Unreliability of Eye Witnesses

Some jurisdictions allow expert testimony about the unreliable nature of eye witness testimony.  One example is Commonwealth of Pennsylvania v. Benjamin Walker, No. 28 EAP 2011-Supreme Court of Pennsylvania.

I recommend that anyone interested in this subject read The Invisible Gorilla: How Our Intuitions Deceive Us which is about attention, perception, memory, reasoning, and how they can cause problems in eye witness testimony.

Another book to read is Picking Cotton: Our Memoir of Injustice and Redemption which is about a man falsely accused of rape by a woman who said that she memorized certain characteristics about her attacker so she “wouldn’t forget”.

Saving Bozo Eruptions

I normally suggest using the WayBack Machine to preserve Bozo Eruptions, but there is another way to do this.

Archive.is takes a ‘snapshot’ of a webpage that will always be online even if the original page disappears. It saves both text and a graphical copy of the page for better accuracy. Saved pages will have no active elements and no scripts, to guard agianst malware. However, the stored page with all images must be smaller than 50Mb. Pages which violate our hoster’s rules (cracks, porn, etc) may be deleted.

Bear in mind that when you archive a page, your IP is being sent to the the website you archive.

This site also shortens URLs of what you archive much like tinyurl, goo.gl and bit.ly do and only supports search by URLs and domains as in the Google or Bing site: command.

A handy bookmarklet button for your toolbar is offered on the site.

When things get complex

Advangle helps you build complex web-search queries in Google and Bing.

You can quickly build a query with multiple parameters (such as the ‘domain’, ‘language’ or ‘date published’) and immediately see the result of this query in Google or Bing search engines. Any condition in a query can be temporarily disabled without removing it to allow you to try several combinations of different conditions and choose the one that works best.

The Edwardian Terrorist Redux

The Beltway Sniper, the Mumbai attacks, Charlie Hebdo, the Paris attacks. This is a hideous trend. We no longer face terrorists just planting bombs or shooting dignitaries with a pistol–they now come in gangs armed with military weapons and suicide vests. They attack whole cities. This is their version of strategic bombing.

This modus operandi is not new to anyone who reads. Edwardian fiction is replete with characters dreaming of mass destruction. Like Joseph Conrad’s archetypal terrorist, the professor in The Secret Agent, today’s Muslim terrorist’s thwarted ambitions have crystalized into a delusion of moral superiority and a desire to destroy modernity.

The Muslim terrorists want to change our religion and our liberal ways. Like the professor, they want a crackdown on suspected terrorists to destroy our individual liberties and to motivate potential recruits. They want the exigencies of our counter-terrorism efforts to serve these perverse objectives.

This terrorist strategy is not new, nor is our current response to it. From 1881 to 1901, two U.S. Presidents, a French President, a Spanish Prime Minister, and an Italian King fell to anarchist terrorists. In Paris, they hurled bombs onto the floor to the Bourse and bombed theatres and cafes. In the early years of the twentieth century, newspapers printed daily lists of political assassinations and bombings. Arguably, a terrorist started the Great War.

While the political plots and conspiracies of the Islamic world seem irrational to us, they are real in the minds of the people who commit the violence these plots demand. To them, violent action bears testament to their sincerity. Today’s cult of the suicide bomber is not new. One only has to read Conrad’s The Secret Agent and Under Western Eyes to see today’s Muslim terrorist.

Under Western Eyes was written in 1911, yet it tells us clearly that despotism breeds terrorism and the tolerant west that shelters refugees becomes a laboratory for terrorists to perfect their paranoias and grievances along with murderous weapons created from modern western technology.

A reddit Barometer

Reddit is an entertainment, social networking, and news website where registered users submit content, such as text posts or direct links. This makes it a large online bulletin board.

Users vote submissions up or down to organize the posts and determine their position on the site’s pages. Content is organized by areas of interest called “subreddits”. The subreddit topics include news, gaming, movies, music, books, fitness, food, and photosharing, among many others.

For the investigator, reddit is a good barometer of the user’s interests, attitudes, and popularity. If you want to see the user’s barometer, SnoopSnoo provides reddit user and subreddits analytics.

On SnoopSnoo, the user analytics are computed by analyzing submissions and comments activity. Analysis is limited to the 1,000 most recent comments and submissions due to reddit’s API restrictions. The subreddits are automatically assigned topics by an algorithm. Subreddits with fewer than 1,000 subscribers or created within the last 30 days may not have been processed.

Social Media & Threat Alerts

A Pew Research Poll indicates that college students are spending less time on Facebook and more on simplified instant messaging services like Snapchat, Instagram, WhatsApp and Yik-Yak. Campus safety officers haven’t caught up with this trend. They still check Facebook most consistently, followed by Twitter and Yik-Yak.

In my experience, very few organizations use social media threat alert software or employ a social media monitoring company. Everything that I have seen indicates that orgainsations that monitor social media for risk management usually monitor the wrong sites.

Turn Your PC into an iPhone

Some web sites cannot be viewed properly using Firefox. Sometimes it is an old site that requires MS Internet Explorer (IE) or it may be a site designed for mobile devices.

The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. It allows you to chose from three versions of IE or an iPhone. Selecting the iPhone user agent often reveals additional  functionality on the site. The extension is available for Firefox and will run on any platform that this browser supports including Windows, OS X and Linux.

Investigative Internet Research (IIR)

Sources & Methods

Clients do not pay you to find data. Clients pay you to tell them how the collected data helps or hinders their cause. How you report the nature of the sources used and the methods employed is critical.

Sources are the lifeblood of any investigator, but methods are what determine the success or failure of both the investigator and the investigation. In IIR, the identity of the source, its location, date, and breadth of content become critical to the investigation’s integrity. The investigator’s credibility depends on his explanation of his methods, which must include the search strategy, rights to access the material, and the path used to arrive at that source material.

The Internet Profile & Identity

In the industrialized countries, a person’s Internet profile is given far too much credence. If you become involved in Investigative Internet Research, then you must combine the Internet profile you develop with authoritative public records and content from a variety of database aggregators.

This is of critical importance as more than one person often uses the same screen name or a screen name may be used maliciously. The more data you collect, the more likely that you will attribute some data to the wrong person.

Mapping a person’s identity is nothing more than comparing gender, race, location, religion, friends, family, car, pictures, etc. to what you know about the subject and what you find in a variety of sources. This ensures that all the data is consistent and relates to only one person. It will also identify inconsistencies in the collected data, which you may choose to investigate. The identifiers are the subject’s name, along with age, gender, race, employer, location, religion, friends, family, car, pictures, etc..

Canadian Criminal Court Documents

The following lists the court documents that you should order when reviewing an accused’s involvement in a criminal prosecution in Canada.

In Canada, the charges are contained in the ‘Information‘. A person must swear under oath that the information about the crimes committed is true. This document usually contains a list of appearances and a synopsis of the verdict. It also identifies the victim and any co-accused.

The Bail or Recognisance will explain the conditions of the accused’s pretrial release. This may identify the sureties, where the accused must live, and other conditions such a a prohibition of having weapons.

Search warrants are a treasure trove of useful information because the police will meticulously explain their need for the warrant. However, court staff often try to prevent you access to these, but they are public record unless sealed by a court order.

Probation orders are like the Bail document in that they set out conditions. However, they also may indicate where the subject lived. In some cases, the probation order will be sent to another province. In that case, you know that during his probation, he was living in that province and a search of criminal court records in that province is indicated to see if he abided by the conditions of his probation.

Exhibits also represent a valuable source of information. Once a case is concluded, you may view the exhibits. Like search warrants, the court staff often tries to deny your access to exhibits. Persevere and demand access to the exhibits and you will eventually get to view them.

Searching Periscope & Meerkat

Periscope, the free iPhone app from Twitter is the clear winner against first-comer Meerkat. Periscope is mobile live streaming that lets the user share what is happening right now and relive it later thanks to the service’s saved streams feature.

At the moment, from the investigator’s perspective, Periscope and Meerkat offer an opportunity to see a lot of useless streaming video if you don’t know how to search effectively. Both are hard to search by keyword or topic–you usually have to search via people.

You can use Getxplore and link your Twitter account to them. This will then allow you to see current Periscope and Meerkat streams and then enter search quires to find the types of streams that you are looking for.

Another option is the Twitter search and programs such as Tweet Deck or Hootsuite which you can setup to constantly pull Periscope and Meerkat streams direct to you dashboard. Simply add #Periscope OR #Meerkat as a search term and now you will have access to every single live-streaming video that is shared to Twitter.

You can refine the search by geography as in  #periscope OR #Meerkat near:”Toronto, Ontario” within:50mi. To further filter results add keywords to make the search even more specific, (#periscope OR #Meerkat) AND (Jays OR Skydome).

Finding a Secure Workspace

Recently, when working at a client sites, I’ve taken to occasionally using Windows to Go. This is Microsoft’s little-used secure workspace feature for Windows. It allows you to boot into a secure workspace located entirely on a USB key. This enables you to use Windows without relying on the operating system, applications, or storage on the host device. It creates a secure workspace on any machine that can boot from a USB drive without trusting the host machine. I have even devised a way to use a Virtual Machine (VM) in this workspace. Because the workspace doesn’t rely on the host operating system, the workspace on the USB drive isn’t at risk of compromise from a host machine and the VM protects the USB workspace. This saves me from constant use of my ‘Safe Mode on steroids’ or reinstalling Windows from a drive image on a client’s machine. However, it is too slow and requires too much effort to maintain. A similar live Linux USB seems to offer faster performance and it is easier to maintain the VM.

Defence Against the Dark Arts

I wander through the nether regions of the Internet and Dark Net looking for data to support my clients’ causes. This exposes me to severe risks from the nasty creativity of Beelzebub’s demonic gangsters and hackers.

It seems that a Windows system only lasts about 1/2 hour before getting infected without some form of anti-virus (AV). I regularly boot a clean live Linux USB, and then scan for viruses. This is like Safe Mode on steroids. In most instances, I find something malicious missed by the typical AV programs. However, this is only a temporary measure.

I am migrating to Linux for Investigative Internet Research because very little Linux malware exists in the wild. I only need AV on the Linux file server (or an email server if I had one). I do this because an infected Windows computer may upload infected files or an uninfected one might access infected files on the Linux machine, which then allows it to infect other Windows systems. AV on the file server isn’t protecting the Linux system–it’s protecting the Windows computers from themselves. I recommend the paid version of ESET Antivirus and Security Software as it doesn’t try to upsell you on other services.

The Old YouTube Scrape Trick

The Old YouTube Scrape Trick

Don’t be fooled by the old YouTube scrape trick. A scrape is an old video downloaded from YouTube which is then presented as a new and original eyewitness account of a different event.

Defeating The Old YouTube Scrape Trick

Amnesty International provides a handy tool called YouTube DataViewer.  Enter the video’s URL and it will extract the clip’s upload time and all associated thumbnail images. This data isn’t readily accessible via YouTube, however, this two-pronged approach allows you to identify the earliest upload, which is probably the original version.  Conducting a reverse search on the thumbnails often uncovers web pages containing the original version of the video along with other uses of it.