A Research on Challenges in Cybercrime and Scope of Criminal Networks in Cyberspace Implementing...
-
Upload
kalaiselvijayashekar -
Category
Technology
-
view
3.879 -
download
0
description
Transcript of A Research on Challenges in Cybercrime and Scope of Criminal Networks in Cyberspace Implementing...
A Research on Challenges in Cybercrime and Scope of Criminal Networks in Cyberspace Implementing Cyber Forensic Tools : An Exploratory Study
K KalaiselviDept. of Computer Applications,
Koshy’s Institute of Management Studies, [email protected]
What is Network Forensics?Captures, records, analysis n/w eventsDiscovers sources of security attacksCollection & analysis of data from n/ws,
computers, communication streams
Forensic TechniquesEmail ForensicsWeb ForensicsPacket SniffersIPTraceBack TechniqueHoney Pots and Honey Nets
Email ForensicsIncreased network connectivity
progressively increasesData theft, Identity theft Spam email threat & Network hacking
emailTrackpro SmartWhoIs
Email Forensics – Tools
Trace email sender Studies source & content of emailIdentifies date/time etc., of sender &
recipientTrace path traversed by messageIdentifies Phishing emails
Email Forensics – How it works?
emailTrackproAnalyzes the email headerDetects the IP address of the systemMsg header provides audit trail of every machine
the mail passes through.Has built-in location –database which tracks the
country/regions/area mapCopy & paste the email header in emailtrackpro
tool & start.Generates reports with IP ,domain content
information(reg.website address)
Web ForensicsAnalyzesDuration of each web visit Files uploaded/downloaded from visited websiteReveals the browsing historyCookies setup during visitsIn IE ----index.datIn Firefox,Mozilla, Netscape browsers----
history.datExplores the browsing history & gathers the
critical information of a crime
Web Forensics - ToolsMandiant webHistorianIndex.dat analyzer
Mandiant Web HistorianReviews the website URLReveals what/when/where/how the intruders
looked into the sitesCan parse a specific history Can recursively search through a given folder
or driveGenerates single report for all browsers
available
Index.dat AnalyserExamines & deletes the content of index.dat Views browsing history,cookies & cacheProvides direct visit to the website listed in o/p
analyzerOpens the uploaded/downloaded files from the
website
Packet Snifferss/w that captures , analyze the data exchanges
from different systems in n/wIntrusion Detection System-collects initial
information from packets,collects traffic in /out of n/w
Explores hidden information in the different headers of TCP/IP
N/w engineers ,admin, security professionals monitors n/w
Packet Sniffers – ToolsEtherealWinPcap and AirPcap
EtherealCaptures,filters live packetsDisplays the header information of all the
protocols used in the transmission of the packet headers
Supports Windows,Linux & UnixProtocols used –TCP,UDP,Address Resolution
Protocol(ARP)
winPcap and airPcapwinPcap ----captures intercepted packet at
the n/w interface in windowsairPcap----captures control frames (ACK,RTS,CTS) mgmt
frames(request/response,Authentication) data frames follows IEEE 802.11 background wireless
LAN interfaces ,currently for windows
IPtracebackTrace back from the victim to the
source of attackMasquerade attacks thro’ Spoofing
IPtraceback - ToolsInput Debugging : recognizes the signature
pattern in all attacked packets Sends to upstream router till it reaches the
source Filters & blocks the pattern
Controlled flooding: change in the rate of packets in the upstream router is tested recursively
Packet marking: samples the path one node at a time rather than taking the entire path
HoneyPots & HoneyNetsn/w designed for being compromisedObserves the activities & behaviour of the
intruderAllows detailed analysis of the tools used
by intrudersInbound connection to Honeypot –needs
probeOutbound connection -Hop compromised
Honeywall-captures & monitors data traffic entering & leaving the honeypot
Sebek-logging s/w that intercepts the data after the attackers’ encryption s/w decrypts it(identifies the signature of the attackers)
Virtual Honeypots- simulated machine ,modelled to behave as required with different IP address.
ConclusionExhaustive survey on tools & techniques to conduct
network forensics are the need of the hour.Various forensics techniques were explored which are
not efficient for all the attacks in network.Iptraceback mechanism,Honeypots,Honeynets
architecture ,virtual Honey pots were discussed briefly
Detection of malicious attacks, protection of production system by the forensic professional are to be made more effective.
Self protection remains the first line of defense and a model approach is needed.
Future workFuture research involves deploying and
analyzing the effectiveness of commercial tools ,to detect all kinds of attacks
Comprehensive forensic analysis for wireless networks
Identifying the tools for the same
THANK YOU