Computer Forensics for Preventing Email essay

Download this essay in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from essay:

i.e. modifying the domain name system.

7. DNS-Based Phishing ("Pharming"): This offense is based on interference in the domain name searching process by modifying the domain name resolution sending the user to a different IP address.

8. Content-Injection Phishing: The phisher introduces fraudulent content into a legitimate website.

9. Data Theft: Malicious code that collects sensitive information stored within the machines in which it is installed.

10. Man-in-the-Middle Phishing: The phisher takes a position between user's PC and the server filtering, reading and modifying information.

11. Hosts File Poisoning: This is another option for pharming. In this case the attack is carried out by the host's card index hosted on DNS' servers.

12. Spear Phishing: One of the newest phishing strategies. It targets a specific company and uses e-mails to train individuals at various locations. (Frost and Sullivan, nd)

It is reported that the types of websites attacked by phishers include such as banks and customers with online payment services. The general method of attack is carried out through an email or instant message that persuades users to enter personal details at a fraudulent website that appears to be a legitimate one. The majority of phishing attacks use "misspelled URLs or use sub-domains provided in emails which appear to belong to the legitimate organization. Another form of phishing known as IDN spoofing involves the use of URLs and IDNs by phishers in web browsers that appear identical to those of a trusted organization however, the open URL redirectors are used for disguising malicious URLs with a trusted domain. It is reported that certificates fail to address this problem since the phisher can purchase a valid certificate which can be modified in order to spoof a real website.

Other attacks include 'cross-site scripting' which is reported as a "type of an attack which is very difficult to spot without a specialist's knowledge; this is when phishers use errors in a trusted website's own scripts against the victim. The script directs the user to sign in at their own web page (the web address and security certificates seem to be correct), but in reality the link to the website is crafted to carry out the attack." (Frost and Sullivan, nd) Finally, another technique used is popup windows that request the individual's credentials "on top of the legitimate website, in a way that seems that the website is requesting this sensitive information." (Frost and Sullivan, nd) This is a technique reported to be used primarily in banks.

The report of Frost and Sullivan states that challenges include those of:

(1) Lack of knowledge in the differentiation of threats;

(2) Perception of high prices;

(3) Lack of quantifiable ROI; and (4) Fear of outsourcing security. (Frost and Sullivan, nd)

Trends and technologies reported by Sullivan and Frost include those related to the evolution of phishing attacks in the short, medium and long-term. Included in short-term phishing evolution is stated to be the increase in the "volume and degree of vulnerabilities and attacks is turning electronic security into an increasingly complex and broad issue, so the need for specialized professionals and solutions reinforcing network and electronic security is becoming clearer to companies." (Frost and Sullivan, nd)

It is reported that another strong driver of growth of the internet security market in view of the short-term is the "pressure of regulatory acts, such as the Sarbanes-Oxley, Basel II, and compliance with payment card industry international regulations (PCI)…" (Frost and Sullivan, nd) it is additionally reported that the "enterprise scope turn virtual by incorporating mobile workers, remote sites, home-offices and even vendors and partners within the same corporate network. In this context, security solutions appear as a strategic tool for a reliable and efficient network operation." (Frost and Sullivan, nd) in the analysis of industries it is reported that ISPs as well as banking and finance and retail are the most attacked by security threats since the economic crisis started and by the short-term end the advantages of such as detect monitoring services requires that services be clearer to corporations and mid-sized companies.

In regards to the medium term stated as 2011 and 2012 and the long-term, stated as 2013 and 2014 it is reported that security threats "are expected to present at an increasingly growth patterns, mainly leveraged by new and improved telecommunications infrastructure and due to new market entrants." (Frost and Sullivan, nd) in view of the long-term it is reported that the changes in pricing which are "inevitable…will redefine segmentation in the long-term." (Frost and Sullivan, nd)

IV. in-depth Computer Forensics: Communication of Methods, Processes and Procedures

Frost and Sullivan report that there are several forensic applications that can be used for detecting phishing including those as follows:

(1) Detect Monitoring Service -- work through identification accuracy checking and used for addressing phishing issues. This is a real-time connection monitoring service that is in receipt of transactional sites on the client side, with the client's information "correlated with data obtained from malicious activity in the industry. (Frost and Sullivan, nd)

(2) Early Notification -- Detect CA proprietary methodology that has the capacity to identify "specific patterns and behaviors that typically occur at the early stages of a phishing attack, providing a way to stop an attack even before it becomes a real threat." (Frost and Sullivan, nd)

(3) Malware Monitoring Services - monitors on a daily basis hundreds of samples of new financially-motivated malware which enables the company to proactively and quickly implement an action plan when a malicious code is attacking clients. (Frost and Sullivan, nd)

(4) Phishing Alerts - prevents, detects and recovers from phishing and malware attacks. The solution addresses the entire lifecycle of an alert, providing the right, just-in-time help when clients need it most. (Frost and Sullivan, nd)

The work of Abu-Nimeh, Nappa, Wang and Nair (2007) entitled "A Comparison of Machine Learning Techniques for Phishing Detection" reports that there are three main categories of phishing and fraud defense mechanisms:

(1) detective;

(2) preventive; and (3) corrective. (Abu-Nimeh, Nappa, Wang and Nair, 2007)

These solutions include such as 'anti-phishing toolbars' which are used for attempting to alleviate the problem of phishing. According to Abu-Nimeh, Nappa, Wang and Nair Although these toolbars help mitigate the problem, many research studies have demonstrated the ineffectiveness of such techniques." (2007)

Two primary problems with this solution are those of:

(1) quite often the spoofed link is tested without any consideration to the context in which it was presented to the user thereby losing accuracy; and (2) once the user enters the address of the phishing site in the browser address bar, the user is exposed immediately to any attack carried by the site. (Abu-Nimeh, Nappa, Wang and Nair, 2007)

The phishing and fraud solutions in the three categories are listed in the table below.

Figure 1

Categories of Phishing and Fraud Solutions

Source: Abu-Nimeh, Nappa, Wang and Nair (2007)

The work of Wu, et al.

(2006) conducted an evaluation of the effectiveness of security toolbars in the prevention of phishing attacks. Experiments were performed on three security toolbars, as well as the browsers address bar and the status bar. Included in the study were 30 individuals which all showed that the toolbars that were tested were "ineffective in preventing phishing attacks. Users were spoofed 34% of the time. 20 out of 30 users got spoofed by at least one phishing attack. 85% of the spoofed users thought that websites look legitimate or exactly the same as they visited before. 40% of the spoofed users were tricked because of poorly designed websites, especially when using improper redirections." (Abu-Nimeh, Nappa, Wang and Nair, 2007) Two primary reasons that users fell under these attacks are stated to be those as follows:

(1) users discarded the toolbar display, as the content of the web pages looks legitimate or professional; and (2) companies do not follow good practice in designing their websites and the toolbar cannot help users distinguish poorly designed website from malicious phishing attacks. (Abu-Nimeh, Nappa, Wang and Nair, 2007)

The work of Knickerbocker, Yu, and Li (2009) entitled "Humboldt: A Distributed Phishing Disruption System" states that conventional techniques "for combating phishing have focused primarily on detecting phishing web sites and preventing users from revealing their passwords to such sites." This type of protection is stated to be inherently "incomplete and does nothing to protect users that do not reveal their passwords. Combating the phishing threat requires more than simple avoidance -- it requires a more active approach to disrupting even successful phishing operations." (Knickerbocker, Yu and Li, 2009)

The anti-phishing system introduced by Knickerbocker, Yu and Li (2009) is that called "Humboldt" which is similar to another system 'BogusBiter' which "…poisons the data that phishers obtain en masse in order to actively disrupt phishing activity." (Knickerbocker, Yu and Li, 2009) Specifically it is stated that Humboldt "…takes a different approach to injecting fraudulent submissions into the phishing site's collected data. It relies…[continue]

Cite This Essay:

"Computer Forensics For Preventing Email" (2010, July 07) Retrieved October 23, 2016, from

"Computer Forensics For Preventing Email" 07 July 2010. Web.23 October. 2016. <>

"Computer Forensics For Preventing Email", 07 July 2010, Accessed.23 October. 2016,

Other Documents Pertaining To This Topic

  • Computer Forensic Investigation Making an

    Typically, a database uses either the simple recovery model or the full recovery model. The full recovery model can be supplemented by switching to the bulk-logged recovery model before bulk operations." (Microsoft, 2010 P. 2). Meanwhile, our company will need to implement the full back up safeguard all our data. Under the full recovery model, the first step is to back up the transaction log. Combination of full back-up with

  • Computer Surveillance Qualitative Attempt to

    Studies suggest that even "more "omniscient" technology is likely to be developed" in the near future (Lyon, 2002). Cookies were perhaps the first form of internet surveillance, developed in 1994 as a means for websites to track visitors logging in so they could provide more optimal service (Lyon, 2002). Now cookies have transformed the shape of communication and have further advanced the ability of criminals to survey individual user functions

  • Forensic Accounting in Practice

    roles of forensic accountants in preventing and detecting fraud within a business community. The paper highlights the requisites and basic responsibilities of a forensic accountant. The paper also makes references on the special cases where forensic accountants have assisted in fraud detection and prevention. Overview of Forensic Accounting Forensic accounting is the specialty area of accounting used to train an individual to develop the special accounting skills to detect and prevent

  • Benchmarking Key Loggers for Gathering Digital Evidence on Personal...

    Benchmarking Keyloggers for Gathering Digital Evidence on Personal Computers Keyloggers refers to the hardware or software programs, which examine keyboard and mouse activity on a computer in a secretive manner so that the owner of the computer is not aware that their actions are monitored. The keyloggers accumulate the recorded keystrokes for later recovery or remotely convey it to the person employing them. Keyloggers aimed to serve as spyware and currently

  • Future Applications of Forensic DNA Analytical Methods

    Future Applications of Forensic DNA Analytical Methods Following the description of the structure of deoxyribonucleic acid (DNA) by Nobel Prize laureates Francis Crick and James Watson in 1953, a vast array of applications have emerged based on this structure. Indeed, scientists are identifying innovative ways to treat a host of human ailments based on this discovery, and future research will undoubtedly continue to identify additional applications for this information. Other

  • Inadequacy of Forensic Hair Analysis

    Hair is also in contact with chemicals in shampoos, and any dyes, gels, sprays or other cosmetics that may be placed on the hair (11). Since there is no standardized method for cleaning these external contaminants off of the hair prior to analysis, the potential for inaccurate results from external contamination is widespread. There is no way to tell in the laboratory if a chemical is contained within the hair,

  • Has Computer Technology Enhanced Overall Efficiency of South Florida...

    Criminal Justice Computers and Their Effects upon Police Efficiency Computer technology has transformed the modern day police department. Numerous systems now provide assistance in fields ranging from communication, to information storage and retrieval, and even allocation of personnel. Properly designed, computer applications save time and energy. They permit police officers to do the work they were hired to do - police. The various articles in this report both feature and support the

Read Full Essay
Copyright 2016 . All Rights Reserved