| | Copyright |
| | Preface |
| | | Who This Book Is For |
| | | Contents of This Book |
| | | Conventions Used in This Book |
| | | Safari Enabled |
| | | Using Code Examples |
| | | How to Contact Us |
| | | Acknowledgments |
| | Chapter 1. Introduction |
| | | Section 1.1. What Is Internet Forensics? |
| | | Section 1.2. The Seamy Underbelly of the Internet |
| | | Section 1.3. Pulling Back the Curtain |
| | | Section 1.4. Taking Back Our Internet |
| | | Section 1.5. Protecting Your Privacy |
| | | Section 1.6. Before You Begin |
| | | Section 1.7. A Network Neighborhood Watch |
| | Chapter 2. Names and Numbers |
| | | Section 2.1. Addresses on the Internet |
| | | Section 2.2. Internet Address Tools |
| | | Section 2.3. DNS Record Manipulation |
| | | Section 2.4. An ExampleDissecting a Spam Network |
| | Chapter 3. Email |
| | | Section 3.1. Message Headers |
| | | Section 3.2. Forged Headers |
| | | Section 3.3. Forging Your Own Headers |
| | | Section 3.4. Tracking the Spammer |
| | | Section 3.5. Viruses, Worms, and Spam |
| | | Section 3.6. Message Attachments |
| | | Section 3.7. Message Content |
| | | Section 3.8. Is It Really Spam? |
| | Chapter 4. Obfuscation |
| | | Section 4.1. Anatomy of a URL |
| | | Section 4.2. IP Addresses in URLs |
| | | Section 4.3. Usernames in URLs |
| | | Section 4.4. Encoding the Entire Message |
| | | Section 4.5. Similar Domain Names |
| | | Section 4.6. Making a Form Look Like a URL |
| | | Section 4.7. Bait and SwitchURL Redirection |
| | | Section 4.8. JavaScript |
| | | Section 4.9. Browsers and Obfuscation |
| | Chapter 5. Web Sites |
| | | Section 5.1. Capturing Web Pages |
| | | Section 5.2. Viewing HTML Source |
| | | Section 5.3. Comparing Pages |
| | | Section 5.4. Non-Interactive Downloads Using wget |
| | | Section 5.5. Mapping Out the Entire Web Site |
| | | Section 5.6. Hidden Directories |
| | | Section 5.7. In-Depth ExampleDirectory Listings |
| | | Section 5.8. Dynamic Web Pages |
| | | Section 5.9. Filling Out Forms |
| | | Section 5.10. In-Depth ExampleServer-Side Database |
| | | Section 5.11. Opening the Black Box |
| | Chapter 6. Web Servers |
| | | Section 6.1. Viewing HTTP Headers |
| | | Section 6.2. What Can Headers Tell Us? |
| | | Section 6.3. Cookies |
| | | Section 6.4. Redirection |
| | | Section 6.5. Web Server Statistics |
| | | Section 6.6. Controlling HTTP Headers |
| | | Section 6.7. A Little Bit of Everything |
| | Chapter 7. Web Browsers |
| | | Section 7.1. What Your Browser Reveals |
| | | Section 7.2. Apache Web Server Logging |
| | | Section 7.3. Server Log Analysis |
| | | Section 7.4. Protecting Your Privacy |
| | Chapter 8. File Contents |
| | | Section 8.1. Word Document Metadata |
| | | Section 8.2. U.K. Government Dossier on Iraq |
| | | Section 8.3. Document Forgery |
| | | Section 8.4. Redaction of Sensitive Information |
| | Chapter 9. People and Places |
| | | Section 9.1. Geographic Location |
| | | Section 9.2. Time Zone |
| | | Section 9.3. Language |
| | | Section 9.4. Expertise |
| | | Section 9.5. Criminal or Victim? |
| | | Section 9.6. Hardware and Software |
| | Chapter 10. Patterns of Activity |
| | | Section 10.1. Signatures |
| | | Section 10.2. Searching with Signatures |
| | | Section 10.3. Problems with Simple Signatures |
| | | Section 10.4. Full Text Comparison |
| | | Section 10.5. Using Internet Search Engines for Patterns |
| | Chapter 11. Case Studies |
| | | Section 11.1. Case Study 1: Tidball |
| | | Section 11.2. Case Study 2: Spam Networks |
| | Chapter 12. Taking Action |
| | | Section 12.1. What Is Being Done to Tackle Internet Fraud? |
| | | Section 12.2. What You Can Do to Help |
| | | Section 12.3. Getting in Over Your Head |
| | | Section 12.4. Vision of a Community Response |
| | About the Author |
| | Colophon |
| | Index |