Saturday, February 15, 2014

Computer Forensics Helps Track Down Origin of School Shooting Threat - Computers - Security

The use of computer forensics has helped to track down the origin of a school shooting threat.

Threats of a gun attack in one of Minneapolis' public schools were made in early 2010 on a social networking site, and prompted all of the schools in the area to go into a state of lockdown for a period of 48 hours.

In the midst of the crisis, investigators were able to quickly track the origin of the threat to an IP address in Australia, some 10,000 miles away. But how did they do this?

The threat was pinpointed with the help of computer forensic experts who examined the 'meta-data' of the messages that were posted. Meta-data is 'hidden' information that isn't immediately accessible to the average user, but describes the characteristics of an item or file. For example, the meta-data of a picture downloaded from a digital camera might say what model of camera was used, the dimensions of the picture and the size of the related file.

In this particular case, the perpetrator's Internet Protocol (IP) address - an identification number assigned by a user's Internet Service Provider (ISP) that is unique to their machine and offers information such as country of origin - was part of the meta-data stored on the social networking site in association with the threatening post.

All websites that allow users to post messages record the IP address of every message. Similarly, emails also contain meta-data that allows computer forensic experts to pinpoint the location from which an email was sent.

Once forensic experts have identified an IP address, criminal investigators can then contact the perpetrator's ISP in order to ascertain their name and registered address.

At the time of writing, it has been reported in the American press that the IP address in Australia belongs to a teenager, and it seems likely that the post was little more than a prank in very bad taste. But, thanks to the work of computer forensic experts, not even the 10,000 miles that separates the culprit from Minneapolis law enforcers will prevent a barrier in settling the investigation.





No comments:

Post a Comment