IP Addresses in Online Investigations - A simplified view of an IP Address and how police use it to find a suspect on the Internet.

The key to any online investigation is finding out who is the source of the criminal activity. Online, the police cannot stop you and ask for your license. They cannot put you in front of a lineup and have a victim ID you. Instead, they track suspects by IP address.

An IP address , or internet protocol address, is like your street address on the internet. Every computer on the internet has an IP address. Going to a website is like sending mail to a street address. Your computer sends a request to the IP address of a web server. On that request, your computer puts its return address. The web server receives the request, and writes a return to that return address. This is, of course, a simplification of what really happens. It is just meant as an illustration of how an IP address functions.

Like a street address, there can often be many people associated with one IP address. Compare, for example, a small business located at one street address. There may be 20 people working at the address. They may all be using the same IP address on the internet. They do this by a use of a router. Most people have routers at home and they understand that it lets their entire household use their one internet connection. That router is actually letting everyone share the same IP address.

Unlike a street address, IP addresses can change frequently. Some addresses can change every few hours, few days, or every time you restart the computer. Other addresses are more permanent and do not change without someone manually changing them. IP addresses for home users are rarely constant.

When police find an IP address of a suspect they must go through various steps to find who was using that IP address. Service providers such as Cox, Comcast, or Verizon own IP addresses and assign them to their customers. Some IP addresses are owned by large companies like Intel, or Microsoft, who use them for their computers at their offices. Police will find out which company owns that IP address in question. They will then contact that company and find out who was using that address at that date and time. The company will check its records and produce a report for the police. Typically, the large service providers can associate an IP address with a street address. Large companies can usually point to a single computer that was using that IP address at that time. Police will then go to that street address or computer to conduct further investigation and find out who was there.

Does this prove that a computer at that street address sent the messages or material in question? No. There are a number of factors at play, such as the number of people using that IP address. If there is an unsecured wireless router at that address, if that street address was using a different IP address near that time. There are a number of factors at play and it takes someone skilled in this area of technology to determine what really happened.

If you are the subject of an online investigation, you should hire an attorney who understands the technology and can defend you against the allegations. You may also need to hire an expert witness to explain to the jury what is wrong with the investigation and why it does not prove you are guilty.