Description:TECHNICAL FIELD
The present disclosure relates generally to data forensics, and more specifically relates to finding, obtaining, processing, analyzing, and documenting electronically stored material.

BACKGROUND ART
[0001] An IP address is a unique address that identifies a device on the Internet or a local area network. IP stands for "Internet Protocol" and is a set of rules that regulate the format of data sent over the Internet or local area networks. Basically, an IP address is an identifier that allows you to send information between devices on your network. The IP address contains location information that allows the device to communicate. The Internet needs a way to distinguish between different computers, routers, and websites. IP addresses provide one way to do this and are an important part of how the Internet works.

[0002] IP addresses aid in tracking user online behavior and, in most cases, identifying those who engage in illegal online activities. If any illegal media or software is downloaded, the company that owns the copyright can identify and track the IP address from which you downloaded the file.

They can't be certain that you did it, but they can find out which ISP owns that IP address and send them a complaint to pass along to you. They will be able to identify who used the IP address when the illegal activity was detected because they are IP address providers. Furthermore, IP addresses are used to track down the perpetrators of phishing and spam emails. Email clients and email marketing software can both record messages.

[0003] Spam email is frequently sent for business purposes. Many companies still utilize spam, despite the fact that some people think it's unethical. Businesses can continuously send out large numbers of emails since the cost per message is so low. The harmful attempt to enter your computer through spam email is another possibility. Because it can come from botnets, spam email can be challenging to stop. A network of previously compromised computers is known as a botnet. As a result, it may be challenging to stop the initial spammer.

[0004] Nowadays, there are techniques that exists which can help track the IP addresses. For example, reference can be made to US6345283B1 which discloses forensic analysis of textual and binary data stored in the computer. Further, reference can be made to US patent application number US20020078382A1 which discloses identifying and detecting any configuration changes made to information systems within a network. However, none of the known techniques disclose techniques for identifying unauthorized users by tracking and tracing internet protocol address.

OBJECTS OF THE INVENTION

[0005] The principal object of the present invention is to provide techniques for identifying unauthorized users.

[0006] Another object of the present invention is to provide techniques for tracking and tracing any internet protocol (IP) address.

[0007] Another object of the present invention is to provide techniques for identifying location and other related information from any IP address.

[0008] Another object of the present invention is to provide techniques which can track IP address from headers present in communications.

[0009] Another object of the present invention is to provide techniques for visually representing a route for mapped geographical location.

SUMMARY OF THE INVENTION

[0010] In one embodiment, a system identifying unauthorized user is disclosed. The system comprises a server, a network, a plurality of user devices connected to the server via the network and a hardware-based storage device, wherein the hardware-based storage device stores information related to internet protocol (IP) address and the information related to IP address includes location, holder information and registration information.

[0011] In another embodiment, a method for identifying unauthorized user is disclosed. The method comprises establishing a connection between a server and a plurality of user devices, storing, in a hardware-based storage device, information related to internet protocol (IP) address, wherein the information related to IP address includes location, holder information and registration information.

BRIEF DESCRIPTION OF DRAWINGS
[0012] Figure 1 illustrates a system for detecting unauthorized user, in accordance with one embodiment of the present invention.
[0013] Figure 2 illustrates routing of request through a plurality of servers, in accordance with one embodiment of the present invention.
[0014] Figure 3 illustrates a hardware-based storage device using user device, in accordance with the present invention.
[0015] Figure 4 illustrates a hardware-based storage device using an intermediate device, in accordance with the present invention.
[0016] Figure 5 illustrating a flowchart of a method for detecting unauthorized user, in accordance with the present invention.

DETAILED DESCRIPTION OF THE INVENTION
[0017] While the present invention is described herein by way of example using embodiments and illustrative drawings, those skilled in the art will recognize that the invention is not limited to the embodiments of drawing or drawings described and are not intended to represent the scale of the various components. Further, some components that may form a part of the invention may not be illustrated in certain figures, for ease of illustration, and such omissions do not limit the embodiments outlined in any way. It should be understood that the drawings and the detailed description thereto are not intended to limit the invention to the particular form disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternatives falling within the scope of the present invention as defined by the appended claim.
[0018] As used throughout this description, the word "may" is used in a permissive sense (i.e. meaning having the potential to), rather than the mandatory sense, (i.e. meaning must). Further, the words "a" or "an" mean "at least one” and the word “plurality” means “one or more” unless otherwise mentioned. Furthermore, the terminology and phraseology used herein are solely used for descriptive purposes and should not be construed as limiting in scope. Language such as "including," "comprising," "having," "containing," or "involving," and variations thereof, is intended to be broad and encompass the subject matter listed thereafter, equivalents, and additional subject matter not recited, and is not intended to exclude other additives, components, integers, or steps. Likewise, the term "comprising" is considered synonymous with the terms "including" or "containing" for applicable legal purposes. Any discussion of documents, acts, materials, devices, articles, and the like are included in the specification solely for the purpose of providing a context for the present invention. It is not suggested or represented that any or all these matters form part of the prior art base or were common general knowledge in the field relevant to the present invention.
[0019] In this disclosure, whenever a composition or an element or a group of elements is preceded with the transitional phrase “comprising”, it is understood that we also contemplate the same composition, element, or group of elements with transitional phrases “consisting of”, “consisting”, “selected from the group of consisting of, “including”, or “is” preceding the recitation of the composition, element or group of elements and vice versa.
[0020] The present invention is described hereinafter by various embodiments with reference to the accompanying drawing, wherein reference numerals used in the accompanying drawing correspond to the like elements throughout the description. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiment set forth herein. Rather, the embodiment is provided so that this disclosure will be thorough and complete and will fully convey the scope of the invention to those skilled in the art. In the following detailed description, numeric values and ranges are provided for various aspects of the implementations described. These values and ranges are to be treated as examples only and are not intended to limit the scope of the claims. In addition, several materials are identified as suitable for various facets of the implementations. These materials are to be treated as exemplary and are not intended to limit the scope of the invention.
[0021] Referring to FIG. 1, a system 100 for detecting unauthorized users is illustrated. The system 100 shows a server 102 and a plurality of user devices 104 connected with the server 102 via a network 106. The plurality of user devices 104 may try to establish a connection with the server 102 for accessing content. For example, the content may be results relating to the web server. In one embodiment, the content may also include sending communications to other users via email communication. As shown in FIG. 1, the user devices 104 may be any computing devices which are compatible to access the internet, for example, but not limited to, mobile device, computer device, laptop, tablets, etc.
[0022] The server 102 may be placed at a physical location and a plurality of user devices 104 from all over the world access the server 102. As explained above, the server 102 is able to recognize a user device 104 from the plurality of user devices 104 using a unique internet protocol (IP) address associated with each of the user device 102. Generally, the IP address is divided into multiple sub parts which can help the server identify the user device more efficiently and quickly. In addition to recognizing the user device, the server 102 is also able to identify location of the user device 104 from which the request for accessing the content is being sent. The tracing of location of the user device 104 generally helps the server 102 to take appropriate actions in case the user devices 104 are trying to access an unauthorized content from the server 102.
[0023] In one embodiment, any IP address can be traced and tracked. Any IP address may include IP address of any user device 104. In one embodiment, the IP information may include public address of a web server to reveal geographic information, holder information and registration information of the server. In one embodiment, the IP address may be IPv4 or IPv6 addresses. In one embodiment, the IP address may be 32-bit or 128-bit address. In one embodiment, the IP address may be associated with email communications. The email communications may include headers in them. The headers may include IP addresses.
[0024] Although, only one server 102 is shown, there may be a plurality of servers which may be placed at different locations. For example, FIG. 2 shows requests being routed to server 102 via a plurality of servers. Thus, to access the server 102 placed at location 4, the request from the user device 104 may be routed through servers placed at location 1, location 2, location 3. Thus, a visual route may be created for the request routed from the user device 104 for accessing the content from the server 102. In order to identify a user device 104 which is trying to access the content from the server 102 in an unauthorized way, it is necessary to identify the visual route of the request. Thus, once the visual route is traced, it is then easy to identify the user device 102.
[0025] Referring to FIG. 3 now, a hardware-based device 300 for tracking and tracing of IP address and creating visual route of request is provided. The hardware-based device 300 may be in the form of an IP address investigator kit which can have multiple functions. In one embodiment, the tool 300 may be used to provide complete details about the IP address, for example, but not limited to, IP address, location of the IP address, the visual route followed by the request to reach a server, IP address from the email communication, etc.
[0026] In one embodiment, the hardware-based device 300 may be a storage device. For example, the hardware-based device 300 may be a universal serial bus (USB) storage device. However, the device 300 is not limited to the USB storage device and may include any storage device.
[0027] The user device 104 may store all the information relating to the IP address, such as location of the server, visual route of the request. A user can access the stored information via the hardware-based storage device 300. The storage device 300 may include a storage component 302, a plurality of connectors 304 for connecting with the user device 104, a power component 306 and a plurality of busses 308.
[0028] The information about the IP address may be stored in the storage component 302. The storage component 302 may be a non-volatile component and hence can retain its value even when the power is removed. To power the storage device 300, the storage device 300 may be connected to the user device 104. Once the storage device 300 is connected to the user device 104, the storage device 300 may be powered using the power component 306. To connect the storage device 300 with the user device 104, the plurality of connectors 304 may be used. The plurality of connectors 304 may include a plurality of pins which can be inserted into openings provided into the user device 104. The data can be transferred between the user devices 104 and the storage device 300 using the plurality of busses 308.
[0029] In one embodiment, the information about the IP address may be stored in an intermediate device 400. This embodiment is shown in FIG. 4. The hardware-based storage device 300 may be connected with the intermediate device 400 to access the information about the IP address. The accessed information can then be stored in the storage device 104. In one embodiment, the information about the IP address may be accessed by a network administrator or a network expert.
[0030] In one embodiment, the user device 104 and the intermediate device 402 may also store IP addresses from the headers of the email communication. The hardware-based storage device 300 may then while accessing the IP address from the user device 104 and the intermediate device 402 can also access and store the IP address from email communication.
[0031] In one embodiment, the hardware-based storage device 300 may also provide scalable and flexible IPv4/IPv6 address management solutions. In another embodiment, the hardware-based storage device 300 may also provide open-source, lightweight, and cross-platform network scanner. In another embodiment, the hardware-based storage device 300 may also provide techniques for exploring Http servers, browsing shared resources on remote computers, and command-line support.
[0032] Referring to FIG. 5 now, a method 500 for tracking and tracing IP addresses is illustrated. At step 502, the method comprises establishing a connection between a plurality of user devices 104 and a server 102. At step 504, the method comprises tracking and tracing IP addresses of the user devices 104. At step 506, the method comprises identifying location and other information from the IP addresses. At step 508, the method comprises identifying IP address from the email communication. At step 510, the method comprises storing the IP address in the hardware-based storage device 300.
[0033] The various actions, acts, blocks, steps, or the like in the flow diagram may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some of the actions, acts, blocks, steps, or the like may be omitted, added, modified, skipped, or the like without departing from the scope of the invention.
[0034] Although particular embodiments of the invention have been described in detail for purposes of illustration, various modifications and enhancements may be made without departing from the spirit and scope of
, Claims:I/We Claim:
1. A system (100) for identifying unauthorized user, the system comprises:
a server (102);
a network (106);
a plurality of user devices (104) connected to the server via the network;
a hardware-based storage device (300), wherein:
the hardware-based storage device stores information related to internet protocol (IP) address,
the information related to IP address includes location, holder information and registration information.

2. The system as claimed in claim 1, wherein the hardware-based storage device is a universal serial bus (USB) storage device.

3. The system as claimed in claim 1, wherein the hardware-based storage device further stores visual route of the IP address.

4. The system as claimed in claim 1, wherein the hardware-based storage device stores any IP address.

5. The system as claimed in claim 1, wherein IP address is extracted from headers of email communication.

6. A method for identifying unauthorized user, the method comprises:
establishing a connection between a server and a plurality of user devices;
storing, in a hardware-based storage device, information related to internet protocol (IP) address, wherein the information related to IP address includes location, holder information and registration information.

7. The method as claimed in claim 6, wherein the hardware-based storage device is a universal serial bus (USB) storage device.

8. The method as claimed in claim 6, further comprises storing visual route of the IP address.

9. The method as claimed in claim 6, wherein the hardware-based storage device stores any IP address.

10. The method as claimed in claim 6, wherein IP address is extracted from headers of email communication.

Dated this 22 Sept, 2022