<CHAP NUM="18" ID="CH.00.018">chapter 18
<FM><TTL>Forensic Science and the Internet</TTL>
<AU>By Andrew W. Donofrio</AU>
<KTSET><TTL>KEY TERMS</TTL>
<KT>bookmark</KT>
<KT>broadband</KT>
<KT>browser</KT>
<KT>cookies</KT>
<KT>domain</KT>
<KT>download</KT>
<KT>e-mail</KT>
<KT>firewall</KT>
<KT>hacking</KT>
<KT>hypertext</KT>
<KT>Internet cache</KT>
<KT>Internet history</KT>
<KT>Internet protocol</KT>
<KT>Internet service provider (ISP)</KT>
<KT>mailing list</KT>
<KT>modem</KT>
<KT>newsgroups</KT>
<KT>router</KT>
<KT>search engine</KT>
<KT>uniform resource locator (URL)</KT>
<KT>VoIP (voiceover Internet protocol)</KT>
<KT>Wi-Fi</KT></KTSET>
<OBJSET><TTL>Learning Objectives</TTL>
<P>After studying this chapter you should be able to:
<OBJ><P><INST>< </INST>Understand how the Internet is structured</P></OBJ>
<OBJ><P><INST>< </INST>Know how to search for information on the Internet</P></OBJ>
<OBJ><P><INST>< </INST>Describe informational retrieval sources, such as mailing lists and newsgroups, available through the Internet</P></OBJ>
<OBJ><P><INST>< </INST>Learn how to retrieve information about forensic science on the Internet</P></OBJ>
<OBJ><P><INST>< </INST>Relate various areas found on the computer where a user’s Internet activities can be investigated</P></OBJ>
<OBJ><P><INST>< </INST>Describe how e-mails, chat, and instant messages on the Internet can be traced and recovered</P></OBJ>
<OBJ><P><INST>< </INST>List and describe three locations where investigators may pinpoint the origin of a hacker</P></OBJ></P></OBJSET></FM>
<CASE><TTL>Scott Peterson: A Case of Circumstantial Evidence</TTL>
<P>Scott Peterson was charged with the murder of his pregnant wife, Laci, and her unborn son, Conner. On the surface, this young couple lived a happy and content lifestyle in Modesto, California. The 30-year-old Peterson had married his college sweetheart, Laci, a 27-year-old substitute teacher. She was about one month away from delivering her first child. Scott Peterson had told investigators that he had last seen his wife on December 24, 2002, at 9:30 a.m. when he left home for a fishing trip off San Francisco Bay. The decomposed remains of Laci washed ashore in April 2003, not far from where Scott Peterson said he had gone fishing on the day she vanished. Peterson said she was dressed in a white top and black pants when he last saw her, but Laci’s body was found with khaki pants. Her sister recalled that Laci was wearing khaki pants the night before her disappearance.</P>
<P>Peterson claimed that he had gone fishing for sturgeon or striped bass, but the police investigation revealed that he failed to bring the appropriate fishing rod and lines to catch such fish. Further revelations surfaced when it became known that Scott was having an affair with another woman. A search of Scott’s warehouse led to the recovery of a black hair on a pair of pliers resting in Scott’s boat. A mitochondrial DNA profile of the hair was consistent with Laci’s DNA. Scott Peterson was charged with murder and convicted and currently awaits his fate on death row.</P>
<P>Visit WebExtra 18.1 to view the evidence that prosecutors presented to convict Scott Peterson.</P></CASE>
<BM><P>Today, one cannot read a newspaper or turn on the television without seeing some reference to the Internet. The Internet, often referred to as the “information superhighway,” is a medium for people to communicate with others and to access millions of pieces of information on computers located anywhere on the globe. No subject or profession remains untouched by the Internet, including forensic science. Every week many new pages of information are added to the Internet on the subject of forensic science, providing instant access to updated forensic science news and information. The Internet brings together forensic scientists from all parts of the world, linking them into one common electronic community.</P>
<P>The Internet was developed in 1969 by the U.S. Department of Defense with the purpose of providing a connection between computers in different locations. The project, called ARPANET, originated from a group of scientists and engineers funded by the Pentagon’s Advanced Research Projects Agency (ARPA). Their idea was based on the premise that the network would still operate even if part of the connection failed. The first successful link was established between computers housed at UCLA and Stanford Research Institute. Shortly thereafter, USC–Santa Barbara and University of Utah computers were added to the system. In 1972, more than twenty sites were connected on the system when the first electronic mail (e-mail) message was sent. In the 1980s, this network of interconnected computers grew with the establishment of the National Science Foundation Network (NSFNet), which encompassed five supercomputing centers across the United States. At about the same time, regional networks were formed around the United States for the purpose of accessing NSFNet. By 1989, ARPANET had closed down and NSFNet, along with its regional networks, began to mushroom into a worldwide network known as the Internet<SIDEIND NUM="20a" ID="MN1.18.020a"/>.1<FNIND NUMBER="1"/></P>
<H1>What Is the Internet?</H1>
<P>The Internet can be defined as a “network of networks.” A single network consists of two or more computers that are connected in some fashion to share information; the Internet connects thousands of these networks so information can be exchanged worldwide. Connections are sometimes made through a <KT>modem</KT><SIDEIND NUM="1" ID="MN2.18.001"/>, a device that allows computers to exchange and transmit information through telephone lines. A modem passes digital information through a series of steps to convert it to analog signals that can be passed over a telephone line. The process is reversed when the modem converts analog signals coming in from the phone line. Modems transfer information at a rate of bits per second (bps). Obviously, a modem with high-speed capabilities will ensure a faster connection on the Internet. Currently, a modem that transmits at 56,000 bits (or 56 kilobits) per second is recommended for convenience and reasonable connection speed. This speed is roughly equivalent to transmitting 1,000 to 2,000 words per second. The trend, however, is to offer Internet users even higher-speed <KT>broadband</KT><SIDEIND NUM="2" ID="MN2.18.002"/> connections to websites. Digital subscriber line (DSL) service is available from phone companies in many regions. DSL carries digital information on your regular telephone line without disturbing voice traffic. These lines can carry up to 1.1 megabits per second. Alternatively, one may opt to transmit over a TV cable line. Cable modems offer speeds comparable to DSL. Once your computer is hooked into a DSL or cable line you now have an additional option to link other computers in your home or office, through either network wire (typically Ethernet) or high-frequency radio waves via a wireless or <KT>Wi-Fi</KT><SIDEIND NUM="3" ID="MN2.18.003"/> connection. A device called a <KT>router</KT><SIDEIND NUM="4" ID="MN2.18.004"/> serves as a sort of splitter, designed to link computers and manage traffic between them. The router, whether wired or wireless, allows computers to share a connection to the Internet. The advantage of Wi-Fi technology is that it avoids messy wires. Once you have positioned a router in your home or office, another option awaits you—voice over Internet protocol (<KT>VoIP</KT><SIDEIND NUM="5" ID="MN2.18.005"/>). The IP (Internet Protocol) portion of VoIP is the bloodline of the Internet—but more on that later.</P>
<P>A broadband Internet connection can send and receive the human voice in a manner indistinguishable from a traditional telephone line. If you’re in the range of a router, your Wi-Fi phone (cost about $150) can operate like a traditional cell phone. Unlimited-calling plans are commercially available for $20–25 per month.</P>
<P>It is quite astonishing to think that there is no overriding network controlling the Internet. Rather, various larger, higher-level networks are connected through <ITAL>network access points.</ITAL> Many large <KT>Internet service providers (ISPs)</KT><SIDEIND NUM="6" ID="MN2.18.006"/> (Verizon, AOL, Yahoo) connect to each other through these network access points. The ISP’s customers can then connect to the network by connecting to the bank of modems or the cable/DSL connected routers present at the Internet service provider location and thus be connected to all the other networks. Because this places many individual computers on the network, an address system is needed so that all the data traveling on the network can get to its intended location.</P>
<P>On the Internet, the address is known as an <KT>Internet protocol</KT><SIDEIND NUM="7" ID="MN2.18.007"/> (IP) address. This is derived from the protocol suite (transmission-control protocol/Internet protocol—TCP/IP) that defines how traffic is to be presented and transmitted over the Internet. TCP/IP is nothing more than a set of rules on how manufacturers and developers of both hardware and software must configure their products if they want to send traffic over the Internet. With all of the different computer manufacturers and software developers, some rules are necessary if computers are to successfully communicate on a global network. Just as any human language needs rules for people to communicate successfully, so does the language of computers. Computers that participate on the Internet, therefore, must be provided with an IP address from the Internet service provider to which they connect. IP addresses take the form ###.###.###.###, where, generally speaking, the ### can be any number from 0 to 255. A typical IP address might look like this: 66.94.234.13. Not only do these IP addresses provide the means by which data can be routed to the appropriate location, but they also provide the means by which most Internet investigations are conducted (see <LINK LINKEND="FG.18.001">Figure <FIGIND NUM="1" ID="FG.18.001"/>18–1</LINK>).</P>
<P>Once a computer is connected to the Internet, it becomes a node on this network of networks. <KT>Domains</KT><SIDEIND NUM="8" ID="MN2.18.008"/> are human-readable names, such as www.nytimes.com, assigned to an IP address. Thus, www.nytimes.com is the registered name for the <ITAL>New York Times</ITAL>. A domain name usually consists of two or more labels separated by dots. The rightmost label is the <ITAL>top-level domain.</ITAL> Following are the most common abbreviations by which a top-level domain name is identified on the Internet:
<UL><ITEM><P>.gov—government</P></ITEM>
<ITEM><P>.mil—military</P></ITEM>
<ITEM><P>.edu—educational institution</P></ITEM>
<ITEM><P>.com—commercial providers</P></ITEM>
<ITEM><P>.org—nonprofit organizations</P></ITEM></UL></P>
<P>To the left of the top-level domain is the subdomain; thus, nytimes is a subdomain of the .com domain. For the purpose of e-mail, the name of an individual at the <ITAL>New York Times</ITAL> may be added before the subdomain and the @ sign is used to separate them. An e-mail address may read as: Johndoe@nytimes.com.</P>
<P>At this point you may be wondering: If everything on the Internet uses an IP address to route data to the correct location, how can we use web addresses and e-mail addresses to access websites and send e-mail? The answer, although technically complex, is quite simple. Understanding the apparent limitations of the human mind to remember numbers, developers created the concept of the domain name system (DNS). <ITAL>Domain name systems</ITAL> are essentially large databases distributed over the Internet that relate domain names to their actual IP address. For instance, a person who wants to read the <ITAL>New York Times</ITAL> online only needs to know the web address. Even if the user is unsure of the actual address, the most logical place to start would obviously be <URL>www.newyorktimes.com</URL> or <URL>www.nytimes.com</URL> (both of which will work, by the way). In actuality, however, the address is 199.239.137.245. This can be verified by typing that IP address directly into your web browser where you would normally type the web address. Domain name systems makes it much easier for us to navigate the Web, but for investigative purposes it is important to realize that no names exist on the Internet; rather it’s all about the IP address (see <LINK LINKEND="FG.18.002">Figure <FIGIND NUM="2" ID="FG.18.002"/>18–2</LINK>).</P>
<H1>Where to Go on the Internet</H1>
<H2>The World Wide Web</H2>
<P>The most popular area of the Internet is the World Wide Web. Also known as WWW, W3, or the web, it is a collection of documents, called <ITAL>webpages</ITAL>, that are stored in the computers connected to the Internet throughout the world. Web <KT>browsers</KT><SIDEIND NUM="9" ID="MN2.18.009"/>, such as Netscape Navigator and Microsoft Internet Explorer, are programs that allow the user to explore information stored on the Web and to retrieve webpages the viewer wishes to read. Most browsers, such as the popular Netscape Navigator, perform within a toolbar interface. Various functions such as reload, back, forward, stop, open, and print appear on the toolbar so that with one click on an icon, the user can easily navigate the Internet. Web browsers permit the downloading and capture of documents, as well as printing of selected portions of websites. A browser also allows the user to explore the World Wide Web and newsgroups.</P>
<P>Each webpage is stored in a specific website that has a unique web address that indicates where the document is actually located. The web address is called the <KT>uniform resource locator (URL)</KT><SIDEIND NUM="10" ID="MN2.18.010"/>. The URL designates the site at which information is stored on the Internet. You can ac...
Januszek66