Chapter 22. Discovery of Internet Service Provider Records
Information in this chapter:
• Internet service provider records for IP addresses
• Example language for web-based e-mail addresses
• What to expect from an Internet service provider (ISP) subpoena
In this chapter we will look at various types of record requests and include the technical language for those requests. We have included links to websites where you can locate the custodian of records for nearly all of the Internet service providers. We show you how to find the custodian of records for a web address by following a step-by-step process you can perform using your Internet-connected computer, and we also show how to obtain subscriber information for web-based e-mail accounts.
Keywords
ISP Records, Internet Service Provider, Web-based E-mail, Custodian of Records
Introduction
The primary reasons for getting information from an Internet service provider are to obtain subscriber information and historical access information, or to find out who owns a website when the website is one of many connected to a single Internet address by a large corporation or by a shared hosting service.
Getting Internet service provider records is a reasonably straightforward process. To get the information you need, you will have to send the Internet service provider information that will assist them in locating the records you are after. Details on how to find the custodian of records for a web address are displayed through a step-by-step process you can perform using your Internet-connected computer.
In this chapter we will look at various types of record requests and include the technical language for those requests. Links to websites are provided where you can locate the custodian of records for nearly all of the Internet service providers. How to obtain subscriber information for web-based e-mail accounts is also discussed.
22.1. Internet service provider records or IP addresses
In order to submit a subpoena for an IP address, you must first know who owns the IP address. All IP addresses are owned by someone. When we say “owned,” we mean that in order for an IP address to be issued for use on the Internet, it must be either purchased from one of the suppliers of IP addresses, such as AT&T or UUNET, or it must be leased from someone who has the authority to provide the IP address to an individual or business.
22.1.1. How to find the Internet service provider for an IP address step by step
If you are starting from a Uniform Resource Locator (URL), which in people terms is an Internet address such as
www.guardiandf.com, you can perform a lookup on the web address to determine the numerical IP address for that domain name.
The simplest way to get the numerical IP address is to run, from your computer, a command called ping that will attempt to locate the server for the web. The ping command does this by performing a Domain Name Server (DNS) lookup first to see if it can find the server for the web address. If it can, it will respond with the numerical IP address.
22.1.1.1. Using the ping command
First, you must be connected to the Internet on the computer you are using to perform this type of lookup.
In Windows Vista, you can run this command by first clicking on your Start button and going to Accessories and then to Run on the menu.
This will open a dialog box as shown in
Fig. 22.1.
When you press Enter, you will be presented with a small window that is the command-line window. In this window, you enter the command
ping followed by the Internet address you are interested in. This is demonstrated in
Fig. 22.2.
When you press Enter, the
ping command will attempt to locate the server for the web address you entered. If it can be located, the results of the command will tell you the numerical IP address, as shown in
Fig. 22.3.
Now that you have the numerical IP address, you can take steps to determine who owns the IP address. One such service you can use for this, and there are a lot
of them, is
www.domaintools.com.
Figure 22.4 shows the screen where you enter the IP address of interest.
When you click on Search for Domain, the service will go out and locate the ownership records for the IP address. In
Fig. 22.5 you can see that the owner of this IP address is Yahoo! Inc.
Now that you know who owns the IP address, in this case Yahoo! Inc., you can take the steps you need to find the custodian of records for the subpoena.
22.1.2. Motion language once you know the IP address
Your subpoena language should include all of the IP addresses of interest that belong to the individual service provider, as shown in the following example.
Any and all subscriber records pertaining to the following IP addresses. Also include any information about the computer or user for the date and time that they were issued.
IP Address | Date Range |
---|
123.123.123.111 | June 1, 2009 to June 31, 2009 |
123.124.122.100 | July 1, 2009 to August 31, 2009 |
123.122.123.111 | July 1, 2010 to Present |
22.2. Example language for web-based e-mail addresses
Online or ISP-based e-mail addresses come up in cases so often that getting the subscriber information for them is another critical aspect of many legal matters.
The e-mail address itself will provide the information you need to locate the custodian of records. For instance,
gmail.com is Google, while
rocketmail.com,
yahoo.com and
ymail.com are all Yahoo!, Inc. e-mail addresses. This same language can be used for paid e-mail accounts as well, such as America Online (
aol.com), Road Runner (
rr.com), and so forth.
The language for getting the information is short, but to the point:
Any and all subscriber records regarding the identification of
[email protected] to include real name, screen names, status of account, login log, IP address log, detailed billing logs, date account opened and closed, method of payment, and detailed billing records.
22.3. What to expect from an internet service provider (ISP) subpoena
Depending on the Internet service provider and how much information they capture and store, you can expect to get back, at a minimum, the name and address for the account holder, if it is a paid service. In some cases you will also get the credit card, checking account, or other payment information.
You can also expect to get the contact e-mail address for the account holder.
Finally, you will get back the dates and times along with the IP address that was assigned to the account for the dates requested in the subpoena. In a best-case scenario, you will get the MAC address of the computer that was actually connected to the Internet service provider.
Summary
In this chapter we looked at examples of motion language for obtaining Internet service provider records. We found the owner of an IP address by following a step-by-step process using a Internet-connected computer. We looked at how to locate the custodian of records for an IP address as well. We also looked at how to determine the custodian of records for web-based e-mail addresses and the language to use for getting the subscriber information for a web-based e-mail account.