Forensics
Determining that someone is not the author of an offensive email May 28 2007 07:45PM
Flavio Silva (flavioabs gmail com) (4 replies)
Re: Determining that someone is not the author of an offensive email Jun 01 2007 05:30AM
Alan Parks (alan mojohosting com) (1 replies)
Hey Flavio, I don't have a great deal of advise to give, but I am curious
about a few things:

I know literally nothing about Brazilian law, but how is it against the law
to send an offensive email? And even if it is, how in the world do you get
a search warrant for 12 people with no evidence directly linking any of them?

> There were 12 apartments connected to that ADSL line. All them had
> false IP numbers (198.162.???.???).

This was pointed out once before, but 192.162.x.x is very real (public)
ip-space. 192.168.x.x is private (fake, if you will), I assume this is what
you meant?

Do you know if the NAT router has wireless capabilities, or if ANY of the 12
people had a wireless access point? If so ANYONE could have attached to it
and sent the message. There is also the possibility of one of their
computers being compromised, in which case a remote attacker could have sent
it through them.

> The message was forwarded by four mail servers:
> - Hotmail, timestamp 22:20 -0000
> - MSN. timestamp 22:20 -0000
> - a brazilian provider (BP), timestamp (16:20 -0300)
> - a brazilian company (BC), timestamp (16:20 -0300)

These times don't add up if -0300 is correct, just convert them to all to UTC:

Hotmail, timestamp 22:20 -0000
MSN. timestamp 22:20 -0000
brazilian provider (BP), timestamp (19:20 -0000)
brazilian company (BC), timestamp (19:20 -0000)

For this to be true MSN must have sent the message back in time 3 hours. It
is more likely that 19:20 -0300 is correct, then the times match perfectly.

Just a few questions/thoughts,
Alan

[ reply ]
Re: Determining that someone is not the author of an offensive email Jun 02 2007 01:11AM
Flavio Silva (flavioabs gmail com)
Re: Determining that someone is not the author of an offensive email May 29 2007 04:13PM
Gleyson Melo (gleysonmelo gmail com)
RE: Determining that someone is not the author of an offensive email May 29 2007 03:46PM
Glenn Dardick (gdardick dardick net) (1 replies)
Re: Determining that someone is not the author of an offensive email May 30 2007 02:15AM
Flavio Silva (flavioabs gmail com) (1 replies)
Re: Determining that someone is not the author of an offensive email May 31 2007 09:11PM
AdityaK (aditya1010 gmail com)
Re: Determining that someone is not the author of an offensive email May 29 2007 03:07PM
Justin Alcorn (justin jalcorn net)


 

Privacy Statement
Copyright 2010, SecurityFocus