‘Basics of Spam Forensics’ Slides (PDF)

 

LAB #1

UltraDNS Toolset
https://www.ultratools.com/dashboard#

https://www.ultratools.com/dnsTools
https://www.ultratools.com/emailTools
https://www.ultratools.com/ipTools
https://www.ultratools.com/ipv6Tools
https://www.ultratools.com/websiteTools
https://www.ultratools.com/tracingTools
https://www.ultratools.com/informationTools

 
TERMINAL UTILITIES
nslookup
tracert
WHOIS (domain or IP)
DIG

LAB #2

SET OF SPAMPLES

drugs
Phish
419 
Weightloss 
grey

HEADER ANALYSIS

Google Header Analysis Tool

SENDING IP REPUTATION

CISCO SenderBase
Return Path SenderScore  
Multi RBL Spam Blacklist Checker


SPAM MAGNITUDE ANALYSIS

Distributed Checksum Clearing House Checker (Spam magnitude)

LAB #3

PASSIVE DNS

OTHER COOL TOOLS

DOMAINS AND URIs

  • Whoisology finds Domains Names Connected To One Another 
  • Domain Tools can tell you how many domains a given email address owns, etc. 
  • Robtex – Domains, IP Information
  • DNSStuff – complete set of DNS checks
  • MX Toolbox – tells you what machines send for a given domain
  • URL Query – tells you if a URL has been seen in spam, is malicious, etc.
  • Web Sniffer breaks down tricky re-directs – enter a URI it brings you to the next hop

MALWARE RESOURCES

VPN Services

criminals will sometimes give different responses if you go to the same site twice, or are checking them from a known IP address. A VPN allows you to pretend to be elsewhere.

http://netforbeginners.about.com/od/readerpicks/tp/The-Best-VPN-Service-Providers.htm
 

AREA CODE DECODER

Decode North American telephone numbers – who owns them, where are they located http://www.localcallingguide.com/lca_prefix.php

INTERNET TRAFFIC REPORTS

Internet Traffic Report indicates network trouble, DDoS activity 
Netcraft tracks phishing, servers, hosting companies anti-phishing plugin

BASE64 DECODERS

http://base64decode.org/
https://toolbox.googleapps.com/apps/encode_decode/