prentice hall ©2004 pearson education, inc. computer forensics and cyber crime britz chapter two...
Post on 20-Dec-2015
215 views
TRANSCRIPT
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Chapter Two Computer Terminology &
History
Hardware
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
HardwareInput devices Modems Keyboards Mouse Scanner
Camera Microphones
Output devices Modems Monitor CPU Printers
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Processing devices
Buses
CPU
Motherboards
PC Cards
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Modems
Electronic devices which connect a computer and telephone line to enable communication between computers by converting binary data to analog tones and voltages communicable over an analog communications cable and vice versa.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Keyboards
Keyboards – devices through which commands and information are introduced to the computer hot keys – found on
reconfigured keyboards – perform a multitude of tasks including system security
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Mouse and Scanners
Mouse - Input device which facilitates the manipulation of an onscreen cursor by handScanner - input device which enables users to import photographs, documents, or other sorts of paper information
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Output devices
devices which produce and/or display information that has been processed by the computer for dissemination to the user
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Monitors & PrintersMonitor – output device originally called a CRT (Cathode Ray Tube) which communicates to users in a digestible format the results of their commandsPrinters – devices that create printed documents, per the computer’s instructions, to reflect the results of their commands.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Processing componentsCentral Processing Unit (CPU) – single integrated circuits which actually interpret program instructions and the processing of data in a computerBuses – multiple connections consisting of several parallel wires between chips and memory chips. These parallel electrical connections permit the transfer of several bits of data simultaneously.Motherboard – primary circuit board of a PC to which all other elements are connected. Such components include: processor memory chips, BIOS, and ROM.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
PC Cards or PMCIA (Personal Memory Card International Association) – plug-in boards originally designed for laptops. Initially the size of a credit card, their capabilities include: hard drives, network interfaces, flash memory cards, modems, SCSI, CD-ROM and audio drives.SCSI (Small Computer Interface System) – increasing popular, SCSIs provide interfacing for up to 7 peripherals acutally, an 8-bit bus interface, but the host adapter which connects to the computer’s bus also counts as a device), and allows communication between any two devices simultaneously. Relied upon for speedy transfers, wide SCSI provides up to 40 MB/sec.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Computer Software
series of instructions that performs a particular task – more specifically – the interpretation of binary byte sequences represented by a listing of instructions to the processors
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Software Language
Programs – the sequence of rules through which software operates
Source code – the set of instructions written in programming language
Object code – that which is actually executed by the computer
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Malware
also called malicious programming code - software which causes damage to computer systems includes trap doors, Trojans, viruses, worms, etc.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Malware
Trap doors – malware which allows users to enter systems without authorization. Also called back doors, they are often installed by software developers and exploited by hackers.Trojan horses- a malware program, which on its face, appears to have a legitimate purpose, but which hides other features such as trap doors. Unlike viruses and worms, Trojans do not replicate.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
VirusVirus – malware which is usually attached or inserted into a file or the boot sector of a disk. A rogue computer program which is designed to disperse copies of itself to other computers for destructive purposes by attaching itself to programs and replicating
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Virus a boot sector virus can also infect a hard drive where it is much more dangerous. introduced to computer systems as part of an infected COM,
EXE, or boot sector program file, or through network downloads as macros, set-up files, or e-mail attachments
continuum of destruction – range from the relatively harmless, designed to prove the superiority of its creator, to the catastrophic, shutting down entire networksnever accidental in their creation – although they may be spread by unknowing victims, their creation and initial implementation are always deliberateuncontrollable – once created they are unstoppable until antidotes are discovered
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Droppers
Droppers – programs that are created to avoid anti-virus detection usually by encryption that hinders detection. Their typical function is to transport and install viruses when an infected computer performs a certain function.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Wormsself-contained programs or sets of programs which may spread functional copies of themselves or their segments to other computer systems. Unlike viruses, they do not need to attach themselves to a host program. They are not specifically designed to erase or alter data, although their presence may cause crashes due to memory hogging.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Worms
Network worms- several segments operating on different machines that use the network for several communication purposes. Once activated, these worms will scan for connections to the host network.Host computer worms – entirely contained on the computer they run on. These worms only use network connections to copy themselves to other computers—some variations include self-destructive programs.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Bombs
Bombs – code built into malware as an activation mechanism. Like droppers, bombs are designed to activate when a specific action occurs. Malicious scripts or scheduling programs. time bombs – are those which are activated at a specific
time on the infected system’s internal clock logic bombs – are those which are designed to activate
upon a series of events (often used by disgruntled employees – i.e., designed to activate when a certain individual is fired or changed in the computer).
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Logic BombsSeeking Revenge
Computers have proven to be an effective means of retaliation for terminated employees. Unlike workplace violence, the manipulation of computer systems provides a mechanism for dismantling entire corporations, leaving individual employees unharmed. Systems manager Donald Burelson, for example, employed a logic bomb which targeted the commission records for over 60,000 independent insurance agents. This logic bomb was predicated on personnel records, and was activated when his employment status was changed in the system. (more info)
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Operating System
Operating system – a piece of software that runs user applications and provides an interface to the hardware. traditionally, almost all contained some version of
DOS (disk operating system) multiple operating systems may be contained on
one machine GUI (Graphical User Interface) – or WIMP
(Windows, icons, multi-tasking, and pointing device – point and click technology
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Network Language
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
TCP/IP
TCP/IP (Transmission Control Protocol/Internet Protocol) – the suite of protocols that define the Internet – more specifically, a method of communication between programs which enables a bit-stream transfer of information.- originally designed as the standard protocol for Arpanet
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
IMAP v. POPIMAP (Internet Message Access Protocol) – method of accessing electronic mail or bulletin board messages that are kept on a mail server – i.e., permits a “client” e-mail program to access remote message stores as if they were local . Thus, mail can be accessed by multiple computers.POP (Post Office Protocol) –unlike IMAP, POP works best when one has only a single computer as it provides off-line access to these messages (ex. Netscape).
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Network Language, Cont’d
ROUTERS – special purpose computers or software packages that handle the connection between two or more networks- analogous to switches found within telephone systems
HUBS – central switching devices for communications lines in a star topology – they may add nothing to the transmission (passive hub) or may contain electronics that regenerate signals to boost strength as well as monitor activity (active hub)
PACKETS – units of data exchanged between host computers further distinguished as headers and data packet switching – refers to the method used to move data around
on the Internet
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Network Language, Cont’dCOOKIES – a piece of information sent by a web server to a Web browser that the browser software is expected to save and to send back to the server whenever the browser makes additional requests from the server stored information which is supplied by the user and placed on a hard drive to assist in online transactions and communications originally designed so that users do not have to continuously supply the same information
DNS entry – (Domain Name System) – based on a group of computers on a common network defined by a commonality of Internet Protocol Addresses
- in a nutshell – DNS was necessary due to the explosion of the Internet – developed the .com, .gov, .org, .edu, etc.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Hacker Language
back door – a hole in security deliberately left within a program or software which enables unauthorized accessBit bucket – final destination of discarded, lost or destroyed dataBlack Hat hacker – term which refers to evil crackers
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Hacker language, cont’d
Cracker – term originally coined by hackers which usually refers to those individuals violating secure systems for illicit purposes rather than fun. (Hackers claim to be motivated purely by intellectual pursuits, while “crackers” exploit systems for economic reasons or other forms of personal gain. Crackers are often referred to as “cyberpunks”.)Phreaking – art and science of cracking the phone network (i.e. making illegal phone calls)Red Hat hacker – tongue in cheek reference to a flavor of the Linux operating systemsSneaker – individual hired by a company to test their security systems by attempting to violate themSpaghetti or kangaroo code – complex or tangled code
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Hacker Language, cont’d
Vulcan nerve pinch – keyboard combination that forces a soft-boot or jump to ROM monitor. Many microcomputers combination is Ctrl-Alt-Del. Sometimes called the “3 finger salute.”Wedged – refers to the inability of a computer to make progress. Unlike a crash, computers which are wedged are not totally nonfunctioning.Wetware – term used to refer to humans operating computers (as opposed to hardware and software)White hat hackers – term used in the industry to designate “good” hackers
A Brief History of Computers
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Computers as a concept
Computer – a device used to ascertain an amount or number by calculation or reckoning
Earliest Computer – invented over 800 years ago by the Chinese - abacus
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Charles Babbage
Herman Hollerith
Professor John Atanasoff and Clifford Berry
John W. Mauchly & John Presper Eckert
ENIAC
Professor Max Newman
Significant Individuals and Developments most developments occurred due to government funding
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Charles Babbage
England – designs analytical engine in London that was designed to receive instructions from punch cards, make calculations with the aid of a memory bank and print out mathematical solutions
Unprecedented ideal
Failed due to lack of technological infrastructure
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Herman Hollerith
United States - designed a machine to tabulate the 1890 U.S. Census
Retired from civil service in 1896 to start his own company – the Tabulating Machine Company – now IBM
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Professor John Atanasoff & Iowa State
University student Clifford Berry
Atanasoff-Berry Computer (ABC) had capabilities which included binary arithmetic, parallel processing, separate memory, regenerative memory, and basic computer functionality.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
John W. Mauchly and John Presper Eckert
University of Pennsylvania
Designed for calculating firing and bombing tables for the U.S. military
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
ENIA (Electronic Numerical Integrator and Computer)
comprised of 30 separate units and weighed 30 tons
19,000 vacuum tubes, 150 relays, and required 200 kilowatts of electrical power to operate
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Professor Max Newman (England)
develops Colossus 1 – designed exclusively for cryptanalysis
Used paper tape to scan and analyze 5000 characters per second
Used in WWII to break Enigma codes
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Realms of the Cyberworld Intranets – small, local networks connecting computers which are within one organization and which are controlled by a common system administrator
Internets – connect several networks, and are distinguished in the literature by a lower case “i”the Internet the largest network in the world, an
international connection of all types and sizes of computer systems and networks
a system of small networks of computers linked with other networks via routers and software protocols
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
A Brief History of the Internet
1960s and 1970s - ARPANET (Advanced Research Project Agency Network)developed in 1969 by the Department of Defense to maintain lines of communication in the event of a nuclear warlinked UCLA, Stanford, UC Santa Barbara, and the University of UtahApril 7, 1969 – the “Internet’s official start dateCharacterized by non-interactive postings (i.e. RFC – Request For Comment) Opened to non-military users in the 1970s – most takers were involved with universities
Extremely unfriendly to users!
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
1980sNSF Net – National Science Foundation Eventually acted as a springboard for a myriad of
software, including: UNIX – Bell Labs Eudora (e-mail system) – Univ. of Illinois Gopher (information retrieval) – U. of
MinnesotaPine (e-mail system) – U. of WashingtonCU-SeeMe (low cost video conferencing – CornellCommercial Internet Xchange (CIX) - Midlevel
networks were leasing data circuits from phone companies and subleasing them to institutions
Emergence of domain names
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Late 1980s and 1990s – World Wide Web
1989 – WWW invented by Tim Berners-Lee – a physicist working at CERN – the European Particle Physics Laboratory as a communication medium for physicistsOriginally text only – but the introduction of NCSA Mosaic introduced graphical interfaces1993 - Dial-up modems were granted access to WebWWW explodes in popularity300 host computers in 1981 to over 36 million in 1998.10-25 million users in 1991 to 157 million in 1998
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Categorizing Internet Communications
World Wide Web
Newsgroups and
Bulletin Boards
Internet Relay Chat
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
World Wide Weba collection of hyperlinked pages of information distributed over the Internet via a network protocol called HTTP (hypertext transfer protocol)may be likened to an electronic marketplace where electronic storefronts of businesses, individuals, civic groups, and governments market both tangible and intangible productsVariety of goals Informational Educational Transactional, etc.
Each Web site can be identified by its URL (Uniform Resource Locator)Increasing exponentially – 200% yearly increases are expected
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Newsgroups/Bulletin Boards
oldest and most cumbersome of all digital communicationsmay be likened to community bulletin boards where individuals post meetings, information, etc.Bulletin Boards – a medium of computer exchange whereby individuals may have the capability of accessing software, posting personal information, and exchanging electronic mailExtremely popular among subversive organizations – it is cheaper, and the risk of exposure is significantly less
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Grouping Bulletin Boards
Security
Immediacy
Community
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Grouping Bulletin Boards SECURITY Anonymous – those in which true identities are unknown
and handles are assigned Moderate – those in which the sysop believes he/she knows
the identity of the member Known user – those in which the sysop maintains complete
control over postings – prohibiting role playing and pseudonymous postings
IMMEDIACY Chat lines – immediate postings (i.e., can “chat”
simultaneously Stored messages – single phone line boards which store
messages serially in order of their posting time
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Grouping Bulletin Boards - Community
Antiseptic - those boards which serve as software or information dumps – little or no contact between users or sysopsInterpersonal – boards where interaction between users is encouraged (or even demanded) these boards do NOT allow lurkers – (i.e. those
individuals who do not actively engage in communication, but simply watch those who do
very popular among fringe groups – hackers, Satanists, anarchists, Nazis, pedophiles, child pornographers, etc.
Underground - are transient and elusive, appearing and disappearing relatively quickly
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Internet Relay ChatAKA medium in which users may observe and participate in real time conversations while “identifying” the nicknames of the individuals on the channel and their corresponding internet address Topics – range from the innocuous to the
profane (ex. Gardening to child exploitation)
Far less expensive than telephone communicationsallows for multiple, simultaneous communicationsliked to a “technologically evolved party line”OSP’S – most chatrooms are sponsored by online service providersUnfortunately, OSP’s fail to warn customers of the potential for deception. In fact, many actually promote feelings of security by offering user vacations, fraternities, and the like.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Future Issues and Conclusions
Problems will continue to mount as LE struggles to keep up with computer criminals.
New technology will continue to pose significant problems for law enforcement.
Advent of cable modems (and stagnant IP’s) will increase the vulnerability of users.