1 email and internet evidence mark pollitt associate professor, engineering technology
TRANSCRIPT
![Page 1: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/1.jpg)
1
Email and Internet Evidence
Mark PollittAssociate Professor,
Engineering Technology
![Page 2: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/2.jpg)
Web 1.0 Technologies
• Technologies– Email– Web– Skype– IM
• Web 1.0 because:– Static content– Application standards– Client based
![Page 3: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/3.jpg)
Forensics on Web 1.0 Technologies
• Focus on two elements:– The application– The data
• Looking for:– The content– The connections
![Page 4: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/4.jpg)
Applications
• Developers need to build three things into communications applications:– User interface– Data processing/storage– Communications protocols
• Multiple Applications can share a common protocol– Outlook, Thunderbird, Zimbra– Hotmail, Yahoo, Gmail
![Page 5: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/5.jpg)
Web Browsers
• All share HTML• Some support other technologies:– Active X, Flash, XML, etc.
• All store a cache of recent files and a history– Most store those differently– Usually, it takes a specific tool to look at browser
histories• Documenting both Internet history and
reconstructing web pages is important evidence
![Page 6: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/6.jpg)
Doing Browser Forensics
• Know how the browser stores data• Know the location of the data• Have a tool that can read that data• Great resources:
http://www.symantec.com/connect/articles/web-browser-forensics-part-1http://www.symantec.com/connect/articles/web-browser-forensics-part-2
![Page 7: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/7.jpg)
• Very simple in concept:– Client/Server– SMTP protocol
• Two basic interfaces:– Web mail (Hotmail, Yahoo, Gmail)– Client based (POP, IMAP, SMTP)– Some support both
• Features vary by client
![Page 8: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/8.jpg)
Email Clients
• Like Browsers, they share some features:– Communications protocols (POP, IMAP, SMTP, etc.)– User Interface– Storage – usually some form of database
![Page 9: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/9.jpg)
Internet History Browsers
• Nirsoft – IEHistory View/Mozilla Cache View• Security Exploded – Browser History Spy*• Sqlite Viewer - Firefox
![Page 10: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/10.jpg)
Email Investigations
• Client Software– Outlook– Thunderbird– Zimbra
• Forensic Suites– EnCase– FTK
• Webmail– Use browser forensics
![Page 11: 1 Email and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology](https://reader036.vdocuments.us/reader036/viewer/2022072014/56649eac5503460f94bb2512/html5/thumbnails/11.jpg)
Thank You for your Attention!