Yesterday a friend of mine Kirby came to me with a smartphone and she wanted me to do her a favor. She showed me some contacts in an app called "LINE". She wanted to know "who" and "where". She had conducted mobile forensics on suspect's phone and decide to focus on certain contacts. But usually the nickname is not the real name so she does not know what to do next.

It's a very interesting question. It occurs to me that we could "make friends" with those contacts. Don't get me wrong it's not social engineering. I'd like to show her a quick and easier way to get the answer she needs.

Let's take our phones for example. Now I am the forensic guy and Kirby is the suspect. I add Kirby on LINE and start to chat with her and make some calls. As you could see Kirby's LINE is as below.

Of course I'm not just chating with her. I start to capture packets from my phone at the same time as below. Guess what? I'm try to figure out what's the ip assigned to her phone during our conversations.

Don't forget to filter out the connection of system services or built-in apps. So you could narrow down the scope of ip you look for. Now I focus on this ip as selected.

I want Kirby to tell me what's the public ip assigned to her phone. She shows me what she got and the result matches the ip I found.

Once the ip is found and investigator could ask ISP to provide the correspond user information. Usually the ip assigned to user's phone is dynamic so don't forget to tell me the date/time you found this ip. Now you could know who he/she is and their locations.

Maybe some will ask me what about other IM such as WeChat or FB? Yes Of course~ Follow the steps as above and you could find the ip no matter the IM is WeChat or LINE or FB.

随机推荐

  1. spring cloud 系列第8篇 —— config+bus 分布式配置中心与配置热刷新 (F版本)

    源码Gitub地址:https://github.com/heibaiying/spring-samples-for-all 一.config 简介 spring cloud config 分为服务端 ...

  2. Asp.net HttpClient Proxy(Fiddler)

    <system.net> <defaultProxy> <proxy bypassonlocal="False" usesystemdefault=& ...

  3. 性能监控: SPF4J介绍

    1. 总体介绍 性能测试是一项在软件生命开发周期中总是被置于最后一环的活动.我们经常依靠 Java profilers 去帮助发现性能问题. 在这篇文章中,我们将会学习关于 Java 的简单性能测试框 ...

  4. MySQL数据库修改字段的长度

    数据库版本:5.7.22 使用DDL语句:alter table 表名 modify 字段名 字符类型(长度) 例如: alter table db2.admin modify password );

  5. Python开发【第五篇】: 内置模块

    内容概要 二分查找.冒泡 random time os sys pickle json shelve re 1.二分查找和冒泡排序 01. 二分查找 二分查找也称折半查找(Binary Search) ...

  6. 微服务-springboot-读写分离(多数据源切换)

    为什么需要读写分离 当项目越来越大和并发越来大的情况下,单个数据库服务器的压力肯定也是越来越大,最终演变成数据库成为性能的瓶颈,而且当数据越来越多时,查询也更加耗费时间,当然数据库数据过大时,可以采用 ...

  7. vue接入萤石云视频

    在萤石云开放平台注册开发者账号,网址:https://open.ys7.com/guide.html 在“开发者服务”-->“我的设备”里添加已有设备或者申请一个试用设备 然后点击“我的应用”里 ...

  8. 分组在re模块中的使用

    import re #search s = "<a>wahaha</a>" #标签语言 html 和 web相关 ret= re.search(" ...

  9. Java第四次作业——面向对象高级特性(继承和多态)

    Java第四次作业--面向对象高级特性(继承和多态) (一)学习总结 1.学习使用思维导图对Java面向对象编程的知识点(封装.继承和多态)进行总结. 2.阅读下面程序,分析是否能编译通过?如果不能, ...

  10. Windows下必备的开发神器之Cmder使用说明

    诚言,对于开发码字者,Mac和Linux果断要比Windows更贴心;但只要折腾下,Windows下也是有不少利器的.之前就有在Windows下效率必备软件一文中对此做了下记载:其虽没oh-my-zs ...