Yesterday a friend of mine Kirby came to me with a smartphone and she wanted me to do her a favor. She showed me some contacts in an app called "LINE". She wanted to know "who" and "where". She had conducted mobile forensics on suspect's phone and decide to focus on certain contacts. But usually the nickname is not the real name so she does not know what to do next.

It's a very interesting question. It occurs to me that we could "make friends" with those contacts. Don't get me wrong it's not social engineering. I'd like to show her a quick and easier way to get the answer she needs.

Let's take our phones for example. Now I am the forensic guy and Kirby is the suspect. I add Kirby on LINE and start to chat with her and make some calls. As you could see Kirby's LINE is as below.

Of course I'm not just chating with her. I start to capture packets from my phone at the same time as below. Guess what? I'm try to figure out what's the ip assigned to her phone during our conversations.

Don't forget to filter out the connection of system services or built-in apps. So you could narrow down the scope of ip you look for. Now I focus on this ip as selected.

I want Kirby to tell me what's the public ip assigned to her phone. She shows me what she got and the result matches the ip I found.

Once the ip is found and investigator could ask ISP to provide the correspond user information. Usually the ip assigned to user's phone is dynamic so don't forget to tell me the date/time you found this ip. Now you could know who he/she is and their locations.

Maybe some will ask me what about other IM such as WeChat or FB? Yes Of course~ Follow the steps as above and you could find the ip no matter the IM is WeChat or LINE or FB.

随机推荐

  1. CentOS7系统安装

    CenOS7安装系统 镜像下载地址: http://isoredirect.centos.org/centos/7/isos/x86_64/ https://mirrors.aliyun.com/ce ...

  2. QT MSVC编译中文乱码问题

    两种解决方案: 1,在文件头添加 #if _MSC_VER >= 1600 #pragma execution_character_set("utf-8") #endif 注 ...

  3. Qt定制控件列表

    目录 炫酷进度条 提示框 小时钟 高仿excel表格 多级表头表格 多级表头树控件 多维度折线图 表格控件-蚂蚁线 日历控件 饼图 窗体靠边自动隐藏 下拉框内容定制 模仿QQ上传头像 菜单定制 属性表 ...

  4. Codeforces 778A:String Game(二分暴力)

    http://codeforces.com/problemset/problem/778/A 题意:给出字符串s和字符串p,还有n个位置,每一个位置代表删除s串中的第i个字符,问最多可以删除多少个字符 ...

  5. HDU 3879 && BZOJ 1497:Base Station && 最大获利 (最大权闭合图)

    http://acm.hdu.edu.cn/showproblem.php?pid=3879 http://www.lydsy.com/JudgeOnline/problem.php?id=1497 ...

  6. HDU 5791:Two(DP)

    http://acm.hdu.edu.cn/showproblem.php?pid=5791 Two Problem Description   Alice gets two sequences A ...

  7. linux系统的基础优化

    目录 前言 网络优化 在虚拟软件中配置虚拟局域网 接着可以配置自己windows主机的网络连接配置 在虚拟软件中虚拟机添加网卡 虚拟机中的系统基础优化 前言 在自己做linux的相关服务实验时,是没有 ...

  8. 你不得不知的几个互联网ID生成器方案

    服务化.分布式已成为当下系统开发的首选,高并发操作在数据存储时,需要一套id生成器服务,来保证分布式情况下全局唯一性,以确保系统的订单创建.交易支付等场景下数据的唯一性,否则将造成不可估量的损失. 基 ...

  9. 20131228-sql命令

    开始 --cmd net start mssqlservernetnet stop mssqlserver

  10. ASP.NET Core系列(二):创建第一个.Net Core 项目

    前面讲过 .NET Core简介及开发环境安装,本章会讲一讲ASP.NET Core 2.0的项目结构,查看完整的ASP.NET Core系列文章:https://www.cnblogs.com/zh ...