|
Tracing and deducing
email, IP, Instant Messages, Electronic Files or Username
searches:
Each computer on the Internet has a unique numeric address
similar to a phone number. This address is usually assigned to
the user's Internet service provider, a university or a company.
A database matches such assignments to the location the network
has registered. But IP addresses can all be registered to one
office of the internet service provider or company even though
they may have branch offices worldwide. An ISP like America
Online may route its customers' traffic through a single
gateway, making AOL users in Kansas appear to come from
Virginia. Therefore the IP database needs to be refined, tracing
data packets as they pass through traffic nodes known as routers
and narrowing the actual location of each IP address. It
requires detailed analysis of how do various carriers work, how
they set up their network, how carriers differ from each other.
This data is mapped to specific blocks of geographic areas and
physical addresses. Zip codes and census data are mapped to
these geographic blocks to create demographic profiles. In
addition to utilizing various search techniques, searching of
any available databases enables researchers to search the
geographic location of a computer through its IP Address. In
addition the location of IP addresses is also verified through
an extensive database of the geographic mapping of IP addresses.
This mapping of IP addresses to their geographic locations is
updated frequently by IP information submitted from various
strategic geographic locations, using many different Internet
Service providers. This allows the database to create current
mapping of IP addresses to their geographic locations. This
database can also map location names (street, city, state,
country) or US zip codes to latitude/longitude values. This
information is verified through other IP address information
sources. Every time anyone connects to the internet they are
leaving their IP fingerprint and ISP domain name and other bits
of information behind. The hops data packets make between IP's
and the time required for the hops also helps in creating a map
of locations. Often times this could reveal what city and state
that person lives in. Many search engines archive a whole copy
of the internet at regular intervals. Often times other people,
pages or sites mention or list bits and pieces of information.
Every activity on the internet leaves bits and pieces of
information lingering around. Deducing and analyzing the bits
and pieces create leads. Computer related searches estimate
results by analyzing patterns, statistical probability,
demographics and any other observations available. In some
instances IP address mapping could provide time intelligence
pertaining to when the computer was connected to the internet.
In other words it can help find out the location of the IP
address at a particular date in the past. Depending on the
sampling search can also go back to a building address and not
the sender units in the building. Search returns all addresses
if multiple addresses are found. Email addresses and IM names
can be traced through the IP, back to the location from where
the account login takes place. The search path is a continuous
interaction and overlapping of induction and deduction, of
theoretical hypotheses and empirical evidence.
What is the difference between a Domain Name, an IP Address
and a Computer host Name?
Domain names are similar to vanity phone numbers where words
are assigned to represent the phone number. Domain name is a
text name that a computer network registers for the numerical ID
of the computers in the network. The domain name is used to give
computers text names rather than using the numeric IP addresses.
Domain name examples are Abika.com, cnn.com, usatoday.com.
Computer (host) name are names given to sender computers. Each
host name corresponds to an IP address. Host names and domain
names are optional and everything can work fine with using just
IP Addresses. Examples of host names: www.cnn.com,
mail.people.com, Cust149.tnt3.sfo3.da.UU.net and so on.
Can you locate a computer by pinging it?
By pinging another computer on the internet you can tell if
it is currently active and how long it takes to get information
from the originating computer to the destination and back. Ping
sends signals (packets) to another computer on the Internet or a
network to see if they send a return or an 'echo.' If all the
signals 'timeout' the computer may be disconnected from the
Internet or is unreachable. This feature only checks if a
computer is connected. It cannot verify the validity of an
e-mail address. It also cannot check a specific web page.
What is tracert or trace input?
Tracert traces the route data packets take through the
Internet from one computer to another. The signal generally goes
from a computer to the Internet Service Provider (ISP) and then
to their provider until it reaches a 'backbone' provider. This
could take one or many steps. It then eventually transfers to
the destination 'backbone' provider and reverses the process to
the destination computer. This feature only checks a computer
that is connected to the Internet, it cannot verify the validity
of an e-mail address. It also cannot check a specific web page.
Note that a traceroute may follow a completely different path as
compared to downloading web pages or sending e-mail. A Trace
route gives you information about each computer between the
originating computer and the destination, including ping times,
IP addresses and the names of all of the computers.
What is a Reverse DNS Lookup?
A Reverse DNS lookup will give you the name of a computer as
listed in the Domain Name Server databases maintained by the
ISP's from the IP address.
What are fake IP Addresses and what can affect the accuracy
of IP traces?
A fake IP Address is one that does not appear in any ISP's
BGP (Border Gateway protocol) tables and accordingly can not
carry traffic. IP Maps that are built from real traffic do not
contain the locations for fake IP Addresses. Research shows that
a majority of the theoretical total of 256*256*256 = 16,777,216
subnets are either fake subnets, or don't carry any traffic at
all. In addition to fake addresses, the IP map may not contain
addresses of low traffic subnets or infrequently used subnets.
Where the map does show very low traffic subnets, it's
resolutions may not be as dependable due to the proportionately
low number of points that are available on these subnets. The
impact of this on real world performance is limited because it
is confined to the larger number of subnets which carry
practically no traffic. On the other hand, because the IP map's
accuracy is largely based on the available points, and because
the number of points available for a given subnet is
proportional to the traffic that it carries, the IP map's
accuracy will be very high where its resolutions affect the most
traffic.
What are the different factors that can affect the accuracy
of traces?
The sender is using an internet Proxy, this is a setting of
the ISP which can sometimes show a wrong location. Often proxy
server IP's have predictable patterns and in many situations, it
can be possible to detect proxies and still return a close
location. The sender is using a dial-up internet connection over
a long-distance telephone call. For example if they are in
London and they make a phone call to New York to access the
internet you will see an American location for them. Usually
this is inconvenient and expensive for the sender, so it is rare
that this happens and when it does happen the source can be
deduced using pattern analysis, the data embedded in the message
itself along with other variables. The ISP of the sender has a
country-wide dialup number. Some ISPs can allow users access
from anywhere in the country by routing the connection over the
telephone network first - so the location will give you the
correct country, state or region but may have a wider range in
accuracy about the senders town or city. Firewalls are sometimes
used by senders or by their ISP or company, and these could
cause the location to have a wider range in accuracy. The ISP of
the sender is using a brand-new set of IP addresses. When
successful ISPs expand and get new numbers assigned to them, it
takes a few days to few weeks for the location of these new
numbers to get properly tabulated, so you can get wider range of
accuracy in locations when this happens - but this is rare. Here
are some reasons why it might be correct, even though you were
not expecting it: Someone is spying on your email - At times
complaints about email location inaccuracy turn out to be caused
by the email of the sender or recipient being intercepted by
someone else. The sender might not be where you think they are -
This is why send as much details as you can to see if this is
the case. You can generally know the name of their ISP as well
as the language their PC is using, or the operating system of
their pc and many other details and if these appear to match the
location you got, it is probably correct. Searching is a
cooperative process and including any information such as the
reason for doing the search, any suspects you may have in mind,
their possible age, their description such as height weight eye
color ethnicity, pictures, any names they may have mentioned,
any locations they may have mentioned, any websites they may
have mentioned, any mention of likes, dislikes, relatives,
friends, associates and what are the circumstances of the search
will help enhance relevancy of the results. Access is deduced
through a continuous interaction and overlapping of induction
and deduction, of theoretical hypotheses, pattern analysis and
empirical evidence. Email, IP, IM or username searches do not
access any private service provider records. Searching is a
cooperative process and the more information you provide the
higher the chances of relevant results. Relevancy is proportional to your cooperation. Any additional
information can be included in the Additional Information or
Comments field. |
