Using Search Engines to Acquire Network Forensic Evidence
نویسندگان
چکیده
Search engine APIs can be used very effectively to automate the surreptitious gathering of information about network assets. This paper describes GooSweep, a tool that uses the Google API to automate the search for references to individual IP addresses in a target network. GooSweep is a promising investigative tool. It can assist network forensic investigators in gathering information about individual computers such as referral logs, guest books, spam blacklists, and instructions for logging into servers. GooSweep also provides valuable intelligence about a suspect’s Internet activities, including browsing habits and communications in web-based forums.
منابع مشابه
An Improved Forensic Science Information Search.
Although thousands of search engines and databases are available online, finding answers to specific forensic science questions can be a challenge even to experienced Internet users. Because there is no central repository for forensic science information, and because of the sheer number of disciplines under the forensic science umbrella, forensic scientists are often unable to locate material t...
متن کاملDIGITAL FORENSIC RESEARCH CONFERENCE Digital Forensic Text String Searching: Improving Information Retrieval Effectiveness by Thematically Clustering Search Results
Current digital forensic text string search tools use match and/or indexing algorithms to search digital evidence at the physical level to locate specific text strings. They are designed to achieve 100% query recall (i.e. find all instances of the text strings). Given the nature of the data set, this leads to an extremely high incidence of hits that are not relevant to investigative objectives....
متن کاملDigital forensic text string searching: Improving information retrieval effectiveness by thematically clustering search results
Current digital forensic text string search tools use match and/or indexing algorithms to search digital evidence at the physical level to locate specific text strings. They are designed to achieve 100% query recall (i.e. find all instances of the text strings). Given the nature of the data set, this leads to an extremely high incidence of hits that are not relevant to investigative objectives....
متن کاملCovert Channel Forensics on the Internet: Issues, Approaches, and Experiences
The exponential growth of the Internet (WWW in particular) has opened-up several avenues for covert channel communication. Steganographic communication is one such avenue. Hiding secret messages in digital data such as images using steganographic software tools is becoming easier. These digital images posted in public Web sites can then be downloaded at the receiver and the hidden messages may ...
متن کاملForensic Acquisition of Cloud Drives
Cloud computing and cloud storage services, in particular, pose a new challenge to digital forensic investigations. Currently, evidence acquisition for such services still follows the traditional method of collecting artifacts on a client device. This approach requires labor-intensive reverse engineering efforts, and ultimately result in an acquisition that is inherently incomplete. Specificall...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007