SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    What forensics data can you get from a network/wifi router?
Go
New
Find
Notify
Tools
Reply
  
What forensics data can you get from a network/wifi router? Login/Join 
Live long
and prosper
Picture of 0-0
posted
Current case in BA, an adult (47) shot and killed both parents. Area private CCTV gave him away in a couple of weeks.
Both parents were supposed to move to a new apartment the day before the move. He was supposed to make payement for a 2 million new place but he kept the money and the lie until he found no other option than to kill them both and made it look like a burglary.

Among the evidence gathered by police are 4 (?) routers. The crine scene CCTV has not been recovered yet but the suspect is shown leaving the scene carrying a bag that might have been the recorder.

So, wondering what use is the Router besides the MAC from connected devices and for how long will it keep it once unplugged?


0-0


"OP is a troll" - Flashlightboy, 12/18/20
 
Posts: 12308 | Location: BsAs, Argentina | Registered: February 14, 2003Reply With QuoteReport This Post
hello darkness
my old friend
Picture of gw3971
posted Hide Post
Lots of evidence. Search history, etc…. It is standard procedure for us to take all routers during a search warrant. I wrote many a warrant and seized routers. We turned the routers and every other piece of digital media over to the FBI’s regional computer forensics lab. These device’s tend to have their own memory. Just like your car computers in you vehicle we could get a lot of your phone data when you connected the phone to the car.
 
Posts: 7748 | Location: West Jordan, Utah | Registered: June 19, 2007Reply With QuoteReport This Post
Member
Picture of 4MUL8R
posted Hide Post
In some CCTV installations, the recorder may exist but also have paid cloud storage. Can the police write a warrant to access the CCTV account of the deceased, and inspect the CCTV server for recorded images?


-------
Trying to simplify my life...
 
Posts: 5273 | Location: Commonwealth of Virginia | Registered: January 15, 2007Reply With QuoteReport This Post
Seeker of Clarity
Picture of r0gue
posted Hide Post
Possibly DNS tying his phone to an IP on WiFi, putting him there at a certain time. Or at least some web traffic for same purpose. Even if he didn't browse the web, the phone is doing background stuff.




 
Posts: 11474 | Registered: August 02, 2004Reply With QuoteReport This Post
The Quiet Man
posted Hide Post
Depends on the router. Most of the time you can at least get a log of attached devices. IP addresses can also be stored which can be useful. Time logs of connections. I never had a router prove to be a smoking gun, but I had several cases where it was either strong supporting evidence or was able to point us in a new direction to look.
 
Posts: 2701 | Registered: November 13, 2003Reply With QuoteReport This Post
Live long
and prosper
Picture of 0-0
posted Hide Post
I knew part of this information but have never fiddled with a router’s firmware, even for fun. Have a couple of old units lying around but too lazy to try open source firmwares. Not a Linux guy by a long shot.

In this particular case, the family owned a security firm so they had a bunch of cameras in and around the house. It has not been disclosed if they payed for cloud storage but it’s not common down here. We have “trouble” and are taxed beyond reason if spending foreign currency (cloud services, streaming, you name it, etc.)

The murderer left his phone inside his car to provide a false location at the place where the parents expected to move the following day (believing the moving company had been contacted) and walked 3-4km to his parents place to commit murder.
He somehow convinced both to get into their car (inside the garage) and shot them there, from behind. They were found wearing their seat belts.

0-0


"OP is a troll" - Flashlightboy, 12/18/20
 
Posts: 12308 | Location: BsAs, Argentina | Registered: February 14, 2003Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    What forensics data can you get from a network/wifi router?

© SIGforum 2024