Hello,
I am trying to help my local police track down a laptop based on pieces of evidence I would be able to gather remotely via Dropbox (if anyone is worried about the authenticity of this motivation, I can easily connect you with the investigator). I have done as much as I can think of, and wonder whether anybody has any suggestions on what I have already done, or for additional approaches I could take - in particular whether there are any pieces of evidence or footprints the computer might leave behind either with ISP or elsewhere on the web, which might be useful.
The laptop running Windows 7 with no servers running, as far as I am aware. Possibly Avast installed and running.
Connection The thief is using the laptop as-is, connecting to Dropbox with the installed client, which gives me IP addresses at regular intervals with login time stamps. The ISP has informed the police, that the thief is using 3g to connect, and that each dynamically allocated IP address is used by several users simultaneously, meaning no single user can be identified from the logs (though I was a little surprised about this statement). There is a wifi card on the laptop for which I know the MAC address. The 3g modem belongs to the thief, so I don't have the MAC address for that.
What I have done
Using dropbox, placed a number of VBScripts on the machine which (if run) do the following
1) Take snapshots of the desktop at regular intervals to identify any useful information (email address, facebook account etc)
2) Take pictures of the thief using the webcam at regular intervals
3) Using "netsh wlan show networks mode=bssid" to output nearby wifi access points and signal strength for crude trilateration
So far, no luck on enticing the thief to run the VBScripts. I assume there is little I can do without the user initiating a process.
Any suggestions would be highly appreciated.
Kind regards,
David