Chapter 24: Tools to Aid in Internet Activity Reconstruction

OVERVIEW

Forensic investigators are frequently asked to reconstruct the online activities of a suspect under investigation. For the purposes of this chapter, online activities are generalized into two categories: electronic mail and web-browsing habits. Both are used in an alarming number of cases to perpetrate or conduct illegal activities. E-mail is one of the fastest growing methods of communication, personally , corporately, and among International gangs, terrorist organizations, and individuals like Joe Schmooze who want to traffic your intellectual property out of your organization. Likewise, the emergent properties of online accessibility mean more people are using the Internet to conduct their business, whether legitimate or not. This chapter discusses the toolset a forensic analyst needs to use to reconstruct the online activity of a suspect's machine. It also highlights the intricacies we have discovered during field testing cases in just about every kind of scenario. Although a single chapter can't cover every tool and technique available today, we do cover mainstream e-mail investigative techniques.

In the scenarios that follow, programs and techniques used to view e-mail data and extract relevant artifacts are discussed. These include products such as Paraben's E-mail Examiner, open -source tools, Guidance Software's EnCase, and Access Data's Forensic Toolkit. Other methods include using the native e-mail client or various tricks to get around simple controls. Remember that multiple tools and methods are available for searching and analyzing this data. Choose the tools and methods that best fit your needs.



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net