O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Internet Forensics

Book Description

Because it's so large and unregulated, the Internet is a fertile breeding ground for all kinds of scams and schemes. Usually it's your credit card number they're after, and they won't stop there. Not just mere annoyances, these scams are real crimes, with real victims. Now, thanks to Internet Forensics from O'Reilly, there's something you can do about it.

This practical guide to defending against Internet fraud gives you the skills you need to uncover the origins of the spammers, con artists, and identity thieves that plague the Internet. Targeted primarily at the developer community, Internet Forensics shows you how to extract the information that lies hidden in every email message, web page, and web server on the Internet. It describes the lengths the bad guys will go to cover their tracks, and offers tricks that you can use to see through their disguises. You'll also gain an understanding for how the Internet functions, and how spammers use these protocols to their devious advantage.

The book is organized around the core technologies of the Internet-email, web sites, servers, and browsers. Chapters describe how these are used and abused and show you how information hidden in each of them can be revealed. Short examples illustrate all the major techniques that are discussed. The ethical and legal issues that arise in the uncovering of Internet abuse are also addressed.

Not surprisingly, the audience for Internet Forensics is boundless. For developers, it's a serious foray into the world of Internet security; for weekend surfers fed up with spam, it's an entertaining and fun guide that lets them play amateur detective from the safe confines of their home or office.

Table of Contents

  1. Preface
    1. Who This Book Is For
    2. Contents of This Book
    3. Conventions Used in This Book
    4. Safari Enabled
    5. Using Code Examples
    6. How to Contact Us
    7. Acknowledgments
  2. 1. Introduction
    1. What Is Internet Forensics?
    2. The Seamy Underbelly of the Internet
      1. The Scams
      2. The Numbers
      3. Why Is It Getting Worse?
    3. Pulling Back the Curtain
    4. Taking Back Our Internet
    5. Protecting Your Privacy
    6. Before You Begin
      1. Viruses, Worms, and Other Threats
      2. Ethics
      3. Innocent Until Proven Guilty
    7. A Network Neighborhood Watch
  3. 2. Names and Numbers
    1. Addresses on the Internet
      1. IP Addresses
        1. Databases of IP address blocks
      2. Domain Names
    2. Internet Address Tools
      1. dig
        1. Hostname lookups
        2. Reverse lookups
        3. Back and forth
      2. whois
        1. Dissecting a whois report
        2. Privacy blocks on domain information
        3. Diversity in whois output
        4. Bogus information from whois
        5. Using whois to query IP address blocks
        6. whois on the Web
      3. traceroute
    3. DNS Record Manipulation
    4. An Example—Dissecting a Spam Network
  4. 3. Email
    1. Message Headers
    2. Forged Headers
    3. Forging Your Own Headers
    4. Tracking the Spammer
    5. Viruses, Worms, and Spam
    6. Message Attachments
    7. Message Content
    8. Is It Really Spam?
  5. 4. Obfuscation
    1. Anatomy of a URL
      1. Encoding Characters in URLs
      2. International Domain Names
    2. IP Addresses in URLs
      1. Encoding the IP Address
    3. Usernames in URLs
    4. Encoding the Entire Message
    5. Similar Domain Names
    6. Making a Form Look Like a URL
    7. Bait and Switch—URL Redirection
      1. Page-Based Redirection
      2. Server-Based Redirection
      3. Determining the Mechanism
      4. Redirection via eBay
    8. JavaScript
    9. Browsers and Obfuscation
  6. 5. Web Sites
    1. Capturing Web Pages
    2. Viewing HTML Source
      1. Extracting Links Within a Page
      2. Page Creation Software
      3. Other Information
    3. Comparing Pages
    4. Non-Interactive Downloads Using wget
      1. Downloading a Single Page
      2. Copying an Entire Web Site
      3. The Wayback Machine
    5. Mapping Out the Entire Web Site
      1. Directory Listings
    6. Hidden Directories
      1. Guessing Directory Names
      2. Ethical Question
    7. In-Depth Example—Directory Listings
    8. Dynamic Web Pages
      1. The Black Box Problem
      2. Why PHP?
    9. Filling Out Forms
      1. Genuine Fake Credit Card Numbers
      2. What Happens if I Try This?
    10. In-Depth Example—Server-Side Database
    11. Opening the Black Box
      1. Hitting the Jackpot
      2. Looking at the Source
      3. Phishing Tackle
      4. The Honeynet Project
  7. 6. Web Servers
    1. Viewing HTTP Headers
    2. What Can Headers Tell Us?
    3. Cookies
    4. Redirection
    5. Web Server Statistics
    6. Controlling HTTP Headers
    7. A Little Bit of Everything
  8. 7. Web Browsers
    1. What Your Browser Reveals
    2. Apache Web Server Logging
    3. Server Log Analysis
      1. Googlebot Visits
      2. Bad Robots
      3. Google Queries
    4. Protecting Your Privacy
      1. Disguising Your Browser
      2. Proxies
      3. Privoxy
      4. External Proxy Servers
      5. Proxy Networks
  9. 8. File Contents
    1. Word Document Metadata
      1. SCO Lawsuit Documents
      2. Other Examples
    2. U.K. Government Dossier on Iraq
      1. Extracting Word Revision Logs
      2. Discovering Plagiarism
      3. The Right Way to Distribute Documents
    3. Document Forgery
    4. Redaction of Sensitive Information
      1. The D.C. Sniper Letter
      2. The CIA in Iran in 1953
      3. U.S. Army Report on the Death of Nicola Calipari
      4. Intelligence on Al Qaeda
      5. The Right Way to Redact
  10. 9. People and Places
    1. Geographic Location
    2. Time Zone
    3. Language
    4. Expertise
    5. Criminal or Victim?
    6. Hardware and Software
  11. 10. Patterns of Activity
    1. Signatures
    2. Searching with Signatures
    3. Problems with Simple Signatures
    4. Full Text Comparison
    5. Using Internet Search Engines for Patterns
  12. 11. Case Studies
    1. Case Study 1: Tidball
      1. The Initial Emails
      2. The Initial URLs
      3. Redirection
      4. The Web Sites
      5. Directories
      6. The Phishing Kit
      7. Page Tracking Information
      8. The PHP Scripts
      9. What Else Has Tidball Been Involved In?
      10. Timeline
      11. Who Is Tidball?
    2. Case Study 2: Spam Networks
      1. Subsets of Spam
      2. Digging Deeper
  13. 12. Taking Action
    1. What Is Being Done to Tackle Internet Fraud?
      1. Legislation
      2. Enforcement
      3. Industry and Community Organizations
        1. The Spamhaus Project
        2. Anti-Phishing Working Group
        3. Digital PhishNet
    2. What You Can Do to Help
      1. Documenting an Investigation
      2. Who Should You Call?
        1. Law enforcement
        2. Financial institutions
        3. Internet service providers
        4. Site owners
        5. The scammers
    3. Getting in Over Your Head
      1. Child Pornography Sites
      2. Extremist Web Sites and Vigilantes
    4. Vision of a Community Response
  14. A. About the Author
  15. Index
  16. About the Author
  17. Colophon
  18. Copyright