Network scanning is a critical step in ascertaining the security of a network. Some types of scans include the following:

Network Sweeping – This type of scan sends a series of probe packets to identify live hosts at the IP addresses in the target network.

Network Tracing – This type of scam is closely related to network sweeping. During this scan, we attempt to determine the network topology so that we can draw a network map.

Port Scanning – This type of scanning is used to determine the TCP and UDP ports that are listening on the target system.

We previously looked at DNS servers and the various DNS records. These records provide a lot of information about a domain being analyzed. You can use the nslookup command to get some of the information. We like to use the dig command instead. As you can see, the dig command can provide a good amount of information for a domain of interest. Here is an example.

When querying DNS servers, we want to obtain many records, including:

NS: Nameserver records
A: Address record
HINFO: Host Information record
MX: Mail exchange record
TXT: Text record
CNAME: Canonical Name Record
SOA: Start of Authority record
RP: Responsible person record
PTR: Pointer for inverse lookups record
SVR: Service location record

More details about some of these will be provided in a different posts. In the meantime, suffice to say that name servers do more than just resolve domain names to IP addresses.

AVM Technology is a leading computer forensics, incident response, and information security company with its principal office in Richmond (Henrico County) Virginia and providing services throughout the United States. Our professionals have been interviewed as experts by many news and media organizations. Some of these organizations include the BBC, the New York Times, the Washington Post, and others. We also have regular appearances on NBC 12 On Your Side. Visit our Virginia computer forensics page to read about AVM Technology in the news.

It's the end of the month and it is time for the monthly computer security update.  This month, we had vulnerable Internet browsers, Samsung Galaxy phones, and even Department of Veteran Affairs computers.  We also saw medical equipment, including pacemakers being hacked as well as more development in the cyber warfare front.  See our October 2012

...

Some criminal defendants erroneously believe that simply because they may have hired a good attorney, they don’t need the assistance of a computer forensics expert witness.  In this case, this happened in a case that could have used a computer forensics expert witness in Richmond Virginia.  The facts of that case where as follows:  An Agent for Immigration and Customs Enforcement (“ICE”) conducted an investigation into a foreign child pornography website, “Illegal.cp,” which, for $79.99, offered 21 days of access to material containing child pornography.

Some important considerations when conducting a computer forensics exam include:

Computer Forensics Expert Note: Many computers utilize the file allocation table FAT file system.  Understanding FAT operations is critical to any computer forensics examiner.

When a file is created:

The field of computer forensics requires an understanding of what happens when files are created and deleted.  For example, on a FAT partition, creating a file involves three events:  1) An entry is made into the File Allocation Table (FAT) to indicate the space where the file is stored in the data region. 2) The file is assigned clutter space on the hard drive.  3) A directory entry is made indicating the file name, size, link to the FAT, etc. 4) The file is written to the data region.

Computer Forensics Expert Note: Most people today utilize a computer, PDA, iPod, smart phone, iPhone, or other similar devices.  These devices have a file system and as such create a trail of digital evidence that is available to a competent computer forensics examiner.  It is this information that, on a daily basis, becomes critical during criminal trials.  It is also the reason why many civil lawsuits are settled, won, or lost.  Computer forensics experts ay an important role in this process.  Properly maintained and competentaly handled digital