phishing
e-mails contain links to text on a Web page
Spear phishing
Targets a specific individual or group in an organization. Goals steal login credentials, trade secrets, financial documents, event details.
Whaling-Phishing
Targets executive level employees in an organization. Often accomplished through social engineering. Goals get target to authorize wire transfers, provide login credentials, divulge sensitive information.
Smishing
Fraudulent text messages meant to trick a person into revealing sensitive data or clicking on a malicious link
Vishing
Fraudulent phone calls that induce a person to provide personal information or give remote access to their computer.
Pharming
DNS poisoning takes user to a fake site
Spoofing
A technique used in spam and phishing attacks to trick a user
into thinking the email came for an person or entity they know an trust.
BEC
Business email compromise. A legitimate email account is taken
over. Fraudulent messages sent from the legitimate email account to trick someone into sending money or divulging sensitive info.
Enhanced/Extended Simple Mail Transfer Protocol (ESMTP)
number in the message’s header to check for legitimacy of email. Reasons for email being bounced – Error codes can be looked up.
applicable privacy laws
Electronic Communications Privacy Act (ECPA) and the Stored
Communications Act (SCA) apply to e-mail
Forensic Linguistics
Where language and law intersect
Examining E-mail Messages
-Find and copy any potential evidence
* Access protected or encrypted material
* Print e-mails
Viewing E-mail headers
GUI clients
Web-based clients
After you open e-mail headers, copy and paste them into a text document
* So that you can read them with a text editor
Information contained in headers?
-The main piece of information you’re looking for is the originating e-mail’s IP address
* Date and time the message was sent
* Filenames of any attachments
* Unique message number (if supplied)
Tracing
Determining message origin
What consists of Router logs?
- Record all incoming and outgoing traffic
- Have rules to allow or disallow traffic
- You can resolve the path a transmitted e-mail has taken
Email logs identify:
- E-mail messages an account received
- Sending IP address
- Receiving and reading date and time
- E-mail content
- System-specific information
E-mail forensic tools
- DataNumen for Outlook and Outlook Express
- FINALeMAIL for Outlook Express and Eudora
- Sawmill-Novell GroupWise for log analysis
- MailXaminer for multiple e-mail formatas and large data sets
- Fookes Aid4Mail and MailBag Assistant
- Paraben E-Mail Examiner
- AccessData FTK for Outlook and Outlook Express
- Ontrack Easy Recovery EmailRepair
- R-Tools R-Mail
- OfficeRecovery’s MailRecovery
Online social networks (OSNs)
are used to conduct business, brag
about criminal activities, raise money, and have class discussions
what can you rely on for business investigations?
For many e-mail investigations you can rely on e-mail message files, headers, and server log files
Code Division Multiple Access (CDMA)
is a digital cellular technology that allows multiple users to access a shared communication channel simultaneously.
Global System for Mobile Communications (GSM)
uses the Time
Division Multiple Access (TDMA) technique
widely used mobile communication standards globally
Multiple phones take turns sharing a channel
MSISDN
Mobile Station International Subscriber Directory Number – Number
which you call or send text messages from. Linked to SIM
IMEI –
International Mobile Equipment Identifier – Unique 15 digit number
identifies GSM and other types of phones. Differs from a serial number because the IMEI is broadcast with every transmission
