Communication Artifacts

GIA Certified Forensic Examiner Objective:

Analysis of User Communication

The candidate will demonstrate an understanding of the forensic examination of user communication applications and methods, including host-based and mobile email applications, instant messaging, and other software and Internet-based user communication applications.

Overview

This lab is part of a series of lab exercises intended to support courseware for Ethical Hacker training. The development of this document is funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48.

In this lab, students will examine e-mail and Internet Relay Chat (IRC) traffic on the network using various tools. As a forensic specialist, you will learn to use forensic tools that allow you to capture, examine, and report on digital evidence. In this lab, you will look at e-mail and IRC artifacts.

OUTCOMES:

In this lab, you will learn to:

Analyze email messages and programs
Examine emails in Network traffic
Understand how Internet relay chat works

Courses

Digital Forensics Fundamentals Skill Lab

Key terms and descriptions

IRC

Internet Relay Chat is used to communicate with other Internet users. IRC is an older technology and is not really as mainstream today as technologies such as Facebook.

POP3

Post Office Protocol Version 3: uses port 110 by default to deliver mail

SMTP

Simple Mail Transfer Protocol: uses port 25 by default to send mail

Wireshark

A protocol analyzer that can also be used as a sniffer tool. Wireshark is free and can be downloaded from the following link: www.wireshark.org/download.html.

NetworkMiner

An NFAT, Network Forensic Analysis Tool. The free version can be downloaded at http://sourceforge.net/projects/networkminer/files/latest/download.