prentice hall ©2004 pearson education, inc. computer forensics and cyber crime britz chapter two...

Computer Forensics and Cyber CrimeBritz

PRENTICE HALL©2004 Pearson Education, Inc.

Chapter Two Computer Terminology &

History

Hardware



HardwareInput devices Modems Keyboards Mouse Scanner

Camera Microphones

Output devices Modems Monitor CPU Printers



Processing devices

Buses

CPU

Motherboards

PC Cards



Modems

Electronic devices which connect a computer and telephone line to enable communication between computers by converting binary data to analog tones and voltages communicable over an analog communications cable and vice versa.



Keyboards

Keyboards – devices through which commands and information are introduced to the computer hot keys – found on

reconfigured keyboards – perform a multitude of tasks including system security



Mouse and Scanners

Mouse - Input device which facilitates the manipulation of an onscreen cursor by handScanner - input device which enables users to import photographs, documents, or other sorts of paper information



Output devices

devices which produce and/or display information that has been processed by the computer for dissemination to the user



Monitors & PrintersMonitor – output device originally called a CRT (Cathode Ray Tube) which communicates to users in a digestible format the results of their commandsPrinters – devices that create printed documents, per the computer’s instructions, to reflect the results of their commands.



Processing componentsCentral Processing Unit (CPU) – single integrated circuits which actually interpret program instructions and the processing of data in a computerBuses – multiple connections consisting of several parallel wires between chips and memory chips. These parallel electrical connections permit the transfer of several bits of data simultaneously.Motherboard – primary circuit board of a PC to which all other elements are connected. Such components include: processor memory chips, BIOS, and ROM.



PC Cards or PMCIA (Personal Memory Card International Association) – plug-in boards originally designed for laptops. Initially the size of a credit card, their capabilities include: hard drives, network interfaces, flash memory cards, modems, SCSI, CD-ROM and audio drives.SCSI (Small Computer Interface System) – increasing popular, SCSIs provide interfacing for up to 7 peripherals acutally, an 8-bit bus interface, but the host adapter which connects to the computer’s bus also counts as a device), and allows communication between any two devices simultaneously. Relied upon for speedy transfers, wide SCSI provides up to 40 MB/sec.



Computer Software

series of instructions that performs a particular task – more specifically – the interpretation of binary byte sequences represented by a listing of instructions to the processors



Software Language

Programs – the sequence of rules through which software operates

Source code – the set of instructions written in programming language

Object code – that which is actually executed by the computer



Malware

also called malicious programming code - software which causes damage to computer systems includes trap doors, Trojans, viruses, worms, etc.



Malware

Trap doors – malware which allows users to enter systems without authorization. Also called back doors, they are often installed by software developers and exploited by hackers.Trojan horses- a malware program, which on its face, appears to have a legitimate purpose, but which hides other features such as trap doors. Unlike viruses and worms, Trojans do not replicate.



VirusVirus – malware which is usually attached or inserted into a file or the boot sector of a disk. A rogue computer program which is designed to disperse copies of itself to other computers for destructive purposes by attaching itself to programs and replicating



Virus a boot sector virus can also infect a hard drive where it is much more dangerous. introduced to computer systems as part of an infected COM,

EXE, or boot sector program file, or through network downloads as macros, set-up files, or e-mail attachments

continuum of destruction – range from the relatively harmless, designed to prove the superiority of its creator, to the catastrophic, shutting down entire networksnever accidental in their creation – although they may be spread by unknowing victims, their creation and initial implementation are always deliberateuncontrollable – once created they are unstoppable until antidotes are discovered



Droppers

Droppers – programs that are created to avoid anti-virus detection usually by encryption that hinders detection. Their typical function is to transport and install viruses when an infected computer performs a certain function.



Wormsself-contained programs or sets of programs which may spread functional copies of themselves or their segments to other computer systems. Unlike viruses, they do not need to attach themselves to a host program. They are not specifically designed to erase or alter data, although their presence may cause crashes due to memory hogging.



Worms

Network worms- several segments operating on different machines that use the network for several communication purposes. Once activated, these worms will scan for connections to the host network.Host computer worms – entirely contained on the computer they run on. These worms only use network connections to copy themselves to other computers—some variations include self-destructive programs.



Bombs

Bombs – code built into malware as an activation mechanism. Like droppers, bombs are designed to activate when a specific action occurs. Malicious scripts or scheduling programs. time bombs – are those which are activated at a specific

time on the infected system’s internal clock logic bombs – are those which are designed to activate

upon a series of events (often used by disgruntled employees – i.e., designed to activate when a certain individual is fired or changed in the computer).



Logic BombsSeeking Revenge

Computers have proven to be an effective means of retaliation for terminated employees. Unlike workplace violence, the manipulation of computer systems provides a mechanism for dismantling entire corporations, leaving individual employees unharmed. Systems manager Donald Burelson, for example, employed a logic bomb which targeted the commission records for over 60,000 independent insurance agents. This logic bomb was predicated on personnel records, and was activated when his employment status was changed in the system. (more info)



Operating System

Operating system – a piece of software that runs user applications and provides an interface to the hardware. traditionally, almost all contained some version of

DOS (disk operating system) multiple operating systems may be contained on

one machine GUI (Graphical User Interface) – or WIMP

(Windows, icons, multi-tasking, and pointing device – point and click technology



Network Language



TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) – the suite of protocols that define the Internet – more specifically, a method of communication between programs which enables a bit-stream transfer of information.- originally designed as the standard protocol for Arpanet



IMAP v. POPIMAP (Internet Message Access Protocol) – method of accessing electronic mail or bulletin board messages that are kept on a mail server – i.e., permits a “client” e-mail program to access remote message stores as if they were local . Thus, mail can be accessed by multiple computers.POP (Post Office Protocol) –unlike IMAP, POP works best when one has only a single computer as it provides off-line access to these messages (ex. Netscape).



Network Language, Cont’d

ROUTERS – special purpose computers or software packages that handle the connection between two or more networks- analogous to switches found within telephone systems

HUBS – central switching devices for communications lines in a star topology – they may add nothing to the transmission (passive hub) or may contain electronics that regenerate signals to boost strength as well as monitor activity (active hub)

PACKETS – units of data exchanged between host computers further distinguished as headers and data packet switching – refers to the method used to move data around

on the Internet



Network Language, Cont’dCOOKIES – a piece of information sent by a web server to a Web browser that the browser software is expected to save and to send back to the server whenever the browser makes additional requests from the server stored information which is supplied by the user and placed on a hard drive to assist in online transactions and communications originally designed so that users do not have to continuously supply the same information

DNS entry – (Domain Name System) – based on a group of computers on a common network defined by a commonality of Internet Protocol Addresses

- in a nutshell – DNS was necessary due to the explosion of the Internet – developed the .com, .gov, .org, .edu, etc.



Hacker Language

back door – a hole in security deliberately left within a program or software which enables unauthorized accessBit bucket – final destination of discarded, lost or destroyed dataBlack Hat hacker – term which refers to evil crackers



Hacker language, cont’d

Cracker – term originally coined by hackers which usually refers to those individuals violating secure systems for illicit purposes rather than fun. (Hackers claim to be motivated purely by intellectual pursuits, while “crackers” exploit systems for economic reasons or other forms of personal gain. Crackers are often referred to as “cyberpunks”.)Phreaking – art and science of cracking the phone network (i.e. making illegal phone calls)Red Hat hacker – tongue in cheek reference to a flavor of the Linux operating systemsSneaker – individual hired by a company to test their security systems by attempting to violate themSpaghetti or kangaroo code – complex or tangled code



Hacker Language, cont’d

Vulcan nerve pinch – keyboard combination that forces a soft-boot or jump to ROM monitor. Many microcomputers combination is Ctrl-Alt-Del. Sometimes called the “3 finger salute.”Wedged – refers to the inability of a computer to make progress. Unlike a crash, computers which are wedged are not totally nonfunctioning.Wetware – term used to refer to humans operating computers (as opposed to hardware and software)White hat hackers – term used in the industry to designate “good” hackers

A Brief History of Computers



Computers as a concept

Computer – a device used to ascertain an amount or number by calculation or reckoning

Earliest Computer – invented over 800 years ago by the Chinese - abacus



Charles Babbage

Herman Hollerith

Professor John Atanasoff and Clifford Berry

John W. Mauchly & John Presper Eckert

ENIAC

Professor Max Newman

Significant Individuals and Developments most developments occurred due to government funding



Charles Babbage

England – designs analytical engine in London that was designed to receive instructions from punch cards, make calculations with the aid of a memory bank and print out mathematical solutions

Unprecedented ideal

Failed due to lack of technological infrastructure



Herman Hollerith

United States - designed a machine to tabulate the 1890 U.S. Census

Retired from civil service in 1896 to start his own company – the Tabulating Machine Company – now IBM



Professor John Atanasoff & Iowa State

University student Clifford Berry

Atanasoff-Berry Computer (ABC) had capabilities which included binary arithmetic, parallel processing, separate memory, regenerative memory, and basic computer functionality.



John W. Mauchly and John Presper Eckert

University of Pennsylvania

Designed for calculating firing and bombing tables for the U.S. military



ENIA (Electronic Numerical Integrator and Computer)

comprised of 30 separate units and weighed 30 tons

19,000 vacuum tubes, 150 relays, and required 200 kilowatts of electrical power to operate



Professor Max Newman (England)

develops Colossus 1 – designed exclusively for cryptanalysis

Used paper tape to scan and analyze 5000 characters per second

Used in WWII to break Enigma codes



Realms of the Cyberworld Intranets – small, local networks connecting computers which are within one organization and which are controlled by a common system administrator

Internets – connect several networks, and are distinguished in the literature by a lower case “i”the Internet the largest network in the world, an

international connection of all types and sizes of computer systems and networks

a system of small networks of computers linked with other networks via routers and software protocols



A Brief History of the Internet

1960s and 1970s - ARPANET (Advanced Research Project Agency Network)developed in 1969 by the Department of Defense to maintain lines of communication in the event of a nuclear warlinked UCLA, Stanford, UC Santa Barbara, and the University of UtahApril 7, 1969 – the “Internet’s official start dateCharacterized by non-interactive postings (i.e. RFC – Request For Comment) Opened to non-military users in the 1970s – most takers were involved with universities

Extremely unfriendly to users!



1980sNSF Net – National Science Foundation Eventually acted as a springboard for a myriad of

software, including: UNIX – Bell Labs Eudora (e-mail system) – Univ. of Illinois Gopher (information retrieval) – U. of

MinnesotaPine (e-mail system) – U. of WashingtonCU-SeeMe (low cost video conferencing – CornellCommercial Internet Xchange (CIX) - Midlevel

networks were leasing data circuits from phone companies and subleasing them to institutions

Emergence of domain names



Late 1980s and 1990s – World Wide Web

1989 – WWW invented by Tim Berners-Lee – a physicist working at CERN – the European Particle Physics Laboratory as a communication medium for physicistsOriginally text only – but the introduction of NCSA Mosaic introduced graphical interfaces1993 - Dial-up modems were granted access to WebWWW explodes in popularity300 host computers in 1981 to over 36 million in 1998.10-25 million users in 1991 to 157 million in 1998



Categorizing Internet Communications

World Wide Web

Newsgroups and

Bulletin Boards

Internet Relay Chat



World Wide Weba collection of hyperlinked pages of information distributed over the Internet via a network protocol called HTTP (hypertext transfer protocol)may be likened to an electronic marketplace where electronic storefronts of businesses, individuals, civic groups, and governments market both tangible and intangible productsVariety of goals Informational Educational Transactional, etc.

Each Web site can be identified by its URL (Uniform Resource Locator)Increasing exponentially – 200% yearly increases are expected



Newsgroups/Bulletin Boards

oldest and most cumbersome of all digital communicationsmay be likened to community bulletin boards where individuals post meetings, information, etc.Bulletin Boards – a medium of computer exchange whereby individuals may have the capability of accessing software, posting personal information, and exchanging electronic mailExtremely popular among subversive organizations – it is cheaper, and the risk of exposure is significantly less



Grouping Bulletin Boards

Security

Immediacy

Community



Grouping Bulletin Boards SECURITY Anonymous – those in which true identities are unknown

and handles are assigned Moderate – those in which the sysop believes he/she knows

the identity of the member Known user – those in which the sysop maintains complete

control over postings – prohibiting role playing and pseudonymous postings

IMMEDIACY Chat lines – immediate postings (i.e., can “chat”

simultaneously Stored messages – single phone line boards which store

messages serially in order of their posting time



Grouping Bulletin Boards - Community

Antiseptic - those boards which serve as software or information dumps – little or no contact between users or sysopsInterpersonal – boards where interaction between users is encouraged (or even demanded) these boards do NOT allow lurkers – (i.e. those

individuals who do not actively engage in communication, but simply watch those who do

very popular among fringe groups – hackers, Satanists, anarchists, Nazis, pedophiles, child pornographers, etc.

Underground - are transient and elusive, appearing and disappearing relatively quickly



Internet Relay ChatAKA medium in which users may observe and participate in real time conversations while “identifying” the nicknames of the individuals on the channel and their corresponding internet address Topics – range from the innocuous to the

profane (ex. Gardening to child exploitation)

Far less expensive than telephone communicationsallows for multiple, simultaneous communicationsliked to a “technologically evolved party line”OSP’S – most chatrooms are sponsored by online service providersUnfortunately, OSP’s fail to warn customers of the potential for deception. In fact, many actually promote feelings of security by offering user vacations, fraternities, and the like.



Future Issues and Conclusions

Problems will continue to mount as LE struggles to keep up with computer criminals.

New technology will continue to pose significant problems for law enforcement.

Advent of cable modems (and stagnant IP’s) will increase the vulnerability of users.

prentice hall ©2004 pearson education, inc. computer forensics and cyber crime britz chapter two...

Documents

computer forensics

pearson education

prentice hall

cyber crime britz mouse

cyber crime britz chapter

cyber crime britz pc

computer hot keys

user slide