We were very pleased to welcome back Dr. Gary Kessler to our “Online Investigations Basics” webinar series this week. Once again Dr. Kessler discussed some of the background and tools relevant to tracing IP addresses. Below is his companion presentation:
During the session, we took several questions from some of our listeners. One person asked whether tracing IP addresses overseas was any different from tracing them domestically. Answer: not technically; the overall process remains the same, but whether American investigators can secure foreign cooperation is a different question. The best bet is for investigators to contact legal representatives in American embassies for help dealing with law enforcement in another country.
Another participant asked whether TCP/IP packets would provide information on what kind of device accessed the Internet; in a related question, someone else asked if MAC addresses from two devices could show that they had been communicating with one another.
By themselves, packets contain no information on the type of device communicating. A device or router is needed to show where an IP address was assigned; the same is true for tracing IP addresses past a private network. And as for MAC addresses, they have only local relevance, not end-to-end applicability.
We wished we could have gotten into more detail about this question: the biggest challenges with tracing IP addresses in the cloud. As the load of traffic increases, and IPv4 addresses diminish (before IPv6 takes hold), more ISPs will begin to allow shared IP addresses. On the flip side, multiple IP addresses will be resolved to single devices.
Again, we’re grateful to Dr. Kessler for taking the time to help educate the community on a complex issue. Have questions? Please contact us. And we’d love to see you at our future “Online Investigations Basics” webinars. In another few weeks, Cynthia Navarro will be talking about online sources of information. We hope you’ll join us!