Posts Tagged ‘social networking’

New Book Investigating Internet Crimes Released

Saturday, February 15th, 2014
41wMbTIcmVL._SY300_

Investigating Internet Crimes

Investigating Internet Crimes:
An Introduction to Solving Crimes in Cyberspace

You can find the new book by Todd G. Shipley and Art Bowker on Amazon books and you can  also follow the authors on their blog. What’s being said about the book:

Neal Ysart, Director First August Ltd, likes Investigating Internet Crime by Shipley and Bowker

“At last….. Informed, pragmatic guidance from two highly experienced professionals who  have actually spent time on the front line, not just the classroom.  This book is relevant for  practitioners working in both law enforcement and within business – every aspiring cyber  investigator should have a copy.” Neal Ysart, Director First August Ltd, Information and  Corporate Risk Services

Smartphones and the Internet: Finding evidence in 2 different places

Wednesday, June 22nd, 2011
How do Internet and mobile phone evidence support each other?

How do Internet and mobile phone evidence support each other?

On Thursday, June 30, we’ll be offering another webinar that is new to our series: Smartphones and the Internet, a discussion about how smart phones are changing the world of online investigations. Instructor Michael Harrington, Director of Training at Teel Technologies and a longtime expert in mobile device forensics, will cover the various apps and tools that tie smart phones to the Internet and the potential for evidence collection on both the phone and the websites tied to the apps.

We asked Mike for some more detail on what he’ll be talking about:

VS: What are the major apps and platforms you’ll be covering in your webinar, and why are they especially relevant?

MH: I’ll mostly be concentrating on iOS and Android and focusing attention on GPS, browser, cloud and social networking applications such as Facebook and Twitter. iOS and especially Android account for the vast majority of the consumer market. Android growth is particularly strong in emerging markets, and has arguably the number one market position.

I’ll be concentrating on social networking applications because research has shown that the vast majority of access to services such as Facebook and Twitter are done on mobile. Facebook in particular is relevant because of the recent controversies of underage access and of course its role in the Arab Spring. Twitter has also made the news with Weinergate, and controversy over ill-thought tweets by such people as Roger Ebert.

The ability to access cloud based services from smart phones (Evernote, logmein and the like) as well as the smartphones capturing of location information not just overtly through GPS applications makes discussion of the platforms relevant.

VS: How do online evidence and mobile evidence work in conjunction? What if one doesn’t match the other?

Online evidence and mobile evidence should be used to validate each other. They should match each other regarding similar data such as IP address. In some instances online evidence may contain more information and vice versa. If they don’t match further investigation and explanation is needed to account for differences.

VS: How deep should investigators dive when collecting evidence from the Internet and from a mobile device? How can they make the decision about how far to go?

I think these questions are tied together inextricably. The decision on how far to dive depends on the severity of the crime. In most instances a simple download of the logical data on the phone will be sufficient to corroborate online evidence or to gather additional evidence to support that gathered online. In some instances it may be necessary to try to recover deleted data off a mobile — this may require specialist equipment and certainly more time and training.

VS: Not all mobile examiners will collect online evidence, and not all online investigators will collect mobile evidence. What’s the best way for them to come together to work out case building?

Since most people on the planet carry mobile phones and the usage of smart phones to access more services is expected to rise by 55% in 2011 it is absolute folly not to look for evidence on mobile devices. I would recommend that a [standard operating procedure] be worked out that if mobile devices are seized, and the particular type of case being worked suggests that a device may be used to access online services where evidence could be collected — or the like is found on mobile devices — that [all] those leads are chased down.

Investigators have to aware of all ways in which criminals and victims access the online world. More and more it’s through their mobile devices.

VS: Anything else webinar attendees should know in advance?

Maybe some stats on the smartphone market. Here is an excerpt from the first chapter of the Android book (Apress, expected pub date December 2011) I’m working on:

The growth of the global smart phone market has been nothing short of explosive. According to the International Data Corporation (IDC), a leader in market research, the world wide smartphone market is expected to grow 55% in 2011, fueled by consumers eager to exchange their feature mobile phones for advanced devices with more features, and most importantly, apps.

The sheer number of devices being shipped is staggering. Again according to the IDC’s Worldwide Quarterly Mobile Phone Tracker there will be a total of 472 million smart phones shipped in 2011 up from 305 in 2010. Furthermore, this is expected to almost double to an unbelievable 982 million by the end of 2015.

The growth rate is over four times the rate of the overall mobile phone market due to the accessibility of devices to a wide range of users, and helped by falling prices, functionality and low cost data plans.

The growth is most pronounced in markets that are emerging and where the adoption of these devices is still in early days – the IDC predicts that the most stunning growth will be in the Asia/Pacific region and in Latin America.

Join us on Thursday, June 30 from 11am-12pm Pacific, and bring any questions you have for Mike!

Image: Johann Larsson via Flickr

Social Media, Travel, Speeches and FourSquare

Thursday, April 29th, 2010

As much as I try to avoid business travel anymore, the more I seem to do.  Although travel is not bad it can get overwhelming at times and seems to just put me further behind. I did recently in my travels have the opportunity to speak, on an as of late favorite topic, and that is the use of Social Media by law enforcement. Specifically I was speaking on the lack of policy by agencies starting to use Social Media, not only as a community policing tool, but as an investigative tool.

Recently I was asked to present at the first annual SMILE conference or Social Media in Law Enforcement conference in Washington DC. This was a great gathering of various law enforcement professionals interested in Social media and its implementation within law enforcement. My specific piece was on the policy decision behind using social media as a law enforcement tool.  I spoke about the need to have policy to protect the law enforcement officer as much as the agency. I was able to speak with some great talent in the field that are adapting social media for investigative and communicative reasons.

I also had the opportunity to speak at the Massachusetts Attorney Generals Cyber crime Initiative quarterly meeting. The Mass AG sponsors a meeting quarterly on various cybercrime topics. She brings in investigators from all over the state to discuss cybercrime. I was lucky enough to speak on the investigation of social media, and of course hit the topic of policy for law enforcement.  The crowd of over 200 Massachusetts law enforcement investigators was eager to understand more about investigating social media especially as it applied to Cyber bullying cases.

During the two weeks I was gone, connecting to so many investigators in person, I wanted to be sure not to lose touch with my online contacts — not just customers and prospects who email me, but also Twitter and Facebook followers. So, as a smartphone user, I downloaded a new app and signed up for a new program called “Foursquare”. The use of FourSquare allowed me to stay connected on the road from my phone.  I could and did update my Facebook page and my twitter account from my phone with a few clicks of the keyboard.

I found this to be a simple and easy use of the media and received numerous comments back regarding my updates. Many were interested in my travels and found the topics I was speaking on of interest.

Why am I mentioning this? When I talk to groups like these, I want to be sure they understand the value of social networking in their professional lives — not just from an investigative standpoint, but also from the standpoint of being able to network and share ideas with one another. Our increasingly interconnected world makes this an absolute necessity.

Are you on Foursquare, Twitter, Facebook or LinkedIn? Please feel free to connect with me.

How people socialize online

Thursday, April 8th, 2010

By now, news stories about online criminal investigation are commonplace, from finding graffiti taggers to collecting gang intelligence.

But where do the social network users come from, and how do they use their favorite sites? These are important questions, whether you are trying to understand your community’s overall demographics, or specifically address criminal activity.

From spectators to creators

ladderIn 2007 think tank Forrester Research came up with the graphic on the right (explained most recently in this post). Rather than showing segmented user groups, the Social Technographics Ladder demonstrates a progression of behavior, from “inactive” (bottom rung) to “creators” (top rung), so that behaviors overlap.

What does this mean for law enforcement? Lots of things. Although it’s generic (Forrester has completed profiles for specific companies and industries about their customers), it’s a good start for investigators and administrators who want to understand victims and criminals alike.

First, only 17% of U.S. adults who are online are inactive in social media. From the standpoint of victims, they’re still at risk from email phishing, for instance, or other forms of identity theft.

But they’re not as at risk as Facebook or Twitter users, for instance, who are more exposed to “bad” links that send them to phishing sites, or surreptitiously download keylogger and other malware to their computers.

Criminals, meanwhile, are becoming bolder and more active. They may not so much be “curating” content—collecting, say, tips and techniques—as sharing and creating it, largely for the sake of having “bragging rights.” Witness the copious photos of drug and gun stashes on MySpace.

A full spectrum of social networks

convoprismembedThe other graphic law enforcement can make use of is the Conversation Prism, a graphic designed by public relations professionals Brian Solis and Jesse Thomas. The Prism shows not just the wide variety of social networks out there, but also groups them into categories by use type.

The circular spectrum is a good way to visualize how social networks fit and the many ways users have to create and share content, according to their behavior as shown on the Social Technographics Ladder.

Additionally, at the Prism’s core are shown the value of these uses: ongoing feedback and insight, crisis communications and PR/marketing and customer support, all revolving around an organization’s brand. This is important to law enforcement agencies, but also valuable when applied to criminal organizations, such as gangs or narcotics networks.

And no, investigators do not have to create or maintain accounts on every single one of these sites. That would be cost-prohibitive. They should, however, maintain awareness—of these and of new popular sites—and be prepared to go where the investigation leads.

What online networking behaviors have you observed among criminals you investigate?

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and digital forensics and can be reached at christa at christammiller dot com.

Cloud computing: Not just for geeks or feds

Monday, February 8th, 2010

Think online investigation is just for the high-tech crimes types, the computer forensics geeks or the feds? Not so, says Todd in his interview with Cyber Speak’s Podcast (hosted, ironically, by two former federal agents). The more people are online, the more they’re likely to use cloud services, the more important it is for local law enforcement to be there too.

Todd’s appearance on Cyber Speak came about because of his two-part article on cloud computing, which had appeared in December in DFI News. He and Ovie Carroll discuss:

Impact of cloud computing on first responders

Detectives performing searches can’t simply pull the plug on a running computer anymore (a fact which prosecutors are having to get used to). They need to be able to perform data triage and possibly even volatile data collection.

Why? Because knowing whether a suspect has an online presence is critical to whether an arrest is made—and what happens afterward. Whether users are actively storing files “in the cloud” or simply members of social networking sites, law enforcement officers who don’t find evidence and therefore, do not make an arrest risk that suspect going online and deleting all incriminating information.

Why is this a problem? Because the very nature of cloud storage means investigators may not be able to access a logical hard drive somewhere to recover the evidence. First, the sheer amounts of data stored on servers make this close to impossible. Second, there are jurisdictional issues.

Are you exceeding your authority?

Not only may information be stored outside your jurisdiction, but it may also be stored in another country altogether—one with different criminal and privacy laws. Accessing evidence of a crime in the United States may actually mean committing a crime in another country (Todd relates the story of two FBI agents for whom arrest warrants were issued in Russia).

This is a problem for local law enforcement, which Todd notes has been left largely to its own devices when it comes to online crime. Only Internet Crimes Against Children (ICAC) task forces have clear direction from the federal government on how to proceed.

Hence it’s easy for local police to kick Internet crimes up to regional, state or federal task forces. But as Todd points out, more people coming online means more crimes being committed against people in local jurisdictions both large and small. Law enforcement at every level needs to be able to respond.

Please listen to Todd and Ovie, and then come back and tell us what you think!

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

Gangs on the Internet

Wednesday, September 16th, 2009

Everyone engaged in technology today is using some form of social media. Law enforcement is learning to deal with it and so are the criminals. Gang members have found it to be a great communication source and are regularly using social media to keep in contact. MySpace, Facebook and especially Bebo, have become popular places for gang members to hang out.  The term used to describe gang members activity online is Cyberbanging. Cyberbanging isn’t a brand new term, but it is probably not widely known outside of its gang member users.

General intelligence collection is a task that the web can offer gang investigators. Blogs, social media pages, tweets can all give the law enforcement gang investigator valuable information about the goings on in a gang and potential strife between varying factions.

Law enforcement generally identifies a criminal street gang by having 3 or more members, common symbols or leadership, and gathering together to commit crimes or a continuing criminal conduct (or enterprise). They also generally classify gang members according to one of four criteria: 1) self admission, 2) a reliable informant confirms membership, 3) an unreliable informant confirms, and a second source corroborates, and 4) via confirmed law enforcement source.

The Internet can help identify gang affiliation by finding the members’ self admissions, i.e. photos of gang activity, comments indicating gang activity and being the corroborated source of information. A member’s MySpace page can contain significant information about them and their activities.

Those investigating gang members need to look on the Internet for potential members of their local gangs. Failing to do so could potentially overlook threats or trophy shots of criminal behavior that could prevent or solve crimes. In the worst cases, they may find the evidence to support a murder as a gang related crime as in the Jamiel Shaw case in Los Angeles. By many reports Jamiel was a star athlete. The dark side of his life was his Cyberbanging as a member of the Bloods.  His MySpace page tells a very different story of his life then many people thought. There he allegedly proclaimed his gang membership and flashed gang signs.

Documenting this kind of online activity easily supports a law enforcement agency’s investigation into gang activity.

Sources of Online Information: Some Background

Wednesday, September 9th, 2009

Cynthia Navarro understands how overwhelming Internet searches for information can be. Not only does she do them in the course of her work as a private investigator, but she also regularly teaches law enforcement officers, corporate practitioners, and others about what’s available and how to find it.

Her “Sources of Online Information” webinar grew out of that experience. “The Internet is a tool that augments what you already have and enables you to get more,” she says. “I base my training on how investigators can get what they need. If they need an individual’s professional information, there’s LinkedIn or Spokeo. If they need personal information, I show them what they can and cannot get from various sites, and how that information is presented.”

She also shows how to perform “creative” searches across Web sites, not just in Google but using search utilities included in social networking sites. “Different results come up for my name, Cynthia Navarro, than for ‘Cynthia Navarro’ enclosed in quotes,” she explains. Likewise results that include a keyword combined with a name, such as the individual’s interests or profession.

Sometimes investigators must collect information from people directly, using social networking sites to get personal. Such “pretexting” is necessary because people would not otherwise give up information to someone they know is an investigator. Pieced together with data gleaned from searches, this can become an invaluable means of constructing a case.

Connecting people, connecting identities

Navarro provides numerous examples of the ways it’s possible to use Web-based information to connect people to each other, as well as to find “other lives” they lead. One man she investigated turned out to have a profile on Match.com—as a woman. “People you wouldn’t expect to be associated with certain sites turn out to have a real dark side,” Navarro explains.

They also have certain habits, “things they need to get out there about themselves,” she says. “One CHP officer used his police vehicle and uniform in one of his Match.com pictures. I used him as an example in my classes, and not long after, his profile was deleted. But when he came back later on, using a different profile with different information, he still had a photo of a police vehicle.”

Navarro recognized him because she’d talked about him so much; she now uses the example to discuss how one deleted profile doesn’t necessarily mean another isn’t available.

Keeping up with information changes

Because Web-based information changes so rapidly, Navarro teaches that two things are important:

  • Evidence capture and preservation. “Within just one hour, a profile can go from public to private or even deleted,” she notes.
  • Evidence verification. “Some people post totally false information, so the investigator needs to know where to go to verify that what’s out there is true,” she says. Likewise what they find on information retrieval services, which may not contain the most up-to-date data.

Overall, as Navarro teaches, many different tools exist for evidence capture; investigators must know which are most appropriate for the investigator’s needs at the time. She cites Archive.org as one example of ways investigators can see what a website looked like at a certain point in time.

Most important for investigators to know: “The enormous amount of information at their fingertips,” says Navarro.

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.