Help

Stolen Machines

Not applicable

Posted on ‎08-11-2009 11:55 AM

I have about 5 machines that were stolen a few months back. I have noticed in the Casper logs that
the IP address for these machines are being updated. I also have usage logs of when they are being
logged into or started up etc. We are going to report these IP addresses to the police, but I was
wondering if anyone has ever tried sending a package or script to a stolen machine that helped
yield some further useful information. As far as I can tell the machines are behind a router or on
wireless, but I would think it could still be told via policy to grab a package or a script. Has anyone
done anything like that before ?

Roger Corbin
Richmond SD38

0 Kudos
Reply
5 REPLIES 5

Not applicable

Posted on ‎08-11-2009 12:02 AM

Roger,
Your best bet is to make no visible modifications to the machines.Whoever
took them never even bothered to zero out the drives or change out the MAC
addresses. The police as John had mentioned can get the laptops back to you
very quickly.

James Alcasíd, ACSA | VeriSolv Technologies
Department of Veterans Affairs | Enterprise Infrastructure Engineering
470 L'Enfant Plaza Suite 3100, Washington DC 20024
Office (202) 245-4573, Mobile (703) 400-1471

0 Kudos
Reply

tlarkin
Honored Contributor

Posted on ‎08-11-2009 12:14 AM

We use computrace which is the corporate version of lowjack. Is your
JSS on the outside world? Can you hit your JSS from the www?

0 Kudos
Reply

jstrauss
Contributor

Posted on ‎08-11-2009 12:22 AM

Agreed. We've recovered five stolen machines with Computrace and have been reimbursed for the 30 they didn't find. Good solution.

0 Kudos
Reply

John_Wetter
Release Candidate Programs Tester

Posted on ‎08-11-2009 11:59 AM

In our case, the police said not to do anything other than tell them exactly when one of the computers updated, they traced the IP and got records from the ISP in real time and within a few minutes they had a laptop back in their hands. In another case, they went in to an apartment where the occupant had an open wifi and after a search, they didn't find it and that laptop never phoned home again.

I've heard of some people loading the script that takes pictures using the isight camera and e-mails them, but check with the authorities first.

Thanks,
John

--
John Wetter
Technology Support Administrator
Educational Technology, Media & Information Services
Hopkins Public Schools
952-988-5373

0 Kudos
Reply

Not applicable

Posted on ‎08-11-2009 01:04 PM

Too late in this case Roger but you might want to consider Undercover as an option in future, <http://www.orbicule.com/undercover>.

Wylie

0 Kudos
Reply