Computer Forensic 8

Computer Forensic 8

Case Project 12-1

With the advent of the computer era, crimes and threats have increasingly been relayed over the internet. Emails are vastly used globally to relay such information. Marco, a high school student claims to have received an email from another student threatening to commit suicide and the problem arises in that he does not know where the student sent the email from. From the presented information, email authorship and message is known; only the physical source is unknown. This is known as the problem definition phase. By knowing where the email was sent from, the student can be physically reached and talked out of the decision. The first step therefore would be to report the case to the police and computer forensic investigators who can help trace the email physical address source (Pollitt & Shenoi, 2005).

Emails consist of two major components; the first being header information and the other being the body. The Simple Mail Transfer Protocol (SMTP) is an example of an internet standard that is used in the sending and receiving of emails transversely on the Internet Protocol (IP) Systems. SMTP and other similar protocols like Internet Message Access Protocol and Post Office Protocol are usually embedded in the header information. By retrieving this configured information, the routing, specific time, and day the physical location of the computer used to send the email can then be identified. Sites like IP-LOOKUP and ‘who is’ means help generate the IP address that is used to identify the domain owner information. The corresponding country’s name and location and the subsequent Internet Service Provider (ISP) are given.

The IP address can also be re-structured into a Media Access Control (MAC) by applying the Address Resolution Protocol. MAC addresses are international identifiers. Using the GetMAC, command prompt delivers an address that combines the address and transport name. An example of such an address would be 00-40-CA-B5-5B-06 \Device\Tcpip_{B249BB63-9574-4061-817A-D62E1D12072F} (Shaikh, 2010). The first part 00-40-CA-B5-06 is the address; CA of course identifies the location as California. Alternatively, by calling the ISP and explaining the situation, the physical address can be located. Most ISPs do not reveal subscriber information due to the increase of crimes but the police can authenticate the given case and attain the address. If the ISP refuses to give the information, a subpoena permitting information release can be obtained.

The third method that can be used is running the IP address on online geo-location sites. Identified in the site is the country and town or state in which the IP address matches. Statistically, geo-location sites in the US give identity with a 99% precision and 91% precision regarding individual states. With regard to a global search, use the precision level in reference to exact positioning rates as 60% (Roehl, 2007). The positioning is given also in terms of latitudes and longitudes where the investigators can use maps to determine the area. The last two methods would not be the best to use since they are time consuming and with reference to our case, there is a time constraint if the suicide action is to be deterred.

Case Project 12-2

This case deals with a fifteen year old girl who has eloped from home to be with a thirty five year old woman. The mother reports the case after reading through her daughter’s emails. With the categories of cyber crime, this case may be a possible kidnapping where the girl may have been enticed with promises to move out only to be betrayed into a different arrangement. The first step would be to maintain the email information integrity and not tamper with it in any form. Alerting the police would be the next move. The suspicion has to be calculated to ascertain whether there is need for alarm or not. As earlier identified, an email is made-up of the header and the body. Analyzing the IP addresses with intent of acquiring a geographical location may turn-out to be fruitless especially if the unidentified woman sends the emails from different locations with the aim of securing her identity.

This infers that the message would serve the purpose of digital forensic analysis. Note that, messages relayed in emails are highly unstructured because they do not require a particular writing format and language to be used. The information in each email should be analyzed as well as the regularity that messages were received. Comparison of the extracted information has the ability of indicating behavior and any other patterns. The information has to be classified into structured and non-structured categories. Structured information includes “To, From, Cc, Bcc, Reply-To and Delivered-To address fields,” (Pollitt, & Shenoi, 2005, p. 81). The non-structured component is used to summarize the message itself as well as the email header. This enables the teams to come-up with key terms and the focal points addressed in the emails and these summaries are known as feature strings.

Both types of information can then be keyed in social diagrams and networks, probabilities and weights assigned to each factor and then all the possible links ascertained by the different vectors are calculated. This aids the analysis team to calculate the level of suspicion attached to the case. The weight is accorded according to the number of times a word or phrase recurs across the emails. Correlation between common words can be enhanced by the use of Multiple Levels of Abstraction. Multiplying Multiple Levels of Abstraction with the accorded weights yields the suspicion level (Pollitt & Shenoi, 2005).  Based on the findings from the Positive Predictive Value, the team may use the decision tree approach to settle on the next move. The higher the Positive Predictive Value, the higher the chance that the daughter was kidnapped.


Pollitt, M., & Shenoi, S. (2005). Advances in Digital Forensics: IFIP International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, February 13-16, 2005, Volume 2005. Cambridge, MA: Birkhauser.

Roehl, J. R. (2007). Internet Protocol Geolocation: Development of a Delay-based Hybrid Methodology for Geographic Location of a Network Node. Greene, OH: Air Force Institute of Technology.

Shaikh, K. (2010). Three Ways to Get your MAC Address. Retrieved June 25, 2010 from



Are you looking for a similar paper or any other quality academic essay? Then look no further. Our research paper writing service is what you require. Our team of experienced writers is on standby to deliver to you an original paper as per your specified instructions with zero plagiarism guaranteed. This is the perfect way you can prepare your own unique academic paper and score the grades you deserve.

Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.