I highly doubt anyone in Ed's family would be doing that - although he sure knows his family better.

Spoofed email using some random IP - very much possible. Remember, police is government, they generally don't need to subpoena an ISP for IP data (the way RIAA had to do when they were tracking file sharers). It might very well be they suspect the IP is spoofed, but decided to check on it anyway. Who knows, maybe this investigator was bored, and wanted to get out of the office, see the countryside a bit, nd told his computer illiterate police chief that 'this merits personal investigation'.

Far as I know, ISPs keep logs of IP assignments. I had a problem with my service once, and when I called support, they looked it up, and said their logs showed that my modem was randomly getting plugged and unplugged fort past couple days. They sent a tech - turned out it was a loose cable connection outside. But the fact is, not sure how far back, but they keep the logs. At least Optimum does.

The option that someone got a backdoor installed on one of your PCs, is possible. When a worm infects a PC, via an email, a malicious website script, an infected download etc, it reports back to the originator. Chain letter email lists are prime targets since people who send those on are usually less computer savvy, and are more likely to be unprotected. Once someone gets a backdoor installed on your PC, they can use it to snoop your data, send emails, etc.
Protection against something like that is simple: have a good security package. Many people dislike it, but Norton Internet Security has been keeping all my systems clean and secure for years.
A bit of advice: in case your system is not protected, do not buy/download security software just yet. If police decides to examine your PCs, they will likely scan them and if they find the worm, it will be a positive in your favor. Your PCs would be returned to you with a stern advice to 'install some protection' - an advice well worth following.

Hoakie makes a good point. I think if they had any intentions of taking the PCs they would have already done so.

Even so, backing up is always a good idea.

If/When they take the computers (type? Windows PC, Mac, Linux, Unix?) You will probably be barred from touching anything and may be ordered outside. They will probably take all your discs and such, looking for evidence on them (floppies, cd's, dvd's etc). So any backups you have would be covered as well (no copies). When they get them to their labs, so not to screw up evidence (not saying they wouldn't, have seen vindictive law enforcement), they hook them up to a disc duplicator. (an expensive piece of electronics, that directly copies EVERY bit of the drive, to multiple copies), They use the copies to check for everything from date stamps (we have evidence that this email was sent at XYZ on XZY, what does the date stamps from them show), to directories (any illegal stuff, that would allow us more time to process, aka child porn), to encrypted directories (give us the password or don't get your drive back).

Computer forensics is an interesting field. It was almost a profession by accident for me (didn't want to move).

You say your pc's are hooked to a router? Brand and model? (want to know if it is a nat box (network address translation, aka poor man's firewall). If not (just a router/hub/switch), you would be wise to get one. (wired, wireless as well). Let's see if you have a weak spot that needs fixing NOW.

However, if you stop and think about it, you would think that if they thought they might want the computers as evidence someday, they wouldn't have tipped their hand as to what they were looking for. If Ed HAD sent the threats, he would now know what they were looking for and why. It wouldn't be hard for him to destroy the evidence while they went and got their warrant.

Just a thought.

back it up

Yeah, back up the hard drives. For two reasons, not just one.

The mentioned reason is that if they come back with a warrant and take the pc's, well, they might not give em back for a while. And when they do, who knows the integrity of the data. And you cannot know they won't come back. That is, if they drove of from Illinois, they didn't do it on just some lark but for a real suspicion. But, they might not have had enough to get a warrant yet. This may only have been a meet and greet, to judge the suspect and get his demeanor. If you didn't pass their muster, they may go and get a warrant. Plus, maybe you gave em something to go back and get a warrant with. For example, they didn't know fer sure you had a computer. Pretty hard to get a warrant to search a computer without knowing you had a computer. Despite the present state of affairs with the secret police in this country, regular police must still first sign out an affidavit based on some sort of knowledge to get a warrant.

Okay, so reason number two. And this is much more a devil's advocate approach, but you'll need the back-up to perhaps defend yourself. That is, if they take the computer and claim there's info on there, then how are you gonna attack that claim without having something. After all, you can't get back that computer, and your expert witness won't have access until charges are filed and discovery allowed. On the other hand, if you already had a back-up, you can have that analyzed by your own people to determine if they're bluffing before even walking into the box for the interrogation. Now, to do such a thing, you'd want to not just simply back-up selected files, this won't do much good, but rather to "mirror" the drive as in copy the whole she-bang. Temp files, pref files, driver files, data files, etc. Don't know which is a better program for this, but Norton GHost or something comes to mind. Then again, as a Norton product, I might not get it!

Anyway, maybe somone here can give better info on a complete mirror-type backup program.

Oh, and finally, as a former Flatlander, I must say that as a Hoosier, you should really turn yourself in to the superior Flatlanders, since as a people, Hoosiers will lose every time. Fess up.

Curt J.

I'll have to find a way to back them up. I don't have an external hard drive, but maybe I should invest in one real soon. No telling how long it would take to back things up. I've been backing up from one computer to another, but if they take them, they'll take all of them. So my backups will be gone.

Ed

I would get a way to backup all those pictures!!! If they take the computers you may not seem them for a long time. I doubt that they would let you touch them once they determine that they want them. More importantly those hard drives could go out at any time then you are out of pictures!!

Glad things went well... so far. You might want to do the backup now. (It's a good idea generally). If they decide that they need them, when they return with a warrant, they won't want to wait around for you to perform backups. They probably won't want you to even touch them.

I'd stay up late tonight doing that.

There are basically three ways (that I can think of at the moment) this happened:
1: You, your wife, your kids, grandkids someone with access to your computer sent the threats.
2: Someone is making it look like your computer(s) is sending the threats.
3: Some program is on your computers is allowing someone to get access to it, allowing them to do whatever they feel like.

If 1 then which one is it? You said it's not you and family.
If 2 then you need to find out who is doing it and why, lawyers, detectives, etc are needed.
If 3 then you need to find the program(s) and stop them. And hopefully find clues on who is behind it.

It will probably be easier to eliminate 1 & 3 than it will be to eliminate 2. And also a lot cheaper / quicker.

O.K. Got it. Thank you. I didn't tell them I have more than 1 computer. But they're welcome to take a look at all 3 if they desire. The only reason I wouldn't want them to take them is because I have a ton of stuff on them that can't easily be replaced, like a lot of old family pics, etc. If they want the computers, I hope they'll let me back everything up before they take them. If they wiped out that stuff, I'd be more than a little upset.

Ed

Ed, first - glad to hear it went well.

Your router gets an IP address from your ISP. The modem does not get the IP address, it just translates what the ISP sends it to something the router can understand. Depending on how the ISP has things set up, it may change or it may not. My router keeps the same address so long as the modem is connected. As was said, unless the email headers contain your machine specific info, the best the cops can do is trace the emails to the IP addy of your router and even then it might have belonged to someone else at the time those emails were sent.

Glad to hear all turned out OK for you Ed.

Tim.

I have a DSL modem, so I guess that means a broadband router? The modem is turned off rarely, when I have a problem connecting. So the IP address will not change unless the modem is turned off?

What do you mean by "You will need to check over ALL three computer to be safe"? Check them for what?? I'm pretty clueless. Thanks for the help.

Ed

If you have a router with three computers hooked up. I'm going to go out on a limb a little and say you have a broadband router. You probably have a cable modem, or DSL modem. Your router & modem is always connected. The cable/DSL modem is the IP that some of the people are talking about. You probably leave it on all the time. Some ISP's will not change IP numbers on you, or so rarely that it almost like a static IP (the number permanently assigned to you).

You will need to check over ALL three computer to be safe!!

I'm pretty much a dummy when it comes to things like that. I have 3 computers running off a router, which is turned on early in the morning. Is that when I get a new IP (whatever that is) address? Or do I get it when I actually use a computer to get online? What if 2 computers are online, but connect at different times?

I was told the e-mails began in December, and there have been several sent since then. They didn't say they were all from my address, but that's the way I took it. If the address changes, and they all came from my addresses, it only seems reasonable they would take my computers. Man, I really need a lesson on how this stuff works.

Ed