Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Class 11

advertisement 
Class 11
Grover Kearns, PhD, CPA, CFE
1
Email Videos
How email works
http://www.youtube.com/watch?v=YBzLPmx3xTU
Email Spoofing
http://lybio.net/household-hacker-hacking-emailspoofing-101/science-technology/
SMTP Spoofing
http://www.youtube.com/watch?v=Up6XcxEilp4&feature
=related
Tracing an email
http://www.youtube.com/watch?v=hSvswzSy3oA
2
Reading Email Headers
From <<my-work-address>> Sat Aug 17 16:00:24 2002
Return-Path: <<my-work-address>>
Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP
id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>
for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500
Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com
(Content Technologies SMTPRS 4.1.5) with ESMTP
id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;
Sat, 17 Aug 2002 16:02:15 -0400
Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)
\tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400
Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>
From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>
To: "my-home-address" <<my-home-address>>
Subject: Hello
Date: Sat, 17 Aug 2002 16:00:26 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
3
From <<my-work-address>> Sat Aug 17 16:00:24 2002
Return-Path: <<my-work-address>>
Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP
id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>
for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500
Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com
(Content Technologies SMTPRS 4.1.5) with ESMTP
id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;
Sat, 17 Aug 2002 16:02:15 -0400
Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)
\tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400
Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>
From: "Conner, Richard C. \\(RCONNER\\)" <<my-workaddress>>
Not required by SMTP
To: "my-home-address" <<my-home-address>>
Subject: Hello
Date: Sat, 17 Aug 2002 16:00:26 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
From <<my-work-address>> Sat Aug 17 16:00:24 2002
Return-Path: <<my-work-address>>
Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP
id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>
for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500
Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com
(Content Technologies SMTPRS 4.1.5) with ESMTP
id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;
Sat, 17 Aug 2002 16:02:15 -0400
Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)
\tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400
unique message ID
Message-ID:
<09328AED5429D311A3000008C7911B100778B52C@exanp
mb1.arinc.com>
From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>
To: "my-home-address" <<my-home-address>>
Subject: Hello
Date: Sat, 17 Aug 2002 16:00:26 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
From <<my-work-address>> Sat Aug 17 16:00:24 2002
Return-Path: <<my-work-address>>
Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP
id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>
for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500
Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com
(Content Technologies SMTPRS 4.1.5) with ESMTP
id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;
Sat, 17 Aug 2002 16:02:15 -0400
Received: by exanpcn2.arinc.com with Internet Mail Service
(5.5.2653.19)
\tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400
Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>
From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>
To: "my-home-address" <<my-home-address>>
Subject: Hello
Date: Sat, 17 Aug 2002 16:00:26 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
From <<my-work-address>> Sat Aug 17 16:00:24 2002
Return-Path: <<my-work-address>>
Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP
id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>
for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500
Received: from exanpcn2.arinc.com (unverified) by
exanpcn4.arinc.com
(Content Technologies SMTPRS 4.1.5) with ESMTP
id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for
<<my-home-address>>;
Sat, 17 Aug 2002 16:02:15 -0400
Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)
\tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400
Message-ID:
<09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>
From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>
To: "my-home-address" <<my-home-address>>
Subject: Hello
Date: Sat, 17 Aug 2002 16:00:26 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
7
From <<my-work-address>> Sat Aug 17 16:00:24 2002
Return-Path: <<my-work-address>>
Received: from exanpcn4.arinc.com ([144.243.4.70]) by
mta009.verizon.net (InterMail vM.5.01.05.09
201-253-122-126-109-20020611) with ESMTP id
<20020817200009.CWZT20372.mta009.
verizon.net@exanpcn4.arinc.com>
for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09
-0500
Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com
(Content Technologies SMTPRS 4.1.5) with ESMTP
id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;
Sat, 17 Aug 2002 16:02:15 -0400
Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)
\tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400
Message-ID:
<09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>
From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>
To: "my-home-address" <<my-home-address>>
Subject: Hello
Date: Sat, 17 Aug 2002 16:00:26 -0400
MIME-Version: 1.0
8
From <<my-work-address>> Sat Aug 17 16:00:24 2002
Return-Path: <<my-work-address>>
Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP
id <20020817200009.CWZT20372.mta009.verizon.net@exanpcn4.arinc.com>
for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500
Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com
(Content Technologies SMTPRS 4.1.5) with ESMTP
id <T90f3203cca5cc55c0da9@exanpcn4.arinc.com> for <<my-home-address>>;
Sat, 17 Aug 2002 16:02:15 -0400
Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19)
\tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400
Message-ID: <09328AED5429D311A3000008C7911B100778B52C@exanpmb1.arinc.com>
From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>
To: "my-home-address" <<my-home-address>>
Subject: Hello
Date: Sat, 17 Aug 2002 16:00:26 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
9
Another Example – Partial Header
Delivered-To: gkearns@mail.usf.edu
Received: by 10.68.58.39 with SMTP id n7cs40710pbq; …
Return-Path: <stpetebay@yahoo.com>
…
Received: from [127.0.0.1] by omp1017.mail.bf1.yahoo.com with NNFMP; 20 Jun …
Received: (qmail 38143 invoked by uid 60001); 20 Jun 2011 19:58:58 -0000
Message-ID: <391707.15764.qm@web161204.mail.bf1.yahoo.com>
Received: from [70.126.236.236] by web161204.mail.bf1.yahoo.com via HTTP;
Mon, 20 Jun 2011 12:58:58 PDT X-Mailer: YahooMailClassic/14.0.3
YahooMailWebService/0.8.111.304355 Date: Mon, 20 Jun 2011 12:58:58 -0700
(PDT)
From: Grover Kearns <stpetebay@yahoo.com>
Subject: Be Alert To: gkearns@mail.usf.edu MIME-Version: 1.0 Content-Type:
text/plain; charset=us-ascii
Now get to work!
Mobile Phone Forensics




Unauthorized photos, videos,
audio recording
Digital fraud and data duplication
Industrial espionage
Acceptable use policy
12
Mobile Phone Forensics
SIM Cards- Subscriber Identity Module
SD Cards- Secure Digital
13
Mobile Phone Forensics





International Mobile
Subscriber Identity
Integrated Circuit Card
Identifier (ICC-ID)
Authentication Key (Ki)
Location Area Identity
SMS Message / Contacts
Stored Data on
SIM Cards
14
Mobile Phone Forensics








Call logs
Text Messages
Electronic documents
Phonebooks
Stored Data
Videos
on
SD
Cards
Music
Photos
Calendar
15
Smart Phone Videos
How to Save Data to a Phone's Micro SD Memory
Card
http://www.ehow.com/video_4756774_save-microsd-memory-card.html
 SIM Card Reader
http://www.proofpronto.com/cell-phonespy.html?gclid=CIfqu8zqwqkCFYgW2god9AZacw
 Hacking the iPhone
http://www.youtube.com/watch?v=ZgITSfrEILQ

16
Problems with Mobile
Forensics

Lack of single standards



How cell phones store messages
Multitude of models
Generations: analog, PCS, 3G, 4G, ???
Remote Phone Wipes
All smart phones
can be “wiped”
remotely. Check the
web for instructions
for each phone.
18
Securing Mobile Phones





Securing the mobile phone is the
first action
Turning it off will lose RAM
If on it can be wiped remotely
Wrap multiple times in foil or
Place in empty paint bucket
21
SIMCon





Reads SIM files
Analyzes file content
Recovers deleted text messages
Manages PIN codes
Exports data to spreadsheet files
22
Comparing 3G to 4G





3G
Average download
speed is 1 to 100 Mbps
Allowed email and
Internet access
Allows apps with music
downloads and video
calling
Applies to all
smartphones




4G
A set of standards that
hasn't really been clearly
defined
Average download speeds
are about twice as fast as
3G at 4-6 Mbps
More apps, More secure
Digital Networks


CDMA – Uses full radio frequency
spectrum. Sprint and Verizon use this.
GSM – Used by AT&T and T-Mobile and
standard in Europe and Asia.


You can switch your SIM card with GSM!
OFDM – Probably will be the chosen
technology for 4G.
Smart Phones




Contain: RAM, ROM, microprocessor,
radio module, hardware interfaces.
Many have memory cards (SIM).
Store system data in EEPROM.
OS is stored in ROM.
26
28
29
30
31
Jailbreaking & Unlocking


Unlocking allows
owner to switch SIM
cards
Could void warranty


Jailbreaking allows
owner to add apps
that are not
supported by vendor
Not illegal
32
Recovering Deleted Files
http://www.youtube.com/watch?v=5ShSIYR
QnZY&feature=related
33
Web Sites - Email
Email Spoofing
http://lybio.net/household-hacker-hacking-email-spoofing101/science-technology/
 Tracing an email
http://www.youtube.com/watch?v=hSvswzSy3oA
 How to find IP address and shutdown network computer
http://www.youtube.com/watch?v=fFLd0EQRuE&feature=related
 Restoring deleted files
http://www.youtube.com/watch?v=5ShSIYRQnZY&feature=r
elated

Web Sites – Mobile Phones
SIM Card Reader
http://www.proofpronto.com/cell-phonespy.html?gclid=CIfqu8zqwqkCFYgW2god9AZacw
 Hacking iPhone
http://www.youtube.com/watch?v=ZgITSfrEILQ
 How to Save Data to a Phone's Micro SD
Memory Card
http://www.ehow.com/video_4756774_savemicro-sd-memory-card.html

Related documents
Youth & Young Adult Ministries - First United Methodist Church of
Youth & Young Adult Ministries - First United Methodist Church of
First Grade High Frequency Words
First Grade High Frequency Words
Vocabulary Essay 21 - A.Rahman Al Shater E
Vocabulary Essay 21 - A.Rahman Al Shater E
SAT/ACT ppt Soph/JR Spring Parent Event sat
SAT/ACT ppt Soph/JR Spring Parent Event sat
Download
advertisement