Hello,
I am investigating activity that took place on a Samsung Galaxy Tab 3.
Specifically, I am trying to determine if activity on the tablet took place while the tablet was physically in Canada.
Lantern v. 4.5.6 was able to recover the following document "index.html" being accessed on 9/13/2014
TIME 09/13/2014 152600 EDT
SOURCE index.html
When I click on the "index.html" hyperlink, I am taken to the following website http//
QUESTIONS
1) I see that the URL has "cdn" in it - does this mean that the oufit7.com website was visited while the tab was in Canada, thus resulting in the "cdn" of "cdn.outfit7.com"?
2) Are there any known files in the Android tablet that show wireless network connections? I asked this before and some kind soul pointed me to a potential file, but I did not see any network connection information within the file he pointed me to. I see the tablet accessing a dropbox account on several different dates, but I cannot find evidence of which wireless network the tablet was connected to for the dropbox access dates, nor any other dates for that matter.
The only "GPS" breadcrumb information I was able to recover was from three movie files.
A police report was filed that the tablet was stolen on a specific date. The person who was alledged to have stolen the tablet was ordered by the court to turn the tablet over to me for analysis.
I am trying to create a timeline with specific activities, dates and locations the tablet was used to determine if the tablet was in fact in the hands of the alledged thief on dates only the alledged thief could have possessed the tablet.
Thanks for any help or direction.
Is the 'CDN part not to do with 'Content Delivery Network'?
"A Content Delivery Network (CDN) is a service that can help the static content on your site (images, CSS, Javascript) load much more quickly.
A CDN is a collection of servers located all around the world. When a browser loads static content, the request is automatically routed to the server geographically closest to the browser. This helps the content load much more quickly. In addition, because your content is loaded from many servers in separate locations, bursts of traffic are less likely to cause issues, because the burst is spread out over hundreds of servers, rather than just one."
I would have thought Canada would be CND or even more likely CA.
I can't offer anything more positive about the wireless locations though, I'm afraid.
Jerry W
CDN is a sort of "redirecting to nearest cache", akamai, maxcdn and cloudflare are among the most known/used, now MS offers Azure CDN, some of these are "transparent" to the browser, some do prefix the address with cdn.
See here for an example of use
http//
jaclaz
I don't have a Tab 4 to test but a lot of Samsung devices store the wifi profiles here
/data/misc/wifi/wpa_supplicant.conf
I'm not sure if this is the file that the other person pointed you to or not but would be a good place to check.
As for the CDN content, I would agree, this is no indication that the traffic is from Canada and is common on major sites around the world. .CA is the TLD for Canada but even most sites from here still use .COM or other TLDs.
Another option that might help you is to do a search for IP addresses and see if you can potentially tie those to a Canadian ISP such as Rogers, Telus, or Bell.
Hope this helps.
Jamie