Networking 978-0123742681 Chapter 23 Quiz

Unlock access to all the studying documents.

View Full Document

Chapter 23

Digital Evidence on the Internet

On completion of this chapter, the student will:

– Be aware of the role of the Internet in criminal investigations.

– Recognize that Internet Services retain information about people and organizations.

– Be aware of the difficulties in connecting an Internet artifact with a person (i.e., proving that

a specific e-mail was sent by a specific individual).

– Recognize the value of analyzing social networking in Internet investigations.

– Be aware of the characteristics of various synchronous chat networks.

– Be aware of the nature of peer-to-peer computer networks and some methods of gathering

evidence.

Chapter Guide

The Internet is both an attractive venue for criminal activities and a powerful investigative tool. This

chapter discusses both aspects to give investigators intelligence about how criminals operate online, and

to help investigators use digital evidence on the Internet to apprehend offenders. The main Internet

services are covered, including the Web, e-mail, newsgroups, Internet chat, and P2P. New services are

emerging that extend the capabilities of the Internet, providing criminals with new opportunities, and

making digital investigations more challenging. Therefore, in addition to becoming familiar with existing

Many people think of the Internet as separate from the physical world. This is simply not the case and to

neglect the very real and direct link between people and the online activities that involve them limits

ith an online component. The Internet effectively

provides us with windows into aspects of the world that we otherwise might not know about. As

discussed in Chapter 1, a trained eye can use data on computers and the Internet to learn a great deal

about an individual, providing such insight that it is like looking through a stained glass window into the

cept is important for several reasons:

This last point is worth reiterating and expanding. There is currently an inordinate amount of criminal

activity on the Internet, providing us with a unique opportunity to learn more about criminal activities that

more detail, computers and networks can provide

a window into their world, giving us a clearer view of how they operate.

Multiple Choice Questions

1. Who is authorized to conduct online undercover investigations when child pornography is

involved?

2. Which of the following Internet services can be used to exchange illegal materials?

3. What are two of the most useful headers for determining the origination of Usenet messages?

4. What information should you document when searching for evidence on the Web?

5. Why is it important to hide your identity when conducting an online investigation?

6. When it is not possible to determine the identity of the author of a Usenet message using IP

addresses in the header, what else can you do to learn more about the author?

7. What characteristics of IRC make it attractive to criminals?

8. Which of the following enables a user to connect to IRC and run IRC fserves without disclosing

their IP address?

9. Which of the following applications leave traces of Internet activities on a personal computer?

10. Which of the following tools can reconstruct TCP streams?

11. What peer-to-peer clients use the Fast Track network?

12. Web Whacker and Httrack are examples of tools that:

13. Metaverseink is a:

14. Second Life is one of the better known:

15. Synchronous chat networks are particularly conducive to criminal activity because of their

True or False Questions

1. The cybertrail is only useful for gathering information about an offender, not a victim.

2. accessed by government employees.

3. When you access a web page, the content may be located on a server other than the one you

accessed.

4. All web search engines use the same search syntax.

5. Whois databases contain contact information relating to IP addresses but not domain names.

6. Criminals let their guard down in chat networks because they feel protected by the perceived

anonymity.

7. The Web archive (web.archive.org) contains a complete and accurate copy of web pages as they

existed at a particular time.

8. E-mail Received headers can be relied on for tracking purposes because they cannot be forged.

9. When evidence is located on the Internet, investigators should document and preserve it

immediately or it may be gone the next time they look for it.

10. Pseudonymous e-mail enables the sender to receive responses to messages whereas anonymous e-

mail does not.

11. It is not possible to decrypt and view captured network traffic.

12. Freenet is not being widely used by criminals to exchange illegal materials because it is too

difficult to use.

13. KaZaa has one feature that can be beneficial

possible, it obtains files from peers in the same geographical region.

14. Posting information online takes control of the information away from the person and such

information can remain online indefinitely.

15. Given the wealth of information that social networks contain, digital investigators will often find

useful information at these sites.

Discussion Questions

1. What website does http://www.paypal.com@1113781300 refer to? Explain how you got your answer.

3. What are the pros and cons of metasearch engines like www.dogpile.com?

4. What are the advantages and disadvantages from an investigative perspective of Usenet archives like

5. What is the most interesting channel you can find on IRC? Note that you can answer this question by

6. Describe one way that files can be exchanged on IRC.

7. Describe one way that criminals on IRC can conceal their actual IP address to make tracking them

more difficult.

1. The purpose of this scenario is to develop e-mail tracking skills. Give students an e-mail message

and have them determine where it came from. Have them describe how they determined where

the message came from and report what they find using the tools described in this chapter. If

certain tools (e.g., Whois or finger) do not provide useful information, this should be noted in the

report. It is not necessary to determine the identity of the sender. However, once students have

2. It can also be instructive to set up an IRC file server for students to connect to and download files.

Panzer (http://arnts.tripod.com/) is a feature rich, user-friendly IRC file-serving package, and is

141.157.67.68):

Session Start: Wed Feb 25 10:59:24 2004

Session Ident: Fserver

[10:59] DCC Chat session

–