Posts Tagged ‘Online investigation’

Social Media, Travel, Speeches and FourSquare

Thursday, April 29th, 2010

As much as I try to avoid business travel anymore, the more I seem to do.  Although travel is not bad it can get overwhelming at times and seems to just put me further behind. I did recently in my travels have the opportunity to speak, on an as of late favorite topic, and that is the use of Social Media by law enforcement. Specifically I was speaking on the lack of policy by agencies starting to use Social Media, not only as a community policing tool, but as an investigative tool.

Recently I was asked to present at the first annual SMILE conference or Social Media in Law Enforcement conference in Washington DC. This was a great gathering of various law enforcement professionals interested in Social media and its implementation within law enforcement. My specific piece was on the policy decision behind using social media as a law enforcement tool.  I spoke about the need to have policy to protect the law enforcement officer as much as the agency. I was able to speak with some great talent in the field that are adapting social media for investigative and communicative reasons.

I also had the opportunity to speak at the Massachusetts Attorney Generals Cyber crime Initiative quarterly meeting. The Mass AG sponsors a meeting quarterly on various cybercrime topics. She brings in investigators from all over the state to discuss cybercrime. I was lucky enough to speak on the investigation of social media, and of course hit the topic of policy for law enforcement.  The crowd of over 200 Massachusetts law enforcement investigators was eager to understand more about investigating social media especially as it applied to Cyber bullying cases.

During the two weeks I was gone, connecting to so many investigators in person, I wanted to be sure not to lose touch with my online contacts — not just customers and prospects who email me, but also Twitter and Facebook followers. So, as a smartphone user, I downloaded a new app and signed up for a new program called “Foursquare”. The use of FourSquare allowed me to stay connected on the road from my phone.  I could and did update my Facebook page and my twitter account from my phone with a few clicks of the keyboard.

I found this to be a simple and easy use of the media and received numerous comments back regarding my updates. Many were interested in my travels and found the topics I was speaking on of interest.

Why am I mentioning this? When I talk to groups like these, I want to be sure they understand the value of social networking in their professional lives — not just from an investigative standpoint, but also from the standpoint of being able to network and share ideas with one another. Our increasingly interconnected world makes this an absolute necessity.

Are you on Foursquare, Twitter, Facebook or LinkedIn? Please feel free to connect with me.

Tags: , , , , , , , , , , ,
Posted in Company News | 1 Comment »

Podcast: Todd talks social media, online investigations

Monday, November 30th, 2009

Canada-based podcasting service provider The Daily Splice recently started its own podcast: Law Enforcement 2.0, in which marketer Mike Waraich interviews individuals who are involved with encouraging police departments to “join the conversation” online.

Social media is, of course, beginning to figure into much more than conversation: it’s playing a role in everything from online crime to police recruiting to intelligence. Because all of this information must be verifiable, police need a standard methodology to collect it.

Which is why Mike invited Todd on the show a few weeks ago. For just about half an hour, the two discussed the following:

Defining online investigation in terms of standard methodology.

Would online investigation be less “scary” if the people conducting it knew they could do it without their veracity being called into question? Standardized process counts for a lot, so being able to date/time stamp, “digitally fingerprint” (hash), and log Internet evidence in the same way other forms of evidence are authenticated can make investigators’ jobs a lot easier.

Social media as a “neighborhood.”

Most everyone under 30 (and many over 30) are, in some ways, members of this online space. Just as in a real-world neighborhood, the number of “residents” = number of potential victims. And crimes are being committed, not just on the Web, but in other areas of the Internet which are their own communities. (Think chat rooms, instant messaging and Usenet.)

Whether law enforcement can coexist with community relations.

As long as law enforcement is an active participant in the online community, it cannot be misconstrued as “Big Brother” watching. Instead, it brings community policing concepts to the Web: like a park in a bad section of town, it will stay “bad” unless law officers go there, partner with people who live there to clean it up.

Reputation management.

What people post on the Web is there forever. Some law enforcement officers need to be made cognizant of this fact. Employers look at people’s social media profiles not just to make hiring decisions, but also to ensure their employees are maintaining the standard expected of them.

Part of maintaining that standard is not to avoid parts of the neighborhood which are not well understood or liked. Investigators who do need to understand that the “conversation” goes on without them. Not to be there for it risks missing valuable intelligence and other information.

In other words, as Todd put it, “You may not want to go into a bad neighborhood because you know bad things can happen, but you still need to be there.”

Understanding the neighborhood.

Just as a good cop takes time to learn the landscape and culture of the neighborhood s/he is responsible for, a good Internet investigator takes time to understand where people are online–and where they are moving, what they are talking about, what they are doing.

With hundreds of social sites, this can be hard to figure out much less monitor. But the more investigators learn, the more they can make online investigation part of their everyday work lives, the more efficient they will become.

The conversation wrapped up, of course, with a short discussion about WebCase and where it fits in all this. Thanks again to Mike for the interest. We hope to be able to participate in future podcasts!

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

Tags: , , , , , , , , , , , , ,
Posted in Company News, WebCase | No Comments »

MySpace Investigations Basics: Some Background

Tuesday, November 3rd, 2009

A senior detective in Corona (California), Frank Zellers first realized the power of MySpace evidence during a 2006 homicide investigation. The suspect had a MySpace page, and not only were investigators able to recover current photos and intelligence from the site’s internal messaging system, they were also able to identify his location.

“Under a court order, MySpace provided us with the suspect’s IP address and subscriber ID, which we were then able to tie to his physical address,” says Zellers. “We watched him log in at 1 a.m., and we had him in custody nine hours later.”

That experience led Zellers to create an investigations course around MySpace, one that was designed not for task force members or computer forensic examiners, but for “novice” investigators. “For our basic class, we set up accounts to show the site’s internal functionality,” he says. “We show the students things like determining whether an image was uploaded to the site, or is embedded from another site. That helps them figure out where to serve search warrants.”

The “MySpace Investigations Basics” webinar grew out of that course. Zellers will discuss the site’s functionality, different ways to find different kinds of evidence, and how to save it, along with how advanced searches via Google and Yahoo figure into an investigation.

He’ll also cover how investigation of a MySpace page translates into investigation of other sites. “vBulletin forum software is very prevalent among the more obscure social networks,” he explains, “like the bulletin boards that host communities of online gamers, hard-core rappers, and others.”

That’s because many social networks retain the same general features which MySpace pioneered, including profile pages, comment space for friends, private messaging, and ability to share images and videos.

This varies by site—MySpace is more versatile than Facebook or Twitter—and the way the features are cataloged change, so investigators must take care to keep current with what each site does.

They should also stay up-to-date on site demographics. MySpace, with its longtime reputation for being a teen hangout, remains more popular among young people than Facebook, which is popular among older generations.

More social networks are also moving toward integration. MySpace, for instance, has partnered with Skype, a Voiceover IP application which allows both instant messaging and voice communications between members. A MySpace member can therefore IM a Skype user. (Zellers notes, however, that the chat conversation is archived on the user’s machine rather than on MySpace servers, making it a computer forensic job.)

Just because the MySpace user interface is complicated to adult eyes doesn’t mean plenty of evidence can’t be recovered and used either as intelligence, or to solve crimes—even in unexpected ways, as Zellers’ team discovered. And the continued popularity of social networking sites both new and old means investigators need to have these skills sooner rather than later.

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

Tags: , , , ,
Posted in Investigative Techniques, Investigative Tools | No Comments »

Gangs on the Internet

Wednesday, September 16th, 2009

Everyone engaged in technology today is using some form of social media. Law enforcement is learning to deal with it and so are the criminals. Gang members have found it to be a great communication source and are regularly using social media to keep in contact. MySpace, Facebook and especially Bebo, have become popular places for gang members to hang out.  The term used to describe gang members activity online is Cyberbanging. Cyberbanging isn’t a brand new term, but it is probably not widely known outside of its gang member users.

General intelligence collection is a task that the web can offer gang investigators. Blogs, social media pages, tweets can all give the law enforcement gang investigator valuable information about the goings on in a gang and potential strife between varying factions.

Law enforcement generally identifies a criminal street gang by having 3 or more members, common symbols or leadership, and gathering together to commit crimes or a continuing criminal conduct (or enterprise). They also generally classify gang members according to one of four criteria: 1) self admission, 2) a reliable informant confirms membership, 3) an unreliable informant confirms, and a second source corroborates, and 4) via confirmed law enforcement source.

The Internet can help identify gang affiliation by finding the members’ self admissions, i.e. photos of gang activity, comments indicating gang activity and being the corroborated source of information. A member’s MySpace page can contain significant information about them and their activities.

Those investigating gang members need to look on the Internet for potential members of their local gangs. Failing to do so could potentially overlook threats or trophy shots of criminal behavior that could prevent or solve crimes. In the worst cases, they may find the evidence to support a murder as a gang related crime as in the Jamiel Shaw case in Los Angeles. By many reports Jamiel was a star athlete. The dark side of his life was his Cyberbanging as a member of the Bloods.  His MySpace page tells a very different story of his life then many people thought. There he allegedly proclaimed his gang membership and flashed gang signs.

Documenting this kind of online activity easily supports a law enforcement agency’s investigation into gang activity.

Tags: , , , , , , , , , , , , , ,
Posted in Investigative Techniques | 1 Comment »

Sources of Online Information: Some Background

Wednesday, September 9th, 2009

Cynthia Navarro understands how overwhelming Internet searches for information can be. Not only does she do them in the course of her work as a private investigator, but she also regularly teaches law enforcement officers, corporate practitioners, and others about what’s available and how to find it.

Her “Sources of Online Information” webinar grew out of that experience. “The Internet is a tool that augments what you already have and enables you to get more,” she says. “I base my training on how investigators can get what they need. If they need an individual’s professional information, there’s LinkedIn or Spokeo. If they need personal information, I show them what they can and cannot get from various sites, and how that information is presented.”

She also shows how to perform “creative” searches across Web sites, not just in Google but using search utilities included in social networking sites. “Different results come up for my name, Cynthia Navarro, than for ‘Cynthia Navarro’ enclosed in quotes,” she explains. Likewise results that include a keyword combined with a name, such as the individual’s interests or profession.

Sometimes investigators must collect information from people directly, using social networking sites to get personal. Such “pretexting” is necessary because people would not otherwise give up information to someone they know is an investigator. Pieced together with data gleaned from searches, this can become an invaluable means of constructing a case.

Connecting people, connecting identities

Navarro provides numerous examples of the ways it’s possible to use Web-based information to connect people to each other, as well as to find “other lives” they lead. One man she investigated turned out to have a profile on Match.com—as a woman. “People you wouldn’t expect to be associated with certain sites turn out to have a real dark side,” Navarro explains.

They also have certain habits, “things they need to get out there about themselves,” she says. “One CHP officer used his police vehicle and uniform in one of his Match.com pictures. I used him as an example in my classes, and not long after, his profile was deleted. But when he came back later on, using a different profile with different information, he still had a photo of a police vehicle.”

Navarro recognized him because she’d talked about him so much; she now uses the example to discuss how one deleted profile doesn’t necessarily mean another isn’t available.

Keeping up with information changes

Because Web-based information changes so rapidly, Navarro teaches that two things are important:

  • Evidence capture and preservation. “Within just one hour, a profile can go from public to private or even deleted,” she notes.
  • Evidence verification. “Some people post totally false information, so the investigator needs to know where to go to verify that what’s out there is true,” she says. Likewise what they find on information retrieval services, which may not contain the most up-to-date data.

Overall, as Navarro teaches, many different tools exist for evidence capture; investigators must know which are most appropriate for the investigator’s needs at the time. She cites Archive.org as one example of ways investigators can see what a website looked like at a certain point in time.

Most important for investigators to know: “The enormous amount of information at their fingertips,” says Navarro.

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

Tags: , , , , , , , , , ,
Posted in Company News, Investigative Techniques, Investigative Tools | No Comments »