Yesterday a friend of mine Kirby came to me with a smartphone and she wanted me to do her a favor. She showed me some contacts in an app called "LINE". She wanted to know "who" and "where". She had conducted mobile forensics on suspect's phone and decide to focus on certain contacts. But usually the nickname is not the real name so she does not know what to do next.

It's a very interesting question. It occurs to me that we could "make friends" with those contacts. Don't get me wrong it's not social engineering. I'd like to show her a quick and easier way to get the answer she needs.

Let's take our phones for example. Now I am the forensic guy and Kirby is the suspect. I add Kirby on LINE and start to chat with her and make some calls. As you could see Kirby's LINE is as below.

Of course I'm not just chating with her. I start to capture packets from my phone at the same time as below. Guess what? I'm try to figure out what's the ip assigned to her phone during our conversations.

Don't forget to filter out the connection of system services or built-in apps. So you could narrow down the scope of ip you look for. Now I focus on this ip as selected.

I want Kirby to tell me what's the public ip assigned to her phone. She shows me what she got and the result matches the ip I found.

Once the ip is found and investigator could ask ISP to provide the correspond user information. Usually the ip assigned to user's phone is dynamic so don't forget to tell me the date/time you found this ip. Now you could know who he/she is and their locations.

Maybe some will ask me what about other IM such as WeChat or FB? Yes Of course~ Follow the steps as above and you could find the ip no matter the IM is WeChat or LINE or FB.

随机推荐

  1. Appcan 日期控件

    某个页面的onclick事件 <div id="topSendDate" class="ub ub-f1" onclick="appcan.wi ...

  2. WebGL概述

    WebGL,是一项用来在网页上绘制和渲染复杂三维图形(3D图形),并允许用户与之交互的技术.WebGL基于OpenGL ES 2.0,使用GLSL ES语言编写着色器.而 OpenGL ES (Ope ...

  3. PyCharm问题-ModuleNotFoundError: No module named 'pymysql'

    在使用PyCharm时遇到pymysql模块导入有问题,本人使用的是Windows,但解决问题的方法是一致的,先来安装pymysql: 用管理员身份运行CMD.exe,然后查看python的安装路径 ...

  4. 深度探索c++对象模型 第一章

    1,声明与定义. //声明式如下: extern int x;   //对象式(变量式)声明 std::size_t numDigits(int number);  //函数式声明 class Wid ...

  5. centos安装netcat TCP UDP测试工具 简称 nc,安全界叫它瑞士军刀

    centos安装netcat 今天安装swoole后,测试UDP服务需要用到netcat,然而百度了很多安装方法,并没有一个好用的.几经尝试,终于安装成功,现在就分享给大家,以供参考. 配置环境:ce ...

  6. c#基础二

    对VS2012的理解 1.导入命名空间 命名空间就是类的"文件夹".类就是"文件夹"中的文件.需要导入命名空间 添加引用: 如果我需要在一个项目中,访问另一个项 ...

  7. Redis持久化深入理解

    用过Redis的都知道,Redis有两种持久化方式:RDB和AOF,他们的区别大家应该都清楚,所以今天主要想分享一下这两种持久化方式的底层原理以及实现. 如果让你手写一个持久化(架构级)的功能,你没有 ...

  8. 并发编程-Future+callable+FutureTask 闭锁机制

    项目中经常有些任务需要异步(提交到线程池中)去执行,而主线程往往需要知道异步执行产生的结果,这时我们要怎么做呢?用runnable是无法实现的,我们需要用callable实现. FutureTask ...

  9. Ceph Plugin - Dashboard - By Anoyi

    ▶ 部署 Dashboard 1.安装 ceph-mgr-dashboard yum install -y ceph-mgr-dashboard 2.禁用 SSL ceph config set mg ...

  10. 微信小程序支付以及微信退款开发

    最近公司项目急着测试,需要开发微信小程序+微信支付+微信退款,本着这几天的一些研究,决定记录一下开发的过程. 本着知识分享的原则,希望对大家有所帮助. 本篇针对的是微信小程序的支付开发,如果有对微信公 ...