Yesterday a friend of mine Kirby came to me with a smartphone and she wanted me to do her a favor. She showed me some contacts in an app called "LINE". She wanted to know "who" and "where". She had conducted mobile forensics on suspect's phone and decide to focus on certain contacts. But usually the nickname is not the real name so she does not know what to do next.

It's a very interesting question. It occurs to me that we could "make friends" with those contacts. Don't get me wrong it's not social engineering. I'd like to show her a quick and easier way to get the answer she needs.

Let's take our phones for example. Now I am the forensic guy and Kirby is the suspect. I add Kirby on LINE and start to chat with her and make some calls. As you could see Kirby's LINE is as below.

Of course I'm not just chating with her. I start to capture packets from my phone at the same time as below. Guess what? I'm try to figure out what's the ip assigned to her phone during our conversations.

Don't forget to filter out the connection of system services or built-in apps. So you could narrow down the scope of ip you look for. Now I focus on this ip as selected.

I want Kirby to tell me what's the public ip assigned to her phone. She shows me what she got and the result matches the ip I found.

Once the ip is found and investigator could ask ISP to provide the correspond user information. Usually the ip assigned to user's phone is dynamic so don't forget to tell me the date/time you found this ip. Now you could know who he/she is and their locations.

Maybe some will ask me what about other IM such as WeChat or FB? Yes Of course~ Follow the steps as above and you could find the ip no matter the IM is WeChat or LINE or FB.

随机推荐

  1. Ubuntu 配置docker镜像加速器

    1. 安装/升级Docker客户端 推荐安装1.10.0以上版本的Docker客户端,参考文档 docker-ce 2. 配置镜像加速器 针对Docker客户端版本大于 1.10.0 的用户 您可以通 ...

  2. 18 | 眼前一亮:带你玩转GUI自动化的测试报告

  3. Python 3网络爬虫开发实战》中文PDF+源代码+书籍软件包

    Python 3网络爬虫开发实战>中文PDF+源代码+书籍软件包 下载:正在上传请稍后... 本书书籍软件包为本人原创,在这个时间就是金钱的时代,有些软件下起来是很麻烦的,真的可以为你们节省很多 ...

  4. 每天学点node系列-fs文件系统

    好的代码像粥一样,都是用时间熬出来的. 概述 文件 I/O 是由简单封装的标准 POSIX 函数提供的. 通过 require('fs') 使用该模块. 所有文件系统操作都具有同步和异步的形式. 异步 ...

  5. 并发编程-concurrent指南-Lock

    既然都可以通过synchronized来实现同步访问了,那么为什么还需要提供Lock?这个问题将在下面进行阐述.本文先从synchronized的缺陷讲起,然后再讲述java.util.concurr ...

  6. hihoCoder 1308:搜索二·骑士问题(BFS预处理)

    题目链接 题意 中文题意. 思路 对于每一个骑士,可以先预处理出到达地图上某个点的需要走的步数,然后最后暴力枚举地图上每一个点,让三个骑士走过的距离之和最小即可. #include <bits/ ...

  7. GStreamer基础教程04 - 动态连接Pipeline

    摘要 在以前的文章中,我们了解到了2种播放文件的方式:一种是在知道了文件的类型及编码方式后,手动创建所需Element并构造Pipeline:另一种是直接使用playbin,由playbin内部动态创 ...

  8. centos7 添加用户,组

    centos7添加用户,组. groupadd projectUsers //添加组,组名projectUser. cat /etc/group //查看最后一行是projectUser. 添加用户并 ...

  9. 利用stub技术进行单元测试

    待测试类:WebClient: import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConne ...

  10. Flutter学习笔记(8)--Dart面向对象

    如需转载,请注明出处:Flutter学习笔记(7)--Dart异常处理 Dart作为高级语言,支持面向对象的很多特性,并且支持基于mixin的继承方式,基于mixin的继承方式是指:一个类可以继承自多 ...