What server-side evidence can be used to conclusively identify a computer?

[John Connor]

So it is my VPN provider's settings in the client. That must be why that website didn't detect any use of OpenVPN.

 

[sn8ke]

I don't think it uses javascript. It uses stuff like MTU/mss sizes and TCP connection properties to figure it out. Different ciphers in openvpn have different values which can end of being a fingerprint in itself.

I know that's what I meant. I don't have javascript enabled anyway, but usually most things like that attempt to use js to detect or probe stuff and I found that site more accurate than those. I found the source code on github, there are calls to js but I didn't get a chance to look into it more. Might be unrelated website stuff.

 

[ZippyDan]

Most of you seem to be approaching my question from the perspective of someone seeking to avoid being tracked, whereas my intention is the opposite:

I have evidence of a crime that was committed from a specific IP, and I am wondering what evidence might exist (from an average computer user) that could narrow it down to a specific computer on that connection.

 

[lxskllr]

You'd have to specifically collect that information(browser fingerprinting), and I wouldn't consider that "beyond reasonable doubt" material, though it may be sufficient for a warrant. Your server?

 

[A5]

There probably isn't anything you can do right now that would be admissible in court.

Contact the relevant authorities and make sure they know that you have some evidence that a professional forensic investigator may be able to get something from.

 

[sn8ke]

Most of you seem to be approaching my question from the perspective of someone seeking to avoid being tracked, whereas my intention is the opposite:

I have evidence of a crime that was committed from a specific IP, and I am wondering what evidence might exist (from an average computer user) that could narrow it down to a specific computer on that connection.

After the fact, not much beyond logs unless there were other mechanisms already in place. The chances of the person in question actually using their own connection are pretty low too. To put it into perspective, even governments can barely trace and attribute cyberattacks and their number one tool is usually informants/honeypot situations. But what a company usually does is hire forensic investigators to look over the breach and logs to attempt to trace back or find relevant information left behind. It largely depends on what kind of crime or attack it was.

But knowing the methods of how to avoid being tracked are also useful as you can use them to effectively work backwards in a way or from an attacker's perspective.