Using Search Engines to Acquire Network Forensic Evidence

Robert McGrew &
Rayford Vaughn³

Part of the book series: IFIP — The International Federation for Information Processing ((IFIPAICT,volume 242))

Included in the following conference series:

IFIP International Conference on Digital Forensics

1493 Accesses

Abstract

Search engine APIs can be used very effectively to automate the surreptitious gathering of information about network assets. This paper describes GooSweep, a tool that uses the Google API to automate the search for references to individual IP addresses in a target network. GooSweep is a promising investigative tool. It can assist network forensic investigators in gathering information about individual computers such as referral logs, guest books, spam blacklists, and instructions for logging into servers. GooSweep also provides valuable intelligence about a suspect’s Internet activities, including browsing habits and communications in web-based forums.

Download to read the full chapter text

Chapter PDF

SearchOL: An Information Gathering Tool

Solution for Detecting Phishing Attacks

Web Forensics-Chapter Competencies

Keywords

References

Apache Software Foundation, Apache Common Log Format (http://d.apache.org/docs/1.3/logs.html#common), 2006.
Google, Google APIs (http://code.google.com/apis.html).
N. Krawetz, Anti-spam solutions and security (http://www.securityfocus.com/infocus/1763), 2004.
B. Landers, PyGoogle: A Python interface to the Google API (pygoogle.sourceforge.net).
Google Scholar
J. Long, The Google Hacking Database (johnny.ihackstuff.com/gh db.php).
Google Scholar
R. McGrew, GooSweep, McGrew Security Services and Research (http://www.mcgrewsecurity.com/projects/goosweep), 2006.
J. Oikarinen and D. Reed, RFC 1459: Internet Relay Chat Protocol, IETF Network Working Group (http://www.ietf.org/rfc/rfcl459.txt?number=1459), 1993.
Python Software Foundation, Python programming language (py thon.org).
Google Scholar
G. Warnes and C. Blunck, Python web services (pywebsvcs.source forge.net).
Google Scholar

Download references

Author information

Authors and Affiliations

Computer Science and Engineering, Mississippi State University, Mississippi State, Mississippi
Rayford Vaughn (Professor)

Authors

Robert McGrew
View author publications
You can also search for this author in PubMed Google Scholar
Rayford Vaughn
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

University of Central Florida, Orlando, Florida, USA
Philip Craiger
University of Tulsa, Tulsa, Oklahoma, USA
Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

McGrew, R., Vaughn, R. (2007). Using Search Engines to Acquire Network Forensic Evidence. In: Craiger, P., Shenoi, S. (eds) Advances in Digital Forensics III. DigitalForensics 2007. IFIP — The International Federation for Information Processing, vol 242. Springer, New York, NY. https://doi.org/10.1007/978-0-387-73742-3_17

Download citation

DOI: https://doi.org/10.1007/978-0-387-73742-3_17
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-73741-6
Online ISBN: 978-0-387-73742-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics