Chapter 11 & 12 Flashcards
phishing
e-mails contain links to text on a Web page
Spear phishing
Targets a specific individual or group in an organization. Goals steal login credentials, trade secrets, financial documents, event details.
Whaling-Phishing
Targets executive level employees in an organization. Often accomplished through social engineering. Goals get target to authorize wire transfers, provide login credentials, divulge sensitive information.
Smishing
Fraudulent text messages meant to trick a person into revealing sensitive data or clicking on a malicious link
Vishing
Fraudulent phone calls that induce a person to provide personal information or give remote access to their computer.
Pharming
DNS poisoning takes user to a fake site
Spoofing
A technique used in spam and phishing attacks to trick a user
into thinking the email came for an person or entity they know an trust.
BEC
Business email compromise. A legitimate email account is taken
over. Fraudulent messages sent from the legitimate email account to trick someone into sending money or divulging sensitive info.
Enhanced/Extended Simple Mail Transfer Protocol (ESMTP)
number in the message’s header to check for legitimacy of email. Reasons for email being bounced – Error codes can be looked up.
applicable privacy laws
Electronic Communications Privacy Act (ECPA) and the Stored
Communications Act (SCA) apply to e-mail
Forensic Linguistics
Where language and law intersect
Examining E-mail Messages
-Find and copy any potential evidence
* Access protected or encrypted material
* Print e-mails
Viewing E-mail headers
GUI clients
Web-based clients
After you open e-mail headers, copy and paste them into a text document
* So that you can read them with a text editor
Information contained in headers?
-The main piece of information you’re looking for is the originating e-mail’s IP address
* Date and time the message was sent
* Filenames of any attachments
* Unique message number (if supplied)
Tracing
Determining message origin
What consists of Router logs?
- Record all incoming and outgoing traffic
- Have rules to allow or disallow traffic
- You can resolve the path a transmitted e-mail has taken
Email logs identify:
- E-mail messages an account received
- Sending IP address
- Receiving and reading date and time
- E-mail content
- System-specific information
E-mail forensic tools
- DataNumen for Outlook and Outlook Express
- FINALeMAIL for Outlook Express and Eudora
- Sawmill-Novell GroupWise for log analysis
- MailXaminer for multiple e-mail formatas and large data sets
- Fookes Aid4Mail and MailBag Assistant
- Paraben E-Mail Examiner
- AccessData FTK for Outlook and Outlook Express
- Ontrack Easy Recovery EmailRepair
- R-Tools R-Mail
- OfficeRecovery’s MailRecovery
Online social networks (OSNs)
are used to conduct business, brag
about criminal activities, raise money, and have class discussions
what can you rely on for business investigations?
For many e-mail investigations you can rely on e-mail message files, headers, and server log files
Code Division Multiple Access (CDMA)
is a digital cellular technology that allows multiple users to access a shared communication channel simultaneously.
Global System for Mobile Communications (GSM)
uses the Time
Division Multiple Access (TDMA) technique
widely used mobile communication standards globally
Multiple phones take turns sharing a channel
MSISDN
Mobile Station International Subscriber Directory Number – Number
which you call or send text messages from. Linked to SIM
IMEI –
International Mobile Equipment Identifier – Unique 15 digit number
identifies GSM and other types of phones. Differs from a serial number because the IMEI is broadcast with every transmission
IMSI
Individual Mobile Subscriber Identity – 15 digit number tied to SIM card. Identifies Subscriber, Carrier, and Mobile Network.
Pros of GSM
- Advantage – Users can transmit data and make phone calls at the same time.
Not so with CDMA. - GSM powered devices are cheaper and easier to produce.
OS is stored in ROM
- Nonvolatile memory
- Available even if the phone loses power
Subscriber identity module (SIM) cards
Found most commonly in GSM devices
Consist of a microprocessor and internal memory
Internet of Things (IoT)
The number of devices that connect to the Internet is higher than the
amount of people
- That number is expected to reach 50 billion in the next few decades
Base transceiver station (BTS)
Commonly referred to as cell towers.
Fixed transceiver. Main communications point for multiple wireless mobile
client devices.
Base station controller (BSC)
Controls and monitors number of Base Stations. Interface between cell sites and mobile switching centers
Mobile switching center (MSC)
Multi-function. Call setup and routing,
conference calling & fax, SMS text routing. Base stations connect to it. It is
an interface to other networks and PSTN.
PSTN –
Public Switched Telephone Network. In use in one form or another for
a century. POTS – Plain Old Telephone System. Carries landline and cell voice
calls. Copper wiring to homes, switching centers and cellular networks.
Costly to maintain.
VOIP
Voice Over IP. Uses Internet connection rather than PSTN. For voice
and other communications.
Mobile Phone Basics (5 of 5)
Four things in SIM cards
- the Network Authentication information where the SIM card contains information necessary to authenticate the subscriber to the mobile network.
- The contacts and phonebook data where the SIM cards can store contact information like names and phone numbers.
- SMS(short message service) Data where text messages are stored.
- Security features the SIM cards often include features such as PIN codes that protect the SIM card.