Today nearly every crime has some sort of digital footprint attached to it. So it’s easy to see why strong computer skills must round out any investigator’s toolkit. This course gives you an understanding of computer technology, its application to criminal activities, and the issues associated with investigating these cases. Through discussion and hands-on training, you’ll learn about computer hardware components, how to use the Internet to your advantage, search and seizure techniques, digital officer safety, and much more.
Audience: Law enforcement investigators and support staff
Prerequisites: Helpful to understand multiple platforms.
Length: 3 days
We begin our exploration into ways in which computers can be customized in order to camouflage illegal activities. We give you an overview of operating system folder properties and show you how they can be personalized to hide them. You’ll learn how to format your investigatory devices and set up your investigatory folders so that you can keep track of each step of your investigation. We talk about encryption and explain the issues you need to consider when conducting on-scene triage.
This block is all things Internet: connections, speed and bandwidth, types of service, and Internet Service Providers (ISP). You’ll learn about Internet Protocol (IP) addresses and networks, and see the role they play. We walk you through the steps of resolving an IP address and then show you how to serve legal process on the ISP in order to get the subscriber information and connection history you are looking for. You’ll see how to geolocate an IP address to place your suspect in a general geographic area. We show you how to investigate a website and give you resources for identifying a domain owner. We spend some time talking about social networking sites—Facebook and Myspace in particular—and give you tips on what types of information you can expect to find within these sites.
Tools for the Toolbox
With so much information just a click away, it’s often hard for an investigator to know where to start. We show you how to download some of our favorite Firefox Add-ons that will help in your investigations. You’ll see a demonstration of some add-ons that will speed up your investigations by increasing functionality. Many of these add-ons fall under the category of “You better hurry up and grab it now, because it might be gone later.” We introduce you to the SEARCH Investigative Toolbar, which is a collection of shortcuts that point to frequently used web resources. We also introduce you to the SEARCH ISP List, which is a collection of legal contact information and instructions you need in order to serve subpoenas, court orders, and search warrants to Internet service and other online content providers. You’ll see the types of information that can be gleaned from digital photos and learn the ins and outs of retrieving, viewing and mapping this exif data. We also show you tools for a) viewing graphics, b) playing/editing/recording audio and video files, and c) capturing a page.
Knowing how to use Google more effectively can save you time and make your investigations more successful. In this block we urge you to take the time to learn how Google works and then see how Boolean operators can help to narrow and refine your searches. We show you the ins and outs of advanced searching in Google and teach you how this can come in handy in social networking website investigations. You’ll also see how to set up your Google preferences so that you get the most information out of your searches. We talk about cookies. Lastly, we show you some Google apps that will help focus your search within a topical area.
In this block we take a look at a few different kinds of metadata that can help in investigations. We first explore document metadata, and see how it can shed light by telling us something about a document’s creator, or the time and date the file was created, or the name of the computer used to create the document. We can also find out if the document contains any hidden text or cells. You’ll learn about the metadata that is embedded in digital pictures. Called exif data—short for exchangeable image file format—this data may include the make, model and serial number of the device taking the picture, plus the date, time and possibly, the GPS coordinates for when and where the picture was taken.
Our exploration of email tracing begins with a look at email headers, which is the information needed to route an email from the sender to the recipient; it is created by the email server processing the message. The header is a record of the account and network that the message originated from and the servers that processed the message. Detailed header information is required to fully trace an email; we show you the steps you need to take to locate this information, which varies depending upon email client. We talk about the different types of protocol that help transmit messages on the Internet and show you how to identify the Message ID. Lastly, we discuss the limitations associated with email tracing.
Internet Relay Chat (IRC)
Email. Text messaging. Instant Messaging. These are all forms of communication services that you are likely familiar with. But what about chatting? While it has admittedly been pushed aside by some of the other more popular choices mentioned here, IRC still has its online niche that investigators need to be aware of. Chat rooms offer features that allow users to chat through private, one-on-one messages. Predators may use this to entice children into conversations about sex and offline meetings. We show you the mechanics of chatting and walk you through the steps to download, install, configure, and run mIRC, a Windows-based IRC client that will open doors to chat rooms for you.
This online marketplace offers free advertising for everything from used cars to new friends. Unfortunately many of the classified advertisements turn out to be fake, and are instead used by criminals to lure unsuspecting victims into their web. We explain Craigslist, and give you tips and tools on how to investigate criminal matters that arise from Craigslist encounters. We focus on where the main problem areas are within the site—those that facilitate activity that has the greatest potential for danger and abuse. You’ll see some tools that you should use to investigate crimes involving Craigslist, and we’ll cover the legal considerations and law enforcement resources for working with the site ISP.
Digital Officer Safety
When conducting online investigations, investigators must always ensure that they are not leaving themselves or their agencies open to discovery by others. Since IP tracking is prevalent on many websites, investigators need to be sure they are coming from an innocuous IP address in case they are traced. We walk you through the steps of digital officer safety as we talk about website tracking, phishing, safe login techniques, social network and cell phone profiles, and wireless network security.
There are two distinct categories here: one is a basic computer that you can use in undercover investigations. With this computer, you will trace IP addresses and domain names. You’ll also use it to capture images or videos online, or to scan a suspect network. With this computer you’ll set up your investigatory folders that will house case evidence and allow you to keep track of the steps taken in the investigation. The other computer you’ll need is one for running forensics so that you can image and recover suspect material. We give you pointers on the particulars of each computer and walk you through some of the pitfalls to avoid when working with a suspect’s device.
Mr. Timothy Lott is Director of the High-Tech Crime Training Services Program of SEARCH, The National Consortium for Justice Information and Statistics. He oversees a national program that provides expert technical assistance and training to local, state, and federal justice and public safety agencies on successfully conducting electronic crimes investigations.
These courses focus on teaching how to investigate Internet and computer crimes, online child exploitation, cellular devices, and social networking sites, and the proper search and seizure of home and small office networks. The High-Tech Crime Training Services team led by Mr. Lott also provides hands-on assistance in systems security and computer forensics.
Mr. Lott joined SEARCH in 2010 as a High-Tech Crime Training Specialist. He coordinated and provided training on high-tech crime investigations and forensics; provided technical assistance to law enforcement agencies in active cases; prepared training curricula; and presented at conferences throughout the United States. He was promoted to his current position in 2011.
Mr. Lott previously worked for 6 years as a Deputy Probation Officer for the Sacramento County (California) Department of Probation, and another 2 years as a Probation Assistant. He was assigned to the Sacramento Valley Hi-Tech Crimes Task Force, and helped conduct multijurisdictional investigations involving white-collar crime, organized crime, crimes against persons, and fraud when high-technology or identity theft is a factor. He also supervised a caseload of adult and juvenile probationers.
His assignment on the Task Force required him to conduct probation compliance checks on offenders who had been convicted and placed on probation for offenses involving the possession of child pornography, stalking via social networking sites or cell phones, and identity theft. In August 2009, Mr. Lott was cross-designated as a Special Deputy United States Marshal.
Mr. Lott is a member of the American Probation and Parole Association, American Criminal Justice Association, and High Technology Crime Investigation Association. He earned a bachelor’s degree in Criminal Justice from California State University-Sacramento. He is a certified Instructor through the California Commission on Peace Officer Standards and Training (POST), Robert Presley Institute of Criminal Investigation / Instructor Development Institute (ICI/IDI).
Mr. Justin Fitzsimmons is a Program Manager in the High-Tech Crime Training Services (HTCTS) department of SEARCH, The National Consortium for Justice Information and Statistics. He helps coordinate training with law enforcement agencies, prepares budgets, oversees the HTCTS project staff, and develops high-tech crime training projects for justice, public safety, and homeland security agencies nationwide. He also conducts legal, policy, and regulatory research, prepares white papers, and provides assistance and instructional services to justice, public safety, and homeland security agencies, particularly in digital evidence recovery, investigation, and prosecution.
Mr. Fitzsimmons is conducting a national research effort to determine the current capabilities of law enforcement to investigate crimes with digital evidence and make recommendations to decision-makers about resources to assist law enforcement. He also presents at conferences and trainings, participates on advisory committees and task forces, and supports agencies and jurisdictions as they create and implement effective procedures, practices, and technology applications that seek to combat high-tech crime and recover digital evidence.
Before joining SEARCH in 2012, Mr. Fitzsimmons worked for the National District Attorneys Association, where he was Senior Attorney for its National Center for Prosecution of Child Abuse beginning in 2009. He responded to requests for assistance in child sexual exploitation cases from prosecutors and law enforcement around the United States, designed and presented training seminars, and published articles on emerging technological issues in child sexual exploitation. From 1998–2009, he was an assistant state’s attorney (ASA) in the State’s Attorney’s Offices for Kane and DuPage Counties, Illinois, where he prosecuted cases involving sexual exploitation and digital evidence. As an ASA for Kane County, he supervised the Special Prosecution Unit, responsible for investigating and prosecuting felony cases, including Internet crimes against children. He was also assigned to a Child Advocacy Center team that investigated and prosecuted cases of severe physical and sexual abuse against children, crimes of Internet solicitation of children, and child pornography. As an ASA for DuPage County, he worked in the Criminal Prosecutions Bureau and the Felony Domestic Violence Unit.
Mr. Fitzsimmons frequently presents and teaches at international, national, and regional conferences, workshops, webinars, and training courses on digital evidence collection, computer forensics, crimes against children, cybercrime, and human trafficking. He has published articles on digital evidence authentication, computer forensics for prosecutors, child sexual exploitation, and more. In addition, he has drafted legislation that was signed into law in Illinois on several technology-facilitated child sexual exploitation issues from 2006–08.
Mr. Fitzsimmons was a member of the U.S. Department of Justice (DOJ) National Strategy Working Group on Child Exploitation and co-chaired its Training Subcommittee. He also participated in the DOJ Office for Victims of Crime Working Group on Restitution for Victims of Child Pornography, the FBI Innocence Lost Working Group, and the Internet Child Exploitation Task Force. He has served as faculty of the National Children’s Advocacy Center, Huntsville, Alabama, and for the North-East Metropolitan Regional Training Center, Police Training, Aurora, Illinois.
Mr. Fitzsimmons is a graduate of the Illinois Institute of Technology’s Chicago-Kent College of Law, and earned a bachelor’s degree from Wittenberg University in Ohio.
Ms. Lauren Wagner is a High-Tech Crime Training Specialist in the High-Tech Crime Training Services department of SEARCH, The National Consortium for Justice Information and Statistics, where she coordinates and provides training on high-tech crime investigations and forensics to local, state and federal justice and public safety agencies. She provides technical assistance to law enforcement agencies in active cases, prepares training curricula, teaches SEARCH investigative courses and speaks at conferences throughout the United States. She has also authored and coauthored various high-tech crime investigative guides, which have been published by SEARCH.
Ms. Wagner previously worked as a Research Analyst for SEARCH, focusing on research and development projects on integrated justice information systems planning and implementation using the Justice Information Exchange Model (JIEM™) tool. She also worked on managing the online state and local integration profiles as part of SEARCH’s justice and public safety Information Sharing Initiatives program.
Ms. Wagner first joined SEARCH in 2005 as a student intern. She holds a bachelor’s degree in Physics from Allegheny College, a master’s degree in Forensic Science from the University of New Haven (UNH), and a master’s certificate in Forensic Computer Investigation from UNH.
She also has her Network Plus Certification, and is a certified Instructor through the California Commission on Peace Officer Standards and Training (POST), Robert Presley Institute of Criminal Investigation / Instructor Development Institute (ICI/IDI). In 2009, Ms. Wagner was awarded the California POST ICI Award for Excellence in Instruction. In 2011, she completed and was certified in the Intermediate Level (Level II) of the California POST IDI Master Instructor program. She then completed and was certified in the Advanced Instructor Development Level (Level III) of this Master Instructor program in 2012.