Cybercrime Final
Domain Name System (DNS)
A hierarchical system for naming resources on the Internet. -translates URLs or domain names into an IP address -big telephone book
Most commonly used IP addressing version
IPv4
Online Resources for tracing IP addresses
-Internet Assigned Number Authority (IANA_ -Regional Internet Registries (RIR)
Protocols for accessing the user's mail transfer severs
-Post Office Protocol (POP) -Internet Message Access Protocol (IMAP)
ESI collection steps
-data collected -data hashed -date and time reported -collection of log files -defensible evidence item
MIME (Multipurpose Internet Mail Extensions)
-protocol that help send larger messages and attachments
Where is the evidence?
-the senders device -the senders email server -the recipients mail server -the recipients device
Top level domains
.com .org .mil .edu
Hexadecimal digits can include only the numbers ____and letters____
0-9 A-F
RIR five regions
1. African Network Information Centre- Africa 2. American Registry for Internet Numbers (ARIN)- USA, Canada, Antartica 3. Asia Pacific Network Information Centre- Asia, Australia, New Zealand 4. Latin America and Caribbean Network Info Centre 5. Reseaux IP Europeens Network Coordination Centre- Europe & Russia
How a web browser actually gets a webpage to display
1. URL entered 2. Resolve URL 3. Domain Name System 4. GET Command 5. Web server sends page to browser 6. Browser displays webpage
5 Header sections
1. the servers the email passed through 2. encrypted email header 3. traditional to, from, subject and date lines 4. mail transfer program information 5. nonstandard information added by servers and email programs
FTP port number
20
Most common Mail port:
25
SMTP port number
25
ECPA is referring to two laws. There are __provisions of EPCA
3
MAC address is ___pairs of hexadecimal numbers separated by colons, broken into __sections
6; 2
The MAC Address is_____pairs of hexadecimal numbers separated by colons, broken into____sections
6; 2
HTTP port number
80
The author states, Shoemaker and Kennedy (2009) observed that cybercrime profiling investigations involve ___processes, which are extremely helpful in developing a useful profile that identifies the Internet criminal.
9
CNAME
A canonical name record is an alias of an existing record, thus allowing multiple DNS records to map to the same IP address.
A
Address
Message ID
Can identify the originating SMTP server
Zimbra Desktop
Email program from VMWare (the makers of virtual machine technology)
Networktools.com is one of the RIR sites that allows investigators to identify IP registration information (true or false
FALSE
The DNS is responsible for MAC addresses and their corresponding URL address
FALSE
Basics of tracing an IP address is to find the Domain
False
Not a common tool for conducting website collection
HTTrap
According to the author, there have been numerous cybercrime profiles developed over the years, mostly focused on
Hacking offenses Computer intrusions
IANA
Internet Assigned Numbers Authority -responsible for the global coordination of DNS root, IP addressing and other internet protocol resources
Simple Mail Transfer Protocol (SMTP)
Internet protocol used to route emails
ISP
Internet service provider I.e: spectrum
The __ algorithm tool will produce a numerical value such as numerical value
MD5
The _____algorithm tool will produce a numerical value such as 60e46aeaed758964902dd7ae99858f03
MD5
MX
Mail Exchanger
MUA
Mail user agent What program you use to send your email
According to the author, what type of data is information that describes the data?
Metadata
To find IP address for google.com, you would use
NSlookup
NS
Name Server
Documenting ESI involved understanding the various ___
Protocols
Maxmind
Provides free service to geolocate an IP address to a state or city
Which is NOT a separate category based on the type of communication protocol methods defined by the author?
PuTTy
SOA
Start of Authority
Not included in the email header
Time
Ping google.com
To find IP address for google.com
X Originating IP
Used by SMTP to store the originating IP address of the emails sender
______is done by comparing a tool's output against a known data set
Validating
Whois Function
allows investigator to identify IP registration info
Internet Protocol Address (IP)
basis for online communication -allow devices to communicate with each other while connected to the internet
Communication protocol for usenet
bulletin boards
Communication protocol for bit torrent networks
client server
Request for Comments (RFC)
documents are how standards and protocols are defined and published for all to see on the IETF website.
Read received lines
from the bottom up
Protocol that allows the user's email client to manipulate emails stored on the server without transferring the messages between computer.
imap
According to the author, the last stop on the investigative journey to identifying the user of an IP address is the ______
last router in the chain
Communication protocol for instant messaging
peer-to-peer
A utility to identify if an IP address is accessible is_____
ping
Website collection can easily be done by the investigator who has access to the _____ containing the data
server
Another method that can be used to track users by IP address is through the review of _____________ from websites
server logs
According to the author, USENET has been increasing in use since the mid-1990s (true or false)
true