cell site analysis for aircards
I am working with a detective on a case involving an individual posing as someone else on another website and spreading slander. We received info from the site where the perp created the bogus account, it would seem from the IP that it was from TMobile.
When we contacted Tmobile, they mentioned that they do not keep any records on their customers web behavior, which is odd. I am guessing the account was likely created by someone on a computer using an aircard. Would we be able to get any data from the provider regarding cell sites, since the user may have used an aircard?
It’s strange, but true. T-Mobile does not retain IP Session Information, but I find it hard to believe they can’t tell you who the IP address is assigned to? Maybe you can’t get “web behavior”, but not being able to get some sort of subscriber information or other identifying info for the IP address doesn’t make sense.
I’ve not yet had an investigation that involved an air card, but if they were not tracking “web behavior” they may not be retaining whatever data they do have for a very long time. I would think a preservation letter might be in order?
I would also want to send this website you mention the judicial process necessary to obtain all information submitted, disclosed or retained upon sign up. You might even be able to have the account shut down if there was a user agreement violation?
You can get general location information for data connections, but this is much less specific than for voice calls. The CDR that you will recieve will demonstrate this difference amply. This is because data traffic is handled by a different system than for voice calls. You will get only general geographic information here. What you will find is other types of data connections, that may lead you to a unique pattern for the individual that you seek. Also, as has already been posted, you absolutely will get subscriber information from the provider, if you submit the proper legal process to them. This is because the IP assignment must have an equipment ID attached to it at the time the IP was assigned…thus leading to identification of the owner of the equipment.