Abstract
This paper describes a novel tool forremotely “fingerprinting” computers used in criminal activity. The tool employs network scanning and machine identification techniques to acquire a fingerprint of a computer over the Internet. The fingerprint includes identifying information about the operating system, banners, enumerations and services. Once the computer is seized, it is connected to a closed network and scanned again to produce a second fingerprint to check against the original. Two scenarios - one related to investigating pedophiles and the other involving an illegal website - are examined. Legal issues pertaining to the use of computer fingerprinting in criminal investigations are also discussed.
Chapter PDF
Similar content being viewed by others
References
M. Andress. Network scanners pinpoint problems. Network World, February 2, 2002.
B. Bell. Secrets and lies: News media and law enforcement use of deception as an investigative tool. University of Pittsburgh Law Review, 60:745–837, 1999.
K. Connolly. Law of Internet Security and Privacy. Aspen, New York, 2003.
M. Elmore. Big brother where art thou? Electronic surveillance and the Internet: Carving away Fourth Amendment privacy protections. Texas Tech Law Review, 32:1053–1083, 2001.
R. Farrow. System fingerprinting with Nmap. Network Magazine, November 5, 2000.
Federal Bureau of Investigation. A Parent’s Guide to Internet Safety. www.fbi.gov, 2002.
J. Forristal and G. Shipley. Vulnerability assessment scanners. Network Computing, January 8, 2001.
Fyodor. The art of port scanning. www.insecure.org, 1997.
Fyodor. Remote operating system detection via TCP/IP stack fingerprinting. www.insecure.org, 2002.
GFI Software. LANGuard Network Security Scanner. www.gfi.com.
J. Leonard and M. Morin. Stalking the web predator. Los Angeles Times, January 17, 2002.
A. Meehan, et al. Packet sniffing for automated chat room monitoring and evidence preservation. Proceedings of the 2001 Workshop on Information Assurance and Security, 285–288, 2001.
K. Mitchell, D. Finkelhor and J. Wolak. Risk factors for and impact of online sexual solicitation of youth. Journal of the American Medical Association, 285(23):3011–3014, June 20, 2001.
A. Moenssens, editor. Amendments to the Federal Rules of Evidence. www.forensic-evidence.com, 2003.
J. Nazario. Passive system fingerprinting using network client applications. Crimelabs Security Group. www.crimelabs.net, January 19, 2001.
Nessus. Documentation. www.nessus.org.
J. Novotny, et al. Evidence acquisition tools for cyber sex crimes investigations, Proceedings of the SPIE Conference on Sensors and C31 Technologies for Homeland Defense and Law Enforcement, 4708:53–60, 2002.
K. Ramakrishnan, S. Floyd and D. Black. The addition of explicit congestion notification (ECN) to IP. RFC 3168, September 2001.
E. Sinrod, et al. Cyber-crimes: A practical approach to the application of federal computer crime laws. Santa Clara Computer and High Technology Law Journal, 16:177–232, 2000.
P. Stephenson. Investigating Computer-Related Crime. CRC Press, Boca Raton, Florida, 1999.
R. Strang. Recognizing and meeting Title III concerns in computer investigations. United States Attorneys’ Bulletin, 49(2):8–13, 2001.
U.S. Department of Justice. Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. www.cybercrime.gov, 2002.
R. Winick. Searches and seizures of computers and computer data. Harvard Journal of Law & Technology, 8:75–128, 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Novotny, J., Schulte, D., Manes, G., Shenoi, S. (2004). Remote Computer Fingerprinting for Cyber Crime Investigations. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds) Data and Applications Security XVII. IFIP International Federation for Information Processing, vol 142. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8070-0_1
Download citation
DOI: https://doi.org/10.1007/1-4020-8070-0_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8069-2
Online ISBN: 978-1-4020-8070-8
eBook Packages: Springer Book Archive