Just one update to your process based upon the date the email was sent from the source. The date you highlighted is not the date to be referenced as that is the source system's date & time and could be inaccurate. The date/time you want to use is the date and time from the last (bottom) mail server in the stack. Unless the sender has influence over the initial receiving mail server, but this would be easily observable by the difference in time from the next mail server in the stack (the next entry above the last mail server being reviewed). Using these date/timestamps along with geolocation data of the IP registration will indicate if the times are off, possibly indicating an effort to hide the source location. This would also be the date/time you would actually need to submit in any subpoena if you are to obtain accurate records. Other than that, a well-done education piece.
Good video, I didn’t know about that tracer program at the end, that’s pretty cool. When I worked at an ISP about 5 years ago that kind of geolocation data was expensive, and usually locked behind a pay as you go API. I want to point out that Ashburn VA is a major data center hub. Like every FAANG company has a major presence there, plus tons of other data centers and ISPs, and even T1 carriers. Even the small ISP I worked for had a presence there. When you see an IP originating from Ashburn it’s almost certainly not really. It’s more likely that’s either a web client, or the originator is using some kind of VPN or VPS that runs in a data center there.
@@Tom-sg4iv You're right, the email trace route won't show the exact path the email took to reach the inbox, so mistake on my part. But it can still help identify the originating server, which can be useful for further investigation.
@@moneyman6227 your subpoena must be signed by a judge or magistrate or else it’s not valid. They may also ask you to provide your badge number or other law-enforcement credentials.
Maybe then they send a court ordered subpoena to the Starbucks for all of their camera footage and use facial recognition to identify everyone on the premises for the exact date/time the wifi connection was used. They could trace the SIM cards near exact location via triangulation with something like a stingray device. But I’m just guessing I don’t know for sure. I heard a podcast where someone got caught that way. They narrowed down the apartment building where the guy lived this way.
@@sheldonthomas8773 at that point, law-enforcement would probably review security camera footage from inside the Starbucks and match up the timestamps to when the email was sent. That could help them identify the sender.
@@Chel10sea, you don’t have to be literally in the store, could stay outside, that way he can use face covering to avoid the outside camera and of course your going to leave your primary device at home. I said no SIM card, and some SIM card can be purchased anonymously.
@@vexed3185 generally yes, however, law enforcement has ways around this too so I recommend refraining from sending malicious emails in the first place.
@@Ethical_J Thanks. I have another question, I hope i make it clear. When we send an email, our computer or the sender server has to now where the destination is, so it got to has the IP, so when can we do something like a reverse traceroute like tracking/pinging every hops between us and the reciver and get their IP?
@@vexed3185 your computer and sending server do not actually know the destination IP. The servers only know what sever to send the mail to next. This is determined via DNS lookup. You can do a traceroute like I did in the video once you get the original IP address from the header but unless it is the sender’s public IP address, you will only be able to trace it back to the internet providers server (like google for gmail). Same for a reverse traceroute as far as I know. This is when you would use a subpoena. Hope that answered your question.
This sounds like you sat through a for pay hacking web series or seminar by folks that know F-all about cybersecurity nor how those 3 letter agencies gather their information and intel. What you are describing is what a small police force would use or ask of a moderate sized police force not the FBI/NSA/CIA/DOD uses at all.
This is a very basic technique but it is used often in computer forensic investigations. I’m sure you’ll be interested to know that I learned this process from the Department of Defense Cybercrime Center…so yeah it’s something DoD criminal investigators actually use in the field.
I think voter registration information, including party affiliation, is public data in every state. Figuring out the leanings of unaffiliated voters might take a bit more work but certainly do-able.
Mrs Richards: "I paid for a room with a view !" Basil: (pointing to the lovely view) "That is Torquay, Madam ." Mrs Richards: "It's not good enough!" Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window ? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically across the plains?..." Mrs Richards: "Don't be silly! I expect to be able to see the sea!" Basil: "You can see the sea, it's over there between the land and the sky." Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction." Basil: "Why?! Because Krakatoa's not erupting at the moment ?"
Just one update to your process based upon the date the email was sent from the source. The date you highlighted is not the date to be referenced as that is the source system's date & time and could be inaccurate. The date/time you want to use is the date and time from the last (bottom) mail server in the stack. Unless the sender has influence over the initial receiving mail server, but this would be easily observable by the difference in time from the next mail server in the stack (the next entry above the last mail server being reviewed). Using these date/timestamps along with geolocation data of the IP registration will indicate if the times are off, possibly indicating an effort to hide the source location.
This would also be the date/time you would actually need to submit in any subpoena if you are to obtain accurate records.
Other than that, a well-done education piece.
Dude, you're awesome! This was detailed and well-spoken!
@@ProducerGio thank you!
Good video, I didn’t know about that tracer program at the end, that’s pretty cool. When I worked at an ISP about 5 years ago that kind of geolocation data was expensive, and usually locked behind a pay as you go API. I want to point out that Ashburn VA is a major data center hub. Like every FAANG company has a major presence there, plus tons of other data centers and ISPs, and even T1 carriers. Even the small ISP I worked for had a presence there. When you see an IP originating from Ashburn it’s almost certainly not really. It’s more likely that’s either a web client, or the originator is using some kind of VPN or VPS that runs in a data center there.
I just came across this channel, I feel like it has so much potential! I hope you continue to upload more Longer videos!
@@Dr_Larken thank you for the positive comment and support! It means so much!
This was neat. I have no idea how I arrived here, but hey! Thanks for the information!!
Im so glad you found it interesting! Thanks for watching!
Same here lmao
Thank you for this video, its really helpful, more than you think
Your trace route has nothing to do with the route the email took to your inbox.
@@Tom-sg4iv You're right, the email trace route won't show the exact path the email took to reach the inbox, so mistake on my part. But it can still help identify the originating server, which can be useful for further investigation.
please make more videos like this would be happy to learn
Glad you enjoy the video! I would be happy to make more!
Please do.@@Ethical_J
Thanks a lot Sir 🙏 u just got a new subscriber today 😅
@@FredYduciel thanks for watching!
Awesome
Make more videos especially about topics related to law enforcement and cyber crime
16:41 lol “…if you’re a civilian, i do not recommend you go any further…” pencils down, class.
cool video though 👍
😂 lol yeah disclaimers are key. Glad you liked it and thanks for watching!
Excellent video man!
@@G9Dsprite thanks for the support man!
Ethical J Please do a video of malware Analysis?
That was fantastic! The last software was new to me... Any advice on how to prevent all of this?
Stop using the internet.. Don't reply cos you are monitored
@@elvisgregor8403 Thanks for the concern-it's an interesting perspective, but I believe staying informed is the best way to stay secure online.
love these fucking tiny pop-up youtube osint channels... always the best stuff!
@@vak2586 lol thank you so much for the support!
Great video. 👊🏼
@@florecista1 thanks for watching!
So if I hypothetically make my own subpoena on a vpn and send it to Verizon how do they check if im actually law enforcement or do they not… 😁
@@moneyman6227 your subpoena must be signed by a judge or magistrate or else it’s not valid. They may also ask you to provide your badge number or other law-enforcement credentials.
What if the person use a cheap burner phone with no SIM card and create a cloud email on a Starbucks WiFi?
Maybe then they send a court ordered subpoena to the Starbucks for all of their camera footage and use facial recognition to identify everyone on the premises for the exact date/time the wifi connection was used. They could trace the SIM cards near exact location via triangulation with something like a stingray device. But I’m just guessing I don’t know for sure. I heard a podcast where someone got caught that way. They narrowed down the apartment building where the guy lived this way.
Or if the suspect had their personal device on or near them while using the burner that could be another technique for identifying them.
@@sheldonthomas8773 at that point, law-enforcement would probably review security camera footage from inside the Starbucks and match up the timestamps to when the email was sent. That could help them identify the sender.
@@Chel10seado you have a link to that podcast?
@@Chel10sea, you don’t have to be literally in the store, could stay outside, that way he can use face covering to avoid the outside camera and of course your going to leave your primary device at home. I said no SIM card, and some SIM card can be purchased anonymously.
pretty nice. I work as an IT-Foreniscs analyst for German law enforcement (subject area: CSAM). Nice to see how it's going on in another country😀
@@BufferTheHutt thank you for watching and for working to bring down child predators!
Is this my neighbor V. Jadon?
I remember I had something like this happen and the FBI didn’t help. What are they good for?
There not there for u remember that
Does VPN prevent them to track me?
@@vexed3185 generally yes, however, law enforcement has ways around this too so I recommend refraining from sending malicious emails in the first place.
@@Ethical_J Thanks. I have another question, I hope i make it clear. When we send an email, our computer or the sender server has to now where the destination is, so it got to has the IP, so when can we do something like a reverse traceroute like tracking/pinging every hops between us and the reciver and get their IP?
@@vexed3185 your computer and sending server do not actually know the destination IP. The servers only know what sever to send the mail to next. This is determined via DNS lookup. You can do a traceroute like I did in the video once you get the original IP address from the header but unless it is the sender’s public IP address, you will only be able to trace it back to the internet providers server (like google for gmail). Same for a reverse traceroute as far as I know. This is when you would use a subpoena. Hope that answered your question.
what if you use a vpn
@@Bryan-eg7si most VPN companies can still be subpoenaed for their records
The most useless first 60 seconds of any video...wasted my time...not going to waste any more
@@jacklewis100 lol thanks for the view!
This sounds like you sat through a for pay hacking web series or seminar by folks that know F-all about cybersecurity nor how those 3 letter agencies gather their information and intel. What you are describing is what a small police force would use or ask of a moderate sized police force not the FBI/NSA/CIA/DOD uses at all.
This is a very basic technique but it is used often in computer forensic investigations. I’m sure you’ll be interested to know that I learned this process from the Department of Defense Cybercrime Center…so yeah it’s something DoD criminal investigators actually use in the field.
fbi is so bad
Also, how do they find those who have "incorrect" political views. Non democrat essentially.
I think voter registration information, including party affiliation, is public data in every state. Figuring out the leanings of unaffiliated voters might take a bit more work but certainly do-able.
Mrs Richards: "I paid for a room with a view !"
Basil: (pointing to the lovely view) "That is Torquay, Madam ."
Mrs Richards: "It's not good enough!"
Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window ? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically across the plains?..."
Mrs Richards: "Don't be silly! I expect to be able to see the sea!"
Basil: "You can see the sea, it's over there between the land and the sky."
Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction."
Basil: "Why?! Because Krakatoa's not erupting at the moment ?"