Archive for November, 2009

Podcast: Todd talks social media, online investigations

Monday, November 30th, 2009

Canada-based podcasting service provider The Daily Splice recently started its own podcast: Law Enforcement 2.0, in which marketer Mike Waraich interviews individuals who are involved with encouraging police departments to “join the conversation” online.

Social media is, of course, beginning to figure into much more than conversation: it’s playing a role in everything from online crime to police recruiting to intelligence. Because all of this information must be verifiable, police need a standard methodology to collect it.

Which is why Mike invited Todd on the show a few weeks ago. For just about half an hour, the two discussed the following:

Defining online investigation in terms of standard methodology.

Would online investigation be less “scary” if the people conducting it knew they could do it without their veracity being called into question? Standardized process counts for a lot, so being able to date/time stamp, “digitally fingerprint” (hash), and log Internet evidence in the same way other forms of evidence are authenticated can make investigators’ jobs a lot easier.

Social media as a “neighborhood.”

Most everyone under 30 (and many over 30) are, in some ways, members of this online space. Just as in a real-world neighborhood, the number of “residents” = number of potential victims. And crimes are being committed, not just on the Web, but in other areas of the Internet which are their own communities. (Think chat rooms, instant messaging and Usenet.)

Whether law enforcement can coexist with community relations.

As long as law enforcement is an active participant in the online community, it cannot be misconstrued as “Big Brother” watching. Instead, it brings community policing concepts to the Web: like a park in a bad section of town, it will stay “bad” unless law officers go there, partner with people who live there to clean it up.

Reputation management.

What people post on the Web is there forever. Some law enforcement officers need to be made cognizant of this fact. Employers look at people’s social media profiles not just to make hiring decisions, but also to ensure their employees are maintaining the standard expected of them.

Part of maintaining that standard is not to avoid parts of the neighborhood which are not well understood or liked. Investigators who do need to understand that the “conversation” goes on without them. Not to be there for it risks missing valuable intelligence and other information.

In other words, as Todd put it, “You may not want to go into a bad neighborhood because you know bad things can happen, but you still need to be there.”

Understanding the neighborhood.

Just as a good cop takes time to learn the landscape and culture of the neighborhood s/he is responsible for, a good Internet investigator takes time to understand where people are online–and where they are moving, what they are talking about, what they are doing.

With hundreds of social sites, this can be hard to figure out much less monitor. But the more investigators learn, the more they can make online investigation part of their everyday work lives, the more efficient they will become.

The conversation wrapped up, of course, with a short discussion about WebCase and where it fits in all this. Thanks again to Mike for the interest. We hope to be able to participate in future podcasts!

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

MySpace Investigations Basics: Some Background

Tuesday, November 3rd, 2009

A senior detective in Corona (California), Frank Zellers first realized the power of MySpace evidence during a 2006 homicide investigation. The suspect had a MySpace page, and not only were investigators able to recover current photos and intelligence from the site’s internal messaging system, they were also able to identify his location.

“Under a court order, MySpace provided us with the suspect’s IP address and subscriber ID, which we were then able to tie to his physical address,” says Zellers. “We watched him log in at 1 a.m., and we had him in custody nine hours later.”

That experience led Zellers to create an investigations course around MySpace, one that was designed not for task force members or computer forensic examiners, but for “novice” investigators. “For our basic class, we set up accounts to show the site’s internal functionality,” he says. “We show the students things like determining whether an image was uploaded to the site, or is embedded from another site. That helps them figure out where to serve search warrants.”

The “MySpace Investigations Basics” webinar grew out of that course. Zellers will discuss the site’s functionality, different ways to find different kinds of evidence, and how to save it, along with how advanced searches via Google and Yahoo figure into an investigation.

He’ll also cover how investigation of a MySpace page translates into investigation of other sites. “vBulletin forum software is very prevalent among the more obscure social networks,” he explains, “like the bulletin boards that host communities of online gamers, hard-core rappers, and others.”

That’s because many social networks retain the same general features which MySpace pioneered, including profile pages, comment space for friends, private messaging, and ability to share images and videos.

This varies by site—MySpace is more versatile than Facebook or Twitter—and the way the features are cataloged change, so investigators must take care to keep current with what each site does.

They should also stay up-to-date on site demographics. MySpace, with its longtime reputation for being a teen hangout, remains more popular among young people than Facebook, which is popular among older generations.

More social networks are also moving toward integration. MySpace, for instance, has partnered with Skype, a Voiceover IP application which allows both instant messaging and voice communications between members. A MySpace member can therefore IM a Skype user. (Zellers notes, however, that the chat conversation is archived on the user’s machine rather than on MySpace servers, making it a computer forensic job.)

Just because the MySpace user interface is complicated to adult eyes doesn’t mean plenty of evidence can’t be recovered and used either as intelligence, or to solve crimes—even in unexpected ways, as Zellers’ team discovered. And the continued popularity of social networking sites both new and old means investigators need to have these skills sooner rather than later.

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.