Proposal- Email Forensics Tracing and Mapping Digital Evidence from IP Address

Introduction
Email is a crucial means of communication in modern digital era. It is widely used to communicate personal, business and other sensitive information across the globe in a cost effective manner (Burns, 2006). Communication via email is vulnerable to various kinds of attacks, making it a likely target for those with criminal intent (Internet Crime Complaint Center [IC3], 2009). Private email communication between two or more known associates can be easily protected through security mechanisms such as tunneling and encryption. However, the majority of the e-mail communication over the Internet occurs between unknown people while public e-mail still faces various security threats.
E-mail, like any other communication activity over the Internet, can be traced back to its originator through various methods. This forms the basics of email forensics; enabling the collection of digital evidence against those who use e-mails to commit crimes. Digital evidence helps identify and trace back the originator of an e-mail attack. Due to the enormity of the Internet, the most important issue in determining the location of an e-mail attacker is to narrow down the search for the location of the attacker. This research proposes the implementation of ‘hop count distance’ method which would use the Time-to-Live (TTL) field in Internet Protocol packet to narrow down the location from where an attack is originated.

Project Background
Due to the widespread use of e-mail communication, individuals often have their own personal accounts along with those related to work. Workplace mailboxes and emails service providers store hundreds of thousands of emails. Hence most of the popular e-mail forensic applications such as encase, Nuix Forensics Desktop, x-ways forensics, Forensic Toolkit (FTK), Intella, etc., are aimed at searching millions of emails. These forensic application and others are also equipped with the capability of recovering deleted emails. These programs enable the collection of digital evidence through the recovery of email messages or email addresses related to any criminal activity. They do not trace back the email to its originator in terms of physical location of the attacker. Investigators rely on other email trace back applications to determine the location from where the email was sent. Most of the email trace back applications depend upon the Internet Protocol (IP) address of the source stored in the header of the email to determine the exact location of the originator. This technique works fine, however almost all malicious activity over the email is performed using spoofed IP address which negates the usability of tracing the source through IP address.
There are several IP trace back mechanisms that can find the source of the attack despite the IP address being spoofed in case of Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks (Karthik, Arunachalam, & Ravichandran, 2008). Although these mechanisms such as iTrace or PPM are highly efficient in determining the source of the attack, their complexity and high resource requirements for tracing the source renders them very improbable for being used as email forensic mechanisms. Thus there is a need to determine a resource efficient and simplistic solution for tracing the source of an email attack with a spoofed IP address.
Solution Outline
This study proposes a hop-count-based source-to-destination distance method for developing a simplistic and efficient trace back mechanism for tracing the source of an email attack with a spoofed source IP address. This mechanism is based on the hop count value (the intermediate devices between the source and the destination through which a set of data passes) stored inside the Time-to-Live (TTL) field in the IP packet to estimate the distance and subsequently the approximate location of the origin of the email (Wang et al., 2007). The hop-count-based source-to-destination distance can be worked out just within a minute after confining a single IP packet. The approximate location of the source of an email with a spoofed IP address can be located with a single day. The hop-count-based source-to-destination distance method cannot find the exact location of the source; however, it can prove to be an important tool in slimming down the scope of the search to aid further investigation and trace back process. Furthermore, the hop-count-based source-to-destination distance method can be applied in tracking various other attacks.
Project aims and Objectives
Currently, there are several IP trace back mechanisms that are designed to trace IP address in case of DoS or DDoS attacks over the Internet. These mechanisms require either a lot of resources or complicated network designs during trace back. The objective of this study is to propose a mechanism that fills the gap between resource-hungry and complicated trace back mechanisms.
Project Deliverables
This project will deliver a detailed report of the designed mechanism as part of the finding and analysis of a dissertation along with all its relevant components.
References
Burns, E. (2006). New online activities show greatest growth. Retrieved October 3, 2009 {online} http://www.clickz.com/3624155 (cited on 23rd Oct, 2012)
Internet Crime Complaint Center (IC3). (2009). IC3 2008 annual report on Internet crime released. Retrieved October 3, 2009 {online} http://www.ic3.gov/media/2009/090331.aspx (cited on 23rd Oct, 2012)
Karthik, S., & Arunachalam, V. P., & Ravichandran, T. (2008). A comparitive study of various IP traceback strategies and simulation of IP traceback. Asian Journal of Information Technology, 7(10), 454-458. Retrieved September 30, 2009 {online} http://docsdrive.com/pdfs/medwelljournals/ajit/2008/454-458.pdf (cited on 23rd Oct, 2012)
Wang, H., & Jin, C., & Shin, K. G. (2007). Defense against spoofed IP traffic using hop-count filtering. Retrieved October 1, 2009 {online} http://www.cs.wm.edu/~hnw/paper/hcf.pdf (cited on 23rd Oct, 2012)

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Order your essay today and save 25% with the discount code: COCONUTPlace Order
+