Post on 06-Sep-2020
AirCheck™ Wi-Fi Tester Evaluation Guide Law Enforcement Version
2 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
Outline
1. Getting Started
2. Law Enforcement Scenario
3. Is a Wireless Network Secured?
4. Law Enforcement Scenario: OPEN Wireless Networks
5. Track Down Suspects Using OPEN Wireless Networks
6. Issues with Locating Client Devices
7. Using AirCheck Manager Software
8. Save an AirCheck Session
9. Generate a Session Report
10. Creating a Screen Capture
3 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
1. Getting Started
• First, check out all the cool
features.
• Now, Turn it On
– AirCheck is Ready to Go in
Under Three Seconds
– Starts Scanning Channels
and Networks Immediately
– Bottom center of display
shows channel being
scanned and number of
AP’s detected Lithium Ion Battery –
5 + hours life
Optional Directional
Antenna Connector
(on back)
Indicates AirCheck
is Transmitting
USB Access
for Upgrades
and Reports
Save Session
Reports
Supports 802.11
a/b/g/n
Indicates Link to AP
Return to
Home Screen
Return to
Prior Screen
Restart
All Tests
4 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
2. Law Enforcement Scenario
• When tracking a suspect for illegal internet activity, law enforcement needs to quickly determine if a wireless network at a suspect location is OPEN or secured before entering.
• Current tools (laptops and smartphones) – Do not tell you if the wireless network inside the suspect location is
open or secured
– They just tell you if open and secured wireless networks are present
– May not support all four Wi-Fi standards (802.11 a/b/g/n)
• It requires directionality to determine the type of network inside a suspect location
• The Fluke Network’s AirCheck Wi-Fi Tester can help: – Detect if the wireless network inside the suspect residence is OPEN
or secured
– Track down suspects using OPEN wireless networks
5 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
2. Is the wireless network secured?
• Connect the directional antenna to the back of AirCheck
• Hold the directional antenna as shown below:
– The signal will be strongest when “pointed at the source”.
6 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
2. Is the wireless network secured?
• Make sure Networks is
highlighted on AirCheck’s
home screen and press
SELECT
7 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
2. Is the wireless network secured?
• Point the directional antenna at the suspect location.
• You’ll see a list of all the networks detected. (A network is a collection of AP’s with the same name (SSID).)
• Use the left and right arrows to scroll the display for more information
• Press the Legend (F2) softkey for an explanation of symbols
Signal
Strength
Security
Number
of AP’s
Network
Type
8 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
2. Is the wireless network secured? Determine the network’s signal strength
• Determine which wireless network(s) are inside the suspect location.
– Keep the directional antenna pointed at the suspect location while looking for the wireless network’s signal strength
– Look for the network with the strongest signal strength
• AirCheck displays a wireless network’s signal strength as a colored bars:
– Green = Strong – Yellow = Medium – Red = Poor
• In this example, NETGEAR-2.4-G and NETGEAR-
DualBand-N are the two networks with the highest signal strength.
– So they must be the wireless networks inside the suspect location
• For best results:
– Walk around as much of the suspect location as possible when looking for the highest signal strength
9 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
2. Is the wireless network secured? Determine the network’s security type
• As you determine the signal strength of the wireless network, also verify the security type of the wireless network located inside the suspect location.
– Keep the directional antenna pointed at the suspect location while looking for the wireless network’s security type
• AirCheck displays a wireless network’s security type as a colored lock:
– = OPEN – = Secured (WEP) – = Secured (WPA, WPA2)
• We can see that the security type of the
wireless networks NETGEAR-2.4-G and NETGEAR-DualBand-N is OPEN. – It is displaying a Red open lock – Therefore it is an unsecured network
10 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
2. Law enforcement scenario: OPEN wireless networks
• Your team enters the house and determines that the suspect is not located in the residence
• The suspect is stealing or piggybacking wireless access off of the resident’s OPEN wireless network
– In this example: NETGEAR-2.4-G or
NETGEAR-DualBand-N
• The suspect who is stealing wireless access is most likely using a laptop
• This laptop is acting as a client device when connected to the wireless network
• How do you locate this client device? •Residence
•Suspect
•Client
11 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
5. Track Down Suspects Using OPEN Wireless Networks
• Make sure that the directional
antenna is connected to the
back of AirCheck
• Return to the main screen by
pressing the Home key
• Select Tools
• Select List Clients to see a list
of clients in the area
12 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
5. Track Down Suspects Using OPEN Wireless Networks
• Clients shows you a list of clients in the area – Look for clients connected to the suspect
wireless network
– In our scenario: NETGEAR-2.4-G
• Press Locate (F2) for a real time graph of the client’s signal strength
• Point the directional antenna to determine the highest signal strength.
• As you move closer to or further from the client, you will see the signal strength change – Note that measurements are expressed in
negative dBm, which means that a signal of -30dBm is stronger than one of -40dBm
13 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
6. Issues with Locating Client Devices
• Client devices do not always transmit. They will power down their wifi when not in use to conserve energy. – This makes them hard to locate
• It is easiest to locate a client device when they are transmitting.
• In your suspect’s case, this would be when they are downloading large images or videos.
• You may need to conduct stakeouts to determine when the suspect has connected to the wireless network and is downloading information.
When to monitor or shut down an open wireless network • You must remember to balance the safety of the public with your need to obtain evidence
• In a Peer 2 Peer investigation it may be possible to sit, wait, and monitor the wireless access network activity to identify the offender
• However in a solicitation of a child, an ongoing fraud case, or case involving death threats the liability of leaving the network in an open status maybe be too great
• If you are unsure, TALK TO YOUR PROSECUTOR
14 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
7. Using AirCheck Manager Software
• AirCheck can produce a report which includes
– The networks in the area including their signal strengths and security types
– All clients and their details
– Plus lots of other data
• Reports may be required for evidentiary purposes.
• The AirCheck Manager software (ACM) is required to
– Create Session Reports from information that AirCheck has collected
• The first step is to install the ACM software on your computer. Follow the directions included on the ACM software CD.
• You will also need a USB cable to connect AirCheck to your PC
15 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
8. Save an AirCheck Session
• Press the Save button
• Select Save to save
AirCheck’s current session
data
• Connect AirCheck to your
PC with the USB cable
• Start AirCheck Manager
software
• Notice that ACM now shows
your saved session
16 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
9. Generate a Session Report
• Press the Report icon to
open the Report Generator
• Select the type of report you
want: Summary or Detailed
• Press the Generate button
to create your report
17 AirCheck™ Wi-Fi Tester Evaluation Guide - Law Enforcement Version
10. Creating a Screen Capture
• Document AirCheck’s current screen for evidentiary purposes via screen captures.
• Record any screen shot such as: – Networks and its security details
– Client device details
• Quickly capture any AirCheck screen with a two button sequence
• Hold down and at the same time
• AirCheck will produce a tone for ~10 seconds and generate a bitmap file of the current screen
• The bitmap is stored on AirCheck’s root directory