Proposal- Email Forensics Tracing and Mapping Digital Evidence from IP Address

Introduction
Email is a crucial means of communication in modern digital era. It is widely used to communicate personal, business and other sensitive information across the globe in a cost effective manner (Burns, 2006). Communication via email is vulnerable to various kinds of attacks, making it a likely target for those with criminal intent (Internet Crime Complaint Center [IC3], 2009). Private email communication between two or more known associates can be easily protected through security mechanisms such as tunneling and encryption. However, the majority of the e-mail communication over the Internet occurs between unknown people while public e-mail still faces various security threats.
E-mail, like any other communication activity over the Internet, can be traced back to its originator through various methods. This forms the basics of email forensics; enabling the collection of digital evidence against those who use e-mails to commit crimes. Digital evidence helps identify and trace back the originator of an e-mail attack. Due to the enormity of the Internet, the most important issue in determining the location of an e-mail attacker is to narrow down the search for the location of the attacker. This research proposes the implementation of ‘hop count distance’ method which would use the Time-to-Live (TTL) field in Internet Protocol packet to narrow down the location from where an attack is originated.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Project Background
Due to the widespread use of e-mail communication, individuals often have their own personal accounts along with those related to work. Workplace mailboxes and emails service providers store hundreds of thousands of emails. Hence most of the popular e-mail forensic applications such as encase, Nuix Forensics Desktop, x-ways forensics, Forensic Toolkit (FTK), Intella, etc., are aimed at searching millions of emails. These forensic application and others are also equipped with the capability of recovering deleted emails. These programs enable the collection of digital evidence through the recovery of email messages or email addresses related to any criminal activity. They do not trace back the email to its originator in terms of physical location of the attacker. Investigators rely on other email trace back applications to determine the location from where the email was sent. Most of the email trace back applications depend upon the Internet Protocol (IP) address of the source stored in the header of the email to determine the exact location of the originator. This technique works fine, however almost all malicious activity over the email is performed using spoofed IP address which negates the usability of tracing the source through IP address.
There are several IP trace back mechanisms that can find the source of the attack despite the IP address being spoofed in case of Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks (Karthik, Arunachalam, & Ravichandran, 2008). Although these mechanisms such as iTrace or PPM are highly efficient in determining the source of the attack, their complexity and high resource requirements for tracing the source renders them very improbable for being used as email forensic mechanisms. Thus there is a need to determine a resource efficient and simplistic solution for tracing the source of an email attack with a spoofed IP address.
Solution Outline
This study proposes a hop-count-based source-to-destination distance method for developing a simplistic and efficient trace back mechanism for tracing the source of an email attack with a spoofed source IP address. This mechanism is based on the hop count value (the intermediate devices between the source and the destination through which a set of data passes) stored inside the Time-to-Live (TTL) field in the IP packet to estimate the distance and subsequently the approximate location of the origin of the email (Wang et al., 2007). The hop-count-based source-to-destination distance can be worked out just within a minute after confining a single IP packet. The approximate location of the source of an email with a spoofed IP address can be located with a single day. The hop-count-based source-to-destination distance method cannot find the exact location of the source; however, it can prove to be an important tool in slimming down the scope of the search to aid further investigation and trace back process. Furthermore, the hop-count-based source-to-destination distance method can be applied in tracking various other attacks.
Project aims and Objectives
Currently, there are several IP trace back mechanisms that are designed to trace IP address in case of DoS or DDoS attacks over the Internet. These mechanisms require either a lot of resources or complicated network designs during trace back. The objective of this study is to propose a mechanism that fills the gap between resource-hungry and complicated trace back mechanisms.
Project Deliverables
This project will deliver a detailed report of the designed mechanism as part of the finding and analysis of a dissertation along with all its relevant components.
References
Burns, E. (2006). New online activities show greatest growth. Retrieved October 3, 2009 {online} http://www.clickz.com/3624155 (cited on 23rd Oct, 2012)
Internet Crime Complaint Center (IC3). (2009). IC3 2008 annual report on Internet crime released. Retrieved October 3, 2009 {online} http://www.ic3.gov/media/2009/090331.aspx (cited on 23rd Oct, 2012)
Karthik, S., & Arunachalam, V. P., & Ravichandran, T. (2008). A comparitive study of various IP traceback strategies and simulation of IP traceback. Asian Journal of Information Technology, 7(10), 454-458. Retrieved September 30, 2009 {online} http://docsdrive.com/pdfs/medwelljournals/ajit/2008/454-458.pdf (cited on 23rd Oct, 2012)
Wang, H., & Jin, C., & Shin, K. G. (2007). Defense against spoofed IP traffic using hop-count filtering. Retrieved October 1, 2009 {online} http://www.cs.wm.edu/~hnw/paper/hcf.pdf (cited on 23rd Oct, 2012)

Fountain Essays
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services