Professional Documents
Culture Documents
Eth Q15 11 12
Eth Q15 11 12
Eth Q15 11 12
Email tracing can be a useful technique in identifying the origin and path of an email,
which can help in cases of internet fraud. Here's an overview of how you can trace an
email and some steps you can take if you suspect fraud:
" Email headers contain important information such as the sender's IP address,
the email servers it passed through,and the timestamps.
" Most email clients allow you to view the email headers. Here's how to do it in
Some common clients:
Gmail: Open the email,click on the three dots (more options), and select
"Show original."
" Outlook: Open the email, click on "File then "Properties and look for the
"Internet headers" section.
" Yahoo Mail: Open the email, click on the three dots, and select "View raw
message."
" Look for lines starting with "Received:" which show the path the email took
from sender to receiver.
" The first "Received:" line typically contains the originating IP address. You can
use IP lookup tools to get more information about this IP address.
" Online tools like MXToolbox, EmailHeaders, and |P Tracker can help you
analyze email headers and trace the origin.
" Report the fraudulent emailto the emailprovider (Gmail, Yahoo, Outlook, etc.).
" Forward the email to the Federal Trade Commission (FTC) at spam@uce.gov.
" Ifyou've lost money or sensitive information, report the incident to your local
law enforcement and consider filing a report with the Internet Crime Complaint
Center (IC3) at www.ic3.gov.
Change passwords for any accounts that may have beern compromised.
" Enable two-factor authentication (2FA) on your accounts for added security.
3. Notify Relevant Parties:
" Inform your bank or credit card company if financial information has been
Compromised.
" Alert your contacts if they might receive fraudulent emails from your account.
" Share information about email fraud with friends and family to help protect
them.
By understanding how to trace emails and taking appropriate action, you can better
protect yourself and others from internet fraud.
Explain process for collecting network based Evidence
1. Preparation
Before collecting network-based evidence, ensure that you have:
" Firewalls
" Network Intrusion Detection Systems (NIDS) and Intrusion Prevention Systerms
(NIPS)
Servers and workstations
" Network Segmentation: Isolate the affected part of the network to prevent further
damage or loss of evidence.
Preservation: Ensure that data is not altered during the collection process. Use
write-blocking tools where applicable.
4. Data Collection
a. Log Files
Syslogs: Collect logs from network devices like routers, firewalls,and switches.
" Event Logs: Gather logs from servers and workstations.
" Application Logs: Capture logs from specific applications, including web servers,
email servers, and databases.
" Network Tap: Use a physical device to intercept and capture network traffic.
c.Configuration Files
" Extract confiquration files from routers, firewalls, and other network devices to
understand their settings and rules.
5. Data Integrity
" Hashing: Calculate cryptographic hashes (MD5, SHA-1, SHA-256) of the collected
data to ensure integrity. Any changes to the data will result in different hash values.
" Chain of Custody. Document the collection process meticulously, including who
collected the data, when, where, and how it was collected, to maintain a clear chain
of custody.
6. Analysis
" Network Traffic Analysis: Examine captured network traffic to identify anomalies,
patterns, and indicators of compromise (loCs).
" Log Analysis: Correlate log entries across different devices to reconstruct events
and trace the attack path.
" Forensic Tools: Use specialized tools for deeper analysis, such as SIEM (Security
Information and Event Management) systems, intrusion detection tools, and
forensic analysis platforms.
7. Reporting
" Documentation: Prepare detailed reports that include findings, methodologies,
tools used, and the interpretation of the collected evidence.
" Presentation: Ensure that the evidence and findings are presented in a clear,
understandable format for stakeholders, including technical staff, management,
and possibly legal authorities.
8. Follow-Up
" Incident Response: Use the findings to respond to the incident, which may include
patching vulnerabilities, removing malicious software, and strengthening network
defenses.
" Lessons Learned: Reviewthe incident and the response to improve future
processes and prevent similar incidents.
By following these steps, you can systematically collect, preserve, and analyze network
based evidence to support cybersecurity investigations and respond effectively to
network incidents.
Note on tools used in network forensics
Network forensics involves the use of specialized tools to capture, analyze, and interpret
data from network trafficand devices. Here'sa detailed note on some commonly used
tools in network forensics:
" Wireshark:
" tcpdump:
" Provides powerful filtering capabilities using BPF (Berkeley Packet Filter)
syntax.
" Snort
" Suricata:
High-performance NIDS/NIPS.
" Supports multi-threading for better performance on multi-core systems.
" Can handle complex traffic patterns and offers extensive protocol analysis.
" Splunk:
" Nagios:
" Open-source network monitoring tool.
uptime.
" Xplico:
" Network forensic analysis tool (NFAT).
" Extracts application data from internet traffic (e.g., emails, VolP calls).
" WorkS with captured packet data to reconstruct sessions and conversations.
7. Network Configuration and Management Tools
These tools help in managing and analyzing the configurations of network devices.
Conclusion
Message ChatGPT