I don't know what's going on, I posted a topic on this subject and can't find it anywhere. I really need a primer on how these are to be read. I am familiar with tcp/ip packets and mail headers, but I have no idea how these are to be read. Here is a redacted excerpt from Verizon's records as sent to us.
Any pointers on how to read this or how to determine if there is some sort of spoofing or cloaking going on here would be appreciated.
I don't know what's going on, I posted a topic on this subject and can't find it anywhere.
I found it at the other end of a Forum search wink , it's here
http//www.forensicfocus.com/Forums/viewtopic/t=10506/
jaclaz
hmm. wonder how it got over there? anyway, nobody seems interested in that one because the image isn't on the first page. That still leaves me needing to figure out how to determine what is real or false with this data.
hmm. wonder how it got over there? anyway, nobody seems interested in that one because the image isn't on the first page. That still leaves me needing to figure out how to determine what is real or false with this data.
But I don' t really see (cannot understand) what exactly is your concern with the posted image contents.
This
It does seem the 'originating MSID' differs from the reply to number, which says to me there may be some sort of cloaker being used.
does not really sound "scientific" ? .
The "originating MSID" and the Call Back number (if that is the "reply to number" you are talking about) are often different, compare with the "attachments" to this file
http//
And this oldish thread/reference (out of many results for "MSID different from phone number" or "MSID different from MDN" searches)
http//
jaclaz
That's just it, I'm trying to get an idea of how to read one of these. I've never been confronted with one before. Obviously something is false here. What am I looking at? What am I looking for? The individual receiving these messages is apparently being followed by whoever is sending these. Two of those numbers call people who don't have any knowledge of the situation, one is the victim, the other seems to be a dead end. Somehow I need to determine where to look next. Again, if it was tcp/ip or email i'd be in my element.
That's just it, I'm trying to get an idea of how to read one of these. I've never been confronted with one before. Obviously something is false here. What am I looking at? What am I looking for? The individual receiving these messages is apparently being followed by whoever is sending these. Two of those numbers call people who don't have any knowledge of the situation, one is the victim, the other seems to be a dead end. Somehow I need to determine where to look next. Again, if it was tcp/ip or email i'd be in my element.
Really, I don' t get it.
WHY do you think that something is "false"?
I doubt that the data sent you by the telephone company is false.
It is possible that the "caller" handy is "cloned", but it's not something you can determine and certainly not through just those txt msg reports, IMHO you need support form the telephone company to delve deeper in the issue.
jaclaz
As jaclaz correctly pointed out, you need to contact the service provider and if possible, have them send you an email with the details explained.
Not long ago I had something similar on returned CDRs and while I did figure it out, I contacted them, they forwarded me documentation which verified what I figured - win/win.
