| 摘要 |
Embodiments of the invention relate to systems, methods, and computer program products for identifying devices used in connection with email and website spoofing. For example, the invention can be used to identify the device that was used to copy an image from a target website, where, after being copied, the image is used as part of a spoofed email or website. In an embodiment, a timer is embedded in an image residing on a web server that hosts a target website. The embedded timer is configured to record the time at which the image is removed from the web server and store that time in the image for later retrieval. Also, the time at which the image was removed, along with a device forensic of the device used to download the image, is stored in a database. If the image later appears as part of a spoofed email or website, the time at which the image was removed from the web server is obtained from the timer embedded in the image. Then, the database is searched for the corresponding time and device forensic, which can be used to identify the device used to copy the image from the target website. |
