Yesterday a friend of mine Kirby came to me with a smartphone and she wanted me to do her a favor. She showed me some contacts in an app called "LINE". She wanted to know "who" and "where". She had conducted mobile forensics on suspect's phone and decide to focus on certain contacts. But usually the nickname is not the real name so she does not know what to do next.

It's a very interesting question. It occurs to me that we could "make friends" with those contacts. Don't get me wrong it's not social engineering. I'd like to show her a quick and easier way to get the answer she needs.

Let's take our phones for example. Now I am the forensic guy and Kirby is the suspect. I add Kirby on LINE and start to chat with her and make some calls. As you could see Kirby's LINE is as below.

Of course I'm not just chating with her. I start to capture packets from my phone at the same time as below. Guess what? I'm try to figure out what's the ip assigned to her phone during our conversations.

Don't forget to filter out the connection of system services or built-in apps. So you could narrow down the scope of ip you look for. Now I focus on this ip as selected.

I want Kirby to tell me what's the public ip assigned to her phone. She shows me what she got and the result matches the ip I found.

Once the ip is found and investigator could ask ISP to provide the correspond user information. Usually the ip assigned to user's phone is dynamic so don't forget to tell me the date/time you found this ip. Now you could know who he/she is and their locations.

Maybe some will ask me what about other IM such as WeChat or FB? Yes Of course~ Follow the steps as above and you could find the ip no matter the IM is WeChat or LINE or FB.

随机推荐

  1. 【MySQL插入更新重复值】ON DUPLICATE KEY UPDATE用法

    要插入的数据  与表中记录数据的 惟一索引或主键中产生重复值,那么就会发生旧行的更新 弊端:造成主键自增不连续.适合数据量不大的表. ON DUPLICATE KEY UPDATE后面的条件 eg有如 ...

  2. python之内置函数,匿名函数,递归函数

    一. 内置函函数 什么是内置函数?就是Python给你提供的,拿来直接用的函数,比如print,input等等.截止到python版本3.6.2,现在python一共为我们提供了68个内置函数.它们就 ...

  3. Linux 中 IDEA 不能调试(Debug)项目

    问题描述: can't debug project on idea linux. 在Linux 中, IDEA能运行项目,但是点击调试项目,弹出警告.警告内容如下: Required connecto ...

  4. sql语句的注意点

    select * from CallRecords where CallerNumber=001 and  TelNum=02088888881 or id=1; 如果  CallerNumber=0 ...

  5. 【HDU - 3085】Nightmare Ⅱ(bfs)

    -->Nightmare Ⅱ 原题太复杂,直接简单的讲中文吧 Descriptions: X表示墙 .表示路 M,G表示两个人 Z表示鬼 M要去找G但是有两个鬼(Z)会阻碍他们,每一轮都是M和G ...

  6. Python 3.6 安装

    1. 下载 # 我下载到了 /tmp 目录中 cd /tmp wget https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tgz 2. 安装依赖 ...

  7. CSU 1804: 有向无环图(拓扑排序)

    http://acm.csu.edu.cn/csuoj/problemset/problem?pid=1804 题意:…… 思路:对于某条路径,在遍历到某个点的时候,之前遍历过的点都可以到达它,因此在 ...

  8. [转]sublime text3在指定浏览器上本地服务器(localhost)运行文件(php)

    昨天在使用sublime text3时,发现能在本地服务器上运行php文件,于是百度了一下有关知识, 终于成功了,今天总结一下. 首先要让sublime text3 出现侧边栏sidebar,不会的可 ...

  9. C++一些知识的整理

    1. C 和 C++ 区别 C++支持多种编程范式:面向对象编程.泛型编程.过程化编程.支持类.封装.重载等特性. c和c++的头文件不同. 输入输出不同. 变量的声明定义不同:c语言:变量要放在语句 ...

  10. 『开发技术』Docker开发教程(一)安装与测试(Windows 家庭版)

    0.前言 针对其他系统和版本,Docker都很容易安装,可以参考官方教程:https://docs.docker.com/docker-hub/ 由于Windows10家庭版无法安装docker,因此 ...