Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing
-
Upload
jeffrey-allen-mcdaniel -
Category
Documents
-
view
213 -
download
0
Transcript of Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing
![Page 1: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/1.jpg)
Grover Kearns, PhD, CPA, CFE
Class 11
1
![Page 2: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/2.jpg)
Email Videos
2
How email workshttp://www.youtube.com/watch?v=YBzLPmx3xTUEmail Spoofinghttp://lybio.net/household-hacker-hacking-email-spoofing-101/science-technology/SMTP Spoofinghttp://www.youtube.com/watch?v=Up6XcxEilp4&feature=relatedTracing an emailhttp://www.youtube.com/watch?v=hSvswzSy3oA
![Page 3: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/3.jpg)
Reading Email Headers
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <[email protected]>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
3
![Page 4: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/4.jpg)
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <[email protected]>
From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
Not required by SMTP
![Page 5: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/5.jpg)
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400
Message-ID: <[email protected]>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
unique message ID
![Page 6: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/6.jpg)
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400
Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <[email protected]>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
![Page 7: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/7.jpg)
7
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500
Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <[email protected]>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
![Page 8: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/8.jpg)
8
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>
Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09
201-253-122-126-109-20020611) with ESMTP id <20020817200009.CWZT20372.mta009.
[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <[email protected]>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
![Page 9: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/9.jpg)
From <<my-work-address>> Sat Aug 17 16:00:24 2002Return-Path: <<my-work-address>>Received: from exanpcn4.arinc.com ([144.243.4.70]) by mta009.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 15:00:09 -0500Received: from exanpcn2.arinc.com (unverified) by exanpcn4.arinc.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]> for <<my-home-address>>; Sat, 17 Aug 2002 16:02:15 -0400Received: by exanpcn2.arinc.com with Internet Mail Service (5.5.2653.19) \tid <QRZ549XW>; Sat, 17 Aug 2002 16:00:27 -0400Message-ID: <[email protected]>From: "Conner, Richard C. \\(RCONNER\\)" <<my-work-address>>To: "my-home-address" <<my-home-address>>Subject: HelloDate: Sat, 17 Aug 2002 16:00:26 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2653.19)Content-Type: text/plain
9
![Page 10: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/10.jpg)
Another Example – Partial Header
Delivered-To: [email protected] Received: by 10.68.58.39 with SMTP id n7cs40710pbq; …Return-Path: <[email protected]> …Received: from [127.0.0.1] by omp1017.mail.bf1.yahoo.com with NNFMP;
20 Jun …Received: (qmail 38143 invoked by uid 60001); 20 Jun 2011 19:58:58 -
0000 Message-ID: <[email protected]> Received: from [70.126.236.236] by web161204.mail.bf1.yahoo.com via
HTTP; Mon, 20 Jun 2011 12:58:58 PDT X-Mailer: YahooMailClassic/14.0.3 YahooMailWebService/0.8.111.304355 Date: Mon, 20 Jun 2011 12:58:58 -0700 (PDT)
From: Grover Kearns <[email protected]> Subject: Be Alert To: [email protected] MIME-Version: 1.0 Content-
Type: text/plain; charset=us-ascii
Now get to work!
![Page 11: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/11.jpg)
![Page 12: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/12.jpg)
Mobile Phone Forensics
Unauthorized photos, videos, audio recording
Digital fraud and data duplication
Industrial espionage Acceptable use policy
12
![Page 13: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/13.jpg)
Mobile Phone Forensics
SIM Cards- Subscriber Identity Module
SD Cards- Secure Digital13
![Page 14: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/14.jpg)
Mobile Phone Forensics
International Mobile Subscriber Identity
Integrated Circuit Card Identifier (ICC-ID)
Authentication Key (Ki)
Location Area Identity SMS Message /
Contacts
Stored Data on SIM Cards
14
![Page 15: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/15.jpg)
Mobile Phone Forensics
Stored Data on SD Cards
Call logs Text Messages Electronic documents Phonebooks Videos Music Photos Calendar
15
![Page 16: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/16.jpg)
Smart Phone Videos How to Save Data to a Phone's Micro SD
Memory Cardhttp://www.ehow.com/video_4756774_save-micro-sd-memory-card.html SIM Card Reader
http://www.proofpronto.com/cell-phone-spy.html?gclid=CIfqu8zqwqkCFYgW2god9AZacw
Hacking the iPhone
http://www.youtube.com/watch?v=ZgITSfrEILQ
16
![Page 17: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/17.jpg)
Problems with Mobile Forensics
Lack of single standards How cell phones store messages
Multitude of models Generations: analog, PCS, 3G,
4G, ???
![Page 18: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/18.jpg)
Remote Phone Wipes
18
All smart phones can be “wiped” remotely. Check the web for instructions for each phone.
![Page 19: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/19.jpg)
Securing Mobile Phones
Securing the mobile phone is the first action
Turning it off will lose RAM If on it can be wiped remotely Wrap multiple times in foil or Place in empty paint bucket
![Page 20: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/20.jpg)
![Page 21: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/21.jpg)
21
![Page 22: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/22.jpg)
SIMCon
Reads SIM files Analyzes file content Recovers deleted text messages Manages PIN codes Exports data to spreadsheet files
22
![Page 23: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/23.jpg)
Comparing 3G to 4G 3G Average download
speed is 1 to 100 Mbps
Allowed email and Internet access
Allows apps with music downloads and video calling
Applies to all smartphones
4G A set of standards that
hasn't really been clearly defined
Average download speeds are about twice as fast as 3G at 4-6 Mbps
More apps, More secure
![Page 24: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/24.jpg)
Digital Networks
CDMA – Uses full radio frequency spectrum. Sprint and Verizon use this.
GSM – Used by AT&T and T-Mobile and standard in Europe and Asia. You can switch your SIM card with GSM!
OFDM – Probably will be the chosen technology for 4G.
![Page 25: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/25.jpg)
Smart Phones
Contain: RAM, ROM, microprocessor, radio module, hardware interfaces.
Many have memory cards (SIM). Store system data in EEPROM. OS is stored in ROM.
![Page 26: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/26.jpg)
26
![Page 27: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/27.jpg)
![Page 28: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/28.jpg)
28
![Page 29: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/29.jpg)
29
![Page 30: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/30.jpg)
30
![Page 31: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/31.jpg)
31
![Page 32: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/32.jpg)
Jailbreaking & Unlocking
Unlocking allows owner to switch SIM cards
Could void warranty
Jailbreaking allows owner to add apps that are not supported by vendor
Not illegal
32
![Page 33: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/33.jpg)
Recovering Deleted Files
http://www.youtube.com/watch?v=5ShSIYRQnZY&feature=related
33
![Page 34: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/34.jpg)
Web Sites - Email Email Spoofinghttp://lybio.net/household-hacker-hacking-email-
spoofing-101/science-technology/ Tracing an emailhttp://www.youtube.com/watch?v=hSvswzSy3oA How to find IP address and shutdown network
computerhttp://www.youtube.com/watch?v=fFLd0EQR-
uE&feature=related Restoring deleted fileshttp://www.youtube.com/watch?
v=5ShSIYRQnZY&feature=related
![Page 35: Grover Kearns, PhD, CPA, CFE Class 11 1. Email Videos 2 How email works Email Spoofing](https://reader033.fdocuments.net/reader033/viewer/2022051821/56649e0e5503460f94af8000/html5/thumbnails/35.jpg)
Web Sites – Mobile Phones
SIM Card Readerhttp://www.proofpronto.com/cell-phone-
spy.html?gclid=CIfqu8zqwqkCFYgW2god9AZacw
Hacking iPhone http://www.youtube.com/watch?v=ZgITSfrEILQ How to Save Data to a Phone's Micro SD
Memory Cardhttp://www.ehow.com/video_4756774_save-
micro-sd-memory-card.html