Archive for February, 2011

How the bad guys use social media: An interview with Todd Shipley

Monday, February 28th, 2011

Hardly a day goes by when the news isn’t reporting criminal use of social media to find and groom victims, start and fuel gang wars, or exploit other weaknesses. Todd Shipley joined Spark CBC host Nora Young last week to talk about some of these issues, along with how police can use social media to find the activity.

Listen to the 20-minute interview now to find out:

  • How criminals exploit their victims’ weaknesses, along with their own need for social connections
  • The importance of looking beyond the physical crime scene to its virtual extension
  • The social and technical skills police need to document online and other digital evidence before it gets to detectives
  • How online or cloud investigation is similar to network forensics (and unlike computer forensics)
  • What legal requirements police need to abide by when they go online

Got questions about Todd’s interview? Leave us a comment!

Tracing IP Addresses: Q&A

Friday, February 18th, 2011

We were very pleased to welcome back Dr. Gary Kessler to our “Online Investigations Basics” webinar series this week. Once again Dr. Kessler discussed some of the background and tools relevant to tracing IP addresses. Below is his companion presentation:

During the session, we took several questions from some of our listeners. One person asked whether tracing IP addresses overseas was any different from tracing them domestically. Answer: not technically; the overall process remains the same, but whether American investigators can secure foreign cooperation is a different question. The best bet is for investigators to contact legal representatives in American embassies for help dealing with law enforcement in another country.

Another participant asked whether TCP/IP packets would provide information on what kind of device accessed the Internet; in a related question, someone else asked if MAC addresses from two devices could show that they had been communicating with one another.

By themselves, packets contain no information on the type of device communicating. A device or router is needed to show where an IP address was assigned; the same is true for tracing IP addresses past a private network. And as for MAC addresses, they have only local relevance, not end-to-end applicability.

We wished we could have gotten into more detail about this question: the biggest challenges with tracing IP addresses in the cloud. As the load of traffic increases, and IPv4 addresses diminish (before IPv6 takes hold), more ISPs will begin to allow shared IP addresses. On the flip side, multiple IP addresses will be resolved to single devices.

Again, we’re grateful to Dr. Kessler for taking the time to help educate the community on a complex issue. Have questions? Please contact us. And we’d love to see you at our future “Online Investigations Basics” webinars. In another few weeks, Cynthia Navarro will be talking about online sources of information. We hope you’ll join us!

Our Online Investigations Basics webinar series is back!

Thursday, February 3rd, 2011

We’re excited to announce the return of our popular, free “Online Investigations Basics” webinar series! Designed to help investigators maximize their online evidence collection skills, the monthly webinars will feature investigative techniques and issues such as:

  • Tracing IP Addresses
  • Online Sources of Information
  • Online Identity Theft Investigations
  • Internet Relay Chat (IRC) Investigations
  • Investigating Social Media

The webinar series builds on the original series, offered in the fall of 2009, by offering both new courses and updated content from some returning instructors as well as new voices. Established experts in their fields, the Online Investigation Basics instructors will take questions from, and interact with, webinar attendees during a structured Q&A period within each 60-minute presentation. The webinars are meant for investigators from all sectors — law enforcement, corporate and independent.

In addition, we’ll continue to provide our monthly WebCase webinars, which allow investigators to get to know our software when they can’t attend our on-site training.

The first Online Investigation Basics webinar is Thursday, February 17. Dr. Gary Kessler of Gary Kessler & Associates will present “Tracing IP Addresses,” in which he will introduce concepts about the TCP/IP suite, the Internet, IP addressing and domain names, and the administration of Internet names and numbers. He will also demonstrate tools to support IP tracing.

Want to know more? Sign up today!

Data retention vs. criminal anonymizer use

Wednesday, February 2nd, 2011

This week, German authorities released data suggesting that Internet Service Provider (ISP) data retention policies – which the United States hopes to implement – could actually have a negative impact on online crime fighting.

Why? As the article puts it:

This is because users began to employ avoidance techniques, says AK Vorrat. A plethora of options are available to those who do not want their data recorded, including Internet cafés, wireless Internet access points, anonymization services, public telephones and unregistered mobile telephone cards.

The European Union is looking at policy changes that protect both privacy and public safety. In the meantime, however, we know that “hard core” criminals will continue to use anonymization technology, and it will take more than policy to address this.

That’s why we’re pleased to announce that the National Institute of Justice has awarded us funding under its Electronic Crime and Digital Evidence Recovery grant. The funding is for the development of forensic and investigative tools and techniques to investigate criminal use of Internet anonymizers – tools that law enforcement doesn’t currently have.

We’ll be working in conjunction with researchers at the University of Nevada’s Department of Computer Science and Engineering on the development, while investigators from the Washoe County Sheriff’s Department will test the software and offer their feedback. Meanwhile, we’d love to hear from you. What has your experience been trying to investigate online crime despite anonymizers?