Saturday, January 2, 2010

Website Knows

Most websites prominently display some for of privacy policy that describes what kind of information the site collects about its visitors and what it does with that information. This makes perfect sense when you supply your name and/or email address and/or other pertinent personal information to the site, such as when you're creating an account or making a purchase. But what does a website know about you if you don't register with it? To understand this you need to know a bit about how web browsers and web servers interact.

A web server is the software application that hosts a website. Your web browser communicates with the web server to fetch the HTML pages, images, videos, etc. that make up the website. This communication is done using a "protocol" (a set of commands) called HTTP, which is short for "Hypertext Transfer Protocol".

An interesting feature about HTTP is that it's mostly a plain text protocol. In other words, the commands are human-readable words and phrases. Here, for example, is the simplest HTTP command for fetching a single web page from a web server:

GET /index.html HTTP/0.9

This command says "Please GET the page '/index.html' and, by the way, I only understand version 0.9 of HTTP".

The web server would typically respond with a status code, some extra information, and the contents of the page in question.

A web browser normally sends additional information along with the request for a specific page. This information is sent to the web server using headers, which are name-value pairs. A modern browser would send headers like these:

GET /index.html HTTP/1.1

Host: http://www.yahoo.com

Referer: http://www.google.com/search?q=best+directory

Accept-Language: en-US, en, fr-CA, fr

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.15) Gecko/2009101601 Firefox/3.0.15 GTB5

These headers tell the web server:

* That the visitor was directed to the website from a google.com search (the "Referer" header -- yes, it's misspelled, that's the way it is in the protocol and it can't be changed) for the term "best directory".

* That the visitor reads English and French (the "Accept-Language" header).

* That the visitor is using the Firefox browser (the "User-Agent" header).

When combined with the IP address of your computer (which the web server gets directly from the network connection the browser makes), this information can tell the webmaster a lot about the visitors that are browsing the site. None of it is personally identifiable information, but it's definitely useful. Webmasters can even tell which part of the world you're coming from based on your computer's IP address.

You can control how much of this information makes it to the web server. If you use the Firefox browser, for example, there are add-ons (extensions) that let you disable or otherwise mask these headers.

For the most part, though, these headers are actually useful for the webmaster and there's no need to block most of them. The only ones that should concern you are the cookies (markers) that web servers can insert into an HTTP conversation. Cookies have their use, but they're also a privacy concern when misused by website owners. Luckily, a good cookie blocker is all you need to fix that problem.
Posted by at No comments:

Forensics Degree

Computer crime is on the rise and there is a huge need for people that can solve this type of crime. The typical criminal activity usually includes burglary or physical attacks of some nature, but hacking into computers to steal ones identity or get information on their online banking is on the rise. To combat this stituation many colleges are now offering courses in computer forensic training.

The type of forensics training you would complete depends on the type of career interested in. These classes have different levels, with the first requiring that you have basic understanding, or preferably, experience with the Windows Operating System. The second level of training would take you through to a degree in computer science.

Of course, the more technical the career the more advanced the classes so if you wanted to work an upper job in computer forensics, expect that you will need to complete many more classes and perhaps, a second degree. However, the more education you have the more opportunities you have regarding a great career.

In addition, some careers would require you to complete forensics training on specific systems. This might include taking classes for network administration, Windows, and security. To save time and money, it would be best to look at all the career options for computer forensics so you can narrow your choice down to the one you want to pursue. With that, you would know exactly the computer forensics training required.

After graduating with your certification or computer science degree, the fun part starts of choosing your career. Again, there are so many possibilities, such as working closely with law enforcement personnel for criminal prosecution, or perhaps computer investigations. With your completed education, you become the expert, the person of authority that would be in charge.

Most often, people that go into computer forensics have some idea of the type of job they want to do but what happens many times is that after graduation, the true scope of career opportunities is revealed. With so many organizations looking to hire someone with computer forensics training, you would have no problem securing the job you want and at a nice pay rate.

Your future could be changed in a positive way simply by completing computer forensics training. The certification or degree you now hold is your key to the future. Having completed the courses, you could work virtually anywhere you want.

This means you could work locally, nationally, or internationally. In addition, you could work for a smaller company or go to work for a Fortune 500 corporation, or even go to work for a government agency. No matter your choice, you would enjoy benefits of job security and lucrative income.
Posted by at No comments:

Investigators

Computer forensics courses may be new to some of us out there. One of the reasons may be because the course is not made known to the public as much as a career such as doctors, nurses, teachers and policemen. Everyone knows what forensics is but what they do not know are the branches in forensics and this course is one of the branches.

Technology is getting more and more advance each day and the job scope gets larger and larger each and every single day. Investigation involves investigating the possible crimes at any crime scenes involving the use of computers or any digital devises as evidence. Here, you may find the basic things that an investigator does. Investigator first needs to prepare evidence and chain of custody forms.

  • Evidence forms will contain the name of the device, the measurements, model, and serial numbers. This form is to ensure that there will be no confusions of devices and that particular device is for one particular case and will not be mixed up.
  • Chain of custody forms answers the five questions of "what", "when", "who", "where", "why" and "how" of the particular evidence.

After filling up those forms, the investigator will have to analyse on how to retrieve the data from the device. There are several things that a computer forensic investigator has to follow and below are a few examples:

  • not to boot a computer when it is off
  • not to off a computer when it is on
  • protect the evidence from getting destroyed by using a write protection software

When analyzing the data, the investigator has to make sure that every section of the device is checked. If it is regarding an email account, the data obtained has to be not only from the inbox but also sent files, drafts, spam mails, trash bins and other links provided by the email address provider. If it is the whole computer, then there is the necessity to check the temp files, recycle bin, recent link file, internet history, printed files, and also retrieve deleted files by using trustworthy software.
Posted by at No comments:

Common Situations

Computer forensics plays a vital role in recovering and revealing the hidden clues. A very famous case is the BTK Killer where investigators had assisted the police to discover a serial killer, Dennis Rader, through a floppy disk that Dennis sent to the police. Investigators found within the documents implicated an author name "Dennis" at "Christ Lutheran Church". This evidence helped to lead to the serial killer's arrest. Sound like watching CSI? Yes, it is.

By now, you should realise how wide the scope of work can be. Let's us look at some of the common situations in which it is used:

1) Unauthorised disclosure of corporate data (by accident or design)

There's always a chance that employees will disclose corporate data without authorisation to third parties or competitors. The chance increases when employees are unhappy, dissatisfied, or being fired. As corporate information such as business plans, customers database and product roadmaps are private and confidential, a computer forensics is needed to assist in protecting and lock down the potential leak of sensitive data. If such incident happens, he will help to uncover the person responsible.

2) Criminal fraud

The above BTK Killer case best describes how computer forensics is used in assisting criminal fraud uncovering. As you Google, you will come across how computer forensics had helped in uncovering evidence in the prosecution in high-profile murder cases as information technology had become a necessity in everyone's daily life irrespective of what profession you are in, whether legal or illegal. Apart from that, a knowledgeable and skilful investigator plays a key role in Court when presenting digital evidence for legal proceedings as these are not something which many of us can understand.

Other common situations include employee internet abuse, damage assessment and analysis, industrial spying, and other more general criminal cases. All these are where wrong-doings and crimes are committed through computers and digital storage media. These are also where evidences are found by computer forensics investigators.
Posted by at No comments:

Place in Top

Pursuing career in computer forensics is not as easy as just going into a college, get a degree and get a job. If you think that way, then you will not be able to get a high-paid job. I am sure everyone likes the sound of "high-paid job" but do you have what it takes to get what you like? One simple way to ensure you getting "high-paid job" is by getting into a top school. So, how are you going to do it? What do you need?

First of all, you need to have interest in this field. The importance of interest lies in doing what you like and liking what you do. If you do not like computer or any of the application at all, you will not excel in the courses. College entrance requires you to send in your resume and if they see that your hobby is more to drawing, dancing, singing or swimming instead of what they expect such as playing computer games, developing computer systems, playing Sudoku which develops the ability to be analytical or repairing computers; the chances of you getting into one of the schools has already been reduced to 50% only.

Second of all, you will be required to have high scores in your SAT Reasoning Test especially in the Maths section. Having a lot of mistakes reduces the chances of the college entrance. Therefore, ensure that your Maths and Science subject is good and as much as possible get a distinction in those two subjects. Without being able to excel in both subjects, it will be impossible to excel in the degree courses as well thus will reduce the opportunity to be accepted in top schools.

Finally, ensure that you have the skills to play around with the software, hardware and understand the function of every electronic devises that is normally involved in investigating crimes. To test your skills, try to pick up any spoilt electronic devises such as a computer or a digital camera. Try understanding them and repair them with the guide from any books available to you. If you find yourself having the patience to repair it until it is functioning well, then congratulations to you because you know you have the skills. But if you find yourself not having the patience to repair and instead wanted them to be easier, then you know that you do want to repair, you just want to be a superman who can do everything. Wanting to become a superman will not ensure you entering a top school but being a superman will.
Posted by at No comments:
Subscribe to: Posts (Atom)