StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Computer Crime File Content Analysis - Assignment Example

Cite this document
Summary
The author of this paper "Computer Crime File Content Analysis" discusses the ways to analyze the content and to avoid the challenges, which may consist of fraud and crime. The paper suggests the utilities be used in order to analyze the sites, the site status, IP address, and so on…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.6% of users find it useful
Computer Crime File Content Analysis
Read Text Preview

Extract of sample "Computer Crime File Content Analysis"

Computer Crime Computer Crime Microsoft Windows [Version 6 7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>ping www.independent.ie Pinging www.independent.ie [77.245.91.249] with 32 bytes of data: Reply from 77.245.91.249: bytes=32 time=355ms TTL=54 Reply from 77.245.91.249: bytes=32 time=349ms TTL=54 Reply from 77.245.91.249: bytes=32 time=355ms TTL=54 Reply from 77.245.91.249: bytes=32 time=367ms TTL=54 Ping statistics for 77.245.91.249: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 349ms, Maximum = 367ms, Average = 356ms C:\Windows\system32> Ping can generally be used by good guys to determine whether a computer is responding to IP requests by sending four normal sized internet control message protocol (ICMP) to determine whether it is still available. Ping is generally used to identify the hosts that are alive. However, bad guys can also use ping to send a humongous ICMP packet to the remote computer to flood its buffer so that the system reboots or helplessly hangs in a process known as the ping of death. the bad guys can send a ping request to a computer. They then get the numerical IP address such as 172.198.0.254 which isn’t risky. However, they can go on to use Ping to convert the IP address to into a domain name. the DNS will then reveal the matching domain name. Ping is usually the initial step that the bad guys use to propagate their crime. Since Ping uses ICMP to determine whether the destination is reachable, it will send echo packets to the destination hence the target will reply back with ICMP. C:\Windows\system32>nslookup whitehouse.gov Server: Unknown Address: 196.201.217.7 Non-authoritative answer: Name: whitehouse.gov Addresses: 2a02:26f0:ca:2a0::2add 2a02:26f0:ca:291::2add 184.86.50.35 C:\Windows\system32> The good guys use nslookup to find IP addresses that coincide with certain World Wide Web address . This takes the form of nslookup x.x.x.x where x.x.x.x is the World wide web address the user wishes to locate. This will bring the IP address of the server that hosts the website they are interested in. whois Lookup Registrar Info Domain name:           flemingcollege.ca Domain status:         registered Creation date:         2000/11/09 Expiry date:           2015/12/01 Updated date:          2014/10/30 DNSSEC:                Unsigned Registrar:     Name:              Webnames.ca Inc.     Number:            70 Registrant:     Name:              Sir Sandford Fleming College Administrative contact:     Name:              Roger Fitch     Postal address:    599 Brealey Drive                        Peterborough ON K9J7B1 Canada     Phone:             +1.7057495520x1225     Fax:               +1.7057495540     Email:             @flemingc.on.ca Technical contact:     Name:              Roger Fitch     Postal address:    599 Brealey Drive                        Peterborough ON K9J7B1 Canada     Phone:             +1.7057495520x1225     Fax:               +1.7057495540     Email:             @flemingc.on.ca Name servers:     auth1.dns.cogentco.com     auth2.dns.cogentco.com     daneeka.flemingc.on.ca 192.197.148.227     flemingx.flemingc.on.ca 192.197.148.225     ns1.easydns.com     ns2.easydns.com % WHOIS look-up made at 2015-04-02 19:50:43 (GMT) % % Use of CIRAs WHOIS service is governed by the Terms of Use in its Legal % Notice, available at http://www.cira.ca/legal-notice/?lang=en % % (c) 2015 Canadian Internet Registration Authority, (http://www.cira.ca/) Site Status Status Active Server Type Apache/2.2.3 (Red Hat) Traffic Info Alexa Rank (One Month) 420,359 114,628 Alexa Rank (Three Month) 446,391 65,278 Page Views Per Visit (One Month) 1.9 30.77% Page Views Per Visit (Three Month) 2.2 13.1% The bad guys can use whois utility to expose the registration information of internet users who had opted for privacy. This can be done without the user’s permission. To make it worse the information will be available on permanent basis because internet services keep whois archived. The good guys on the other hand use the whois utility to compile the data of users into whois databases so that then data can be safely stored. The stored data will then act as the internet phonebook so that people can research over them on the internet. Whois gives the bad guys a lot of information about what users see about them. They can then exploit this information for their malicious purposes. By performing a whois lookup through the wide variety of whois tools available over the internet they can gain a lot of information that gives them the edge over the good guys. For example, through whois lookup the bad guys can have access to internet domain name registration information that includes contract names because the DNS servers are the ones that hold this information. In the case of the flaming college the bad guys can use whois utility to access student credit card information. The IP address 193.242.111.55 provides the following geological information Geolocation Information Country: Ireland State/Region: Galway City: Galway Latitude: 53.2719  (53° 16′ 18.84″ N) Longitude: -9.0489  (9° 2′ 56.04″ W) The IP address 92.123.72.46 from Europe provides the following geological information Country: Europe Latitude: 47  (47° 0′ 0.00″ N) Longitude: 8  (8° 0′ 0.00″ E) This is probably in Switzerland From North America the route moves in The IP address is 216.182.236.112 Geolocation Information Country: United States State/Region: Washington City: Seattle Latitude: 47.5839  (47° 35′ 2.04″ N) Longitude: -122.2995  (122° 17′ 58.20″ W) Area Code: 206 Postal Code: 98144 The IP address 184-25-56-210 form North America provides the following geological information Geolocation Information Country: United States State/Region: Massachusetts City: Cambridge Latitude: 42.3626  (42° 21′ 45.36″ N) Longitude: -71.0843  (71° 5′ 3.48″ W) Area Code: 617 Postal Code: 02142 The IP address 198.32.176.127 provides the following information Country: United States State/Region: California City: Redwood City Latitude: 37.5331  (37° 31′ 59.16″ N) Longitude: -122.2471  (122° 14′ 49.56″ W) Area Code: 650 Postal Code: 94065 PDF trailers are used to show the location of the cross reference table together with the special objects within the document. It consists of three parts. The first part is the word ‘trailer’ and is preceded by a dictionary that is comprised of values for the fields. The second part is the keyword ‘startxref’, followed by a number in the following line. This number shows how far the word xref is from the documents start. These are followed by the %%EOF that marks the end of the file. All the PDF’s read from the computer had this trailer. For example from the PDF file I read the cross reference table is approximately 361461 bytes from the start of the file. trailer 66...)(X$X@>66...)] >> startxref 361461 %%EOF It can also be deduced that the size, root and some keys must be contained in the trailer dictionary. The size refers to the number of attributes contained in the cross reference table. The number must be an integer like for the said PDF the size is 62. The root refers to the indirect reference to the PDF catalog. In the opened PDF the catalogue is 1. RTF signatures must be composed of the following. The first byte must be an open brace i.e. {and the closing}. The second and third byte must be the tf i.e \rtf while the sixth byte must be the major version of the RTF document e.g. 1. The seventh to tenth byte must contain the \ansi which specifies the coding used. The file signature is composed of firstly the header which must start with the name rtf e.g. {\rtf} (Bill, 2014). Surprisingly all the paths lead to the same destination i.e www.smh.com.au . This means that using traceroute will direct the user to the correct destination regardless of the path followed. No wonder the paths from North America and Europe lead to the same destination. The paths are not always the same because the intermediate servers can send messages to different servers e.g. for the first time the UDP message could be sent to D1 but later sent to even C1 so that the paths are not the same. Furthermore, traceroute does not trace the route of a single packet. The user would therefore wish that they follow the same path because links often fail. This results in the packets being rerouted thus impacting the tracerroutes output. 2. the file’s checksum is contains ten digits. It is 3594581100. In hexadecimal it is represented as D640F46C. In SHA-2 (512bit) the checksum in hexadecimal contains more than 32 digits. The first seven digits are D9DB4A4 Changing the first letter to lowercase changes the checksum to 2207179089. In hexadecimal the representation is 838EE151. The first seven digits becomes D820CC8 Changing the name of the file to test.doc changes the checksum in CRC (32 bit) to 3808875671 while the hexadecimal value becomes E306D497. In SHA -2(512) the checksum becomes 663E1C5 The image lacked the markers that serve as headers in JPEG images. These markers are used to separate image parts. The parts separated include the EXIF data which is comprised of the image data. What was to be done was to add the start of the image data. The file can then be saved and viewed. The difficulty came in finding the appropriate markers. The three parts gives the byte number, hexadecimal number and the ASCII equivalent data of the document. The hexadecimal number is the one that was altered with. Each pair of the number in the hexadecimal is a byte. A clear analysis reveals that the first byte of the does not represent hexadecimal values. To recover the documents we locate the missing hexadecimal values and change back to hexadecimal Note that the first "good" file to be tested was a portrait orientation. That header resulted in a broken banding corruption of the image (disjointed bands of the image), but it opened in image viewer. Changing the header with one from a landscape oriented JPEG corrected this. If you see similar behavior with the final image, try a different source file for the header. After recovering the picture it looked as shown above. There is a black front box/ panel at the front with small squared boxes. The box has some words at the center that are too tiny for reading. At the near background there is an electric pole and a river. Whereas at the far background there is a house and some trees beyond the house. The word document on the other hand talks about Netscape 2.0. Works Cited Bill. (2014). File contents analysis. Retrieved April 3, 2015, from Security Site : http://asecuritysite.com/forensics/rtf?file=http%3A%2F%2Fasecuritysite.com%2Flog%2F1.rtf Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Computer Crime File Content Analysis Assignment Example | Topics and Well Written Essays - 1500 words, n.d.)
Computer Crime File Content Analysis Assignment Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/1868241-computer-crime-2
(Computer Crime File Content Analysis Assignment Example | Topics and Well Written Essays - 1500 Words)
Computer Crime File Content Analysis Assignment Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1868241-computer-crime-2.
“Computer Crime File Content Analysis Assignment Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1868241-computer-crime-2.
  • Cited: 0 times

CHECK THESE SAMPLES OF Computer Crime File Content Analysis

Computer Forensics

This article takes a critical analysis of computer forensics as a way of presenting evidence in courts on matters pertaining to computer crimes.... Computer forensics is commonly used to refer to the analysis and reporting of the information collected from the forensic analysis of digital-related media.... It analyses the problems encountered in the business world as a result of computer crimes.... Various computer-related criminal acts are highlighted in the paper....
11 Pages (2750 words) Research Paper

Forensic Case Portfolio

The field of digital forensic analysis has various techniques that are critical in the identification, preservation, extraction, and documentation of digital evidence.... On 10 December 2012, our computer forensic department received a request for computer forensic analysis.... Forensic Portfolio James Moravec Institution Forensic Case Portfolio Introduction The era of information technology has made it possible for computer users to commit crime-using computers, but law enforcement officer also had tools that rely on computer to collect evidence about crime....
13 Pages (3250 words) Case Study

The Doctrine of Cyber Law, its Effectiveness and Reliability

To answer all this questions, we have to undergo a thorough analysis of the definition and meaning of terms like cyber law and cyber crime, the enactments that make up cyber law, the different types of cyber crime, the outcomes of the cyber laws etc.... content-related offences:2 The aforementioned category includes offences of publishing content which is illegal or obnoxious.... Many countries criminalize access of pornographic content by minors....
6 Pages (1500 words) Research Paper

Is the Fraud Act a Useful Tool in E-crime Prosecution

As the Post Note survey confirms “Information security experts suggest that the motives behind computer crime have changed… [and] is now increasingly financially motivated.... Aims and objectives 10 2Computer fraud 11 3An overview of the legal scenario as related to e-crime prior to the enactment of Fraud Act 2006 in UK 22 4Fraud Act 2006 34 5Methodology 42 45 6Analysis 51 7Conclusion 55 8Recommendations 56 References 56 Abstract Internet, one of the most compelling technological innovations of the twentieth century, has recently acquired great popularity as a medium of commercial activities and a mode for transactions of a financial nature....
59 Pages (14750 words) Dissertation

Cyber Network Security, Threats, Risk, and Its Prevention

This dissertation "Cyber Network Security, Threats, Risk, and Its Prevention" is about a crime that has created major concerns in the modern world with the greater advancements in the field of information technology, and the misuse being increased.... hellip; Technology has a significant role to play in the lives of human beings and every activity associated with it....
36 Pages (9000 words) Dissertation

Digital Evidence and Digital Crime

Observation Last week on 25 November 2012, our department received a request to from a local media firm for a digital evidence analysis.... The value of digital evidence report underpins the role of digital forensic expert in solving crime using digital evidence.... hellip; While computer are useful in the digital economy, some users utilize information systems to conduct crime or engage in illegal activities.... In addition, appropriate documentation is essential in the location of evidence found in a crime scene....
5 Pages (1250 words) Case Study

Forensic Computing and Identity Theft

This report is a discussion about identity theft and respective computer forensics… First of all, an introduction has been given which gives a better understanding of the topic.... Forensics is the structured procedure of gathering, examining and showing facts and evidences to the court of law, and thus, forensic computing is defined as “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT 2008)....
16 Pages (4000 words) Essay

Threat for Information Technology

hellip; ing to Edward, the typical steps in the Risk Assessment process are the following: System Characterization, Threat Identification, Vulnerability Identification, Control analysis, Likelihood Determination, Impact analysis, Risk Determination, Control Recommendations, and Kenny Hartford Marianne Scott Computer Sciences and Information Technology 25 August Discuss the difference between a “Threat” and a “Threat Agent”.... According to Edward, the typical steps in the Risk Assessment process are the following: System Characterization, Threat Identification, Vulnerability Identification, Control analysis, Likelihood Determination, Impact analysis, Risk Determination, Control Recommendations, and Documentation findings....
2 Pages (500 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us