Cybercrime - Importance of the MAC Address and IP Address during a Digital Evidence Examination - Essay Example

Cybercrime 2 Introduction Cyber technology is a very complicated field and the Internet is being increasingly used as a place to commit crimes using personal computers and network-based computers. Gathering cybercrime information is also complicated given the nature of digital evidence. Digital evidence is fragile and can be modified or damaged due to improper examination or handling. Hence, exceptional precautions should be observed to preserve digital evidence since failure to do so may render the evidence unfeasible or result in inaccurate conclusions. When crimes are committed using various devices such as computers or other devices that are connected in a network, the media access control (MAC) address and the Internet protocol (IP) address comes in handy in the process of collecting and examining evidence relating to the crime. This essay will define MAC and IP addresses and discuss the importance of these addresses in the collection of digital evidence. The discussion will also examine instances in which MAC and IP addresses have been used in proving (or otherwise) cyber offences. MAC address A MAC address is defined as the distinctive numerical sequence that acts as an identifier for a device (such as a computer or a smartphone) within a network (Editors of the American Heritage Dictionaries 2006, p. 189). The MAC address is stored or built in the network interface card by the manufacturer of the card and is used in distinctively identifying each code in a network (EC-Council 2017, p. 34; U.S. Department of Justice 2004, p. 40). Networked devices use Ethernet, a system that is used for connecting two or more computers to create a LAN, with protocols that are used to control the passage of information and to prevent concurrent transmission by two or more devices. Ethernet uses the MAC address during the process of creating frames that are used in the transfer of information from a system (EC-Council 2017, p. 34). Importance of the MAC address during a digital evidence examination The MAC address is important in the process of examining digital evidence since it is one of the many pieces of information that needs to be secured and retrieved (U.S. Department of Justice 2004, p. 11). The process of gathering and examining digital evidence involves retrieving and documenting data from the internal storage devices of computers, which include the network interface card that stores the MAC address. The MAC address is important in the evidence gathering and examination process because it can be used to locate the source or origin of the device that has been used to commit a cyber offence. For instance, the MAC address can be used to trace the device that was used to send a malicious email. Email is one of the means through which many cyber offenders are able to send spam, distribute pornographic materials, send phishing emails and distribute hate emails (Banday 2011, p. 227). Emails are also used to propagate worms, viruses, Trojan horses and hoaxes (Banday 2011, p. 227). In the event that an offender uses their email to distribute any of the malicious messages or software, the device used by the offender can be traced if the MAC address of the device is located (Banday 2011, p. 237). The same applies if an offender uses their device to commit any other type of crime in a networked system of devices such as computers. Such information can be collected even for devices that are used in a wireless network such as the Bluetooth or Wi-Fi interfaces of smartphones and other computer devices (Andriotis, Oikonomou & Tryfonas 2012). All that the investigator needs is to determine the MAC address of the device that has been used in committing the crime, and this information will be used in determining the device that contains the network card in question (Wiles & Reyes 2007, p. 320). The only challenge that can arise in this regard is when the offender or any other person changes the MAC address through a process that is referred to as MAC spoofing (Wiles & Reyes 2007, p. 320). Instances in which the MAC address has been critical to proving (or otherwise) an offence As noted above, gathering cybercrime information is complicated given the nature of digital evidence. Information such as MAC addresses can be used by the prosecution to charge offenders in court, but only if such information is reliable enough to convince the court. This means that MAC addresses may be used to nail offenders, but courts can also reject such information if it is not convincing enough. In one case in the United States, the refusal by the Federal Bureau of Investigation (FBI) to produce the full details of a scheme used to track a suspected paedophile resulted in evidence against the suspect being set aside (Osborne 2016). The court trashed the evidence and ruled that evidence collected by the FBI could not be used as a legal basis for the evidence in the case. FBI had tracked the suspect and collected evidence such as MAC and IP addresses, but refused to disclose the full source code of the information in court. Although the judge did not dismiss the case, the evidence could not be used if the FBI did not reveal the details required regarding the method that was used to collect the evidence (Osborne 2016). IP address An IP address is a distinct address that is used to identify a device that is connected to the Internet (Editors of the American Heritage Dictionaries 2006). The IP address enables a system to be recognised by other systems that are connected using the Internet protocol (TechTerms 2016). Importance of the IP address during a digital evidence examination The significance of the IP address lies in the fact that in order for users to access the Internet, they must have an IP address (Hess & Orthmann 2010, p. 506). Since each IP address is unique, just like phone numbers are, it can be used in tracing perpetrators of criminal activity who use the Internet. It is easy to trace a criminal using the IP address that he or she uses to access the Internet because there is only a single IP address for each network connection, just as every house has an address (Hess & Orthmann 2010, p. 506). Therefore, the IP can be used to trace the location that a suspected offender was in when he or she accessed the Internet and committed a particular crime. IP addresses are commonly issued by Internet Service Providers (ISPs) or companies that provide access to the Internet (Hess & Orthmann 2010, p. 506). The most important point about IP address and ISP is that if the ISP and the IP address are known, such information can help investigators to reach a specific computer that was used to commit a crime and by extension, the specific person who used the computer in question to commit the crime (Hess & Orthmann 2010, p. 506). Thus, in any cybercrime investigation that involves the Internet, the most probable thing is that the investigator will have to track an IP address to a given location, preferably an individual (Wiles & Reyes 2007, p. 318). More importantly, since IP is assigned by an ISP, ISPs can act as an important link between a given user and the IP address that is being used (Wiles & Reyes 2007, p. 318). Therefore, an IP address is very critical in nailing cyber criminals and getting access to information about their activities. Instances in which the IP address has been critical to proving (or otherwise) an offence Even though an IP address can be used to trace the location from which a cybercrime was committed, the challenge is in proving that the suspect is indeed the offender. In one case in the United States, a judge dismissed a lawsuit that had been filed by a media company against a suspect who was accused of downloading and sharing a video illegally (Ernesto 2014). The judge argued that although the plaintiff had proved that geolocation software could trace the location of an infringing IP address, the same could not be used to provide the identity of the infringing person since an IP address is not a person (Ernesto 2014). In other words, getting the location of an infringing person may be easy, but proving that a specific person used that IP address is more difficult. Conclusion In conclusion, a MAC address identifies a device in a network while an IP address is the identifier for systems that are connected to the Internet. Both MAC and IP addresses are important in gathering and examining digital evidence pertaining to cybercrime. This is because the information obtained from a MAC address and an IP address can be used to trace the identity of the device that is used to perpetrate a crime as well as the location and possibly the identity of the perpetrator. However, the challenge for cybercrime investigators lies in linking the device or the address of the location from which a given cybercrime was committed to the person who is suspected to have committed the crime. References Andriotis, P, Oikonomou , G & Tryfonas, T 2012, ‘Forensic analysis of wireless networking evidence of android smartphones’, Paper presented at the 2012 IEEE International Workshop on Information Forensics and Security (WIFS), December, 2-5, 2012, Tenerife, Spain, viewed 3 April 2017, . Banday, MT 2011, ‘Techniques and tools for forensic investigation of e-mail, International Journal of Network Security & Its Applications (IJNSA), vol. 3, no. 6, pp. 227-241. EC-Council 2017, Computer forensics: investigating network intrusions and cybercrime, Cengage Learning, Boston, MA. Editors of the American Heritage Dictionaries 2006, High definition: An A to Z Guide to personal technology, Houghton Mifflin Company, Boston/New York. Ernesto 2014, ‘Judge: IP-address is not a person and can’t identify a bittorrent pirate’, TF, 24 March, viewed 3 April 2017, . Hess, KM & Orthmann, CH 2010, Criminal investigation, 9th edn, Delmar, Clifton Park, NY. Osborne, C 2016, ‘FBI refuses to release Tor exploit details, evidence thrown out of court’, ZDNet, 26 May, viewed 3 April 2017, . TechTerms 2016, IP address, 21 September viewed 2 April 2017, https://techterms.com/definition/ip_address U.S. Department of Justice 2004, ‘Forensic examination of digital evidence: a guide for law enforcement’, National Institute of Justice Special Report, viewed 2 April 2017, . Wiles, J & Reyes, A 2007, The best damn cybercrime and digital forensics book period, Syngpress Publishing, Inc., Burlington, MA. Read More