Investigating Online Crime
Added on 2022-12-05
9 Pages2764 Words352 Views
|
|
|
Running head: INVESTIGATING ONLINE CRIME
Investigating Online Crime
Name of the Student
Name of the University
Author Note
Investigating Online Crime
Name of the Student
Name of the University
Author Note
INVESTIGATING ONLINE CRIME1
Q1. Consider a criminal group that is running a pharmaceutical affiliate program as we
discussed in Module 8. You've seen some of the things that can be done to automate the
gathering of information in large multi-domain investigations (such as in Mod 8 Lesson 3.) You
discover that Aleksandr Bolelov has been making counterfeit pharmaceutical websites since at
least August of 2012. (Here is a link to his Whoxy page:
https://www.whoxy.com/name/2193280). Explain how you would build a system that would
document all of the relevant evidence about these websites and store it for later use.
From the study above, it has been identified that a system needs to be created that would help
in automate the gathering of the information to formulate a larger multi domain investigation. The
idea behind the investigation program is to find out the counterfeit pharmaceutical website by
Aleksandr Bolelov since the last August 2012 1. The system would be created to help in the
documentation of the relevant evidences form the website and further store the information
accumulated about these websites for later use.
The system would be created in 3 states or phases as identified which would hold the process
of creating the system including the phases of identifying the scope of the investigation, expanding
the search to gather data from the website and refining the results of the findings2.
The first step would include the implementation of the WHOIS query that mostly helps as a
response protocol to query for the databases for storing the registered users or assigning the people
using a particular internet source. This would include the domain name, the autonomous system or the
IP address block. This can also be used for capturing the data about other information as well. The
WHOIS query would be used for the identifying the affiliated program. One email address would be
identified through the WHO IS data even for multiple domains and the historical WHOIS queries
1 Martens, Marijn, Ralf De Wolf, and Lieven De Marez. "Investigating and comparing the predictors of the
intention towards taking security measures against malware, scams and cybercrime in general." Computers in
Human Behavior 92 (2019): 139-150.
2 Oerlemans, Jan-Jaap. Investigating cybercrime. Diss. 2017.
Q1. Consider a criminal group that is running a pharmaceutical affiliate program as we
discussed in Module 8. You've seen some of the things that can be done to automate the
gathering of information in large multi-domain investigations (such as in Mod 8 Lesson 3.) You
discover that Aleksandr Bolelov has been making counterfeit pharmaceutical websites since at
least August of 2012. (Here is a link to his Whoxy page:
https://www.whoxy.com/name/2193280). Explain how you would build a system that would
document all of the relevant evidence about these websites and store it for later use.
From the study above, it has been identified that a system needs to be created that would help
in automate the gathering of the information to formulate a larger multi domain investigation. The
idea behind the investigation program is to find out the counterfeit pharmaceutical website by
Aleksandr Bolelov since the last August 2012 1. The system would be created to help in the
documentation of the relevant evidences form the website and further store the information
accumulated about these websites for later use.
The system would be created in 3 states or phases as identified which would hold the process
of creating the system including the phases of identifying the scope of the investigation, expanding
the search to gather data from the website and refining the results of the findings2.
The first step would include the implementation of the WHOIS query that mostly helps as a
response protocol to query for the databases for storing the registered users or assigning the people
using a particular internet source. This would include the domain name, the autonomous system or the
IP address block. This can also be used for capturing the data about other information as well. The
WHOIS query would be used for the identifying the affiliated program. One email address would be
identified through the WHO IS data even for multiple domains and the historical WHOIS queries
1 Martens, Marijn, Ralf De Wolf, and Lieven De Marez. "Investigating and comparing the predictors of the
intention towards taking security measures against malware, scams and cybercrime in general." Computers in
Human Behavior 92 (2019): 139-150.
2 Oerlemans, Jan-Jaap. Investigating cybercrime. Diss. 2017.
INVESTIGATING ONLINE CRIME2
would help in identifying the original information of the registrant. Both of the identified data would
then be used for the input of reverse WHOIS queries3.
Grabber.py could also be used as a penetration testing tool for the web application scanner
that would help in identifying the screen of the Whoxy page and then it would capture the screen for
the counterfeit pharmaceutical company site. A preliminary sort would be started followed by rough
sort based on the contact phone number grabbed. The current WHOIS queries would then be used for
the Affiliate ID sites to run the redirectors. When the email is identified, the reverse WHOIS queries
would help in identifying the email address associated with the additional domains.
Q2. Assume that you have been asked to document an active cybercrime group on Facebook
(similar to Module 7). Explain how you would write a program to make a list of the members
who were part of the group. (If you would like to explain with a real group, consider "World
Cardius (Carding)" (https://www.facebook.com/groups/238449903697215). While GraphAPI is
no longer available, examine the structure of the group and explain what process you would use.
Write your explanation in essay form as if you are describing your process to someone who has
never done it before.
The current problem deals with the identification of the list of members in a Facebook group
that organizes cybercrimes. The first task in this case is assigned to document the activities of the
cybercrime group in Facebook that would further require to make a list of the members who are
associated with the group and for this a program needs to be developed that would help in listing out
the group4. For this particular reason, the i2 Analyst’s Notebook can be used to find out the structure
of the group along with the process associated with it.
This is a visual analysis tool that helps in transforming data into intelligence. The features,
such as the connected network visualizations can be used in this regard for social network analysis.
The entire system helps in finding out the connected entities and networks through the visual
3 Dayarathna, Miyuru, et al. "Scalable Complex Event Processing on a Notebook." Proceedings of the 11th
ACM International Conference on Distributed and Event-based Systems. ACM, 2017.
4 Gillespie, Alisdair A. Cybercrime: key issues and debates. Routledge, 2015.
would help in identifying the original information of the registrant. Both of the identified data would
then be used for the input of reverse WHOIS queries3.
Grabber.py could also be used as a penetration testing tool for the web application scanner
that would help in identifying the screen of the Whoxy page and then it would capture the screen for
the counterfeit pharmaceutical company site. A preliminary sort would be started followed by rough
sort based on the contact phone number grabbed. The current WHOIS queries would then be used for
the Affiliate ID sites to run the redirectors. When the email is identified, the reverse WHOIS queries
would help in identifying the email address associated with the additional domains.
Q2. Assume that you have been asked to document an active cybercrime group on Facebook
(similar to Module 7). Explain how you would write a program to make a list of the members
who were part of the group. (If you would like to explain with a real group, consider "World
Cardius (Carding)" (https://www.facebook.com/groups/238449903697215). While GraphAPI is
no longer available, examine the structure of the group and explain what process you would use.
Write your explanation in essay form as if you are describing your process to someone who has
never done it before.
The current problem deals with the identification of the list of members in a Facebook group
that organizes cybercrimes. The first task in this case is assigned to document the activities of the
cybercrime group in Facebook that would further require to make a list of the members who are
associated with the group and for this a program needs to be developed that would help in listing out
the group4. For this particular reason, the i2 Analyst’s Notebook can be used to find out the structure
of the group along with the process associated with it.
This is a visual analysis tool that helps in transforming data into intelligence. The features,
such as the connected network visualizations can be used in this regard for social network analysis.
The entire system helps in finding out the connected entities and networks through the visual
3 Dayarathna, Miyuru, et al. "Scalable Complex Event Processing on a Notebook." Proceedings of the 11th
ACM International Conference on Distributed and Event-based Systems. ACM, 2017.
4 Gillespie, Alisdair A. Cybercrime: key issues and debates. Routledge, 2015.
End of preview
Want to access all the pages? Upload your documents or become a member.