1 / 11

Email and Internet Evidence

Email and Internet Evidence. Mark Pollitt Associate Professor, Engineering Technology. Web 1.0 Technologies. Technologies Email Web Skype IM Web 1.0 because: Static content Application standards Client based. Forensics on Web 1.0 Technologies. Focus on two elements:

sutton
Download Presentation

Email and Internet Evidence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology

  2. Web 1.0 Technologies • Technologies • Email • Web • Skype • IM • Web 1.0 because: • Static content • Application standards • Client based

  3. Forensics on Web 1.0 Technologies • Focus on two elements: • The application • The data • Looking for: • The content • The connections

  4. Applications • Developers need to build three things into communications applications: • User interface • Data processing/storage • Communications protocols • Multiple Applications can share a common protocol • Outlook, Thunderbird, Zimbra • Hotmail, Yahoo, Gmail

  5. Web Browsers • All share HTML • Some support other technologies: • Active X, Flash, XML, etc. • All store a cache of recent files and a history • Most store those differently • Usually, it takes a specific tool to look at browser histories • Documenting both Internet history and reconstructing web pages is important evidence

  6. Doing Browser Forensics • Know how the browser stores data • Know the location of the data • Have a tool that can read that data • Great resources: http://www.symantec.com/connect/articles/web-browser-forensics-part-1 http://www.symantec.com/connect/articles/web-browser-forensics-part-2

  7. Email • Very simple in concept: • Client/Server • SMTP protocol • Two basic interfaces: • Web mail (Hotmail, Yahoo, Gmail) • Client based (POP, IMAP, SMTP) • Some support both • Features vary by client

  8. Email Clients • Like Browsers, they share some features: • Communications protocols (POP, IMAP, SMTP, etc.) • User Interface • Storage – usually some form of database

  9. Internet History Browsers • Nirsoft – IEHistory View/Mozilla Cache View • Security Exploded – Browser History Spy* • Sqlite Viewer - Firefox

  10. Email Investigations • Client Software • Outlook • Thunderbird • Zimbra • Forensic Suites • EnCase • FTK • Webmail • Use browser forensics

  11. Thank You for your Attention!

More Related