Investigation of a
Cybercrime:
A Case Study
Hacking and Hijacking in Redmond
The First Indication of a Problem
"Network Solutions Registration Services"
Other Attempts to Hijack Domain
"Network Solutions Registration Services"
How an Email
Travels the Internet
"The information on the left..."
"The Internet numbers also identify..."
"An abbreviated record of an..."
Finding the Sender’s Email Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
Find the Originating IP Address
"The unbroken chain-of-custody is:"
"To identify the origins of..."
"Network Solutions Registration Services"
Out of State Providers -
A New Proposal
"Network Solutions Registration Services"
"Network Solutions Registration Services"
E-Mail Spoofing -
A More Sophisticated Method
E-Mail Spoofing -
Other Sophisticated Methods
"How Did We Establish Probable..."
Relationship Between Log Files
What was Available to Examine?
What was Available to Examine?
What was Available to Examine?
What was Available to Examine?
Rilling’s History Files Started Mid-August, 1999
Interesting Usage Just after Police Interview
Additional Computer Analysis - Troy’s Analysis
Other Issue - Restriction on Defendant’s Internet Access