Abstract
This chapter provides a brief description of the methods employed for collecting initial information about a given suspicious online communication message, including header and network information; and how to forensically analyze the dataset to attain the information that would be necessary to trace back to the source of the crime. The header content and network information are usually the immediate sources for collecting preliminary information about a given collection of suspicious online messages. The header analysis of an e-mail corpus identifying all the senders, the recipients associated with each sender, and the frequency of messages exchanged between users helps an investigator to understand the overall nature of e-mail communication. Electronic messages like e-mails or virtual network data present a potential dataset or a source of evidence containing personal communications, critical business communications, or agreements. When a crime is committed, it is always possible for the perpetrator to manipulate e-mails or any electronic evidence, forging the details to remove relevant evidence or tampering the data to mislead the investigator. Possible manipulation of such evidence may include backdating, executing time-stamp changes, altering the message sender, recipient, or message content, etc. However, such attempts of manipulation and misleading can be detected by examining the message header. By examining e-mail header and analyzing network information through forensic analysis, investigators can gain valuable insight into the source of a message that is otherwise not traceable through the message body. Investigators can utilize a range of existing algorithms and models and build on leveraging typical forensic planning. Such models focus on what type of information should be collected, ensuring the forensically sound collection and preservation of identified Electronically Stored Information (ESI). By applying these models, it is possible to achieve a full analysis and collect all the relevant information pertaining to the crime. The collected finding is then compiled to reconstruct the whole crime scene, deduct more accurate and logical conclusions [1].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
B. Nelson, A. Phillips, C. Steuart, Guide to Computer Forensics and Investigations (Cengage Learning, 2014)
H.C. Lee, T. Palmbach, M.T. Miller, Henry Lee’s Crime Scene Handbook (Academic, 2001)
H. Jones, J.H. Soltren, Facebook: threats to privacy. Proj. MAC MIT Proj. Math. Comput. 1, 1–76 (2005)
C. Eoghan, Digital evidence and computer crime, in Forensic Sci. Comput. Internet. Op. Cit (2004)
K.-K.R. Choo, R.G. Smith, R. McCusker, K.-K.R. Choo, Future Directions in Technology-Enabled Crime: 2007-09 (Citeseer, 2007)
S.Ó. Ciardhuáin, An extended model of cybercrime investigations. Int. J. Digit. Evid. 3(1), 1–22 (2004)
M. Bhattacharyya, S. Hershkop, E. Eskin, Met: an experimental system for malicious email tracking, in Proceedings of the 2002 Workshop on New Security Paradigms (2002), pp. 3–10
Discovering Email Header Forensic Analysis! (2017). [Online]. http://www.xploreforensics.com/blog/email-header-forensic-analysis.html. Accessed 5 May 2020
R.S. Forsyth, D.I. Holmes, Feature-finding for test classification. Liter. Linguist. Comput. 11(4), 163–174 (1996)
D.P. Chris et al., Another stemmer. ACM SIGIR Forum 24(3), 56–61 (1990)
M.F. Porter, An algorithm for suffix stripping. Program 14(3), 130–137 (1980)
R. Zheng, J. Li, H. Chen, Z. Huang, A framework for authorship identification of online messages: writing-style features and classification techniques. J. Am. Soc. Inf. Sci. Technol. 57(3), 378–393 (2006)
A. Abbasi, H. Chen, Writeprints: a stylometric approach to identity-level identification and similarity detection in cyberspace. ACM Trans. Inf. Syst. 26(2), 7 (2008)
T. Joachims, Text categorization with support vector machines: learning with many relevant features, in European Conference on Machine Learning (1998), pp. 137–142
G. Salton, Automatic Text Processing: The Transformation, Analysis, and Retrieval Of (Read. Addison-Wesley, 1989)
J.R. Quinlan, Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986)
R.P. Rippmann, An introduction to computing with Neural Networks. IEEE ASSP Mag. 4(2), 4–22 (1987)
I.H. Witten, E. Frank, M.A. Hall, C.J. Pal, Data Mining: Practical Machine Learning Tools and Techniques (Morgan Kaufmann, 2016)
R. Agrawal, J. Gehrke, D. Gunopulos, P. Raghavan, Automatic Subspace Clustering of High Dimensional Data for Data Mining Applications, vol. 27, no. 2 (ACM, 1998)
H. Li, D. Shen, B. Zhang, Z. Chen, Q. Yang, Adding semantics to email clustering, in Sixth International Conference on Data Mining, 2006. ICDM’06 (2006), pp. 938–942
R. Zheng, Y. Qin, Z. Huang, H. Chen, Authorship analysis in cybercrime investigation, in International Conference on Intelligence and Security Informatics (2003), pp. 59–73
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Iqbal, F., Debbabi, M., Fung, B.C.M. (2020). Analyzing Network Level Information. In: Machine Learning for Authorship Attribution and Cyber Forensics. International Series on Computer Entertainment and Media Technology. Springer, Cham. https://doi.org/10.1007/978-3-030-61675-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-61675-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61674-8
Online ISBN: 978-3-030-61675-5
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)