CyberSleuthing 101
The term cybersleuthing conjures images of 24's CTU (Counter Terrorism Unit) uber-geek cops, rapidly accessing everything from GPS coordinates to nuclear launch sequences. It all seems like "magic" that boils down to a final, tense 5 minutes of electronic search scrambling to save Jack Bauer's life. The truth of cybersleuthing is that there is no "magic". It's science. It is a matter of knowledge, skill and resources. Mostly resources. In this week's Bulletin, we want to give the reader the knowledge, the instruction to be able to practice the skill, and the resources to be able to perform basic cyber investigations without the aid of someone that may charge your firm a small fortune for what may only amount to thirty minutes of work at a computer. We hope that these links will provide you with just that information, skill practice and investigation capability:Search Engines:
www.google.com - the web's most popular search engine
www.kartoo.com - great graphical interfaces
www.altavista.com - older, reliable all-purpose search tool
Next are the cyber investigation sites that will provide you with the instructions and resources to conduct your own email tracing, domain registration information, mail delivery routes...
Trace route: Did you know that there are differences in trace route on a Unix Machine and a Windows Machine?
Traceroute: http://beast.dreaming.org/traceroute.php
Whois: This invaluable tool is invaluable to the Cyber Investigators. Every Cyber Investigator should have at least a cursory knowledge of it. You can get that cursory knowledge here.
Whois: http://www.whois.us
DNS: Domain Name Servers, learn about BIND (Berkley Internet Name Domain), and how it has helped to make Internet Navigation easier.
DNS: http://www.nwc.com/netdesign/cook5.html
Packet Switching: It is key to understand how information travels from computer to computer on the Internet. Information travels in what is called “packets”.
Packet Switching: http://www2.rad.com/networks/1998/packet/ps.htm
More on Packet Switching: http://www.cciw.com/content/packet.html
IP Numbers: Every Cyber Investigator should know what an IP Number is. It stands for Internet Protocol Number. This number is unique to each machine logged onto the Internet. This number is key in performing an email trace.
IP Number: http://www.auditmypc.com/acronym/IP.asp
Header Information: The first step in tracing an email, KNOW YOUR HEADERS! Here you will learn how to expose an email header, how to read a header, and how to use the information in the header to gather information on the person that sent the email.
Displaying Email Headers: http://www.spamcop.net
Reading Email Headers: http://www.stopspam.org/email/headers.html
Interpreting Header Information: http://www.valinet.com/~coreya/antispam/asheadi.html
TOOLS FOR THE CYBER INVESTIGATOR
Every Cyber Investigator has a Cyber Investigations Tool Box. This tool box enables him or her to do different things on their computer to determine and gather certain information in their investigations. Here you will be able to make your own tool box so that you can too.
Complete Whois: http://www.completewhois.com/
Cool Whois: http://www.coolwhois.com/
DNS Stuff: http://www.dnsstuff.com/
Central Ops: http://centralops.net/co/
Sam Spade: http://www.samspade.org/
Labels: cyber investigations, email, private investigation, search engine, trace
