Computer forensics: Tracking an offender

Did you know there are many ways in which you can legally prosecute intruders with the evidence you uncover while tracking them? This excerpt from an InformIT article on tracking cyber criminals also provides a nice list of resources for pairing an actual identity with a numeric IP address.

Web resources for researching Internet inhabitants

International Registries

Three international organizations are responsible for the administration of IP addresses within their region, so they should be considered definitive sources. Each of these organizations has a Web site that provides a whois interface, in addition to other information helpful in locating the owner of a specific IP address:

• American Registry for Internet Numbers (ARIN): Western Hemisphere, http://www.arin.net/whois/
• Asia Pacific Network Information Centre (APNIC): Asia-Pacific, http://www.apnic.net
• Reseaux IP Europeens (RIPE): Europe, http://www.ripe.net

Network diagnostic and research sites

• Adhoc IP Tools: This site is a veritable Swiss Army knife of Internet tools, providing front ends to a wide variety of research services (whois, nslookup, ping, DNS dig and others), all accessed from a single page: http://home.ag.org/iptools.htm.
• Sam Spade: Also provides a wide variety of research tools, http://www.samspade.org.
• Internet Service Provider lookup: Enables you to search for ISPs by name, providing a summary of their business characteristics, http://www.webisplist.com.
• Dragon Star: Provides an index, relating IP network numbers to network names and identities. It also includes a handy explanation of the IP address numbering scheme and describes the difference between Class A, B and C networks, http://ipindex.dragonstar.net/index.html.

News and e-mail abuse information

• The spamfaq or "Figuring out fake e-mail & posts": This site, maintained by Gandalf@digital.net, is the most comprehensive source we're aware of. It has detailed instructions on how to track both e-mail and news, how to read the message headers in a dozen different mail clients and how to reach the appropriate abuse contact. It also has a huge number of additional links. It isn't edited well, but it is worth your time if you really need to understand message headers, http://ddi.digital.net/~gandalf/spamfaq.html.
• Fighting E-mail Spammers: A site maintained by Todd Burgess, it is an excellent source of information on tracking e-mail, http://eddie.cis.uoguelph.ca/tburgess/local/spam.html.
• Fight Spam on the Internet!: Another site with a number of links on the subject of unsolicited e-mail, http://spam.abuse.net/.
• Reading E-Mail Headers: A detailed explanation of the function of dozens of different e-mail headers, http://www.stopspam.org/email/headers/headers.html.

Read more about the methods of tracking intruders at InformIT. Registration is required, but it is free.