my dissertation idea

it's not hard to spoof a MAC address 😯

it's not hard to spoof a MAC address 😯

Yes indeed is not hard to spoof a mac address, but at the same time is not hard to encryot your hard drive.

What i mean is what is the precentage where forensics investigators have to deal with cases with encrypted volumes-data, steganography e.t.c?

Your comments also raises another tackle…what happens when the mac address is spoofed….? well you can still get a legitimate mac address if the network is monitored.

I am sure there are countermeasures for mac spoofing.

I am sure there are countermeasures for mac spoofing.

Good , then before anything else, you might want to research on those countermeasures and provide results of your research.

In any case even if MAC address was not spoofed there are NO records about who owns or possesses a given Wi-Fi enabled device.

Besides the built-in NIC's think of (say) the USB wireless cards, like (example)
http//www.netgear.com/home/products/networking/wifi-adapters/
and think on the amount of PC's and devices that are sold second hand (or that are stolen and re-sold).

Your hypothesis assumes 😯 that a Wi-Fi enabled device is something similar to a car with a chassis and engine number besides a license plate and a (public) registry of ownership, and this is not of course the case.

jaclaz

My hypothesis for my dissertation (MSc) is

Is it possible to find an individual by backtracing a unique identification of his PC/laptop?

That's not a hypothesis, that's a question. And it's very general, wich suggests it's probably useless for any serious dissertation.

And what kind of dissertation are you talking about?

Is it possible to find someoe by knowing his mac address?

If MAC address is that 'unique information' it starts badly, as MAC addresses aren't unique. They were planned to be once, when the idea was that they would be used for the same purpose that IP addresses are used to day. But that's long past. In some specific situations they may be … but you don't know that those situations are at hand,

Go a talk to a reasonably experienced network designer and maintainer. Not one who's just graduated, but someone who has those 8 years of daily network experience that is needed.

Does the vendor..say for example, Dell, keeps a record with the country/subfirm destination for each PC? In turn, could you trace the store where the PC was sold.

That's one of those 'lack of restrictions' … do you plan to examine *all* manufacturers? Or just some?

I think is an intresting topic because even if the hypothesis turns to be false it is still a research to clarify if worth spent time.

How do you falsify a question? (See above)

What you guys think?

You probably have a tutor or thesis advisor or something along those lines. Take the question to that person – he/she knows the constraints you haven't mentioned here how long it should take, what degree of scientific rigour it is supposed to measure up to, what you already know, etc, etc, etc.

But I expect you're very early in the process, and this are just ideas. In that case I probably have been to hard on them.

If MAC address is that 'unique information' it starts badly, as MAC addresses aren't unique. They were planned to be once, when the idea was that they would be used for the same purpose that IP addresses are used to day. But that's long past. In some specific situations they may be … but you don't know that those situations are at hand,

I think you are wrong here….i belive "in specific situations they may NOT be unique". Its up to the manufacture how they use-reuse their MAC addresses. What is the precentage of identical mac addresses on single machine …? What is the percentage of identical IP addresses?

Where i disagree here on the "ooo…mac can be spoofed…its 99% uniqure and not 100%…so no point to bother". Well investigations are performed with much worst statistics and without even unique identifications.

Say that you are an investigator and you have a case were an adult tricked a kid through inet to commit suisite….you trace the IP, the guy connected through a pulbic wifi…. all you have its his mac address…….and i ask….. WHAT DO YOU DO? You do nothing because mac addresses can be spoofed and there might be a possibility one in ten thousand the mac address could be reused…maybe it ws re-used on a switch or a router…..which makes no difference.

That's one of those 'lack of restrictions' … do you plan to examine *all* manufacturers? Or just some?

Obviously not, i am planing to follow up two manufactures… if you come across such a case, you will know the owner of the manufacture in seconds (since the first part of the mac address belongs to manufacture)

You probably have a tutor or thesis advisor or something along those lines. Take the question to that person – he/she knows the constraints you haven't mentioned here how long it should take, what degree of scientific rigour it is supposed to measure up to, what you already know, etc, etc, etc.

We are talking about an MSc degree in Computer Forensic
I have no tutor nor supervisor
I have 4 months
I have to make all work by my self
Yes, all the above are true and …. somehow it happened…

But I expect you're very early in the process, and this are just ideas. In that case I probably have been to hard on them.

Yes these are just ideas and trust me i need those "hard" comments in order to find out something that worths it. All comments, hard or soft are wellcome since by exchanging comments and thoughts you can gain knowladge and information.

I am sure there are countermeasures for mac spoofing.

Good , then before anything else, you might want to research on those countermeasures and provide results of your research.

Yes , that is a good idea however the way i think about it is that despite the fact the mac address can be spoofed, you wont meet many cases with spoofed mac address. How many people who access the internet spoof their mac address? They tend to think that their mac address will never travel through the internet….which is TRUE!

In any case even if MAC address was not spoofed there are NO records about who owns or possesses a given Wi-Fi enabled device.

Excactly…thats my point….would you be able to end up to the person behind the PC even if there are no records about who owns the PC?

What if

1)You contact dell, and they state that for each latptop they have a unique serial number. They keep records for each of their laptop with serial number,date produced, specs,macaddress etc.

2) You now have the manufacture serial number so you ask dell where did they dispathced the relevant PC. They state that the specific serial number PC was dispatched in a batch of PC to the Dell subfirm…say in Switcherland.

3) You contact subfirm in switcherland and ask to which store they have dispatched the specific serial number. They say well this serial was sent with a batch of another 10 PC to "digiStore"

4) You go to Digistore and you have the first point of where the personel was most provably was standing. Did he used a creditcard, does the digistore have records from the date and time of sell. They must have since they maintain logistic stuff. Do they have CCTV?

Besides the built-in NIC's think of (say) the USB wireless cards, like (example)
http//www.netgear.com/home/products/networking/wifi-adapters/
and think on the amount of PC's and devices that are sold second hand (or that are stolen and re-sold).

Still again..if you manage to find the original buyer you might find out who he sold it to, if its on ebay, there will be an account, a paypal account , a postal address.

Your hypothesis assumes 😯 that a Wi-Fi enabled device is something similar to a car with a chassis and engine number besides a license plate and a (public) registry of ownership, and this is not of course the case.
jaclaz

Mayb i havent addressed correct my question, as the previous member well commented that this is not a hypothesis but a question.

The only "almost" unique infromation you have from an "internet" activity is a MAC address. I say again "almost". Even the fact that there are no registires wghich binds macaddresses with personel purchases, is it possible to backtrace?

I think only the fact tha you guys think it is not possible it makes it worth a try and prove the opposite.

What if i manage to, by using my mac address of the laptop, i end up finding a Logistic paper from the shop i bought my laptop with my name on….

would that be interesting?