350 likes | 498 Views
Class 11. Grover Kearns, PhD, CPA, CFE. Email Videos. How email works http://www.youtube.com/watch?v=YBzLPmx3xTU Email Spoofing http://lybio.net/household-hacker-hacking-email-spoofing-101/science-technology/ SMTP Spoofing http://www.youtube.com/watch?v=Up6XcxEilp4&feature=related
E N D
Class 11 • Grover Kearns, PhD, CPA, CFE
Email Videos How email works http://www.youtube.com/watch?v=YBzLPmx3xTU Email Spoofing http://lybio.net/household-hacker-hacking-email-spoofing-101/science-technology/ SMTP Spoofing http://www.youtube.com/watch?v=Up6XcxEilp4&feature=related Tracing an email http://www.youtube.com/watch?v=hSvswzSy3oA
Reading Email Headers From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain Not required by SMTP
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain unique message ID
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009. verizon.net@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
Another Example – Partial Header Delivered-To: gkearns@mail.usf.edu Received: by 10.68.58.39 with SMTP id n7cs40710pbq; … Return-Path: <stpetebay@yahoo.com> … Received: from [127.0.0.1] by omp1017.mail.bf1.yahoo.com with NNFMP; 20 Jun … Received: (qmail 38143 invoked by uid 60001); 20 Jun 2011 19:58:58 -0000 Message-ID: <391707.15764.qm@web161204.mail.bf1.yahoo.com> Received: from [70.126.236.236] by web161204.mail.bf1.yahoo.com via HTTP; Mon, 20 Jun 2011 12:58:58 PDT X-Mailer: YahooMailClassic/14.0.3 YahooMailWebService/0.8.111.304355 Date: Mon, 20 Jun 2011 12:58:58 -0700 (PDT) From: Grover Kearns <stpetebay@yahoo.com> Subject: Be Alert To: gkearns@mail.usf.edu MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Now get to work!
Mobile Phone Forensics • Unauthorized photos, videos, audio recording • Digital fraud and data duplication • Industrial espionage • Acceptable use policy
Mobile Phone Forensics SIM Cards- Subscriber Identity ModuleSD Cards- Secure Digital
Mobile Phone Forensics Stored Data on SIM Cards • International Mobile Subscriber Identity • Integrated Circuit Card Identifier (ICC-ID) • Authentication Key (Ki) • Location Area Identity • SMS Message / Contacts
Mobile Phone Forensics Stored Data on SD Cards Call logs Text Messages Electronic documents Phonebooks Videos Music Photos Calendar
Smart Phone Videos • How to Save Data to a Phone's Micro SD Memory Card http://www.ehow.com/video_4756774_save-micro-sd-memory-card.html • SIM Card Reader http://www.proofpronto.com/cell-phone-spy.html?gclid=CIfqu8zqwqkCFYgW2god9AZacw • Hacking the iPhone http://www.youtube.com/watch?v=ZgITSfrEILQ
Problems with Mobile Forensics • Lack of single standards • How cell phones store messages • Multitude of models • Generations: analog, PCS, 3G, 4G, ???
Remote Phone Wipes All smart phones can be “wiped” remotely. Check the web for instructions for each phone.
Securing Mobile Phones • Securing the mobile phone is the first action • Turning it off will lose RAM • If on it can be wiped remotely • Wrap multiple times in foil or • Place in empty paint bucket
SIMCon • Reads SIM files • Analyzes file content • Recovers deleted text messages • Manages PIN codes • Exports data to spreadsheet files
3G Average download speed is 1 to 100 Mbps Allowed email and Internet access Allows apps with music downloads and video calling Applies to all smartphones 4G A set of standards that hasn't really been clearly defined Average download speeds are about twice as fast as 3G at 4-6 Mbps More apps, More secure Comparing 3G to 4G
Digital Networks • CDMA – Uses full radio frequency spectrum. Sprint and Verizon use this. • GSM – Used by AT&T and T-Mobile and standard in Europe and Asia. • You can switch your SIM card with GSM! • OFDM – Probably will be the chosen technology for 4G.
Smart Phones • Contain: RAM, ROM, microprocessor, radio module, hardware interfaces. • Many have memory cards (SIM). • Store system data in EEPROM. • OS is stored in ROM.
Unlocking allows owner to switch SIM cards Could void warranty Jailbreaking allows owner to add apps that are not supported by vendor Not illegal Jailbreaking & Unlocking
Recovering Deleted Files http://www.youtube.com/watch?v=5ShSIYRQnZY&feature=related
Web Sites - Email • Email Spoofing http://lybio.net/household-hacker-hacking-email-spoofing-101/science-technology/ • Tracing an email http://www.youtube.com/watch?v=hSvswzSy3oA • How to find IP address and shutdown network computer http://www.youtube.com/watch?v=fFLd0EQR-uE&feature=related • Restoring deleted files http://www.youtube.com/watch?v=5ShSIYRQnZY&feature=related
Web Sites – Mobile Phones • SIM Card Reader http://www.proofpronto.com/cell-phone-spy.html?gclid=CIfqu8zqwqkCFYgW2god9AZacw • Hacking iPhone http://www.youtube.com/watch?v=ZgITSfrEILQ • How to Save Data to a Phone's Micro SD Memory Card http://www.ehow.com/video_4756774_save-micro-sd-memory-card.html