Archive for the ‘WebCase’ Category

Where’s the WebCase 30-day demo?

Thursday, April 21st, 2011

3In recent weeks, we’ve gotten a number of questions about why our 30-day demo is no longer available for download, and how investigators can get to know WebCase without it.

To answer the second part first: we found that our customers had a much better experience with WebCase when they used it after a walk-through. That’s why we take you through a one-hour webinar — you can either register for one of our monthly demos, or contact us to set up a time that is convenient for you and your team.

As for the software demo itself, we’ve recently made changes to WebCase that necessitated our retooling the demo. We don’t have a firm launch date, but we’ll let you know when we do.

Meanwhile, please do register for a webinar demo (be sure it’s a WebCase demo, though we’d love to see you for our Online Investigation Series too), and be sure to ask us if you have any further questions for us!

Simplifying the webmail collection process

Thursday, January 13th, 2011

A recent ComputerWorld article discussed the security problems posed by webmail within organizations. In short, because webmail comes across HTTP rather than SMTP protocols, the organization does not protect against data leakage as it does from its own email system.

The reasons for this are many. In 2008, ComputerWorld ran an article that discussed ways webmail could breach even organizations with strong security. As always, the human factor can be a challenge. Well-meaning employees may use webmail to segregate business from personal email, when they are required not to conduct personal business on company accounts; employees may also use webmail to bypass overly complicated email security procedures.

At that point, even if employees’ personal webmail accounts aren’t being archived per the law, their email may become discoverable in the event of litigation. How to document the emails’ content?

In an October 2009 article for EDEN: The Electronic Data Extraction Network, Jonathan Yeh discussed various ways in which webmail could be captured for archival purposes. Among them:

  • Download the email locally using an email client with a POP or IMAP protocol. It can then be searched just like other digital evidence.
  • If these protocols cannot be used, screenshots, web page capture, or even printing.
  • Obtain data via browser artifacts.

Each of these methods is, however, complicated. Yeh goes into these issues in some detail, ending with the need to document each step of the collection process. While true that the courts accept expert testimony together with downloaded or screenshot data, there is still nothing about these collection methods to prove that the content was not manipulated in any way.

In addition, the procedures Yeh describes, along with some of the issues that the investigator must take into account, are time-consuming. Under such conditions, the margin for human error is greater, and as Yeh concludes, “The reliability of evidence can often only be gauged by the reliability of the methods used to collect it, and proper documentation can be the difference between admissibility and inadmissibility in court.”

Simplifying the “screenshots and web page captures” process, and in doing so addressing the reliability issue that Yeh brings up, is WebCase. That it is currently the only tool to do so should not be lost on e-discovery experts or other investigators.

Want more information? Schedule your free demo today!

By popular demand: WebCase adds new features

Friday, March 26th, 2010

WebCase users have been asking us for three things:

  • Full page capture
  • HTML, or “source,” code capture
  • 64-bit compatibility

We’re very pleased to have just released these features in WebCase 1.9, which is available now. Current WebCase users will find their efficiency improved via full page and HTML capture functions. Meanwhile, investigators who work exclusively on 64-bit systems can now take advantage of WebCase.

Full page and HTML capture

Full page capture improves efficiency, in part, with automatic scrolling. In previous WebCase versions, investigators had to scroll manually to areas of a page that were not immediately visible on the screen. Lengthy pages such as those seen on MySpace could result in numerous screenshots. Now with one click, WebCase captures an entire web page in a single JPEG graphic file.

WebCase 1.9 also introduces the ability to copy only the web page’s HTML (Hyper Text Markup Language), or underlying “source” code, to an evidence file. Some web pages are difficult to archive properly because of the embedded code, and previous versions of WebCase required several steps to archive the code. The HTML copy function allows just one step to document the source code for later review.

To see these two new features in action, watch our video here!

64-bit compatibility

64-bit systems have the performance to process more demanding applications, such as audio and video encoding, so 64-bit compatibility is important as WebCase users move to the latest in desktop computing technology.

Finally, WebCase 1.9 now also supports Windows 7 along with Vista and XP, and adds Internet Explorer 8 to its list of supported browser versions.

We’re still working on getting the demo version available, but meanwhile, please view the video (and the others we have available) — and please sign up for our next WebCase webinar on April 1st. (No April Fool’s!)

How important are date/time stamps to online investigations?

Thursday, February 25th, 2010

Recently I read a listserv posting wherein the poster described his use of the system clock to document the video evidence he was collecting. He described using the computer’s system clock as the source of the verification of the date and time, and recording with the video the system clock to show what the time is when you are recording the video.

Likewise, a WebCase user I spoke with told me that in the past, members of his unit would have to create a folder in which to keep case documents. Again, this used the system’s date/time stamping.

Date/time stamping is one of WebCase’s key features, but these two users bring up an excellent question: what, exactly, is the big deal about date/time stamping? More importantly, how can the defense challenge it in court?

Actually, it’s pretty easy to fudge a computer’s system clock. Not that an ethical investigator ever would, but the defense can introduce reasonable doubt with a simple demonstration. In Windows Vista, all it takes is a right-click on the time in the bottom right-hand corner. Then, select “Adjust Date/Time” and click on “Change date and time…”. System clock changed.

How does using WebCase prove you didn’t do this?

WebCase, when it starts, makes a system call to the National Institute of Science and Technology’s (NIST) atomic clock to obtain the correct time. It then dates and stamps all evidence collected in the current UTC (this stands for Universal Coordinated Time, or what we used to refer to as Greenwich Mean Time) time—not the system clock time.

WebCase automatically verifies the UTC and documents this in the reports users generate. This helps to ensure that any reliance on the system clock is avoided.

On the listserv, the poster went on to describe his collection process using a document program to cut and paste chats into. Again, he used the system date and time as the time stamp for the file.

Not only does WebCase negate the need to use two separate programs—video collection and document—but its date and time stamping, along with its automatic hashing function, guarantees the file integrity of any video recorded.

See it in action: download a free demo!

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

Podcast: Todd talks social media, online investigations

Monday, November 30th, 2009

Canada-based podcasting service provider The Daily Splice recently started its own podcast: Law Enforcement 2.0, in which marketer Mike Waraich interviews individuals who are involved with encouraging police departments to “join the conversation” online.

Social media is, of course, beginning to figure into much more than conversation: it’s playing a role in everything from online crime to police recruiting to intelligence. Because all of this information must be verifiable, police need a standard methodology to collect it.

Which is why Mike invited Todd on the show a few weeks ago. For just about half an hour, the two discussed the following:

Defining online investigation in terms of standard methodology.

Would online investigation be less “scary” if the people conducting it knew they could do it without their veracity being called into question? Standardized process counts for a lot, so being able to date/time stamp, “digitally fingerprint” (hash), and log Internet evidence in the same way other forms of evidence are authenticated can make investigators’ jobs a lot easier.

Social media as a “neighborhood.”

Most everyone under 30 (and many over 30) are, in some ways, members of this online space. Just as in a real-world neighborhood, the number of “residents” = number of potential victims. And crimes are being committed, not just on the Web, but in other areas of the Internet which are their own communities. (Think chat rooms, instant messaging and Usenet.)

Whether law enforcement can coexist with community relations.

As long as law enforcement is an active participant in the online community, it cannot be misconstrued as “Big Brother” watching. Instead, it brings community policing concepts to the Web: like a park in a bad section of town, it will stay “bad” unless law officers go there, partner with people who live there to clean it up.

Reputation management.

What people post on the Web is there forever. Some law enforcement officers need to be made cognizant of this fact. Employers look at people’s social media profiles not just to make hiring decisions, but also to ensure their employees are maintaining the standard expected of them.

Part of maintaining that standard is not to avoid parts of the neighborhood which are not well understood or liked. Investigators who do need to understand that the “conversation” goes on without them. Not to be there for it risks missing valuable intelligence and other information.

In other words, as Todd put it, “You may not want to go into a bad neighborhood because you know bad things can happen, but you still need to be there.”

Understanding the neighborhood.

Just as a good cop takes time to learn the landscape and culture of the neighborhood s/he is responsible for, a good Internet investigator takes time to understand where people are online–and where they are moving, what they are talking about, what they are doing.

With hundreds of social sites, this can be hard to figure out much less monitor. But the more investigators learn, the more they can make online investigation part of their everyday work lives, the more efficient they will become.

The conversation wrapped up, of course, with a short discussion about WebCase and where it fits in all this. Thanks again to Mike for the interest. We hope to be able to participate in future podcasts!

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

Cybercrime under the microscope

Wednesday, January 21st, 2009

This week in two separate parts of the world, Adelaide, Australia and Orlando, Florida, cybercrime is being discussed. In both conferences they are discussing the need to collect online evidence. In Orlando at the National Law Center’s Child Defenders Expo local, state and federal law enforcement officers are learning about the methods to prevent and investigate crimes against children on the Internet. In Adelaide, at the e-Forensics 2009 conference sponsored by the University of Adelaide, they are meeting to discussing the ways collecting of Internet evidence to aid in the prosecution of criminal.

Both conferences are addressing the growing need collect evidence from the internet for the purposes of successful prosecutions. In Adelaide, Dr. Sorrell says prosecuting internet criminals is very difficult because evidence may be hard to access: “We’re looking at the way in which that sort of evidence can be presented in court and what needs to be done with that evidence to ensure that it’s accepted by the court.”

Vere software is once again here to the rescue. Our flagship product “WebCase” is the solution that both of these groups need. In fact, Todd Shipley, President of Vere Software is presenting at the National Law Centers conference this week on that very topic. His presentation is entitled “Policing the Internet: Proper Collection of Digital Evidence from the Internet”. As an Internet Investigation tool, WebCase is able to record and collect Internet evidence for the investigator in any country. If the investigator can browse to the location on the Internet, no matter which country it resides in, WebCase can record as evidence the content of a website.

Task Force Study on Social Networking

Monday, January 19th, 2009

“New study shows social-networking sites safer than we think.” This was a typical headline following last month’s release of a new Harvard University report: “Enhancing Child Safety and Online Technologies.” As a result, much discussion and concern surfaced in the technology crime blogosphere and on various law enforcement listservs.

The law enforcement concern is that some will see the report as proof that social networking sites are only a minimal threat to children. The social networking sites, I am sure, will take it as vindication that they are doing nothing wrong.

However, the report—which comprised the findings of the Internet Safety Technical Task Force, a group that included leaders from the social networking industry and child advocate groups—admitted that many online crimes are probably underreported. Its review of the current literature primarily concluded (typical of academia) that more studying needed to be done.

Toward this end, the new study recommended an “Expenditure of Resources”: “…greater resources should be allocated to law enforcement for the training and developing of technology tools to enhance law enforcement officers’ computer forensic skills; to develop online undercover operations; and to enhance community policing efforts to educate minors, parents, and communities about youth safety.”

In fact, WebCase is already available; Vere Software developed WebCase to aid in this very situation. As the ISTTF and other groups continue to research and devote resources to Internet safety, so too will Vere Software continue to provide its customers with the tools required to accomplish their jobs. It is our hope that more accurate information in greater quantity and quality will encourage the social networking sites to continue to work with the attorneys general to prevent online crime.

Overall, the fact that attention is focused on the issue is a good thing. As Boing Boing puts it: “But of course, now that we know that kids are more threatened by the (less-sexy, less-mediagenic) scourge of bullying than the (incredibly scary, totally mediagenic) risk of sexual predation, we’ll divert funds and resources to the real risk, right?” Continued emphasis on, and resources funneled toward, Internet child protection will ultimately keep this in front of the powers who need to continue to protect children online.

WebCase™ Webinar Series

Tuesday, December 9th, 2008

Vere Software conducted another successful webinar in its ongoing series of “Collecting Legally Defensible Online Evidence” through the use of WebCase™. The webinar, conducted Thursday, December 4, 2008, was lead by by Bill Siebert, Vice President of Product Management and Customer Relations and Todd Shipley, President and CEO.

During the webinar Bill Siebert gave the attendees a short background on the reasons for collecting online evidence in a methodology that is legally defensible. Todd Shipley provided an over view of the use of WebCase™ in the collection of evidence from the Internet.

An overview of the webinar can be found on our eLearning page at (watch the video “WebCase™ Introduction”).

Law Enforcement Grant Funding

Thursday, November 20th, 2008

WebCase is working with the Innocent Justice Foundation to provide funding opportunities to law enforcement. The Innocent Justice Foundation’s mission is to help rescue American children from child sexual abuse and significantly impact and reduce the epidemic of child sexual abuse in this century. WebCase’s mission is to help support law enforcements ability to investigate crimes on the Internet. The Innocent Justice Foundation provides grant funding for law enforcement agencies involved in investigations of child abuse. Their grant funding opportunities can be found on their website at:  You can download their grant funding guidelines as well as their grant application from this page.

Vere Software has consulted with the Innocent Justice Foundation and pre-prepared their grant application with language to assist an agency in the purchase of WebCase in support of their online child investigations. See more on our webpage at

HTCIA Annual Conference 2008

Friday, October 24th, 2008

The HTCIA conference was another well attended conference with great training. Thanks to the North East Chapter for all of their hard work. The vendor area had a great selection of tools in the digital evidence space for the attendees to look over. The East coast/West coast wine competition this year was judged by some of our foreign conference attendees. The winner was the East coast with Tony G.’s red wine. The annual dinner had an interesting pair of dueling piano’s that entertained the crowd. As did our presidents dance moves….Overall it was another successful conference. Next year we are in beautiful South Lake Tahoe.