SlideShare une entreprise Scribd logo

Tracing An IP Address or Domain Name by Raghu Khimani

Dr Raghu Khimani
Dr Raghu Khimani

IP address, Domain Name, Private IP, Static IP, Dynamic IP, Local IP, External IP, Network Devices & Services, DNS Servers, Registering Domain Names, Domain Name Extensions, tracing domain name, tracing IP address, reverse IP mapping.

Technologie
1  sur  39
Tracing an IP address or Domain Name • By: • Raghu Khimani, • Cyber Crime Expert / Advisor • Contact: raghukhimani2007@gmail.com
Contents Basic Terms Tracing a domain name Tracing an IP address Summary
Basic Terms Internet Protocol Address • Private IP address • Static & Dynamic IP addresses • Local & External IP addresses ISP (Internet Service Providers) Packet Network Devices and Services Domain Name System Servers (DNS Servers) Registering Domain Names Domain Name Extensions Spoofing, Masking and Redirecting
Basic Terms • Internet Protocol Address: – The Internet protocol suite is the set of communication protocols used for the Internet and other similar networks. – It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP), which were the first networking protocols defined in this standard. – Every device involved in communicating on the Internet requires an IP address. – IPv4 address is a 32 bit number. – The 4 bytes in the 32-bit value are transmitted in the order: bits 1-8 first, then bits 9-16, then 17-24, and bits 25-32 last. This is called big endian byte ordering, which is the byte ordering required for all binary integers in the TCP/IP headers as they traverse a network. This is called the network byte order. – IPv4 version of IP is available since 1980.
– An IP address is a series of four numbers ranging from 0 to 255, separated by periods. – i.e. 0.0.0.0 to 255.255.255.255 – The address identifies the specific network and device. – An example of an IP address is: • 129.6.13.23 – A common analogy is to compare an IP address to an apartment address.
IP Address
Apartment Address
– The IP address does not denote a physical location of the device at the time it is connected to the Internet. – IP addressing uses four decimal-separated numbers, which allows for a total of 2554 or 4,22,82,50,625 unique addresses. – This addressing scheme is being expanded to accommodate additional Internet usage. – Regardless of the addressing scheme used, the method of tracing the IP address will likely remain the same. – But good news is that, IPv6 version has came which is 128 bit number. So now there is no shortage of IP addresses. Means there will be unlimited IP addresses. – The most obvious improvement in IPv6 over IPv4 is that IP addresses are lengthened from 32 bits to 128 bits. – IPv6 uses a 128-bit address, theoretically allowing 2128, or approximately 3.4×1038 addresses.
• Private IP address: – Three groups of IP addresses are specifically reserved for use by any private network and are not seen on the public Internet. – Information for these IP addresses comes from the owner of the network. – The ranges are: • 10.0.0.0 to 10.255.255.255 • 172.16.0.0 to 172.31.255.255 • 192.168.0.0 to 192.168.255.255
• Static and Dynamic IP addresses – “Static” IP addresses are permanently assigned to devices configured to always have the same IP address. – A person, business, or organization maintaining a constant Internet presence, such as a Web site, generally requires a static IP address. – “Dynamic” IP addresses are temporarily assigned from a pool of available addresses registered to an ISP. – These addresses are assigned to a device when a user begins an online session. – As a result, a device’s IP address may vary from one logon session to the next.
• Static IP: – 10 – 12 hours : 122.0.0.1 – 2 – 4 hours : 122.0.0.1 – 4 – 6 hours : 122.0.0.1 • Dynamic IP: – 10 – 12 hours : 122.0.0.1 – 2 – 4 hours : 122.0.0.100 – 4 – 6 hours : 122.0.0.50
– Note: – The date and time an IP address was assigned must be determined to tie it to a specific device or user account. – The ISP may maintain historical log files relating these dynamically assigned IP addresses back to a particular subscriber or user at a particular time.
• Local and External IP addresses – Local IP address is the IP address of the computer that is not provided by ISP but it is generated or provided by the LAN network. – It is like IP of the Child PC of the Parent PC. – You can know your own LOCAL IP by typing “ipconfig” without inverted coma in Command Prompt. – External IP is the IP provided by the ISP to the main server. – It is the IP of the Parent PC. – It can be known by opening a website: • www.whatismyip.com
• Internet Service Providers (ISPs) – Internet Service Providers (ISPs) may be commercial vendors or organizations, such as a business or government entity. – They may reserve blocks of IP addresses that can be assigned to its users. – ISPs may log the date, time, account user information, and ANI (Automatic Number Identification) or caller line identification at the time of connection. – If logs are kept, they may be kept for a limited time depending on the established policy of the ISP. – Currently, no general legal requirement exists for log preservation; therefore, some ISPs do not store logs. – i.e. Airtel is given the range of IP addresses is • 122.0.0.1 to 122.255.255.255
• Packet – Data sent over the Internet are divided into packets that are routed through the Internet and reassembled at the destination. – When information such as files, e-mail messages, Hyper Text Markup Language (HTML) documents, or Web pages are sent from one place to another on a network, the network operating system divides the information into chunks of an efficient size for routing. – Each of these packets includes the address of the destination. – The individual packets for the information being routed may travel different routes through a network. – When they have all arrived, they are reassembled into the original file.
• Network devices and services – Network devices and services include routers, Network Address Translation (NAT), firewalls, proxy servers/gateways, and Dynamic Host Configuration Protocol (DHCP). – By design, these devices and services may or may not have a logging feature that captures source and destination IP information, login user name, and date and time of logins. – Some or all of these network devices and services may alter or mask the true source or destination IP address. – It may be necessary to work with the network adminis- trator to determine the true source or destination IP address.
• Domain Name System servers – Domain Name System (DNS) servers are the “phonebooks” of the Internet. – They maintain directories that match IP addresses with registered domains and resolve the text that people understand (the domain name) into a format that devices understand (the IP address). – In figure, My PC sends the request for the location of www.nist.gov – The DNS server responds with the assigned IP address of “129.6.13.23.” – My PC then requests to display data from IP address 129.6.13.23, the computer on the Internet that hosts the nist.gov Web site.
• Registering domain names – A person or an organization can register a domain name as long as it is not already registered. – Domain names are registered with the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit organization responsible for Internet address assignment and domain name server management. – Information required to register a domain name includes name, address, phone number, billing information, e-mail address, and technical and administrative contact information. – In addition to this information, the date that a domain was registered may be available from the registrar. – Although this information may provide investigative leads, the investigator should be aware that the information originates from the person registering the domain name and may be fictitious.
• Domain Name Extensions – .aero (restricted to certain members of the global aviation community), sponsored by Societe Internationale de Telecommunications Aeronautiques SC (SITA). – .biz (restricted to businesses), operated by NeuLevel. – .com, operated by Verisign Global Registry Services. – .coop (restricted to cooperatives), sponsored by Dot Cooperation LLC. – .info, operated by Afilias Limited. – .museum (restricted to museums and related persons), sponsored by the Museum Domain Management Association (MuseDoma). – .name (restricted to individuals), operated by Global Name Registry. – .net, operated by Verisign Global Registry Services. – .org, operated by Public Interest Registry. – .pro (restricted to licensed professionals), operated by RegistryPro. – Registrar contact information and descriptions are available at http://www.icann.org/registrars/accreditation-qualified-list.html
• Spoofing, Masking or Redirecting – Advanced methods of obscuring actions on the Internet include hiding the IP address, pretending to be someone else, and sending traffic through another IP address. – These methods are commonly referred to as masking, spoofing, and redirecting. – Advanced training is required to investigate or identify when these actions have taken place. – Therefore, even after completing legal process, traditional investigative methods may still be necessary to identify the end user. – In some cases, masking, spoofing, or redirecting may prevent the identification of the user.
Tracing a Domain Name • Scenario – A citizen makes a claim that while surfing the Internet, he came across a Web site that he believes should be looked at by law enforcement. The citizen provides the Web site name of www.nist.gov
• Step 1: Resolve Domain Name – The first step is to resolve the domain name of www.nist.gov to an IP address. – Many commercial software tools are available to assist an investigator in resolving domain names into IP addresses. – In addition, many publicly available Web sites will resolve domain names. – Some of the more commonly used Web sites include the following: • www.network-tools.com • www.samspade.org • www.geektools.com • www.dnsstuff.com
– The features and level of detail available from the above sites may differ. – The common utilities on these Web sites include the following: – Investigators should be aware that inquiries made on these sites might be monitored and recorded. – It is important to conduct sensitive inquiries from a computer that is not traceable back to the investigating agency.
• Step 2. Determine and record domain name registration – The next step is to determine and record the domain name registration information. – The following online resources can be used to obtain registration information: • www.network-tools.com • www.samspade.org • www.geektools.com • www.apnic.net (Asia) • www.checkdomain.com • www.lacnic.net • www.ripe.net (Europe) • www.whois.com • www.dnsstuff.com
– The registration information for www.nist.gov and has resolved it to the IP address 129.6.13.45. – The typical information provided includes— • Registered owner’s name and address. • Billing information. • Administrative contact. • Range of IP addresses associated with the domain. • Technical contact information. – The listed contacts may provide additional information about the specific computer being sought, including its location and the person designated to receive legal process. – Note: The same process can be used to resolve an IP address to a domain name to obtain contact information.
– Where’s the evidence? • Information can be found in numerous locations, including— – User’s computer. – ISP for the user. – ISP for a victim and/or suspect. – Log files contained on the victim’s and/or suspect’s— » Routers. » Firewalls. » Web servers. » E-mail servers. » Other connected devices. • See figure for a graphic representation of the information flow. • Given an IP address and a date and time (including the time zone), most ISPs can identify the registered user assigned to the IP address at the specific time, enabling the investigator to request additional information. • However, the investigator may need to use traditional investigative methods to identify the person using the account at that time.
• Step 3. Provide legal service of process – The third step is to determine the appropriate parties to contact and/or serve legal process, depending on the facts of the investigation. – Warrants, court orders, or subpoenas are typically required to release exact end user information to law enforcement. – Many of these requirements are governed by the Electronic Communications Privacy Act (ECPA) and other applicable Federal and State laws. – A preservation letter may assist in preserving information until proper legal requirements can be met. – These requests should specify the IP address and the date and time, including the time zone.
• Information that may be obtained from the ISP includes— –Subscriber information such as the registered owner, address, and payment method. –Transactional information such as connection times, dates and IP addresses used. –Content such as e-mail messages, data files, and stored programs.
• Sample language When drafting legal process, the following sample language may be useful. However, the ISP may require other specific language. – ISP account information – E-mail address information – IP address information – Domain name information – Web page information – Telnet session providers – Point of Presence (POP) information – Outgoing telephone records
Tracing an IP address • Tracing an IP address is easier than tracing an domain name. • Because here we have to directly trace an IP without finding out as in tracing domain name. • There are many websites which gives us the details of IP address location. • But the website doesn’t give the real location as we desire to get. • It gives the location of the server on which it is located. • After that, through legal services we have to mail to the server administrator the IP address and the date and time at which the crime was done to get accurate location of the place from which the crime was done.
• 1. Tracing an IP address: – www.domaintools.com – www.who.is – www.whatismyipaddress.com – www.allwhois.com – www.networksolutions.com – www.internic.com – www.net4domains.com • 2. NS LOOKUP: – The IP address of the website: – Open command prompt and type - – nslookup site.com where site is the site which you want to lookup.
• 3. Reverse IP mapping: – By this technique, we can know which websites are hosted on the same server. – So if one IP address location is not obtained then we can find it by locating another ones if possible. – http://www.yougetsignal.com/tools/web-sites-on- web-server/ – www.domainsbyip.com – http://domaintz.com/tools/reverse-ip/ • 4. Trace Route: – Trace route between your computer and remote computer. • Visual Route – www.visualroute.com
• 5. Search Engines – www.kartoo.com – Maltego – www.paterva.org – HTTRACK – Website copier - http://www.httrack.com/ – GSA E-mail spider - http://email.spider.gsa- online.de/
Summary • All communications on the Internet and across networks rely on an IP address to reach their destination. • The key to investigating crimes relating to the Internet and networks is to identify the originating IP address and trace it to a source. • These skills enable an investigator to locate additional sources of evidence, corroborate victim and witness statements, and potentially locate a suspect.
Tracing An IP Address or Domain Name by Raghu Khimani

Recommandé

IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And EthicsMadhushree Shettigar
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And DecryptionNA
 
Cryptography
CryptographyCryptography
CryptographySidharth Mohapatra
 

Recommandé

IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And EthicsMadhushree Shettigar
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And DecryptionNA
 
Cryptography
CryptographyCryptography
CryptographySidharth Mohapatra
 
Ip address
Ip addressIp address
Ip addressRobin Sedeqi
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
TCP/IP Network ppt
TCP/IP Network pptTCP/IP Network ppt
TCP/IP Network pptextraganesh
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed systemSunita Sahu
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityshraddha mane
 
Cyber Obscenity
Cyber ObscenityCyber Obscenity
Cyber Obscenitysneha164
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigationProf. (Dr.) Tabrez Ahmad
 
Key mechanism of mobile ip
Key mechanism of mobile ip Key mechanism of mobile ip
Key mechanism of mobile ip priya Nithya
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificateNetGains Technologies Pvt. Ltd.
 
IEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesIEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesSayed Chhattan Shah
 
TCP protocol flow control
TCP protocol flow control TCP protocol flow control
TCP protocol flow control anuragjagetiya
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar pptSmriti Rastogi
 
Hacking vs cracking
Hacking vs crackingHacking vs cracking
Hacking vs crackingNaren Naren
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeDhrumil Panchal
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxkumari36
 
Cryptography
CryptographyCryptography
CryptographyRutuja Solkar
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 
Network addresses.pptx
Network addresses.pptxNetwork addresses.pptx
Network addresses.pptxCherryLim21
 
Computer network lab note 2
Computer network lab note 2Computer network lab note 2
Computer network lab note 2MDHASNAIN23
 

Contenu connexe

Tendances

TCP/IP Network ppt
TCP/IP Network pptTCP/IP Network ppt
TCP/IP Network pptextraganesh
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed systemSunita Sahu
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityshraddha mane
 
Cyber Obscenity
Cyber ObscenityCyber Obscenity
Cyber Obscenitysneha164
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Key mechanism of mobile ip
Key mechanism of mobile ip Key mechanism of mobile ip
Key mechanism of mobile ip priya Nithya
 
IEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesIEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesSayed Chhattan Shah
 
TCP protocol flow control
TCP protocol flow control TCP protocol flow control
TCP protocol flow control anuragjagetiya
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar pptSmriti Rastogi
 
Hacking vs cracking
Hacking vs crackingHacking vs cracking
Hacking vs crackingNaren Naren
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeDhrumil Panchal
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxkumari36
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 

Tendances (20)

Ip address
Ip addressIp address
Ip address
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
TCP/IP Network ppt
TCP/IP Network pptTCP/IP Network ppt
TCP/IP Network ppt
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Cyber Obscenity
Cyber ObscenityCyber Obscenity
Cyber Obscenity
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
Key mechanism of mobile ip
Key mechanism of mobile ip Key mechanism of mobile ip
Key mechanism of mobile ip
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificate
 
IEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and ServicesIEEE 802.11 Architecture and Services
IEEE 802.11 Architecture and Services
 
TCP protocol flow control
TCP protocol flow control TCP protocol flow control
TCP protocol flow control
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar ppt
 
Hacking vs cracking
Hacking vs crackingHacking vs cracking
Hacking vs cracking
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer Crime
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docx
 
Cryptography
CryptographyCryptography
Cryptography
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
 
IP Security
IP SecurityIP Security
IP Security
 

Similaire à Tracing An IP Address or Domain Name by Raghu Khimani

Network addresses.pptx
Network addresses.pptxNetwork addresses.pptx
Network addresses.pptxCherryLim21
 
Computer network lab note 2
Computer network lab note 2Computer network lab note 2
Computer network lab note 2MDHASNAIN23
 
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptxDHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptxMUHAMMADATTAURREHMAN7
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjAmitDeshai
 
Computer network coe351- part3-final
Computer network coe351- part3-finalComputer network coe351- part3-final
Computer network coe351- part3-finalTaymoor Nazmy
 
2 networking
2 networking2 networking
2 networkingLen Bass
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For CybersecurityMohammed Adam
 
Network - Lecture B
Network - Lecture BNetwork - Lecture B
Network - Lecture BCMDLearning
 
Introduction internet appli
Introduction internet appliIntroduction internet appli
Introduction internet appliTheon Jum
 
Introduction to Network Devices & Addressing Schemes
Introduction to Network Devices & Addressing SchemesIntroduction to Network Devices & Addressing Schemes
Introduction to Network Devices & Addressing SchemesMuhammadRizaHilmi
 

Similaire à Tracing An IP Address or Domain Name by Raghu Khimani (20)

Network addresses.pptx
Network addresses.pptxNetwork addresses.pptx
Network addresses.pptx
 
Computer network lab note 2
Computer network lab note 2Computer network lab note 2
Computer network lab note 2
 
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptxDHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
DHCP DNS P1 DHCP & Wireless Communication Methods Unicasting.pptx
 
Unit III
Unit IIIUnit III
Unit III
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhj
 
ISP AND ITS ARCHITECTURE.
ISP AND ITS ARCHITECTURE.ISP AND ITS ARCHITECTURE.
ISP AND ITS ARCHITECTURE.
 
Internet
InternetInternet
Internet
 
IP Layer.pptx
IP Layer.pptxIP Layer.pptx
IP Layer.pptx
 
Internet
InternetInternet
Internet
 
Nat cisco
Nat ciscoNat cisco
Nat cisco
 
Internet
InternetInternet
Internet
 
Computer network coe351- part3-final
Computer network coe351- part3-finalComputer network coe351- part3-final
Computer network coe351- part3-final
 
Web identity part1
Web identity part1Web identity part1
Web identity part1
 
2 networking
2 networking2 networking
2 networking
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Class note 4
Class note 4Class note 4
Class note 4
 
Network - Lecture B
Network - Lecture BNetwork - Lecture B
Network - Lecture B
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
 
Introduction internet appli
Introduction internet appliIntroduction internet appli
Introduction internet appli
 
Introduction to Network Devices & Addressing Schemes
Introduction to Network Devices & Addressing SchemesIntroduction to Network Devices & Addressing Schemes
Introduction to Network Devices & Addressing Schemes
 

Plus de Dr Raghu Khimani

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Guideline for Call Data Record Analysis by Raghu Khimani
Guideline for Call Data Record Analysis by Raghu KhimaniGuideline for Call Data Record Analysis by Raghu Khimani
Guideline for Call Data Record Analysis by Raghu KhimaniDr Raghu Khimani
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniDr Raghu Khimani
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
Introduction to Toxicology and Forensic Toxilogical Examination and it's sign...
Introduction to Toxicology and Forensic Toxilogical Examination and it's sign...Introduction to Toxicology and Forensic Toxilogical Examination and it's sign...
Introduction to Toxicology and Forensic Toxilogical Examination and it's sign...Dr Raghu Khimani
 
Narcotic Drugs & Psychotropic Subtances
Narcotic Drugs & Psychotropic SubtancesNarcotic Drugs & Psychotropic Subtances
Narcotic Drugs & Psychotropic SubtancesDr Raghu Khimani
 
Analysis of illicit liquor including methyl & ethyl alcohol
Analysis of illicit liquor including methyl & ethyl alcoholAnalysis of illicit liquor including methyl & ethyl alcohol
Analysis of illicit liquor including methyl & ethyl alcoholDr Raghu Khimani
 
Examination of chemicals in trap cases
Examination of chemicals in trap casesExamination of chemicals in trap cases
Examination of chemicals in trap casesDr Raghu Khimani
 

Plus de Dr Raghu Khimani (14)

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
 
Guideline for Call Data Record Analysis by Raghu Khimani
Guideline for Call Data Record Analysis by Raghu KhimaniGuideline for Call Data Record Analysis by Raghu Khimani
Guideline for Call Data Record Analysis by Raghu Khimani
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
 
Social Media Awareness
Social Media AwarenessSocial Media Awareness
Social Media Awareness
 
Precursor chemicals
Precursor chemicalsPrecursor chemicals
Precursor chemicals
 
Poisons
PoisonsPoisons
Poisons
 
Introduction to Toxicology and Forensic Toxilogical Examination and it's sign...
Introduction to Toxicology and Forensic Toxilogical Examination and it's sign...Introduction to Toxicology and Forensic Toxilogical Examination and it's sign...
Introduction to Toxicology and Forensic Toxilogical Examination and it's sign...
 
Narcotic Drugs & Psychotropic Subtances
Narcotic Drugs & Psychotropic SubtancesNarcotic Drugs & Psychotropic Subtances
Narcotic Drugs & Psychotropic Subtances
 
Analysis of illicit liquor including methyl & ethyl alcohol
Analysis of illicit liquor including methyl & ethyl alcoholAnalysis of illicit liquor including methyl & ethyl alcohol
Analysis of illicit liquor including methyl & ethyl alcohol
 
Examination of chemicals in trap cases
Examination of chemicals in trap casesExamination of chemicals in trap cases
Examination of chemicals in trap cases
 
Analysis of jaggery
Analysis of jaggeryAnalysis of jaggery
Analysis of jaggery
 

Dernier

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Dernier (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Tracing An IP Address or Domain Name by Raghu Khimani

  • 1.
  • 2. Tracing an IP address or Domain Name • By: • Raghu Khimani, • Cyber Crime Expert / Advisor • Contact: raghukhimani2007@gmail.com
  • 3. Contents Basic Terms Tracing a domain name Tracing an IP address Summary
  • 4. Basic Terms Internet Protocol Address • Private IP address • Static & Dynamic IP addresses • Local & External IP addresses ISP (Internet Service Providers) Packet Network Devices and Services Domain Name System Servers (DNS Servers) Registering Domain Names Domain Name Extensions Spoofing, Masking and Redirecting
  • 5. Basic Terms • Internet Protocol Address: – The Internet protocol suite is the set of communication protocols used for the Internet and other similar networks. – It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP), which were the first networking protocols defined in this standard. – Every device involved in communicating on the Internet requires an IP address. – IPv4 address is a 32 bit number. – The 4 bytes in the 32-bit value are transmitted in the order: bits 1-8 first, then bits 9-16, then 17-24, and bits 25-32 last. This is called big endian byte ordering, which is the byte ordering required for all binary integers in the TCP/IP headers as they traverse a network. This is called the network byte order. – IPv4 version of IP is available since 1980.
  • 6. – An IP address is a series of four numbers ranging from 0 to 255, separated by periods. – i.e. 0.0.0.0 to 255.255.255.255 – The address identifies the specific network and device. – An example of an IP address is: • 129.6.13.23 – A common analogy is to compare an IP address to an apartment address.
  • 9.
  • 10. – The IP address does not denote a physical location of the device at the time it is connected to the Internet. – IP addressing uses four decimal-separated numbers, which allows for a total of 2554 or 4,22,82,50,625 unique addresses. – This addressing scheme is being expanded to accommodate additional Internet usage. – Regardless of the addressing scheme used, the method of tracing the IP address will likely remain the same. – But good news is that, IPv6 version has came which is 128 bit number. So now there is no shortage of IP addresses. Means there will be unlimited IP addresses. – The most obvious improvement in IPv6 over IPv4 is that IP addresses are lengthened from 32 bits to 128 bits. – IPv6 uses a 128-bit address, theoretically allowing 2128, or approximately 3.4×1038 addresses.
  • 11. • Private IP address: – Three groups of IP addresses are specifically reserved for use by any private network and are not seen on the public Internet. – Information for these IP addresses comes from the owner of the network. – The ranges are: • 10.0.0.0 to 10.255.255.255 • 172.16.0.0 to 172.31.255.255 • 192.168.0.0 to 192.168.255.255
  • 12. • Static and Dynamic IP addresses – “Static” IP addresses are permanently assigned to devices configured to always have the same IP address. – A person, business, or organization maintaining a constant Internet presence, such as a Web site, generally requires a static IP address. – “Dynamic” IP addresses are temporarily assigned from a pool of available addresses registered to an ISP. – These addresses are assigned to a device when a user begins an online session. – As a result, a device’s IP address may vary from one logon session to the next.
  • 13. • Static IP: – 10 – 12 hours : 122.0.0.1 – 2 – 4 hours : 122.0.0.1 – 4 – 6 hours : 122.0.0.1 • Dynamic IP: – 10 – 12 hours : 122.0.0.1 – 2 – 4 hours : 122.0.0.100 – 4 – 6 hours : 122.0.0.50
  • 14. – Note: – The date and time an IP address was assigned must be determined to tie it to a specific device or user account. – The ISP may maintain historical log files relating these dynamically assigned IP addresses back to a particular subscriber or user at a particular time.
  • 15. • Local and External IP addresses – Local IP address is the IP address of the computer that is not provided by ISP but it is generated or provided by the LAN network. – It is like IP of the Child PC of the Parent PC. – You can know your own LOCAL IP by typing “ipconfig” without inverted coma in Command Prompt. – External IP is the IP provided by the ISP to the main server. – It is the IP of the Parent PC. – It can be known by opening a website: • www.whatismyip.com
  • 16. • Internet Service Providers (ISPs) – Internet Service Providers (ISPs) may be commercial vendors or organizations, such as a business or government entity. – They may reserve blocks of IP addresses that can be assigned to its users. – ISPs may log the date, time, account user information, and ANI (Automatic Number Identification) or caller line identification at the time of connection. – If logs are kept, they may be kept for a limited time depending on the established policy of the ISP. – Currently, no general legal requirement exists for log preservation; therefore, some ISPs do not store logs. – i.e. Airtel is given the range of IP addresses is • 122.0.0.1 to 122.255.255.255
  • 17. • Packet – Data sent over the Internet are divided into packets that are routed through the Internet and reassembled at the destination. – When information such as files, e-mail messages, Hyper Text Markup Language (HTML) documents, or Web pages are sent from one place to another on a network, the network operating system divides the information into chunks of an efficient size for routing. – Each of these packets includes the address of the destination. – The individual packets for the information being routed may travel different routes through a network. – When they have all arrived, they are reassembled into the original file.
  • 18. • Network devices and services – Network devices and services include routers, Network Address Translation (NAT), firewalls, proxy servers/gateways, and Dynamic Host Configuration Protocol (DHCP). – By design, these devices and services may or may not have a logging feature that captures source and destination IP information, login user name, and date and time of logins. – Some or all of these network devices and services may alter or mask the true source or destination IP address. – It may be necessary to work with the network adminis- trator to determine the true source or destination IP address.
  • 19. • Domain Name System servers – Domain Name System (DNS) servers are the “phonebooks” of the Internet. – They maintain directories that match IP addresses with registered domains and resolve the text that people understand (the domain name) into a format that devices understand (the IP address). – In figure, My PC sends the request for the location of www.nist.gov – The DNS server responds with the assigned IP address of “129.6.13.23.” – My PC then requests to display data from IP address 129.6.13.23, the computer on the Internet that hosts the nist.gov Web site.
  • 20.
  • 21. • Registering domain names – A person or an organization can register a domain name as long as it is not already registered. – Domain names are registered with the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit organization responsible for Internet address assignment and domain name server management. – Information required to register a domain name includes name, address, phone number, billing information, e-mail address, and technical and administrative contact information. – In addition to this information, the date that a domain was registered may be available from the registrar. – Although this information may provide investigative leads, the investigator should be aware that the information originates from the person registering the domain name and may be fictitious.
  • 22. • Domain Name Extensions – .aero (restricted to certain members of the global aviation community), sponsored by Societe Internationale de Telecommunications Aeronautiques SC (SITA). – .biz (restricted to businesses), operated by NeuLevel. – .com, operated by Verisign Global Registry Services. – .coop (restricted to cooperatives), sponsored by Dot Cooperation LLC. – .info, operated by Afilias Limited. – .museum (restricted to museums and related persons), sponsored by the Museum Domain Management Association (MuseDoma). – .name (restricted to individuals), operated by Global Name Registry. – .net, operated by Verisign Global Registry Services. – .org, operated by Public Interest Registry. – .pro (restricted to licensed professionals), operated by RegistryPro. – Registrar contact information and descriptions are available at http://www.icann.org/registrars/accreditation-qualified-list.html
  • 23. • Spoofing, Masking or Redirecting – Advanced methods of obscuring actions on the Internet include hiding the IP address, pretending to be someone else, and sending traffic through another IP address. – These methods are commonly referred to as masking, spoofing, and redirecting. – Advanced training is required to investigate or identify when these actions have taken place. – Therefore, even after completing legal process, traditional investigative methods may still be necessary to identify the end user. – In some cases, masking, spoofing, or redirecting may prevent the identification of the user.
  • 24. Tracing a Domain Name • Scenario – A citizen makes a claim that while surfing the Internet, he came across a Web site that he believes should be looked at by law enforcement. The citizen provides the Web site name of www.nist.gov
  • 25. • Step 1: Resolve Domain Name – The first step is to resolve the domain name of www.nist.gov to an IP address. – Many commercial software tools are available to assist an investigator in resolving domain names into IP addresses. – In addition, many publicly available Web sites will resolve domain names. – Some of the more commonly used Web sites include the following: • www.network-tools.com • www.samspade.org • www.geektools.com • www.dnsstuff.com
  • 26. – The features and level of detail available from the above sites may differ. – The common utilities on these Web sites include the following: – Investigators should be aware that inquiries made on these sites might be monitored and recorded. – It is important to conduct sensitive inquiries from a computer that is not traceable back to the investigating agency.
  • 27. • Step 2. Determine and record domain name registration – The next step is to determine and record the domain name registration information. – The following online resources can be used to obtain registration information: • www.network-tools.com • www.samspade.org • www.geektools.com • www.apnic.net (Asia) • www.checkdomain.com • www.lacnic.net • www.ripe.net (Europe) • www.whois.com • www.dnsstuff.com
  • 28. – The registration information for www.nist.gov and has resolved it to the IP address 129.6.13.45. – The typical information provided includes— • Registered owner’s name and address. • Billing information. • Administrative contact. • Range of IP addresses associated with the domain. • Technical contact information. – The listed contacts may provide additional information about the specific computer being sought, including its location and the person designated to receive legal process. – Note: The same process can be used to resolve an IP address to a domain name to obtain contact information.
  • 29. – Where’s the evidence? • Information can be found in numerous locations, including— – User’s computer. – ISP for the user. – ISP for a victim and/or suspect. – Log files contained on the victim’s and/or suspect’s— » Routers. » Firewalls. » Web servers. » E-mail servers. » Other connected devices. • See figure for a graphic representation of the information flow. • Given an IP address and a date and time (including the time zone), most ISPs can identify the registered user assigned to the IP address at the specific time, enabling the investigator to request additional information. • However, the investigator may need to use traditional investigative methods to identify the person using the account at that time.
  • 30.
  • 31. • Step 3. Provide legal service of process – The third step is to determine the appropriate parties to contact and/or serve legal process, depending on the facts of the investigation. – Warrants, court orders, or subpoenas are typically required to release exact end user information to law enforcement. – Many of these requirements are governed by the Electronic Communications Privacy Act (ECPA) and other applicable Federal and State laws. – A preservation letter may assist in preserving information until proper legal requirements can be met. – These requests should specify the IP address and the date and time, including the time zone.
  • 32. • Information that may be obtained from the ISP includes— –Subscriber information such as the registered owner, address, and payment method. –Transactional information such as connection times, dates and IP addresses used. –Content such as e-mail messages, data files, and stored programs.
  • 33. • Sample language When drafting legal process, the following sample language may be useful. However, the ISP may require other specific language. – ISP account information – E-mail address information – IP address information – Domain name information – Web page information – Telnet session providers – Point of Presence (POP) information – Outgoing telephone records
  • 34. Tracing an IP address • Tracing an IP address is easier than tracing an domain name. • Because here we have to directly trace an IP without finding out as in tracing domain name. • There are many websites which gives us the details of IP address location. • But the website doesn’t give the real location as we desire to get. • It gives the location of the server on which it is located. • After that, through legal services we have to mail to the server administrator the IP address and the date and time at which the crime was done to get accurate location of the place from which the crime was done.
  • 35. • 1. Tracing an IP address: – www.domaintools.com – www.who.is – www.whatismyipaddress.com – www.allwhois.com – www.networksolutions.com – www.internic.com – www.net4domains.com • 2. NS LOOKUP: – The IP address of the website: – Open command prompt and type - – nslookup site.com where site is the site which you want to lookup.
  • 36. • 3. Reverse IP mapping: – By this technique, we can know which websites are hosted on the same server. – So if one IP address location is not obtained then we can find it by locating another ones if possible. – http://www.yougetsignal.com/tools/web-sites-on- web-server/ – www.domainsbyip.com – http://domaintz.com/tools/reverse-ip/ • 4. Trace Route: – Trace route between your computer and remote computer. • Visual Route – www.visualroute.com
  • 37. • 5. Search Engines – www.kartoo.com – Maltego – www.paterva.org – HTTRACK – Website copier - http://www.httrack.com/ – GSA E-mail spider - http://email.spider.gsa- online.de/
  • 38. Summary • All communications on the Internet and across networks rely on an IP address to reach their destination. • The key to investigating crimes relating to the Internet and networks is to identify the originating IP address and trace it to a source. • These skills enable an investigator to locate additional sources of evidence, corroborate victim and witness statements, and potentially locate a suspect.