±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 36767
New Yesterday: 4 Visitors: 215

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

How do i know that the IP has been masked

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

marky.mark
Member
 

Re: How do i know that the IP has been masked

Post Posted: Apr 03, 19 14:14

- rohitdharan
- Omnius
- AmNe5iA
Even if it is a Proxy/VPN, the IP is still real. What are you asking??


Think they want to know if it is possible to discern whether the IP in the email is the "original" one assigned by their ISP or if they've used a VPN.


Exactly.!


Ok if it is so i already answered to that question in my previous post. If you have found one IP address displayed in the email header. You can use online tool to find if an IP is suspected to be a vpn/proxy/tor exit node. You could try to use other techniques like a tracking pixel or catching his ip with a crafted link if you have an active conversation with the sender. Other than that, if you do not have some sort of law enforcement power, there is no way to force the email provider, say google, to reveal you more information about the sender.

You can also use other data in the header (RECEIVED, RECEIVED-SPF) of the email to seek more info about the sender.

Hope this help.

M.  
 
  

rohitdharan
Member
 

Re: How do i know that the IP has been masked

Post Posted: Apr 04, 19 03:40

- marky.mark
- rohitdharan
- Omnius
- AmNe5iA
Even if it is a Proxy/VPN, the IP is still real. What are you asking??


Think they want to know if it is possible to discern whether the IP in the email is the "original" one assigned by their ISP or if they've used a VPN.


Exactly.!


Ok if it is so i already answered to that question in my previous post. If you have found one IP address displayed in the email header. You can use online tool to find if an IP is suspected to be a vpn/proxy/tor exit node. You could try to use other techniques like a tracking pixel or catching his ip with a crafted link if you have an active conversation with the sender. Other than that, if you do not have some sort of law enforcement power, there is no way to force the email provider, say google, to reveal you more information about the sender.

You can also use other data in the header (RECEIVED, RECEIVED-SPF) of the email to seek more info about the sender.

Hope this help.

M.


Thank you so much, Thanks a lot Smile  
 

Page 2 of 2
Page Previous  1, 2