4. Receiver uses a mail client to retrieve the message from mail server System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 How Email Works System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 What an Email Review Can Reveal ▪ Email messages related to the investigation ▪ Email addresses related to the investigation ▪ Sender and recipient information ▪ Information about those copied on the email ▪ Content of the communications ▪ Internet Protocol (IP) addresses System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 What an Email Review Can Reveal (Cont.) ▪ Date and time information ▪ User information ▪ Attachments ▪ Passwords ▪ Application logs that show evidence of spoofing System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 Email Protocols ▪ Simple Mail Transfer Protocol (SMTP) • Used to send email from a client to a mail server, and between servers • Typically operates on port 25 • SMTPS (secure) operates on port 465 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Email Protocols (Cont.) ▪ Post Office Protocol version 3 (POP3) • Used to receive email • Operates on port 110, or 995 (secure) • Designed to delete email on server as soon as user downloads email ▪ Internet Message Access Protocol (IMAP) ▪ Used to receive email ▪ Operates on port 143 ▪ User views email on the server, decides whether to download the mail; email is retained on server System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 Email Protocol Process Outbound Email SMTP SMTP Internet Server User Inbound Email Internet POP3/ IMAP SMTP Server System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. User Page 10 Faking Emails Spoofing System Forensics, Investigation, and Response Anonymous remailing "Valid" emails © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 Spoofing ▪ Making an email message appear to come from someone or someplace other than the real sender or location ▪ First machine to receive spoofed message records machine’s real IP address ▪ Header contains both the faked IP and the real IP address System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 Anonymous Remailing ▪ Suspect sends an email message to an anonymizer • Anonymizer is email server that strips identifying information from message before forwarding it with anonymous mailing computer’s IP address ▪ To find out who sent remailed email, must examine logs maintained by remailer or anonymizer companies System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 "Valid" Emails ▪ Appears as through mail is from trusted source ▪ Message content is suspicious ▪ Content may contain URL that points to malicious site System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 How to Fake an Email Use free public Wi-Fi System Forensics, Investigation, and Response Spoof IP address and MAC address Send email through anonymous email account © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 Email Message Components ▪ Header • Addressing information • Source and destination ▪ Body • Contents of the message ▪ Attachments • External data that travels along with each message System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 Email Message Components System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 Email Headers ▪ RFC 2822 • Standard for email format, including headers ▪ All email programs use the same email format, regardless of operating system • Email from Outlook on a Windows 10 PC can be read by recipient using Hotmail on Android phone System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 Email Headers (Cont.) ▪ Header keeps record of the message’s journey networks and mail servers ▪ Each server adds information to the header ▪ Each network device has an Internet Protocol (IP) address • Identifies device • Can be resolved to a location address System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 RFC 2822 Specifications for Email Headers Message header must include: From field Date field The email address and, optionally, the name of the sender The local time and date when the message was written System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 RFC 2822 Specifications for Email Headers (Cont.) Message header should include: Message-ID field An automatically generated field System Forensics, Investigation, and Response In-Reply-To field The message-ID of the message that this is a reply to © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21 Email Header Fields (RFC 3864) To Subject Cc/Bcc ContentType Precedence Received References Reply-To Sender System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 22 Find Microsoft Outlook 2010 Headers Used with permission from Microsoft Step 1 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 23 View Outlook 2010 Headers Used with permission from Microsoft Step 2 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 24 Microsoft Outlook 2010 Headers Used with permission from Microsoft System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 25 Find Yahoo! Headers Courtesy of Yahoo! System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 26 View Yahoo! Headers Courtesy of Yahoo! System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 27 Find Gmail Headers Google and the Google logo are registered trademarks of Google Inc., used with permission System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 28 View Gmail Headers Google and the Google logo are registered trademarks of Google Inc., used with permission System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 29 View Hotmail Email Headers 1. Select Inbox from the menu on the left. 2. Right-click the message for which you want to view headers, and select View Message Source. The full headers will appear in a new window. System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 30 View Apple Mail Email Headers 1. Open Apple Mail. 2. Click on the message for which you want to view headers. 3. Go to the View menu. 4. Select Message, then Long Headers. The full headers will appear in the window below your Inbox. System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 31 Email Files .ost (Offline Outlook Storage) .pst (Outlook) .mbx (Eudora) System Forensics, Investigation, and Response .mbx or .dbx (Outlook Express) .emi (common to several email clients) © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 32 Paraben’s Email Examiner ▪ Exclusively for email forensics ▪ Works like the more complete forensic suites (Forensic Toolkit and EnCase) in that evidence is grouped by case System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 33 Creating a Paraben Case Courtesy of Paraben Corporation System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 34 Adding the Investigator Courtesy of Paraben Corporation System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 35 Selecting an Email Database Courtesy of Paraben Corporation System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 36 Tracing Email ▪ Looking at each point through which an email passed and working step by step back to the originating computer System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 37 Email Server Forensics ▪ Examining email servers • Searching through deleted emails retained by the server ▪ Many servers have a retention policy System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 38 Email Laws ▪ The Fourth Amendment to the U.S. Constitution ▪ The Electronic Communications Privacy Act (ECPA) ▪ The CAN-SPAM Act ▪ 18 U.S.C. 2252B ▪ Communication Assistance for Law Enforcement Act (CALEA) ▪ Foreign Intelligence Surveillance Act (FISA) ▪ The USA PATRIOT Act System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 39 Summary ▪ Email clients and servers ▪ Email headers ▪ Email tracing ▪ Email server forensic examination ▪ Laws related to email investigations System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 40 ...
Purchase answer to see full attachment

Tutor Answer

Knutsen
School: Carnegie Mellon University

hey buddy, here is th...

flag Report DMCA
Review

Anonymous
Top quality work from this guy! I'll be back!

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors