# Network Monitoring - LogMeIn



## amos618 (Jul 22, 2015)

My laptop was hacked into using LogMeIn remote access software by a former colleague of mine. Is there a means of reverse tracing the hack through my network logs from a few months ago? How would I go about reverse tracing where it came from digitally? Is there a record of my network input/output on my home networks?


----------



## amos618 (Jul 22, 2015)

*Reverse Trace Network Activity*

Is there a way to reverse trace network activity from a few months ago? How would I go about doing so? Thank you!


----------



## joeten (Dec 4, 2008)

Hi, again please stop making multiple threads on the same issue, 1 thread is sufficent more than one can get you an infraction for multiple posting.


----------



## joeten (Dec 4, 2008)

Threads merged.


----------



## MartyF81 (Jan 23, 2013)

You can look in system logs, but they are massive and I am not sure you will find something from that many months ago. Your best bet is within the same day because logs are condensed and purged as they age... and unless you specifically installed monitoring software in advance they are not going to be that detailed past 24 hours, if they were you would run out of space on your computer pretty quickly..

This should help you find them: Apple Tips OSX Log Files

I am not familiar enough with them to determine if they even log the IP address connecting.

However, I would be remiss to not give you some friendly feedback. 

1. This is probably a waste of your time anyway, because even if you did find the IP address (which is like finding a needle in a 10,000 haystacks at this point), you would need a court order to determine who was behind that IP address and even with a court order the ISP is going to resist and appeal giving up who it was for a long time. It would be a long and costly drawn out battle in court that you would need a lawyer to fight for you.

2. You are not going to be able to get a court order on your own, and especially won't because you would have to be able to forensically explain how you determined the IP address you found in the logs was your attacker. You would need a forensics expert to to testify on your behalf explaining how they determined it. They are not going to accept "I found this IP address in my log, and I want to know who it is." You would need to be a skilled forensics analyst who could explain technically that the IP address in question is definitively the hacker.

3. If you managed to get past the above hurdles, the IP address in question would come back to LogMeIn as the owner of the vector IP... because the Log Me In Service acts as a middle man for the connection... it is not a direct connection machine to machine. So then which you would again fight another legal battle to get LogMeIn to give up who it was or the IP of the person who did it... and then you are back to #1 getting THAT ISP to give up who's IP it was that connected to LogMeIn.... which frankly the person could have been sitting at a Starbucks using their WiFi... and you have a dead end.

5. In the event you manage to get through all of the above..... and you figure out who it was. Your next hurdle is going to be proving that they were not authorized to do so. LogMeIn software requires the Admin password of your computer in order to be installed. How did this person do it without the password? if they did have the password... then there is an argument that they were authorized to install the software because they were given the password. This would be a whole other battle.

6. Tracing an IP by yourself... you can put the IP address in various services... but the closest they are going to tell you is usually the city of the node the user connected through. The kind of tracing you can do yourself isn't going to give you anything useful.

Ultimately at the end of it all... if you manage to prove all of this stuff... what will you ultimately get out of it? Unless the person is wealthy... you would get awarded damages that they are unlikely able to even pay. Any type of criminal charges would have to be brought by states attorneys... who would probably not take the case unless there was something of value stolen, or illegal (like child porn).

So long story short... it is waste of your time. So I in the most friendly way possible suggest... Plug the hole, and move along with your life.


----------



## spunk.funk (May 13, 2010)

*LogMeIn* must be installed by the user using the Administrator password, of the computer for it to be used. If you installed this, just uninstall it. If they didn't install a back door key logger software you should be good. Just change your Administrator password.


----------



## amos618 (Jul 22, 2015)

Thank you for your advice, Marty and Spunk Funk! Last question: can you please advise me how to go about cleaning my infected (JS/TrojanDownloader.Pegel.AP.Trojan) external hard drive? I have 6 Trojan viruses saved on an external hard drive and was concerned that plugging them into my laptop would automatically reinfect my computer. Please advise.


----------



## MartyF81 (Jan 23, 2013)

Thats a Windows Trojan... will have no affect on your Mac.

However if you wish to Scan... I suggest AdWare Medic: https://www.malwarebytes.org/mac-download/


----------



## amos618 (Jul 22, 2015)

I had Parallels downloaded on my Mac at the time. I no longer have access to my files on the former Windows partition on my computer. Is it possible to access files from that partition in the .pvm folder in my documents? If so, how would I go about accessing the Windows side if the .pvm folder is on an external hard drive?


----------



## MartyF81 (Jan 23, 2013)

I am not really aware of anyway to open a .PVM file other than using Parallels. You are not able to get into the Virtual Machine using Parallels software any longer?


----------

