Professional Documents
Culture Documents
Harassment Case
Study
Sourav Mishra
RSI2019005
Nitroba University Harassment 11/07/2019
CaseStudy
You are a staff member at the Nitroba University Incident Response Team.
● Lily Tuckrige is teaching chemistry CHEM109 this summer at NSU.
● Tuckrige has been receiving harassing email at her personal email
address. – Tuckrige's personal email is lilytuckrige@yahoo.com – She
thinks that it is from one of the students in her class.
● Tuckrige contacted IT support. – She sent a screen shot of one of the
harassing email messages. – She wants to know who is doing it.
Information or Instructions
A). Email Header
B). After checking the IP, there is a host, who turns out to be from inside
the campus-
D). To detect a back attack, the campus conducts network sniffing on campus.
From this search we can get the contents of the sender's email, following
the sender's IP, mac address, operating system used and others.
IP information obtained
With the information we get then we minimize the search on wireshark with
the filter "ip.src = = 192.168.15.4 and dns". The filter can be obtained
from any web that has been opened by the IP.
Can be seen from any site that has opened the IP, then we analyze
about what web can lead to the perpetrators, examples of these
results are www.facebook.com, www.amazon.com, www.gmail.com,
etc. .
We assume the offender opens a service that is often opened, such
as gmail, do a search with the keyword @ gmail.com or with other
keywords, which can be obtained if the perpetrator ID. It can be in
the form of e-mails or other related to the site that has been opened by
the perpetrators
From the results of the analysis above, it turns out that the mac
address jcoachj@gmail.com matches the attacker's mac address in the
results of the previous analysis, so it can be concluded that the
main suspect is the one who has the email jcoachj@gmail.com, if
matched with the list of student names above, the suspect is Jhonny
Coach.
G). Using the network miner tool to read data packets is easier because it
has been classified according to their respective categories such as
recorded hosts, files, images, messages, accounts, sessions and other
categories.
H). From these various categories, just search for the contents of the e-
mail messages on the messages tab, you can see the IP of the sender of the
message, the destination host and also the contents of the message.
I). Then continue the analysis on the credentials tab, in that tab you can
see IP 192.168.15.4 accessing many websites, from which you can find out
who might be the sender of the email. It can be found that IP 192.168.15.4
has opened the website www.sendanonymousemail.com and also gmail with the
account jcoachj@gmail.com
J). On the hosts menu, you can see the mac address of the owner of IP
192.168.15.4. Then we can match the reading results on the
wireshark.
From this analysis it can be concluded that the most powerful perpetrator
is the owner of the jcoachj@gmail.com email account, if matched with a list
of student names the culprit is Johnny Coach.