Online Investigations: Tools, Tips, & Techniques

online-investAs an investigator, you know how important it is to search for, locate, save, and replicate online information relating to all areas of crime. Because web pages and content can quickly appear and vanish, you need to continuously document your findings. Let us show you the latest tools, tips, and techniques that will keep your investigation moving forward. We’ll start by teaching you the steps to take to ensure you don’t tip off your suspect by leaving a digital footprint during your investigation. You’ll also learn advanced Google searching tips and how to use those skills within specific social networking sites like Facebook and Twitter.

Audience: All investigators—whether their work is in high-tech crime, gangs, homicide, vice, property crimes, narcotics, or other details.
Prerequisites: Law enforcement affiliation
Length: 2 days
Difficulty: Intermediate-to-advanced

Syllabus

Firefox as an Investigative Tool

We show you why Firefox—supplemented by our list of recommended Add-ons—will soon become your favorite Internet browser to use for investigations. You’ll see a demonstration of Firefox add-ons that will speed up your investigations by increasing functionality. Many of these add-ons fall under the category of “You better hurry up and grab it now, because it might be gone later.”

Google Searching Techniques

Knowing how to use Google more effectively can save you time and make your investigations more successful. In this block we urge you to take the time to learn how Google works and then see how Boolean operators can help to narrow and refine your searches. We show you the ins and outs of doing advanced searching in Google and teach you how this can come in handy in social networking website investigations. You’ll also see how to set up your Google preferences so that you get the most information out of your searches. Lastly, we show you some some Google apps that will help you focus your search within a topical area.

Introduction to Social Networking Investigations

Believe it or not, there are over 200 social networking websites on the Internet today. While Facebook and Twitter are certainly two of the major players, there are others that you should know about. We give you an introduction to social networking and demonstrate how the whole “friends” thing works. We walk you through all of the parts of a Facebook page and show how these sites can be great resources for finding information on suspects, victims, and witnesses.

Facebook Profile Creation and Searching

Our first general rule for law enforcement is this: always practice digital officer safety. That means you need to have a separate profile when you’re searching online, so that potential suspects can’t link you (or your computer) back to law enforcement. While it is unlikely that your undercover online investigations will make your case, they will help to establish your credibility online. We walk you through the steps to create a free web-based email account and then show you how to set up an undercover account on Facebook so that you can start your searches.

Other Profile Creation and Searching Other Social Networking Sites

In order to view many features of various social networking sites, you need to be logged in. We take a deeper dive into profile creation and then show you the ins and outs of searching on Twitter. Next we move on to Myspace and Tribe—two other social networking sites that are vital to investigators. We introduce you to a tool that we created called the SEARCH Social Networking Custom Search Engine (CSE). We talk about how the techniques used to search on the aforementioned social media websites can be translated to new sites that will inevitably pop up and join this crowded field. The skills you learn here can continue to evolve and grow as the trends in social media change.

Social Networking Page Capture and Legal Process

Once you have found information online that can help your case, what next? We revisit the Firefox Add-ons discussion to see how to use them to capture information discovered during the advanced searching of social media websites. You will likely need records from the Internet Service Provider (ISP) that will corroborate your case. We walk you through the steps of serving legal process to online service providers and help you understand how to read the results. We’ll demonstrate tools and methods to capture profiles for evidentiary purposes. You’ll learn the basics of Internet Protocol (IP) addresses and how to trace them as part of an investigation. You’ll learn about the metadata that is embedded in digital pictures, and the legal process to get it. Called exif data—short for exchangeable image file format—this data may include the make, model and serial number of the device taking the picture, plus the date, time and possibly, the GPS coordinates for when and where the picture was taken. We give you tips on how to get information from Facebook without serving legal process, which can be critical when working with victims or a probation/parole investigation. And just to make sure you fully grasp these concepts, you’ll complete a hands-on exercise involving the results of a search warrant from Facebook.com, and follow the investigative process to determine next steps.

Portable Apps

There may be times when you don’t have access to an undercover computer or you might have to use multiple computers as part of your job. If this is the case, or if you have no other tools available to capture evidence, you can use portable apps as a non-forensic tool. You can run them from a USB drive on any Windows computer and they leave little evidence of their use on the computer’s hard drive. We walk you through the steps of downloading and installing portable apps. We also give you a USB drive that has some of our favorites already installed.

Digital Officer Safety

It is imperative that investigators do everything they can to avoid exposing themselves or their agencies to harm while conducting online investigations. We walk you through the steps you need to take to ensure that you are using an IP address that can’t be traced back to your agency or home. We teach you about website tracking, and show you why it’s important to always start from a neutral website like Google before conducting an Internet investigation. You’ll also learn about phishing, Bluetooth sniffing, and how to secure a wireless network.