HELP!!!


Carrie

New Member
Oct 25, 2006
6
0
#1
I know nothing about computer forensics, however, here is my problem. I think that a person, not related to me, but who had physical access to my computer has installed some sort of spyware and has been accessing all of my personal information for the last two years. I really want to see this person nailed, and it was pure chance that I finally figured out what was going on, through dumb luck and a hands free phone that actually recorded an IP address each time the person accessed my computer on the caller id of the phone (yes, am still using dial-up). I understand that in order to prosecute this person or stop them, that I will have to have some sort of analysis done on the hard drives of both of my computers, and how do I go about that? I'm not worried about any of the contents of my computers, but am anxious to see this person stopped, and frankly, want to go after them in civil court too, as this person is just an aquaintance. Any advice? Does anyone know if the police cyber crimes can prosecute this? Or is it so rampant that it's far down on their list?
Any help would be greatly apprecitated!
Carrie
 

AlanOne

New Member
Nov 18, 2005
701
0
#2
If you want someone to look into your situation, contact me off the board by sending me an e-mail with your city (closest major city is fine) and state and I can see if there is a certified computer examiner (CCE) in your area that might be able to assist you. Send an e-mail to "elcomputerguy at yahoo dot com" with that info. I cannot guarantee someone will take your case though...depends on the situation.

Tim, CCE
 
Oct 27, 2006
24
0
#3
If you think a crime was commited in this case I would report it to the police. The police should be able to conduct a forensic examination of your computer (or find someone who can) that will determine if there is evidence of this there. Don't expect to get the computer back for some time. If this were to go to court you want to make sure the computer and all the evidence is handled properly. The police are the ones who would have to do the investigation, take statements, and prepare the case for prosecution anyway if it were a criminal matter. There is a lot of follow-up investigation that could arise as well, such as the search of the suspects' computer(s) and media. These are things better left to the police if a crime has been committed. Not sure if a crime has been comitted in your jurisdiction? Call the police and find out!
 

AlanOne

New Member
Nov 18, 2005
701
0
#4
JobsInForensics said:
If you think a crime was commited in this case I would report it to the police. The police should be able to conduct a forensic examination of your computer (or find someone who can) that will determine if there is evidence of this there.
Unfortunately, the police will not get involved in a civil matter, nor will they merely begin an investigation without probable cause. A person calling the police and telling them they "think" something is wrong is not probable cause.

JobsInForensics said:
Don't expect to get the computer back for some time.
This is why a private forensic consulting firm can conduct a preliminary examination to legally determine if a crime was committed. We can provide a prelimiary answer in as little as 24 hours. We can legally conduct a forensically sound "preview" and determine if a crime was committed, thus establishing probable cause. If the examiner uses sound forensic methods and establishes a clear chain of custody, the evidence can be turned over to the proper authorities and they can continue from there. If the police do get in the loop, then I would agree that you will not see the computer for some time, but you'll at least have answers as to why.

Tim, CCE
 

Carrie

New Member
Oct 25, 2006
6
0
#5
This is a puzzle

<t>Tim<br/>
I wonder if because the hands free phone is recording the times and dates while I am on the computer (using dial-up), if there is anyway to contact or get the records of the "incoming calls" and match them up with the IP address? And if I am using dial-up, and can prove that this person is logging in to my computer, isn't that a Federal crime since it's using the phone as opposed to broadband or wireless? Wouldn't the phone company show where another computer, regardless of the fact that they might or probably are using a non-dial up service show the communication between the two computers? Any ideas on that?</t>
 
Oct 27, 2006
24
0
#6
In the U.S. the police can initiate an investigation on any information. Many investigations are started merely on anonymous tips. Probable cause is a level of suspicion needed for arrests, the issuance of search warrants, etc., not to initiate investigations.

In many cases, there might be evidence of a crime but the police might not be able to develop enough evidence prove it. That's because in criminal court charges must be proven beyond a reasonable doubt. Also, if the prosecutor does not feel they can win, many times they simply won't prosecute the case.

If the police believe your computer contains evidence of a crime, they will either take it with your consent or get a search warrant for it. In either case, it will be held as "best evidence" for some time until the matter is resolved because it is the original evidence. Many departments have forensic backloads that cause a long wait for examination.

In many instances, like at a business, the computers are "imaged" or forensically copied on site. This is usually because the warrant does not cover everything on the computer(s) and the business cannot be shut down. It's typical in white collar crimes.

If the issue is a civil matter where for example, you are wanting emails or artifacts to show your spouse has been having an affair, then that's different. The police won't come for that because it's not a criminal matter. That’s a matter for a private examiner.

If it's not a criminal issue and you still want the computer examined, then you have no choice but to hire someone to do it.

You can always hire someone privately to conduct an examination even if you think there is evidence of a crime there. But that would be analogous to calling a private investigator rather than police after somebody breaks into your house and steals your jewelry, etc.

Have you noticed anything happening on the computer? Has your identity been stolen? Is it someone who you had a relationship with in the past? What would be their motivation for doing this? These are just some questions the police should ask.

Let's assume a crime has been committed and you hire a consultant for a few hundred dollars to preview the computer and they find evidence of a crime. Then you report it to the police and they start an investigation. OK, so it's the same thing except now you have paid for the private exam first.

From your description I don't really understand how your caller ID is showing IP addresses. Your telephone caller ID displays IP addresses as well as phone numbers?

If you report it to the police and they decide it does not warrant an investigation you can still have the computer examined privately and have lost nothing. :wink:
 

AlanOne

New Member
Nov 18, 2005
701
0
#7
JobsInForensics said:
In the U.S. the police can initiate an investigation on any information. Many investigations are started merely on anonymous tips. Probable cause is a level of suspicion needed for arrests, the issuance of search warrants, etc., not to initiate investigations.
Absolutely....for serious crimes. However, anonymous tips that come in are for a serious crime already known and committed or something that would lead to a drug bust or child pornography. There would not be enough police in the country to cover every little time someone called in and reported a "crime". There is a line. In Carrie's case, the police will most likely not initiate an investigation until she can provide more concrete proof a crime against her was committed.
JobsInForensics said:
In many cases, there might be evidence of a crime but the police might not be able to develop enough evidence prove it. That's because in criminal court charges must be proven beyond a reasonable doubt. Also, if the prosecutor does not feel they can win, many times they simply won't prosecute the case.
Carrie has available to her civil remedies even if no actual crime is committed. A police officer will not investigate a civil dispute.
JobsInForensics said:
If the police believe your computer contains evidence of a crime, they will either take it with your consent or get a search warrant for it. In either case, it will be held as "best evidence" for some time until the matter is resolved because it is the original evidence. Many departments have forensic backloads that cause a long wait for examination.
Answers within a day or so, or several weeks...you would have to decide that one.

JobsInForensics said:
You can always hire someone privately to conduct an examination even if you think there is evidence of a crime there. But that would be analogous to calling a private investigator rather than police after somebody breaks into your house and steals your jewelry, etc.
I do not agree. A break-in displays physical "plain sight" evidence that would show probable cause and the police can act. One cannot simply look at a computer and tell if it was tampered with. A police officer or department will not participate in "fishing" expeditions to find evidence. It will have to be presented to them. The only way that is possible, is a private examination first.
JobsInForensics said:
Let's assume a crime has been committed and you hire a consultant for a few hundred dollars to preview the computer and they find evidence of a crime. Then you report it to the police and they start an investigation. OK, so it's the same thing except now you have paid for the private exam first.
She would now have the police's attention...no? You must show a substantial reason for the police to get involved. Documented findings by a private examination would provide such evidence. It would be a rare event that they take the case on unfounded suspicion.
JobsInForensics said:
From your description I don't really understand how your caller ID is showing IP addresses. Your telephone caller ID displays IP addresses as well as phone numbers?
I have to agree on this one, as I have not heard of this. They are 2 different signals, one not related to the other. I haven't used dial-up in years, so I do not really know what the current trend is. I'm not going to confirm nor deny this is possible.

As I mentioned to you in an email...a few $$$ for peice of mind is better than the "hurry up and wait" game. At least you will know if you have a shot at getting this guy.

Tim, CCE
 

AlanOne

New Member
Nov 18, 2005
701
0
#8
Re: This is a puzzle

<r><QUOTE author="Carrie"><s>
Carrie said:
</s>Tim<br/>
I wonder if because the hands free phone is recording the times and dates while I am on the computer (using dial-up), if there is anyway to contact or get the records of the "incoming calls" and match them up with the IP address? And if I am using dial-up, and can prove that this person is logging in to my computer, isn't that a Federal crime since it's using the phone as opposed to broadband or wireless? Wouldn't the phone company show where another computer, regardless of the fact that they might or probably are using a non-dial up service show the communication between the two computers? Any ideas on that?<e>
</e></QUOTE>

It is very possible to do this, but it depends on a number of things. This information is not public domain, so the ISP can refuse to turn over the identity of the suspect linked to the phone calls or Internet identity (IP address). However, if requested under the Electronic Communications Privacy Act, the ISP must hold all information linking the questionable account for 180 days if provided a subpoena or investigative request. If you have substantial evidence provided to the police, they can issue this to protect any evidence and they can get the identity of the individual. A private examination can at least get you a few steps further than the other route.<br/>
<br/>
To add: In all honestly...*if* this person has, in fact, installed a program to monitor your activity, then it is in violation of Federal wiretapping laws and possibly state stalking laws. My point is you won't be able to go to the police and say, "I think someone installed a program on my computer and they are watching me." You will need to show, in writing, an investigation found "such and such" program running on the machine and at that time, was unknown and without permission of the user.<br/>
<br/>
Good luck,<br/>
<br/>
Tim, CCE</r>
 
Oct 27, 2006
24
0
#9
1. The police can initiate an investigation of any crime no matter how minor or serious, without any suspicion or proof if they chose. It can merely be an allegation. Whether it later turns out to be a prosecuted case or not is a different story. Any citizen can file a police report.

2. Don’t confuse civil cases with criminal cases. There was no mention anywhere that the police would investigate or take action on a civil matter. She is describing what she believes is a potential criminal violation.

3. If it turned out that there was evidence of a criminal act on the computer and the police chose to investigate and prosecute, she would not have much choice but to wait for the case to be adjudicated. This means the computer would likely be in evidence waiting for final disposition.

4. In this case, she is a victim. If she gave knowing consent to search her own computer, the police could look (fish) anywhere she allowed them to without any consequence. If a warrant was used (and why would they in this case?) then the search would have to be within the scope of the warrant. Any evidence of a new crime found during the search in “plain view” would be fair game. It’s no different than if the police come into your house and execute a warrant to recover stolen property. If a kilo of cocaine is found in the closet while they are searching for the stolen property, the cocaine is discovered in plain view and it’s fair game. That’s the plain view doctrine and it applies to computers as well as any other area where the government has lawful presence.

5. You can indeed go to the police and tell them you think someone installed software on your computer and is monitoring you. There is no requirement for a person to provide “proof” or evidence in writing or otherwise for the police to investigate an allegation. They make that determination. That’s their job and that is why our taxes pay their salaries! She would not be expected to have her own forensic preview done or have the skills to be able to tell if someone installed Spectorsoft on her computer. She has already articulated why she thinks it might have happened and if the police feel it warrants further investigation they will.

6. If she chose to have the computer examined privately in advance and evidence was discovered, it would motivate the police to open a case depending on how much evidence is there and the seriousness of the crime. That’s a personal choice and expense that’s worth calling and speaking to a detective about before doing it.

7. There’s a big difference between discovering evidence of a computer crime and a person eventually being charged and convicted for it in criminal court. Finding evidence is one thing, but the government also has the burden of proving beyond a reasonable doubt that the person charged is the one who committed the crime.

I’m not talking about suing someone in civil court for installing spyware on your computer where preponderance is the level of proof required; I’m talking about someone being arrested, criminally charged and being sent to jail. There are civil remedies, you can try to sue someone for just about anything, whether you get anywhere with it is a different story. And the expense for trying will likely run into the thousands of dollars.

8. The police have many options to pursue if they chose to investigate this. All at no cost to Carrie. One of them is the federal requirement to preserve evidence under 18 USC 1703 (f), it preserves the data for 90 days in anticipation of a search warrant or other legal process. Paragraph (f) reads:

(f) Requirement To Preserve Evidence.—
(1) In general.— A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.
(2) Period of retention.— Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity.

The police could have this done with a simple letter sent to the service provider.
 

AlanOne

New Member
Nov 18, 2005
701
0
#10
My point in all this is: will the police take her case? It is my opinion that they probably will not jump on this case. I know there are not any requirements to provide the police with evidence to initiate an investigation. I know that any citizen can file a report. It all boils down to whether the are willing to take up time to pursue this, or pass on it. If the police do not have a great deal of cases going, they may very well take her case. But show me a police department that doesn't have a considerable backlog...

The bottom line is if she feels her case is strong enough, then by all means, go to the police first. If they tell her there isn't enough to go on, then she has another option. Yes, a forensic exam or preview will cost some $$$ as we can't work for free. At least she will have some peace of mind and more to give to the police if evidence is recovered to support her case.

Also, yes...if the police do get involved, the system will most likely be seized and kept for a fairly long time, which is another reason she should consider a private analysis first. She will get fast, preliminary answers and will be better prepared. The question is: pay a few $100 for some fast answers, or wait a few months, then possibly go 1-2 years without the computer? This, of course, is her choice.

My suggestions are not a requirement. In my opinion, it is a common sense approach to a situation. She is a potential victim, her privacy may have been violated and she wants fast answers. Will the police give her fast answers? Probably not, unless the answer is they won't take the case.

Even this conversation has provided her with information to allow her to make a more informed decision.

Tim, CCE
 

ddow

New Member
Jul 18, 2006
1,380
0
#11
Carrie, as you can see we get quite spirited in our replies sometimes around here, even if we are saying much the same thing. :) I'm going to rephrase what you said, just to make sure that I understand what you said.

You have been receiving an in-coming phone call which you computer answers. You know the calling number from your cordless phone. Based on that you suspect spyware has been installed.

Now, since you also say you're not worried about the contents of your computers that no one has been using your credit card information, bank account, or otherwise done you "bad harm" other than violate your privacy and rights?

I'm going to offer another thought than has been offered. Move on. You've certainly identified someone to avoid, and I'm sure you are avoiding them. Unless you can show harm, the likelihood of police involvement is low. The probability of successful prosecution is even lower. The award in a civil court would be low if you were successful.

I wouldn't stress about it even though you have every right to be angry, indignant, and frustrated. What was done was absolutely wrong and illegal.

Instead, cut off their access and forget it. A reformat and reinstall the operating system is the most complete way. It also might be that they are using a Remote Desktop or other built in option that can simply be shut off.
 
Oct 27, 2006
24
0
#12
I agree with ddow. Although it is technically a crime, it may not be serious enough for the police to get involved. It may not be worth the expense for you to attempt a civil remedy both since you have not suffered any losses and because it might be like trying to get blood from a rock. In civil suits you won’t get any money back if you don’t win or if the loser is broke.

If the person is someone whom you knew and did this just to try and spy on you, (like to see who you are dating, emailing, etc.) then ddow's advice is the simplest and most cost effective solution. Consider yourself a winner just by getting it behind you.

In either case, I hope it works out for ya! :D
 

AlanOne

New Member
Nov 18, 2005
701
0
#13
Yes...debate is good for us...keeps us on our toes. :)

I mentioned to Carrie by e-mail that as a last resort, to get a geek to wipe the drive, so that was suggested to her in the beginning. Carrie has e-mailed me a but more detailed account of her incident, so it is unfair for me to debate my point without everyone knowing all the facts.

In any case, we have shown her a number of options and the possible results of those options. It would be safe to say she is better informed. :D

I wish you the best of luck also, whatever route you choose.

Tim, CCE
 

Morb

New Member
Oct 5, 2006
12
0
#15
There's no harm in calling them. If they're not interested, THEN you can move on to other options.

You won't know unless you ask.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu