As an investigator, you know how important it is to search for, locate, save, and replicate online information relating to all areas of crime. Because web pages and content can quickly appear and vanish, you need to continuously document your findings. Let us show you the latest tools, tips, and techniques that will keep your investigation moving forward. We’ll start by teaching you the steps to take to ensure you don’t tip off your suspect by leaving a digital footprint during your investigation. You’ll also learn advanced Google searching tips and how to use those skills within specific social networking sites like Facebook and Twitter.
Audience: All investigators—whether their work is in high-tech crime, gangs, homicide, vice, property crimes, narcotics, or other details.
Prerequisites: Law enforcement affiliation
Length: 2 days
Firefox as an Investigative Tool
We show you why Firefox—supplemented by our list of recommended Add-ons—will soon become your favorite Internet browser to use for investigations. You’ll see a demonstration of Firefox add-ons that will speed up your investigations by increasing functionality. Many of these add-ons fall under the category of “You better hurry up and grab it now, because it might be gone later.”
Google Searching Techniques
Knowing how to use Google more effectively can save you time and make your investigations more successful. In this block we urge you to take the time to learn how Google works and then see how Boolean operators can help to narrow and refine your searches. We show you the ins and outs of doing advanced searching in Google and teach you how this can come in handy in social networking website investigations. You’ll also see how to set up your Google preferences so that you get the most information out of your searches. Lastly, we show you some some Google apps that will help you focus your search within a topical area.
Introduction to Social Networking Investigations
Believe it or not, there are over 200 social networking websites on the Internet today. While Facebook and Twitter are certainly two of the major players, there are others that you should know about. We give you an introduction to social networking and demonstrate how the whole “friends” thing works. We walk you through all of the parts of a Facebook page and show how these sites can be great resources for finding information on suspects, victims, and witnesses.
Facebook Profile Creation and Searching
Our first general rule for law enforcement is this: always practice digital officer safety. That means you need to have a separate profile when you’re searching online, so that potential suspects can’t link you (or your computer) back to law enforcement. While it is unlikely that your undercover online investigations will make your case, they will help to establish your credibility online. We walk you through the steps to create a free web-based email account and then show you how to set up an undercover account on Facebook so that you can start your searches.
The Facebook Visualizer is a tool developed for law enforcement that lets you map a person’s top friends, and their top friends, and their top friends, etc. The tool can make up to 10,000 connections between people and displays basic details about each person on a map. You can save the map as an image; you can also export friend relations to a data file on which you can search for keywords. You’ll see a demonstration of how the tool works and see its potential for linking suspected predators to their targets, or drug dealers to their contacts.
Other Profile Creation and Searching Other Social Networking Sites
In order to view many features of various social networking sites, you need to be logged in. We take a deeper dive into profile creation and then show you the ins and outs of searching on Twitter. Next we move on to Myspace and Tribe—two other social networking sites that are vital to investigators. We introduce you to a tool that we created called the SEARCH Social Networking Custom Search Engine (CSE). We talk about how the techniques used to search on the aforementioned social media websites can be translated to new sites that will inevitably pop up and join this crowded field. The skills you learn here can continue to evolve and grow as the trends in social media change.
Social Networking Page Capture and Legal Process
Once you have found information online that can help your case, what next? We revisit the Firefox Add-ons discussion to see how to use them to capture information discovered during the advanced searching of social media websites. You will likely need records from the Internet Service Provider (ISP) that will corroborate your case. We walk you through the steps of serving legal process to online service providers and help you understand how to read the results. We’ll demonstrate tools and methods to capture profiles for evidentiary purposes. You’ll learn the basics of Internet Protocol (IP) addresses and how to trace them as part of an investigation. You’ll learn about the metadata that is embedded in digital pictures, and the legal process to get it. Called exif data—short for exchangeable image file format—this data may include the make, model and serial number of the device taking the picture, plus the date, time and possibly, the GPS coordinates for when and where the picture was taken. We give you tips on how to get information from Facebook without serving legal process, which can be critical when working with victims or a probation/parole investigation. And just to make sure you fully grasp these concepts, you’ll complete a hands-on exercise involving the results of a search warrant from Facebook.com, and follow the investigative process to determine next steps.
There may be times when you don’t have access to an undercover computer or you might have to use multiple computers as part of your job. If this is the case, or if you have no other tools available to capture evidence, you can use portable apps as a non-forensic tool. You can run them from a USB drive on any Windows computer and they leave little evidence of their use on the computer’s hard drive. We walk you through the steps of downloading and installing portable apps. We also give you a USB drive that has some of our favorites already installed.
Digital Officer Safety
It is imperative that investigators do everything they can to avoid exposing themselves or their agencies to harm while conducting online investigations. We walk you through the steps you need to take to ensure that you are using an IP address that can’t be traced back to your agency or home. We teach you about website tracking, and show you why it’s important to always start from a neutral website like Google before conducting an Internet investigation. You’ll also learn about phishing, Bluetooth sniffing, and how to secure a wireless network.
Mr. Andrew T. Owen is Director of Information Sharing Programs for SEARCH, The National Consortium for Justice Information and Statistics, where he oversees SEARCH initiatives to support justice and public safety information sharing nationwide. These initiatives focus on providing direct assistance to federal, state, local, and tribal organizations to improve their use of technology, information sharing, and communications interoperability in mission-critical projects. Initiatives include consultation and facilitation, strategic planning for information sharing and technology deployment, architecture development, business process modeling and analysis, service specification development, performance management, voice and data integration planning, application of technology standards, and developing effective governance and funding models.
Since joining SEARCH in 2006, Mr. Owen has worked on multiple projects focused on integrated justice information systems planning and implementation, including the National Information Exchange Model (NIEM), the Global Reference Architecture (GRA), and the Justice Information Exchange Model (JIEM®). He has provided programming and configuration assistance, consultation on implementation architecture, training, technical assistance, and research to jurisdictions nationwide in planning and implementing information sharing solutions, as well as developing information sharing standards and technical architecture. He has also played a key role in supporting members of the Open Justice Broker Consortium (OJBC).
Mr. Owen formerly was Lead Systems Analyst for the National Law Enforcement and Corrections Technology Center–Northeast (NLECTC-NE). In this role, he provided information sharing technical assistance and consulting services to many state and local law enforcement, courts, and corrections agencies.
Mr. Owen is experienced with JIEM, NIEM, and the IEPD development process. He has supported a number of Global and NIEM efforts, including developing corrections-related reference IEPDs, the New York State in-state Rap Sheet IEPD, California Courts IEPDs, , and several incident reporting projects that leverage the FBI’s Law Enforcement National Data Exchange (N-DEx) IEPD. Mr. Owen regularly serves as a presenter at conferences to discuss information sharing approaches and methodologies and has authored technical briefs on JIEM, NIEM, Web Services, XML, and related topics. He has led the policy and technology aspects of establishing identity management federations, using the GFIPM (Global Federated Identify and Privilege Management) guidelines and open source software, at the state level, allowing integrated justice initiatives to improve security while providing practitioners with seamless access to information.
Mr. Owen also has provided support to the U.S. Department of Justice’s Global Justice Information Sharing Initiative (Global). He participated on the Global Tech team and its XML Structure Task Force (XSTF), is actively involved in NIEM curriculum development, and is a NIEM training instructor. He has developed training materials, provided training to local and state justice agencies, and instructed at NIEM “train-the-trainer” events. In 2011, he was appointed co-chair of the NIEM Technical Architecture Committee (NTAC), representing state, local, and tribal organizations. Since becoming co-chair, he has played a lead role in establishing a Unified Modeling Language profile for NIEM and in developing the NIEM 3.0 technical architecture.
Mr. Owen has a bachelor’s degree in Applied Networking and Systems Administration from the Rochester Institute of Technology, New York. He has achieved SEARCH JIEM certification and is a Certified ScrumMaster® (CSM).
Mr. Timothy Lott is Director of the High-Tech Crime Training Services Program of SEARCH, The National Consortium for Justice Information and Statistics. He oversees a national program that provides expert technical assistance and training to local, state, and federal justice and public safety agencies on successfully conducting electronic crimes investigations.
These courses focus on teaching how to investigate Internet and computer crimes, online child exploitation, cellular devices, and social networking sites, and the proper search and seizure of home and small office networks. The High-Tech Crime Training Services team led by Mr. Lott also provides hands-on assistance in systems security and computer forensics.
Mr. Lott joined SEARCH in 2010 as a High-Tech Crime Training Specialist. He coordinated and provided training on high-tech crime investigations and forensics; provided technical assistance to law enforcement agencies in active cases; prepared training curricula; and presented at conferences throughout the United States. He was promoted to his current position in 2011.
Mr. Lott previously worked for 6 years as a Deputy Probation Officer for the Sacramento County (California) Department of Probation, and another 2 years as a Probation Assistant. He was assigned to the Sacramento Valley Hi-Tech Crimes Task Force, and helped conduct multijurisdictional investigations involving white-collar crime, organized crime, crimes against persons, and fraud when high-technology or identity theft is a factor. He also supervised a caseload of adult and juvenile probationers.
His assignment on the Task Force required him to conduct probation compliance checks on offenders who had been convicted and placed on probation for offenses involving the possession of child pornography, stalking via social networking sites or cell phones, and identity theft. In August 2009, Mr. Lott was cross-designated as a Special Deputy United States Marshal.
Mr. Lott is a member of the American Probation and Parole Association, American Criminal Justice Association, and High Technology Crime Investigation Association. He earned a bachelor’s degree in Criminal Justice from California State University-Sacramento. He is a certified Instructor through the California Commission on Peace Officer Standards and Training (POST), Robert Presley Institute of Criminal Investigation / Instructor Development Institute (ICI/IDI).
Mr. Justin Fitzsimmons is a Program Manager in the High-Tech Crime Training Services (HTCTS) department of SEARCH, The National Consortium for Justice Information and Statistics. He helps coordinate training with law enforcement agencies, prepares budgets, oversees the HTCTS project staff, and develops high-tech crime training projects for justice, public safety, and homeland security agencies nationwide. He also conducts legal, policy, and regulatory research, prepares white papers, and provides assistance and instructional services to justice, public safety, and homeland security agencies, particularly in digital evidence recovery, investigation, and prosecution.
Mr. Fitzsimmons is conducting a national research effort to determine the current capabilities of law enforcement to investigate crimes with digital evidence and make recommendations to decision-makers about resources to assist law enforcement. He also presents at conferences and trainings, participates on advisory committees and task forces, and supports agencies and jurisdictions as they create and implement effective procedures, practices, and technology applications that seek to combat high-tech crime and recover digital evidence.
Before joining SEARCH in 2012, Mr. Fitzsimmons worked for the National District Attorneys Association, where he was Senior Attorney for its National Center for Prosecution of Child Abuse beginning in 2009. He responded to requests for assistance in child sexual exploitation cases from prosecutors and law enforcement around the United States, designed and presented training seminars, and published articles on emerging technological issues in child sexual exploitation. From 1998–2009, he was an assistant state’s attorney (ASA) in the State’s Attorney’s Offices for Kane and DuPage Counties, Illinois, where he prosecuted cases involving sexual exploitation and digital evidence. As an ASA for Kane County, he supervised the Special Prosecution Unit, responsible for investigating and prosecuting felony cases, including Internet crimes against children. He was also assigned to a Child Advocacy Center team that investigated and prosecuted cases of severe physical and sexual abuse against children, crimes of Internet solicitation of children, and child pornography. As an ASA for DuPage County, he worked in the Criminal Prosecutions Bureau and the Felony Domestic Violence Unit.
Mr. Fitzsimmons frequently presents and teaches at international, national, and regional conferences, workshops, webinars, and training courses on digital evidence collection, computer forensics, crimes against children, cybercrime, and human trafficking. He has published articles on digital evidence authentication, computer forensics for prosecutors, child sexual exploitation, and more. In addition, he has drafted legislation that was signed into law in Illinois on several technology-facilitated child sexual exploitation issues from 2006–08.
Mr. Fitzsimmons was a member of the U.S. Department of Justice (DOJ) National Strategy Working Group on Child Exploitation and co-chaired its Training Subcommittee. He also participated in the DOJ Office for Victims of Crime Working Group on Restitution for Victims of Child Pornography, the FBI Innocence Lost Working Group, and the Internet Child Exploitation Task Force. He has served as faculty of the National Children’s Advocacy Center, Huntsville, Alabama, and for the North-East Metropolitan Regional Training Center, Police Training, Aurora, Illinois.
Mr. Fitzsimmons is a graduate of the Illinois Institute of Technology’s Chicago-Kent College of Law, and earned a bachelor’s degree from Wittenberg University in Ohio.
Mr. Armstrong is a High-Tech Crime Training Specialist in the High-Tech Crime Training Services department of SEARCH, The National Consortium for Justice Information and Statistics, where he coordinates and provides training on high-tech crime investigations and forensics to local, state and federal justice agencies. He provides technical assistance to law enforcement agencies in active cases, prepares training curricula, teaches SEARCH investigative courses and speaks at conferences throughout the United States.
Before joining SEARCH in 2008, Mr. Armstrong was a System Specialist at Fox Valley Technical College, where he assisted with the management of the Internet Crimes Against Children (ICAC) International Database Network.
Mr. Armstrong retired from the San Diego (California) Police Department in 2006 after more than 27 years of service. When he retired, he was Lead Investigator for the ICAC grant in San Diego County. In this role, he was involved in both proactive and reactive investigations, forensic investigations, computer maintenance, office network and networking hardware, and grant financial planning. Immediately prior to his ICAC assignment, he spent 6-plus years as a Child Abuse Investigator, investigating every type of child abuse, up to and including child homicides. In 2007, Mr. Armstrong was the recipient of the United States Attorney General’s Special Commendation Award for a San Diego Police investigation.
Mr. Armstrong has taught numerous high-tech crime and law enforcement courses, to include Child Abuse Investigation, Sex Crimes Investigation, and Trends in High-tech Crime for universities, colleges in San Diego County, as well as the San Diego Police Department and the San Diego Regional Law Enforcement Academy.
Mr. Armstrong has earned certifications in White Collar Crime, Child Abuse Investigation, and Auto Theft Investigation from the California Commission on Peace Officer Standards and Training (POST), Robert Presley Institute of Criminal Investigation (ICI), and is a certified Instructor from the ICI’s Instructor Development Institute. He attended National University, where he studied Administration of Justice; the Basic Law Enforcement Academy at Miramar Community College; City College of Chicago, where he became a Nationally Registered Emergency Medical Technician; and Grossmont Community College, where he received his Associate’s degree. He served as a Military Police Officer in the U.S. Army, and after completion of Officer Candidate School, as an Officer in the California Army National Guard, Armor Branch.
Mr. Lewis is a High-Tech Crime Training Specialist in the High-Tech Crime Training Services department of SEARCH, The National Consortium for Justice Information and Statistics, where he coordinates and provides training on high-tech crime investigations and digital forensics to local, state, and federal justice agencies. He provides technical assistance to law enforcement agencies in active cases, prepares training curricula, and speaks at conferences nationwide.
Before joining SEARCH in 2012, Mr. Lewis served for 23 years with the Lakewood (Colorado) Police Department, most recently as its Forensic Computer Analyst. He ran its forensic computer lab and was responsible for all aspects of digital evidence, from collection through analysis. He also was a Police Imaging and Technology Specialist, which involved analyzing images and creating imaging policies. He was a Police Photo Technician/Criminalist, operating and managing the department’s photo lab and conducting forensic imaging for its crime lab. He was also System Administrator of the department’s Mugshot System.
Mr. Lewis earned an associate’s degree in photography from Colorado Mountain College and a Computer Forensics Certificate from Marshall University (West Virginia). He is also a certified Instructor through the Colorado Peace Officer Standards and Training Board (POST). He has undertaken multiple computer forensics trainings, including forensic photography and technology, crime scene investigation, digital imaging, electronic/digital examination, data recovery and analysis, and computer crime investigations.
Mr. Lewis has taught numerous Lakewood Police Academy classes and at the Colorado Law Enforcement Training Academy in the Crime Scene Investigators course series. He also has taught law enforcement video analysis courses at Central Piedmont Community College (North Carolina), teaches cellphone forensics at the University of Colorado in the Master’s Program for the National Center for Media Forensics, and is an adjunct instructor for the Computer Science Program at the Community College of Aurora (Colorado), teaching computer forensics.
Mr. Lewis has provided consulting and training to agencies nationwide on techniques and procedures for conventional and digital imaging and analysis. He is a frequently published author on computer and digital forensics topics, and has presented at conferences, cybercrime summits, and trainings held by forensic sciences, computer evidence, and identification organizations. He writes a Forensic Bytes column for Digital Forensic Investigator News. In addition, he has been a court-qualified expert in forensic photography, video analysis, and computer and cell phone analysis for district courts in Jefferson County, Colorado, since 2002.
Mr. Lewis is a member of the International Association for Identification (IAI); the National Technical Investigators Association (NATIA); and the Digital Evidence Committee of ASTM International, a global standards organization. He is Past President of the Colorado Association of Computer Crimes Investigators (CACCI). He is also an appointed member of the FBI’s Scientific Working Group for Digital Evidence (SWGDE), which fosters cooperation among law enforcement agencies and recommends national standards and procedures within the forensic community. He has served as its Vice-Chairman and has chaired its Forensic Committee.
Ms. Elizabeth Tow is a High-Tech Crime Training Specialist in the High-Tech Crime Training Services department of SEARCH, The National Consortium for Justice Information and Statistics, where she coordinates and provides training on high-tech crime investigations and forensics to local, state and federal justice and public safety agencies. She provides technical assistance to law enforcement agencies in active cases, prepares training curricula, teaches SEARCH investigative courses and speaks at conferences throughout the United States.
Before joining SEARCH in 2010, Ms. Tow spent five years in local law enforcement in two states, as a Public Safety Dispatcher for the Grass Valley (California) and Helena (Montana) Police Departments. She gained experience in curriculum development and training and Internet Crimes Against Children peer-to-peer investigations. She is a Certified Trainer in the California Law Enforcement Telecommunication System (CLETS) and Department of Homeland Security (DHS) National Incident Management System/Standardized Emergency Management System (NIMS/SEMS). She is a Peace Officer Standards and Training-certified Public Safety Dispatcher in both California and Montana, and has received POST training in such areas as law enforcement response to terrorism, child abduction intervention and resource training, and domestic violence and sexual assault for dispatchers.
While working for the Grass Valley Police Department, Ms. Tow served as the CLETS Operational Trainer, the Communications Center CLETS Coordinator, and the Communications Training Officer. She also served on the department’s Recruitment and Retention Committee and Organizational Excellence Committee, and was a member and agency representative to the California CLETS Users Group.
Ms. Tow has additional experience as a Finance Assistant and Parks and Recreation Supervisor with the City of Grass Valley, in addition to a great deal of conference and training-related experience in the private sector beef industry from 1988–2005. She earned a bachelor’s degree in Criminal Justice Management from Union Institute and University and also studied Animal Science at Montana State University. In 2013, she earned a Masters of Forensic Psychology from Argosy University.
Ms. Tow is a certified Instructor through the California Commission on Peace Officer Standards and Training (POST), Robert Presley Institute of Criminal Investigation / Instructor Development Institute (ICI/IDI).
Ms. Lauren Wagner is a High-Tech Crime Training Specialist in the High-Tech Crime Training Services department of SEARCH, The National Consortium for Justice Information and Statistics, where she coordinates and provides training on high-tech crime investigations and forensics to local, state and federal justice and public safety agencies. She provides technical assistance to law enforcement agencies in active cases, prepares training curricula, teaches SEARCH investigative courses and speaks at conferences throughout the United States. She has also authored and coauthored various high-tech crime investigative guides, which have been published by SEARCH.
Ms. Wagner previously worked as a Research Analyst for SEARCH, focusing on research and development projects on integrated justice information systems planning and implementation using the Justice Information Exchange Model (JIEM™) tool. She also worked on managing the online state and local integration profiles as part of SEARCH’s justice and public safety Information Sharing Initiatives program.
Ms. Wagner first joined SEARCH in 2005 as a student intern. She holds a bachelor’s degree in Physics from Allegheny College, a master’s degree in Forensic Science from the University of New Haven (UNH), and a master’s certificate in Forensic Computer Investigation from UNH.
She also has her Network Plus Certification, and is a certified Instructor through the California Commission on Peace Officer Standards and Training (POST), Robert Presley Institute of Criminal Investigation / Instructor Development Institute (ICI/IDI). In 2009, Ms. Wagner was awarded the California POST ICI Award for Excellence in Instruction. In 2011, she completed and was certified in the Intermediate Level (Level II) of the California POST IDI Master Instructor program. She then completed and was certified in the Advanced Instructor Development Level (Level III) of this Master Instructor program in 2012.
Dean C. Chatfield
Mr. Dean Chatfield is a High-Tech Crime Training Specialist in the High-Tech Crime Training Services department of SEARCH, The National Consortium for Justice Information and Statistics. He coordinates and provides training on digital evidence investigations and forensics to local, state, and federal justice agencies. He also provides technical assistance to justice agencies in active cases, prepares training curricula and other resource materials, teaches SEARCH investigative courses, and speaks at conferences throughout the United States.
Before joining SEARCH in 2013, Mr. Chatfield worked for the National White Collar Crime Center (NW3C) for 14 years, first as a computer crime specialist, then as a Supervisory Computer Crime Specialist. He presented basic and advanced cyber investigative and computer forensic courses to local, state, federal, military and international law enforcement agencies; researched computer forensics issues; and provided advice to law enforcement agencies in computer seizure and analysis. As Supervisor of the NW3C Computer Crime Section, he managed 26 computer crime specialists and 7 support staff and developed curriculum for 16 cyber and forensic courses. He researched existing and new technology to enhance the courses and managed software development of NW3C products, including PerpHound™. He was NCW3C’s liaison with Microsoft’s Digital Crimes Unit on various projects, including programming of MS COFEE versions 1.1.2 and 2.1 (Computer Online Forensic Evidence Extractor).
Mr. Chatfield has 25 years of experience in law enforcement. He was a Criminal Investigator for the Maricopa County (Arizona) Attorney’s Office for 13 years, where he conducted major felony investigations, including criminal enterprises, financial crimes, political corruption, and analysis of computers and computer-generated data. He also was Chief of the Mancos (Colorado) Police Department for 6 years, and began his law enforcement career as a Police Officer and Field Training Officer for the Phoenix (Arizona) Police Department.
Mr. Chatfield is a lifetime member of the International Association of Computer Investigative Specialists (IACIS), a nonprofit organization of volunteer computer forensic professionals dedicated to training and certifying practitioners. He has served on its Board of Directors, as well as its elected President and Vice President. As an IACIS instructor for 5 years, he developed training courses on computer crime investigations and the methodology for seizing and analyzing computer-based evidence. He is a Board member of the American Society of Digital Forensics and eDiscovery (ASDFED) and has been an associate member of the Scientific Working Group for Digital Evidence (SWGDE) since 2005.
Mr. Chatfield was the first person certified as a Computer Forensics Expert by IACIS in 1992. He was selected to train the Commercial Crime Bureau of the Royal Hong Kong Police Force and NATO Intelligence organizations on computer forensics. He also represented state and local law enforcement on the NIST Computer Forensic Tool Testing committee.