Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: kevinlai78
New Today: 0
New Yesterday: 3
Overall: 29718

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 With the drizzle, a round of crescent
 the sunset kisses the Western Hills
 eSoftTools Excel Password Unlocker
 Ceiling suppliers
 Red Raspberry Extract Wholesale

Computer Forensics World Forums


Pages Served
We received
62192244
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - How would you solve this case?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How would you solve this case?

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues
View previous topic :: View next topic  
Author Message
Justiceseeker
Newbie
Newbie


Joined: Oct 24, 2010
Posts: 4

PostPosted: Mon Oct 25, 2010 7:55 am    Post subject: How would you solve this case? Reply with quote

Suspect hacked into the victim's (a minor) facebook account and posted defamatory comments about her.

Suspect also hacked into victims personal email. Then changed the password AND the email address assigned to the facebook account.

The new email address assigned to the facebook account is a gmail account through google.

The suspect also accessed the victims facebook account via an Apple I phone.

With a subpoena, what info can Facebook provide.

With a subpoena, can Google id the location of the computer terminal assigned to the gmail address.

This is an ongoing criminal investigation in Texas.
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon Oct 25, 2010 8:37 am    Post subject: Reply with quote

You can get LE requirements for search warrants and subpoenas directly from the Facebook and Google legal departments. There are some "leaked" copies of the documents on cryptome.org.
Back to top
View user's profile
Justiceseeker
Newbie
Newbie


Joined: Oct 24, 2010
Posts: 4

PostPosted: Mon Oct 25, 2010 8:40 am    Post subject: Reply with quote

Can Facebook identify the suspect? How about google?
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon Oct 25, 2010 10:16 am    Post subject: Reply with quote

Justiceseeker wrote:
Can Facebook identify the suspect? How about google?
Did you read the docs on cryptome or send a request from your agency for the official documents? They spell out exactly what can and cannot be provided.
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Mon Oct 25, 2010 10:50 am    Post subject: Reply with quote

None of the companies will be able to "identify the suspect". The information they provide to LE will assist in the investigation. There would be nothing in any of the records for any of the companies that will say "John Doe" did it. There will be IP addresses and such that will need to be further investigated. From the sounds of it, the police are already investigating, so let them do it.

Note: I removed the cross post.
Back to top
View user's profile
4n6art
Newbie
Newbie


Joined: Jun 28, 2008
Posts: 67

PostPosted: Mon Oct 25, 2010 5:29 pm    Post subject: Reply with quote

Are you law enforcement or working on behalf on the Defendant. If you are LE, your subpoena power will get you more information from those companies than if you are not. However, like others have said on this post - you will not get the "smoking gun" - you will get information to aid you in the investigation and you will have to do more legwork and put the pieces together.

Having said that....

- How do you know that the suspect *hacked* into the victim's account? Have you considered the possibility that victim left her account logged in, on a computer that the suspect had access to - which led to the FB comments?

- Same as above for the email account. If this was a webmail (yahoo, hotmail, gmail etc) account, it is possible that victim was already logged in based on cookies and that there really was no "hacking" per se

If you are LE and have a suspect, why not get a warrant for suspect's computer (assuming you have enough PC) and search for evidence of that new email address or internet cache of the facebook pages or the email account.

Good luck!
-=A=-
Back to top
View user's profile
rgman
Newbie
Newbie


Joined: Oct 24, 2010
Posts: 1

PostPosted: Mon Oct 25, 2010 7:26 pm    Post subject: Reply with quote

Both Google and Facebook have information on which ip addresses accessed these accounts and sometimes from their sever logs they can retrieve information such as screen resolution, browser, operating system of the suspect provided that the suspect's browser did not hide that information. From the ip address information, the internet provider of the ip address knows which of their clients was given the specific address during the specified period of time. If the ip address does not belong to a public access network such as a free wifi hotspot or a internet-cafe, the internet provider can even reveal the suspect's personal information such as home address, phone number, name etc. But if the suspect has taken a few precautions then it would be almost impossible to track him.

Also, you said that "The suspect also accessed the victims facebook account via an Apple I phone. " If the iphone was not connected to facebook using a public access network but insted connected with 3G or another "subscription-based" service, the telephony/internet provider can reveal to you who exactly was the suspect.

But all of these information will not be given just to anyone.
Back to top
View user's profile
Justiceseeker
Newbie
Newbie


Joined: Oct 24, 2010
Posts: 4

PostPosted: Mon Oct 25, 2010 11:11 pm    Post subject: Reply with quote

Thanks. I am not law enforcement but the victims father. We have the local PD envolved but I am concerned that they do not have the expertise in this area. The local DA cyber-forensics investigator is now assisting the case as well so I feel much more confident.

We do have subpoena's so I am hoping with those, we can get the info we need to id the suspect.

Thank you all for you help.
Back to top
View user's profile
4n6art
Newbie
Newbie


Joined: Jun 28, 2008
Posts: 67

PostPosted: Tue Oct 26, 2010 6:26 am    Post subject: Reply with quote

Ah ok.... I see where you are coming from.

If the local PD lacks the knowledge or experience, they will (like they have) get help from their State counterparts generally. Most Agencies do not take it lightly when a minor is involved.

I know it is tough to feel helpless esp as the Father of the victim, but let them handle it. Bear in mind that work like this does take a while to put all the pieces in place.

Good luck to you!
-=Art=-
Back to top
View user's profile
Justiceseeker
Newbie
Newbie


Joined: Oct 24, 2010
Posts: 4

PostPosted: Wed Nov 17, 2010 5:05 am    Post subject: Update Reply with quote

Well gmail,facebook and ATT all responded to the subpoena's. It looks like the suspect used some sort of proxy server or anonymyzer to access the facebook account.

The facebook activity log shows 26 pages of IP's that accesses the account. Many from all over the country.

Google is showing a public school as the IP address in which the gmail account was created.

ATT is saying the IP address of the phone can't be traced.

This appears to be the end of the line.

Any suggestions?
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.