Packet Capture – Definition and Importance

As the data keeps streaming by, sniffers capture each packet and decode them if needed showing the value of various field in the packet. The content then gets analyzed as per the specifications. The analysis helps in determining if there are unusual packets. This helps in maintaining effective data transmission.

Use

A packet capture can be used in two ways- legitimately and illegitimately. In legitimate use, sniffing identifies the data and transmission errors to ensure an efficient network communication. However, in an illegitimate scenario, a disgruntled employee can use the data to actually ‘capture’ the company’s credit account information. Obviously, this information is not for any saintly purpose. He may use the information to transfer the company money to his own personal accounts!

Continue reading

Hacking Expert Witness: US Charges Eight in Hacking Scheme

This allegedly began in 2011, when several accounts in banks such as: Citibank, JP Morgan Chase, PayPal, the U.S. Military Defense Finance and 11 other banks had their accounts compromised. Once inside these accounts, the hackers setup a payment which was sent to several pre-paid debit cards. The pre-paid cards were then used by an accomplice (aka “cashers” or “money mules”) to make ATM withdrawals or purchases to convert the card into cash.

From here, the cashers took a small cut for themselves, while sending the bulk of the money to their employer via a wire transfer.

They managed to avoid detection for some time by keeping the transfers below the $10,000 threshold set by the anti-money laundering laws of the U.S. However, they routinely made payments of $9,900. A $10,000 transaction sends up a big red flag, a $9,900 transaction sends up a smaller red flag. It is these multiple $9,900 amount transfers along with a Gmail account the defendants use to talked with others about the scheme that was their downfall. In addition to the discussion about the scheme, there were many emails in this account that detailed the transfers to and from many of the banks. Currently only four (4) of the eight (8) defendants are in custody, the other four (4) remain at large. They are charged with: conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. If convicted, each of the defendants will face large fines, and up to 55 years in federal prison.

Continue reading

Computer Forensics Expert: How to Keep Anyone From Snooping Around Your Cloud

The American Civil Liberties Union, based in New York, NY., reported the U.S. Government claims the right to read personal online data without warrants. This trend is not unique to the U.S. Government. Many governments around the world make requests of these service providers as well.

According to statistics published by Google, it received over 16,000 requests for information affecting over 31,000 users in 2012. Google’s same statistics stated they provided information in over 85% of the requests.

In 2012 Microsoft received over 70,000 requests affecting over 120,000 accounts. While this is a much higher number, Microsoft only produced information on these requests about 2% of the time. Almost 80% of the requests asked Microsoft to divulged subscriber and transactional information only.

Continue reading

Managing Complexity in Internet Computer Networking

The World Wide Web as we know has progressed far. Changes to networking technologies have made it possible for new frontiers and milestones to be achieved. Every new discovery is almost complete in a way that is unique and how it expresses itself. Indeed research has proven that data can be skewed from just a few measurements or data nodes. In research of T. Petermann and P. De Los Rios, Exploration of Scale-Free Networks 2004, this has been shown to exist. To recover the correct network structure many different overlaps of different measurements are temporal and necessary. For example, libraries and consortia like CAIDA, LANRL provide solutions to these problems and give access to their data. Web research and ongoing search for cyber communities is an easy step. Once the computer or server obtains the list of URLs from Google search for word or phrase, the program checks for page containing the links or words and repeats this process again. Within the framework of web, the availability of protein networks makes more readily available data within reach or grasp of the researcher associate.

Protein-protein interaction networks are another domain where network tools are being more intensively used to detect relevant protein modules. A database for interacting proteins is the most complete, updated repository of protein interaction data which covers different organisms. Data made available is free to download and use.

Some research shows that when applying a dichotomy-based method to identify communities and sub-communities in networks, just as in classifying species and sub-species in habitats (usual taxonomy) the method itself imposes inverse square power-law behaviour for the community-size distribution. This is also given in G. Caldarelli, C. Caretta Cartozo, P. De Los Rios and V.D.P. Servedio The widespread occurrence of the inverse square-law distribution in social sciences and taxonomy, 2004.

Continue reading

Open Source Computer Forensics Investigations

The world of computer forensics — like all things computer — is rapidly developing and changing. While commercial investigative software packages exist, like EnCase by Guidance Software and FTK by AccessData, there are other software platforms which offer a solution for obtaining computer forensic results. Unlike the two aforementioned packages, these open sources alternatives do not cost hundreds of dollars — they are free to download, distribute and use under various open source licenses.

Computer Forensics is the process of obtaining information from a computer system. This information may be obtained from a live system (one that is up and running) or a system which has been shut down. The process typically involves taking steps to obtain a copy, or an image of the target system (often times an image of the hard drive is obtained, but in the case of a “live” system, this can even be the other memory areas of the computer).

After making an exact “image” or copy of the target, in which the copy is verified by “checksum” processes, the computer specialist can begin to examine and obtain a wide range of data. This copy is obtained through write protected means to preserve the integrity of the original evidence. Information like pictures, videos, documents, browsing history, email addresses, and phone numbers are just some of the information (or evidence if being collected for possible court purposes), which can often be obtained. Even deleted elements are often retrievable.

Continue reading