Friday, August 9, 2019

Describe how to extract evidence in relation to HTTp,FTP and SMTP Research Paper

Describe how to extract evidence in relation to HTTp,FTP and SMTP application layer protocol - Research Paper Example In this paper, I present the techniques used to extract data sent from one host to another over a TCP-based network like the internet using FTP protocol, an e-mail sent over an IP network using SMTP protocol and the one sent over web-based applications using HTTP protocol. Contents Contents 3 1.0Introduction 1 2.0Extracting evidence in relation to HTTP 1 Extraction of Posting Behavior from HTTP Header 1 3.0Extracting evidence in relation to SMTP 2 Header analysis 3 Bait tactics 3 Server investigation 3 Network device investigation 3 Software embedded identifiers 3 Sender Mailer Finger prints 3 4.0Extracting evidence in relation to FTP 3 5.0Conclusion 4 6.0 References 1 1.0 Introduction The network has become the beast way of transferring information to support both personal and business requirements. However, as different services have been enabled across the network environment, the potential for cyber-crime has grown with these. Unfortunately, not only are criminals exploiting this medium to an unprecedented degree but we are now looking at the potential of cyber-warfare or cyber-terrorism who are communicating through these protocols hence need for methods of extracting data from these protocols as a source of evidence. [24] File transfer protocol (FTP) is a network protocol that is used to transfer files from a host server to a client over a TCP-based network such as the internet. It is based on client-server architecture and it uses separate data and control connections between the client and server. [5] Simple Mail Transfer Protocol (SMTP) refers to a protocol that transmission of an e-mail across and IP- based network. However clients in the network use SMTP only for sending messages to a mail sever while for receiving they use POP (Post office protocol) or IMAP (Internet Message Access Protocol). This enables them to access their mail box accounts on a mail sever. HTTP (Hypertext Transfer Protocol) is an application protocol used by distributed and coll aborative hypermedia information systems. [19] The HTTP protocol is the basis of World Wide Web (WWW). All Web-based applications rely on this protocol for security and transactions ranging from home banking, e-commerce and e-procurement and to those that deal with sensitive data such as career and identity information. This protocol can also be used to prevent unauthorized viewing of personal, financial, and confidential information over the Web. [20] 2.0 Extracting evidence in relation to HTTP In relation to the amount of content in the web, users need help in finding information of interest, and service providers are required to provide such information. This can be done by estimating the user’s profile i.e. analyzing the behavior of the user when she is online by using access logs in a server. In order to recognize the actual user behavior across many servers, the behavior is analyzed using the flow of data on proxy servers. Some users post their messages on the Web while others just browse web pages and hence an approach has to be made in order to extract both the users’ behaviors. [6] When a user is just browsing web pages, the browser usually sends HHTP GET requests in which the request parameters are described in the URL (e.g., http://search.goo.ne.jp/web.jsp?MT=ntt means that the value of parameter MT is ntt). When the user posts a message, requests and responses are sent by HTTP POST, instead of HTTP GET.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.