Every piece of data on the internet is transmitted with an associated IP address attached to it. This address contains specific information about, but not limited to, its owner, web domain, computer name, and geolocation.
Because there is a limited time frame in which internet service providers store data from their subscribers, a cyber investigation team must act swiftly to first assess the situation and then explore all options. An embedded challenge is that there is no legal obligation for an internet service provider to comply with a formal request from a victim seeking identification or data preservation.
For this reason, a critical step in the cyber investigation process is retrieving the IP addresses of the parties in question. Internet service providers retain this information, and they can provide us with these IP addresses and other crucial data—often reluctantly after receiving a subpoena, warrant, or court order from our team.