TCP/IP

.
** :
) (
.
)
( ) (

.





.


.


) (

) (
) (
.
TCP/IP



. .
** :

 " "
).(1
** :

:

- ) (


.
-

.
-
.
-
.
** :


TCP/IP .
** :
) TCP/IP (
:

TCP/TP
TCP/IP
** :



) (OECD

1983 1986

19891992 .
(1)SIEVER (Urich): "Computer Crimes, Other Crimes against Information Technology within the
Working Programmer of the Council of Europe "-Co-Re-port For the AIDP Colloquium in Warburg,
R.I.D.P 1993-P123.



6-4 .(2)1994
Warburg
8-5 1992
2000).(3




1998



.


.
) (
.
.
** :
TCP/IP TCP/IP

)(4
: .

TCP/IP
.TCP/IP

(2)XVEME Congres International De Dirait Penat, Riodejaneiro, Bresil, 4-10 September 1994.
(3)International Review of Criminal Policy-United Nations "Manual on the Prevention and Control of
]Computer Related Crime2000" [http://www.ifs.univie.ac.at/~przg91/ser4344.html

.1998
) (4 / " " 1997
11 ".

** :
.1 :Protocol
)
(


)(5
.
.2 Communications Protocol

)OSI
( .

OSI {. TCP/I


)(6
.
.3 / TCP/IP
)Transmission Control Protocol (TCP), Internet Protocol (IP

) (U N I X
)(7
.Stack TCP/IP
TCP/IP TCP
IP . TCP/IP
) (Packet
) (5 :
Al-KILANI,' Dictionary of Computer Terminology", Librairie du Liban, New Impression, 1988, Page
310.
(6) Yasser Alakad and Maha Soulayman. "Computer Terms Dictionary.
2000.
) "UNIX" (7
) (C
ALX I B M AL U X "
) (C UNIX
ANSI .ANSIC

 "

40
32.000 ) 1500(
.
.4 )Internet Protocol (IP


.
.5 :Information System




.

.6 :(8)Cyber Crime

Web Crime Computer

Crime Computer


)(9
Hard Ware Soft ware . Data Bases
** Web Computer Crime
Cyber
) (

) (8 Cyber Cyber
caf Cyber cash ..
) (9 / " "
3 : 1 2000 .7


).(10
** Computer Crime
Cyber


).(11
.7 :
Crime Sense Cyber Trail and

).(12




][ .(13)[1]


.


Web Pages Email
digital Video Digital audio
Digital Logs of Synchronous Chat Sessions
Files Stored On Personal Computer Digitized Still Images
Computer Logs from An
).Internet service Provider (I S P
(10) Carter, D.L. and Katz. A. J. "Computer Crime: " An Emerging Challenge for Law Enforcement" F
BI Law Enforcement Bulletin. 1996.
(11) Cas Ey, E, Cybercasters In survey ", B. Criminal Profiling, London Academic, Press, Chapter 25,
1999.
(12)Henry, J.F, "Testimony before permanent Subcommittee On Governmental Affairs, The United
States Senate, Ninety, Ninth Congress, 1984.
}{http://www.igc.apc.org/nemesis/aclu/nudishallof shame/henry.html
) (13 Binary
.




.
.8 Digital Evidence


.
.9 Hackers and Computer Crackers

Crackers
Break safe
.
Hackers
...
*** :


. Cyber
Crime Cyber
.

TCP/IP

.
: Digital Evidence
.1 :



.

 :
.1
.
.2
.
.3
.
.4 )
( .
.5
.
.6
.
.7

.
.2 :





).(14
** :
.1 .
.2
.
.3 .
.4 .Hard Drive
.5
.
.6 Cyber trail digital
.
)(15
.7 Algorithm .
.8 .
) (14 " Eagan Cas Ey (Digital Evidence Computer Crime 5 .
) (15 Algorithm
.

 .9
, .. .



:
.1 Computer Scorch Warrant Program


.
.2 :(16)Bootable Diskette

Double space
.
.3 X tree Pro Gold



.
.4 Lap Link

Parallel Port Serial Port
.
.5 AMA Disk, View disk

).(17

) (16 / " " 244

2000 228 .
) (17 / " " 2000
35 .

 .6 LANtastic

.
.
.3 TCP/IP :
TCP/IP TCP IP
TCP/IP
:
User Data gsam Protocol
.1 UDP
.2 Transport Control Protocol TCP
Internet Protocol
.3 IP

With O S I TCP/IP :

10

TCP

UDP

Transport Layer

IP

ARP

Net Work Layer

)Net work Interface Card (NIC

Data Link Layer

Physical Modem

Physical Layer

(18)TCP/IP With O S I :
) I S O (18 International Organization For Standardization
IOS
. :
: .
: .
: .
: .
: .
: .
: .
.

11

 .1 TCP
U D P
TCP U D P T/CP

.
.2

Pac kets

.
.3 Port

119 25 80
. Server 25 email
email
.
.4 T C P
S Y N A C K :
: S Y N
T C P
).(19
:
A C K Acknowledgement
S Y N B I T (.
: A C K
.
.5 T C P
.

) S Y N (B I T) (19 Host A Synchronize Sequence Numbers

.Host B

12


.6 T C P

.
.7 T C P
.(BIT) FIN
** I P !
.1 I P T C P
)( I P

TCP/IP :
IP

IP

IP
IP
T C P
Data
.2 P Addresses
Net Work Numbers
.(20)host Numbers
) (20 I P Addressee

" Internet Corporation For Assigned Name And Numbers

1998
Internet Assigned Numbers And Authority
IP ICANN
Email Adresse
IP Adresse .
) Domain Name (D N
IP Adresse .

13

 .3
) ...(.
.4

.
.5
I P
I P
.
.6 Trace route

Operating System
).(21
Trace route




.

:
-
Modem .
-

.
-

:
) (21 Eogham Casey Layers" Page 127 :" Digital Evidence At The Transport And Net Work
.

14

 .1 .
.2
.
.3
.
- IP
IP

IP
).(22
) IP (
)
(

).(23


.

Dynamic IP Address
!

Static IP Address Dynamic IP
.Address



PPP Dial e.g. Czo52. cyberia.com
.
) (
ADSL

(22) Wilson, C, "Holding mama gement Acountable", a new Policy For Protect against Computer
Crime, Proceedings Of the National Aerospace And Electronics Conference, U.S.A. 2000, Page 272281.
) (23 .

15


.
IP

.
IP
).Dynamic Host Configuration Protocol (DHCP


IP
IP
IP
).(24
: TCP/IP
.1 TCP/IP :
-

IP
.

TCP/IP
.

-

.
IP

IP

.

) (24 :
hostess M A C .
.

16

 - IP
Packet IP
.
Malicious Program
IP Packets .


IP IP
.
.2 Log files :

:
-

IP

Server Log

.

- Log files Firewalls

Routers TCP/IP
UNIX


Syslog-Log-Var-More
).(25
: TCP/IP
.1 TCP/IP :

. Log file



.

) (25 UNIX 1969

) (C
ALX IBM Risk .

17


.


Hard ware

Cut And Past .


.
.1
.
.2 File
.
.3
.

.
.2 TCP/IP

IP



.
:
a linux 5.2 Wtmp Loge, a Solaris syslog, a state table from windows N T
primary Domain Controller
.


.
18

 TCP Web, Email, Telnet

.
IP




.
.3 TCP/IP

.

19




) (.


.



.
** :
.1
.
.2

.


.

.
.3

.
.4
:
.
.
.
).(26
. .
) (26 / " "
.2003-44

20

 . .
**
.

:
.1 :
-
hostess
)DHCP.(27
- " "State Tables .
.2 :
-

.
-
.
- IP
.
-
.
-
.
-
.
-
.
-
.

) (27 " "Dynamic Host Configuration Protocol

dhcp TCP/IP IP
.

21

 .3 :
-
.
-
.
-

.

.
-
.
.4 :
. .
. .
.
.

.

22

Reverences
1. Eoghan Casey "Digital Evidence Computer Crime", Connecticut, USA,
February 2000, ISBN : 012162885X.
2. Carter, D.L. and Katz, A.J. (1996) "Computer Crime: An Emerging
Challenge for law Enforcement, "FBI Law Enforcement Bulletin [available
at http://www.fbi.gov/leb/dec961.txt].
3. Casey, E. (1999) "Cyber patterns, "in Turvey, B. Criminal Profiling,
London: Academic Press, Chapter 25.
4. CSI/FBI (1999) 1998 CSI/FBI computer Crime and Security Survey
[http://www.gocsi.com].
5. CSI/FBI (1999) 1999 CSI/FBI computer Crime and Security Survey
[http://www.gocsi.com].
6. Henry, J.F. (1984) Testimony before Permanent Subcommittee on
Government Affairs, the United States Senate, Ninety-Ninth Congress
[available
at
http://www.igc.apc.org/nemesis/ACLU/NudistHalloffShame/Henry.html].
7. Resenblatt, K.S. (1999) High-Technology Crime: Investigating Cases
Involving Computers, San Jose, CA: KSK Publications.
8. Saferstein, R. (1998) Criminalities: An Introduction to Forensic Science,
6thedn. Upper Saddle River, NJ: Prentice Hall.
9. Shamburg, R (1999) "A Tortured Case", Net Life, 7 April.
10. Shimomura, T. and Markoff, J. (1996) Takedown: The Pursuit of Kevin
Mitnick, America's Most Wanted Computer Outlaw-By the Man Who did it,
New York, NY: Hyperion.
11. Turvey, B. (1999) Criminal Profiling : An Introduction to Behavioral
Evidence analysis, London : Academic Press.
12. United Nations (1995) International Review of Criminal Policy No. 43 and
44-United Nations on the Prevention and Control of Computer Related
Crime [available at http://www.ifs.univie.ac.at/pr2gq1/rev4344.html#crime].
13. Comer, D.E. (1995) Internet working with TCP/IP. Volume 1 : Principles,
Protocols, and Architecture, 3rd edn. Upper Saddle river, NJ: Prentice Hall.
14. Henry, P. and De Libero, G. (1996) Strategic Network : From LAN and
WAN to information superhighways, Boston, MA: International Thomson
Computer Press.
15. Hunt, C. (1998) TCP/IP Network Administration, 2nd edn, Sebastepol, CA:
O'Reilly.

23

16. Moris, R.T. (1995) "A Weakness in the 4.2BSD UNIX TCP/IP Software,
"Bell Labs Computer Science Technical Report 117.25 February [available
at http://www.eecs.harvard.edu/rtm/papers.html].
17. Sehldon, T. (1997) Windows NT Security Handbook, Berkeley, CA:
Osborne McGraw Hill.
18. Shimomura, T. and Markoff, J (1996) Takedown: The Pursuit of Kevin
Mitnick, America's Most Waned computer Outlaw-By the Man Who Did it,
New York, NY: Hyperion.
19. Bellovin, S. (1989) "Security Problems in the TCP/IP Protocol Suite,
"Computer Communications Review 19 (2), April: 32-48.
20. Boulanger, A. (1998) "Catapults and Grappin Hooks : The Tools and
Techniques of Information Warfare, "IBM Systems Journal, 37 (1).
Available [http://www.research.ibm.com/journals/sj/371/boulanger.html].
21. SIEVER (Ulrich): "Computer Crimes, Other Crimes against Information
Technology within the Working Programmer of the council of Europe" CoReport For the AIDP Colloquium in Warburg, R.I.D.P 1993-P123.

24


TCP/IP

.

. IP TCP


.
TCP/IP

.
:

.

25

The Use of TCP/IP Protocol in Cyber Crimes Investigatio

Abstract
The aim of this research is to study the use of TCP and IP protocol in
investigating computer crimes as a means to collect reliable information from
the digital data, which can be used as reliable legal evidence acceptable to the
criminal and civil courts.
The conclusive proof of computer crimes requires the availability of reliable
evidence, which could be presented t the criminal justice organizations in a
reliable scientific form legally acceptable to the courts. The adopting of IP and
TCP protocols as major methods for transference of digital data and the joint
use of these protocols in the Internet allows an easy access to the on line
classified data and the sites available on the Internet. Law enforcement and
criminal justice organizations could also use these protocols to obtain the
evidential materials necessary for investigating and proving of computer crimes.
The research has stressed in its conclusion the reliability of the digital evidence
obtained through TCP/IP protocol as reliable evidence acceptable to the judicial
departments provided that certain criterions are adopted as regards the collection
and substantiation of the digital evidence.

26