That's why we should collaborate more, Mark.
I've personally never done any forensics looking for this kind of things specifically, but off the top of my head (please correct and ignore me if I'm talking out of my hole) but would cookies put any location info in them from where they were surfing.
I know from the UK, I ALWAYS (annoyingly) get redirected to UK sites for likes of Google, Gizmodo, etc when I try to access the .COM sites which is probably more so from the IP address, but just a thought…
Good luck!
Review cached web pages. You may find one from an intranet site only available when on a LAN. An internal hotel page maybe. Please let us all know what you ultimately find.
look for photos with EXIF data, they often have geotags
look for photos with EXIF data, they often have geotags
I am not sure to get this. 😯
If I take a picture in Italy (and the camera has put in it's EXIF some geotags) and I send it to friend in the UK, let's say I physically send him a SD card with that and other pictures, my friend copies it on his laptop to see it, then someone examines my friend's laptop and suspects it has been carried to Italy? ?
jaclaz
Thats a lot of 'its'
Also, you yourself said ”suspects its been sent” so this is where you'd use the other 764,532 artifacts on the computer to confirm or deny the theory about the geotagged files.
New suggestion
Search for a file names ”places this laptop has been for sure”
That should work 😉
Search for a file names ”places this laptop has been for sure”
Sure, that is the first thing one should search for, before looking for geotags in EXIF metadata of pictures.
But my reply was serious.
Finding a geotag in an image has very little to do with where the laptop may have been.
jaclaz
Why, because you've never seen it happen?
You can't say it is or isn't relevant until you look and its corroborated one way or the other.
At worst its a lead, at best its the smoking gun. Either way, its progress.
At worst its a lead, at best its the smoking gun. Either way, its progress.
Personally I see it as a probable "red herring". 😯
jaclaz
I'm gonna side with Eric on this one.
It may be relatively easy to tell if a file was downloaded from a P2P site, or via some other means. It may also be easy to tell if the file was created on the laptop after a device such as a digital camera or iPhone was connected to it.
One of the things I'm taking into consideration here is what Eric does. I'm going to go out on a limb here and say that I think Eric deals with individuals who will use electronic means to produce illicit images/videos, and then in many cases, walk over to their laptop, connect the device, copy the material to the laptop, and then either archive it or share it with others.
I think that the point here is that we all have different perspectives. Get each of us in a room, and then videotape what we do when we're each handed the same laptop…I guarantee that while there will be somethings that we all do that are exactly the same or very similar, there will be other things that are vastly different from each of us does.
As such, I would think that it would be a benefit for everyone if more of this stuff was shared. If you look it and consider it, and then make a reasoned choice whether you can incorporate it or not, that's cool. Or maybe just ask for clarification. I think that we can all benefit from sharing our perspectives, whether we use the information or not.