Security & Shortened URLs

As we all know, clicking on a link can send us to digital purgatory. While I don’t worry about this when I am working in a VM, I do in a normal browsing session. This hunter doesn’t want to become the hunted.

The best advice, for general browsing, is to use the WOT browser pluggin available for Firefox and Chrome. This will deal with most problem links. While in a VM, I sometimes now do a manual scan of shortened URLs using VirusTotal.

A trusted collegue tells me, “the bad actors are beginning to step up their game now, some actually check the useragent string from the browser and will redirect you to malware and fool the link scanners.”

VPN Security & Firefox

When you’re hunting in the digital landscape, you don’t want to stand out like a white lion on the Serengeti.

PeerConnections are enabled by default in Firefox. This is a bad juju for me as enabling this can leak my IP address when using a VPN connection.

In Firefox, go to ‘about:config’ in the address bar. In the config window search for this setting and change it as follows:

  • media.peerconnection.enabled and doubleclick it to change the value to false.

As this is such bad juju, I check this to make sure it is set at false before I start any research project. Of course, I do this because I always use a VPN.

Hunting YouTube Content

A successful hunt for data includes dragging your prey home and preparing it for consumption. If you have a hungry client to feed, then you will have to chop-up your prey into digestible chunks, cook it properly, and then serve it up all pretty-like on a fancy platter, because clients are picky eaters.

Here is what you need to make a delightful repast of what you find on YouTube.

After the disappearance of Google Reader, Feedly became the new standard in RSS readers. However, Feedly is much more than an RSS reader. It allows you to collect and categorize YouTube accounts.

For example, you can monitor the YouTube accounts of politicians, activists, or anybody else who posts a lot of YouTube videos. You get the latest uploads to their YouTube accounts almost instantly. This continuous stream of updated content can be viewed and played in Feedly and does away with individual manual searches of known YouTube accounts.

Of course, Feedly has other uses, but the YouTube use is the greatest time saver. The time saved can be applied to summarizing the video content and analyzing it in terms of how it relates to your client’s objectives.

Inoreader is another feed reader that can organise YouTube account feeds into folders along with a limited number of feeds from Twitter, Facebook, Google+ and VKontakte. It also allows the user to gather bundles of subscriptions into one RSS feed and export them to another platform to go along with the YouTube content.

Just paste the URL of a YouTube video into Amnesty International’s YouTube Dataviewer to extract metadata from the videos. The tool reveals the exact upload time of a video and provides a thumbnail on which you can do a reverse image search. It also shows any other copies of the video on YouTube. Use this to track down the original video and the first instance of the video on YouTube.

A lot of fake videos appear on YouTube. Anything worth reporting needs to be examined to see if it is a possible fake. The Chrome browser extension Frame by Frame lets you change the playback speed or manually play through the frames. While this is the first step in uncovering a fake, it is however, an easy way to extract images from the video for inclusion into a report.

Of course, you will use the Download Helper browser extension, which is available for both Firefox and Chrome, to help download the videos. Just remember to set the maximum number of ‘concurrent downloads’ and ‘maximum varients’ to 20 and check ‘ignore protected varients’ to speed the process.

To make a long list of videos to download, you can use the browser extension, Copy All Links, or Link Klipper or Copy Links in Chrome, to make a list of the links to every video you find. In addition to using this list in your report, you can turn it into an HTML page and then let Download Helper work away on it for hours by downloading all the videos for you.

Collecting all this video is the easy part. Sitting through all of it to extract useful data and then analysing it to see how it helps or hinders your client’s interests is the painful and expensive part, but it is the only way cook-up what the client wants to eat.

Forcing Firefox to Open Links in a New Tab

During a training class I watched everybody trudge around looking for lost search results. They tried reloading results pages, only to get distored results. They kept losing the search engine results page and were getting lost in a sea of tabs. They wanted to know how to get “google search results” to open in a new tab.

Here is my solution for getting tabs to open where I want them to. In Firefox, go to ‘about:config’ in the address bar. In the config window search for these settings and change them as follows:

  • – if true, will open a search from the searchbar in a new tab if you use the return key to trigger the search
  • browser.tabs.loadBookmarksInBackground – if true, bookmarks that open in a new tab will not steal focus
  • browser.tabs.loadDivertedInBackground – Load the new tab in the background, leaving focus on the current tab if true
  • browser.tabs.loadInBackground – Do not focus new tabs opened from links (load in background) if true
  • browser.tabs.opentabfor.middleclick – if true, links can be forced to open a new tab if middle-clicked.

This is the type of ‘boring stuff’  that you must master if you want to do Investigative Internet Research and make any money at it. Clients won’t pay for wasted time. You may know where to hunt for data, but you need to also know how to get it into the larder before it goes bad.


Finding and verifying social media content is becoming a greater concern for private investigators (PIs) and their clients. Unfortunately, most PIs do not possess the skills and resources to do this beyond the most rudimentary level.

Some investigation companies will try to build an in-house operation. They will buy technology, or spend money on subscriptions to tools that claim to do the work with a click of a button. This usually proves to be a costly expedition into the unknown that ends in failure. The purchased tools do not live up to their claims or clients usually want something the purchased tools and subscriptions don’t deliver.

Some investigation companies will send staff to courses to learn about sources. These are billed as Open Source Intelligence (OSINT) courses. Unfortunately, the OSINT concept usually misses the “intelligence” part, and it is more about gathering raw information than producing usable investigative reporting.

The ‘intelligence’ part is the expensive part. It involves time to conduct the analysis and many hours of learning to present the analysis along with the sources and methods reporting.

Producing a report that goes beyond the OSINT concept is not a secretarial task. Once you go beyond the popular OSINT concept, you start doing Investigative Internet Research (IIR).

Why You Can’t Dictate an IIR Report

Proper IIR reporting does not rely on haphazard Internet searches and does not dump a disorganised load of raw data from the Internet into a client’s inbox. Reports summarize then analyse the collected data and then explain the sources and methods used to collect data.

The researcher must understand how to use Word and other software because he cannot dictate IIR reports. A dicta-typist cannot produce an IIR report for the following four reasons:

  1. The person transcribing the dictation will not place images, graphs, and video clips properly yet, a picture, screenshot or video is worth a thousand words.
  2. There is no efficiency at all in dictating a URL and plenty of mistakes would result.
  3. Some Web site names are hard to pronounce and would lead to misspelling (although you might spell them out, there is still a risk).
  4. Whoever writes the report must have all the collected material at hand in order to create footnotes and appendices.

Now you know why the person doing the IIR must also prepare the report.

In the next few articles I will describe the tools and techniques that actually work, but there is no magic button that does the analysis for you.

Turn Your PC into an iPhone

Some web sites cannot be viewed properly using Firefox. Sometimes it is an old site that requires MS Internet Explorer (IE) or it may be a site designed for mobile devices.

The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. It allows you to chose from three versions of IE or an iPhone. Selecting the iPhone user agent often reveals additional  functionality on the site. The extension is available for Firefox and will run on any platform that this browser supports including Windows, OS X and Linux.

YouTube — Survival and Sanity Kit III

The Download YouTube Videos add-on for Firefox puts a download button underneath the YouTube video which allows downloading videos as MP4 and FLV formats while selecting the quality level at which to save the file.

Most extensions and add-ons that say they allow downloading YouTube videos don’t really work, this one does. If you are using e Chrome, Opera, Safari or Internet Explorer, you need to install the Greasemonkey script.

YouTube — Survival and Sanity Kit I

Watching YouTube videos is tiresome due to the ads around each video.  The YouTube Options for Google Chrome browser extension hides the ads, annotations, disables autoplay, and hides the comments. It also allows you to change resolution, display size, optional flash pre-buffering, looping/replay, and video audio volume. It has a very useful feature to create a RSS link to the owner of the YouTube video or Twitter author.

If you have to work with a lot of YouTube material, then this thing is a necessary part of your Survival and Sanity kit. It takes some time to find and enable all the setting you need but it is worth the effort.

Disconnect from Tracking

A browser extension for Firefox called Disconnect disables tracking by Google, Facebook, and Digg. The same firm provides the Collusion extension for Chrome and Safari that does the same thing.

Disconnect provides more protection than the Do Not Track feature in the browser. Firefox, Internet Explorer (9 and later versions), and Safari have Do Not Track privacy options that you may enable. However, implementation of Do Not Track is voluntary on the part of the websites you visit. Disconnect and Collusion stops tracking on all sites.

Firefox Addon — Search Site v.3.2

Search Site 3.2 allows you to search within the current site from the search bar, or from the context menu, or by drag-and-drop into the search bar. This makes it easy to do a website-specific search, using the search engine currently selected in the search bar, if the site doesn’t have its own search box. If you use the search bar, type the search terms into the search bar and then click on the Search Site icon that appears in the search box or press Ctrl+Enter.

Searching the current site can also be done by using the right-click (context) menu. Just select the word or words you want to search and select Search Site for selection in the context menu. Unfortunately, the search results do not automatically open in a new tab, you must hold down the ctrl key as you select the Search Site for selection context menu item. Using the ctrl key will move the results to the foreground tab or if using the search bar,  hold down Ctrl  when clicking on the Search Site icon to display the results in new foreground tab.

I also recommend selecting Enclose the selected text in quotes when searching from context menu in the Options Dialog.

Firefox Addon — Google site: Tool

I have written about the site: command in Google before.

The site: command in Google is an invaluable tool for doing Investigative Internet Research (IIR), especially in combination with other advanced operators.

Google site: Tool

Google site: Tool only works Firefox 14 or later on Windows 7.

It allows you to add site: or -site: to modify your Google search results. To limit your query to a particular site in the results, or to re-run the query excluding that site from the results, click the green URL below the result header. This works best on rather than the country-specific versions of Google. It also works on the encrypted version of

This addon requires Greasemonkey.


A Firefox add-on called  Greasemonkey allows you to customize the way a web page displays using small bits of JavaScript.


Boounce is a simple browser add-on available for Mozilla Firefox and Google Chrome that helps you bounce between search engines, topical databases, and searchable websites. It mercifully eliminates duplicate results from Google, Bing, and Blekko.

This works quite well if you need to search through a lot of sites quickly. However, you should only use uncomplicated search terms containing words that are not likely to be filtered-out of the results by the default porn filters of the sites you are searching.

If you copy a lot of material while searching, then in the addon’s options deselect “Use text selection as search term”. This is  particularly annoying if you cut and paste to MS OneNote as you conduct your research.

One feature I really like is the ability to right-click on webpage search box to add it to the list of boounceable sites.

The list of search sites included with Boounce may be found at

Google Earth Maps without the Internet

Have you ever tried to automate Google Earth into an offline cache? This blog article shows you how to do it. It describes ways to load several types of maps offline, including topographical maps and Google Earth.

To download Google Earth for offline use, you will need software from DrRegener which is free to use. This allows you to create high resolution offline Google Earth caches that can be placed onto an external thumb drive and viewed as needed without access to the Internet. It is also a good way to manage mapping during an investigation.


FireFox V.10

The biggest change in V.10 that most Firefox users will see is the smaller number of add-ons marked as incompatible. About 80 percent of all add-ons should now be compatible. Previously, most add-ons would break when Firefox released a major update.

V.10 seems to work much better than any V.9 iteration. No more crashing and the add-ons and extensions work properly. I guess I will be able to stay with Firefox for a while yet.

Extended Support Release

Mozilla also released the enterprise version of Firefox, called ESR (Extended Support Release), which will release updates on a slower cycle (once per year) so that businesses don’t have to worry about their internal tools and security protocols failing. This should help make Firefox more popular in the corporate world.