By Anick Jesdanun, Associated Press Internet Writer
NEW YORK (AP) -- With basic tools and skills, Internet sleuths can
learn much from Web sites and online discussion boards beyond what
terror groups and their sympathizers may be saying in the open.
All computers on the Internet have a unique identification number
known as the Internet Protocol, or IP, address. By determining the IP
address for the computer used to post a message, image or video,
investigators may be able to track down a suspect.
First, an online gumshoe would go to the company that hosts the forum
where a message appears. Records there should show the IP address
associated with each request for each Web page, said Richard M.
Smith, a security consultant in Cambridge, Mass.
Once investigators figure out the poster's IP address, they can check
public databases to determine to whom, usually an Internet service
provider, that address had been assigned.
The ISP may know the customer who used the address at a particular
time and have credit card, address or phone information on that
If the IP address belongs to a university or a business, officials
there may have additional information about its students or
employees. If it traces to a cybercafe, its owner may have customer
records. At minimum, investigators can narrow the location.
In the case of slain Wall Street Journal reporter Daniel Pearl,
investigators traced e-mails sent by his kidnappers to a service
provider in an apartment complex in Karachi.
Investigators then asked each subscriber to retrieve their e-mails,
and copies of the kidnappers' messages turned up on the laptop of one
subscriber, who was then arrested and later convicted.
Jimmy Doyle, a former computer crimes investigator with the New York
Police Department, listed a few tools he considers part of Computer
Crime Investigator 101:
- Tracerouting, a technique for tracing the path taken by e-mail, Web
traffic and other data. Investigators may know the IP address of a
Web site; tracerouting helps investigators locate companies providing
hosting and other support services.
- Whois databases, which store records on domain names and IP
addresses. These records are generally publicly accessible.
Doyle, now director of professional services for Guidance Software
Inc., said his company's product, Encase, can also help recover
deleted files. Let's say a posting is traced back to a cybercafe or a
university. Encase and competitors' products can help recover bits
from computers there for additional clues.
Smith said clues can also come from the makeup of Web sites and video posted.
Sophisticated users try to cover their track.
Copyright 2014 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
"The problem is that there are so many little ways you have to cover
yourself," Smith said, "you could slip up."