An Internet Protocol (IP) Address is an important
aspect of not only the World Wide Web (WWW)/Internet but is also
required for conducting a successful Cyber Forensics Analysis. So it
is important to have a basic knowledge about IP Address. In this
Article I would try to cover the most significant aspects of IP
Address and a detailed and technical analysis is beyond the scope of
this Article.
Every Computer that communicates on the Internet is
allotted a unique IP Address. Through this unique IP Address the
“Identity” of the Individual may be established. However, there
are exceptions to this case. For instance using of a Proxy Server may
not reveal the true IP Address of the Individual. Similarly, IP
Address Spoofing may not provide the correct details of the Computer
that has been used to send the communication.
There are two Standards for IP addresses i.e. IP
Version 4 (IPv4) and IP Version 6 (IPv6). Presently, most Computers
are using IPv4 but soon the same would be migrated to IPv6 as IPv4 is
no more able to cope up with the growing demands of IP Addresses.
An IP Address can be either Static or Dynamic.
Generally, a Static IP Address is one that your Administrator/ISPs
allots and configures by editing your Computer's Network Settings. It
produces a single and constant identifiable IP Address that can be
easily attributable to the Computer using the same.
A Dynamic IP Address is assigned by the Dynamic Host
Configuration Protocol (DHCP), a service running on the Network. DHCP
typically runs on Network Hardware such as Routers or dedicated DHCP
Servers. A Computer using Dynamic IP Address is allotted a new IP
Address for each “New Session” during its “Lease Period”.
A single IP Address may further be shared by
different Computers using a “Router”. If you use a Router to
share an Internet connection, the Router gets the IP Address issued
directly from the ISP. Then, it creates and manages a Subnet for all
the Computers connected to that Router. The Router would get the
External IP Address and the Computers connected to the Router would
get Internal IP Addresses to further “Identify” each Individual
Computer.
The most common locations for finding IP Addresses
are Log Files, in the Received Header fields of an E-Mail, Tcpdump
Traces, etc. In some circumstances only a Host Name must have been
recorded, but this can simply be translated into an IP Address.
IP Addresses are the “First Step” in the Cyber
Forensics Investigations. However, IP Tracking must be done with
great caution and with good application of mind. A casual IP tracking
exercise may not only provide wrong results but can also implicate an
innocent person. I would cover these issues in more detail in
my subsequent articles.
No comments:
Post a Comment