Online Investigations: Tools, Tips, & Techniques

online-investAs an investigator, you know how important it is to search for, locate, save, and replicate online information relating to all areas of crime. Because web pages and content can quickly appear and vanish, you need to continuously document your findings. Let us show you the latest tools, tips, and techniques that will keep your investigation moving forward. We’ll start by teaching you the steps to take to ensure you don’t tip off your suspect by leaving a digital footprint during your investigation. You’ll also learn advanced Google searching tips and how to use those skills within specific social networking sites like Facebook and Twitter.

Audience: All investigators—whether their work is in high-tech crime, gangs, homicide, vice, property crimes, narcotics, or other details.
Prerequisites: Law enforcement affiliation
Length: 3 days
Difficulty: Intermediate-to-advanced


Introduction to Social Networking Investigations

Believe it or not, there are over 200 social networking websites on the Internet today. While Facebook and Twitter are certainly two of the major players, there are others that you should know about. We give you an introduction to social networking and demonstrate how the whole “friends” thing works. We show how social media sites can be great resources for finding information on suspects, victims, and witnesses.

We show you why Firefox—supplemented by our list of recommended add-ons—will soon become your favorite Internet browser to use for investigations. You’ll see a demonstration of Firefox Add-ons that will speed up your investigations by increasing functionality. Many of these add-ons fall under the category of “You better hurry up and grab that web content now, because it might be gone later.”

Knowing how to use Google more effectively can save you time and make your investigations more successful. In this block we urge you to take the time to learn how Google works and then see how Boolean operators can help to narrow and refine your searches. We show you the ins and outs of doing advanced searching in Google and teach you how this can come in handy in social networking website investigations. You’ll also see how to set up your Google preferences so that you get the most information out of your searches. Lastly, we show you some Google services that will help you focus your search within a topical area.

Facebook Investigations, Part 1

Our first general rule for law enforcement is this: always practice digital officer safety. That means you need to have a separate profile when you’re searching online, so that potential suspects can’t link you (or your computer) back to law enforcement. While it is unlikely that your undercover online investigations will make your case, they will help to establish your credibility online. We walk you through the steps to create a free web-based email account and then show you how to set up an undercover account on Facebook so that you can start your searches. We walk also you through all of the parts of a Facebook page so that you understand the specific terminology that Facebook uses for identification and legal process.

Facebook Investigations, Part 2

Two effective ways to search for information inside Facebook include (1) using the Facebook Graph Search tool, and (2) using Google.

The Graph Search feature takes the big data that exists within the billion-plus Facebook user profiles and combines it with external data to create a search engine that provides user-specific search results. For example, we can quickly find people named [fill in the blank] who live in Sacramento, California, by typing that phrase into the Graph Search bar. Or maybe we want to know about people who have relatives named [fill in the blank].

We also teach you how to use Google Boolean operators specifically to search within Facebook. This comes in handy if you want to broaden your search even more—for example, if you’re looking for people who are using fake names or other non-specific information in their profiles.

And then once you have found information online that can help your case, what next? We revisit the Firefox Add-ons discussion to see how to use them to capture information discovered during the advanced searching of Facebook.

Lastly, we give you an extensive lesson on how to serve legal process on Facebook. We cover all of the details you need to know to access the Facebook Law Enforcement Portal.

Twitter Investigations

On an average day, over 500 million tweets are sent on Twitter. There’s a good chance that your suspect has sent at least a few of them. In this block, we show you how Twitter works and introduce you to Twitter profiles, tweet keywords and hashtags. You’ll learn how to search for information using the Twitter search engine. We’ll show you the hidden Twitter search operators that can help you limit your searches to a geographic location or a specific timeframe. You’ll see how to capture the information you’ve found on Twitter and we’ll cover how to serve legal process on the site.

Instagram Investigations

Instagram is the third leg of the social media trifecta that users often link together. We’ve already covered the other two—Facebook and Twitter—and in this block we’ll show you how this photo-sharing app works and why it’s important in investigations. You’ll learn about an Instagram profile, which you need to have in order to like or comment on photos. But we’ll also show you how you can search the site without having an account by using external resources. And as in our other social media blocks, we’ll teach you how to capture the information you find on this site and give you a brief rundown on serving legal process.

Using BlueStacks

We like the BlueStacks App Player because it allows investigators to simulate an Android tablet on their desktop computers. This comes in handy when investigating apps like Whisper and Kik Messenger, which are restricted to mobile device use only. We’ll show you the app FakeGPS, which lets your mobile device or BlueStacks trick other apps into thinking you’re physically located someplace other than where you actually are. Under normal conditions, many apps only return information based on the physical location of a phone’s GPS. By “faking” your GPS and using BlueStacks, you can gain access to information that otherwise would only have been available had you been in that physical location. We’ll show you how to download and install apps within BlueStacks, and also take a look at several relevant apps that have current investigative value.

Other Social Networking Considerations

In this block we demonstrate how the techniques used to search on the aforementioned social media websites can be translated to other existing and new sites that will inevitably pop up and join this crowded field. We’ll also introduce you to portable apps. There may be times when you don’t have access to an undercover computer or you might have to use multiple computers as part of your job. If this is the case, or if you have no other tools available to capture evidence, you can use portable apps as a non-forensic tool. You can run them from a USB drive on any Windows computer and they leave little evidence of their use on the computer’s hard drive. We walk you through the steps of downloading and installing portable apps. We also give you a USB drive that has some of our favorites already installed.

Digital Officer Safety

It is imperative that investigators do everything they can to avoid exposing themselves or their agencies to harm while conducting online investigations. We walk you through the steps you need to take to ensure that you are using an IP address that can’t be traced back to your agency or home. We teach you about website tracking, and show you why it’s important to always start from a neutral website like Google before conducting an Internet investigation. You’ll also learn about profile linking, phishing, Bluetooth sniffing, and how to secure a wireless network. Lastly, we’ll show you some steps you should take on your Facebook page to ensure that your information is as private as possible. We’ll also have a discussion about what you should and should not be posting to your Facebook page.