Find out "Who" and "Where"
Yesterday a friend of mine Kirby came to me with a smartphone and she wanted me to do her a favor. She showed me some contacts in an app called "LINE". She wanted to know "who" and "where". She had conducted mobile forensics on suspect's phone and decide to focus on certain contacts. But usually the nickname is not the real name so she does not know what to do next.
It's a very interesting question. It occurs to me that we could "make friends" with those contacts. Don't get me wrong it's not social engineering. I'd like to show her a quick and easier way to get the answer she needs.
Let's take our phones for example. Now I am the forensic guy and Kirby is the suspect. I add Kirby on LINE and start to chat with her and make some calls. As you could see Kirby's LINE is as below.
Of course I'm not just chating with her. I start to capture packets from my phone at the same time as below. Guess what? I'm try to figure out what's the ip assigned to her phone during our conversations.
Don't forget to filter out the connection of system services or built-in apps. So you could narrow down the scope of ip you look for. Now I focus on this ip as selected.
I want Kirby to tell me what's the public ip assigned to her phone. She shows me what she got and the result matches the ip I found.
Once the ip is found and investigator could ask ISP to provide the correspond user information. Usually the ip assigned to user's phone is dynamic so don't forget to tell me the date/time you found this ip. Now you could know who he/she is and their locations.
Maybe some will ask me what about other IM such as WeChat or FB? Yes Of course~ Follow the steps as above and you could find the ip no matter the IM is WeChat or LINE or FB.
随机推荐
- Neo4j 爬坑笔记for3.2.6
官网语法,非常详尽:http://neo4j.com/docs/developer-manual/current/cypher/clauses/match/ A:请对应版本号,不同大版本可能会有很大区 ...
- centos7.3nginx启动命令
#!/bin/sh # chkconfig: 2345 80 90 # description: Start and Stop nginx #PATH=/usr/local/sbin:/usr/loc ...
- pybind11在Windows下的使用
Pybind11算是目前最方便的Python调用C++的工具了, 介绍一下在vs2019上写Python的扩展的HelloWorld 1. 去下载pybind11 https://github ...
- sort和sorted深入理解----引子:多维列表,如何实现第一个元素升序,第二个元素降序
一.列表内建方法--sort() 作用:就地对列表排序(直接在原列表上做排序) 语法: list.sort(func=None, key=None, reverse=False) 当reverse=F ...
- 图解AQS原理之ReentrantLock详解-非公平锁
概述 并发编程中,ReentrantLock的使用是比较多的,包括之前讲的LinkedBlockingQueue和ArrayBlockQueue的内部都是使用的ReentrantLock,谈到它又不能 ...
- Django前端HTML通过JS实现表格可编辑,动态添加行,回车完成新建文件夹
功能描述: 点击“新建文件夹”按钮,在table的末尾增加一行:单击页面的新增行,使单元格td变成可编辑状态:输入内容后,当单元格失去焦点时,保存输入的内容:回车后通过AJAX提交后台完成新建文件夹. ...
- Java集合对象比对
1. 场景描述 通过java代码从外围接口中获取数据并落地,已经存在的不落地,不存在的落地,因有部分字段变化是正常的,只需比对3个字段相同即为相同. 2. 解决方案 设置定时任务(三个标签完成spri ...
- ~~函数基础(三):嵌套函数&匿名函数~~
进击のpython 嵌套函数&匿名函数 讲完作用域之后 对变量的作用范围有大致的了解了吗? 讲个稍微小进阶的东西吧 能够帮助你更加的理解全局和局部变量 嵌套函数 玩过俄罗斯套娃不? 没玩过听过 ...
- 简易数据分析 06 | 如何导入别人已经写好的 Web Scraper 爬虫
这是简易数据分析系列的第 6 篇文章. 上两期我们学习了如何通过 Web Scraper 批量抓取豆瓣电影 TOP250 的数据,内容都太干了,今天我们说些轻松的,讲讲 Web Scraper 如何导 ...
- 说说WPF的依赖属性
首先,我们先来大概了解一下依赖属性 什么是依赖属性:依赖属性自己没有值,通过依赖别人(如Binding)来获得值. 依赖属性为什么会出现:控件常用字段有限,包装太多属性会占用过高内存,造成浪费.所以用 ...