Archive for the 'Private Investigator' Category

Who’s Watching & Listening

Published on February 6, 2012 in Methods, Privacy, Private Investigator, Security and Surveillance. 0 Comments Tags: , .

You never know who is watching. Please note that if you are Investigating someone inside your own company, and using the company network to search the Internet, at least use the encrypted search sites.  However, it is becoming more common for large companies to insert an inline HTTPS proxy in the network to  read and analyze this traffic by creating a man-in-the-middle. You can’t be sure that your investigation won’t be compromised because someone sees what you are searching and then tells the wrong person.

 

Google — Search, Plus Your World

Published on February 3, 2012 in Private Investigator, Search Engines and Search Strategies. 0 Comments Tags: , , , .

If you are  a Google+ user, then you now have a new search tool (the encrypted site is https://www.google.com/insidesearch/plus.html). When you are signed into your Google+ account your search engine results will be sorted for relevance in different fashion. Your search results will be sorted by what your Google+ friends say about the search term. This process assumes what your friends say is more important than other content.

This personalised search relevance is a boon for advertisers that want your attention. Google isn’t the first to do this. In 2010 Bing began ranking sites in search results based upon how many of your Facebook friends “like” the site.

The search engines and advertisers have decided that people want to search for other people and their opinions over other content. How convenient for the search engines and advertisers!

If you want a full explanation of the impact this will have for the Investigator, then read Phil Bradley’s article titled Why Google Search Plus is a disaster for search. Google is no longer my first choice, I start with Bing, then DuckDuckGo, and last but not least, I search Blekko.

The Clean Machine

Published on January 27, 2012 in Methods, Power User Tips, Private Investigator, Security and The Investigator's Computer. 0 Comments Tags: , .

When doing IIR, the computers must be free of malicious code (S. 31 Canada Evidence Act). We often set aside a computer for this purpose after doing some Spring-Cleaning. But how we prepare the machine for the installation of the clean version of the OS and application software is important.

We use Darik’s Boot and Nuke (“DBAN“) which is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which also makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer prepartation for IIR. It is also a good way to periodically clean a Microsoft Windows installation of viruses and spyware.

 

Securing Firefox – Configuration Settings

Published on January 23, 2012 in How to Become a Professional Private Investigator, Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 0 Comments Tags: , .

This is about stopping the dreaded disease, Data Diarrhea. The websites you visit can leave behind a trail of data on your computer and in their server logs. All of this Data Diarrhea can identify the Investigator and this can complicate the problem he is trying to solve. Lax privacy & configuration settings may also leave the Investigator’s computer vulnerable to attack by hackers.

This article describes more advanced methods of customizing Mozilla applications, by editing the configuration files.

about:config entries

about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. Using about:config is one of several methods of modifying preferences and adding other “hidden” ones.

Editing the user.js and prefs.js files are an alternative method of modifying preferences and recommended for very advanced users only. Unless you need a prefs.js and/or user.js file modified for a specific purpose, you should use about:config instead.

This article refers to the Firefox V. 9 edition of the browser. These entries may have adverse effects on Thunderbird and Mozilla Suite/SeaMonkey and older versions of Firefox. These settings will affect all profiles of the browser.

In Firefox, type about:config in the Location Bar (address bar) and press Enter to display the list of preferences. You may get a warning page next, just click OK and move on.

about:config > browser.display.use_document_fonts > change value to 0

0: Never use document’s fonts
1: Allow documents to specify fonts to use
2: Always use document’s fonts (deprecated)

Don’t let the site access to the fonts on your computer. That grants too much access that can be abused.

about:config > browser.sessionhistory.max_entries > change value to 2

The maximum number of pages in the browser’s session history, i.e. the maximum number of URLs you can traverse purely through the Back/Forward buttons. Default value is 50.  Set it to 2 so that the site you visit can’t see where you have been during your Investigative Internet Research (IIR) assignment.

about:config > dom.storage.enabled > double click to false

dom.storage.enabled is a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” Although use of session storage is subject to a user’s cookie preferences, this preference allows it to be disabled entirely.

about:config > geo.enabled > double click to false

True is location aware browsing enabled. Default is true. You want to disable this. See http://www.mozilla.com/en-US/firefox/geolocation/ for details of geolocation in Firefox.

 

Securing Firefox – General Privacy Settings

Published on January 20, 2012 in How to Become a Professional Private Investigator, Methods, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 2 Comments Tags: , .

General Firefox Privacy Settings

The basic privacy settings in general settings, are found in the options bar in Firefox 9.0 (Firefox > Options > Options) or for iOS, Preferences.

  1. Content: Enable block popup windows and disable Javascript when it isn’t needed.
  2. Privacy: Enable the DNT (Do-Not-Track). For History, use custom settings. “Always use private browsing mode” should be enabled. “Remember my browsing history”, “Remember download history” and “Remember search and form history” should be turned off. “Accept cookies from sites”, but un-check “Accept third party cookies” as they aren’t needed often. Location bar: select “Suggest nothing”.
  3. Security: Enable “Warn me when sites try to install add-ons”, “Block reported attack sites” and “Block reported web forgeries”. Under Passwords, disable “Remember passwords for sites” and use a master password.
  4. Advanced – General – System Defaults: Disable “Submit crash reports and performance data”.
  5. Advanced – Network – Offline Storage: Check “Override automatic cache management and limit cache to 0MB space”. Further—you can un-check “Tell me when a website asks to store data for offline storage use”.
  6. Advanced – Encryption: Ensure both “Use SSL 3.0 and Use TLS 1.0″ are enabled. Then click validation > check “When an OCSP server connection fails, treat the certificate as invalid”.

 

 

The Cost of Investigative Internet Research

Published on January 16, 2012 in Courts, How to Become a Professional Private Investigator, Methods, Power User Tips, Private Investigator, Report Writing, The Investigator's Computer and Training & Education. 1 Comment Tags: , .

Why does it cost so much just to look on the Internet?”

I get this question a lot, and too often from “professionals” who should know better. I will list a few of the reasons here.

To begin with, I never know how the research results will be used in the future. That means that the results must be properly documented so that it would be reproducible if someone else with similar skill did the searches at the same time as I did.

If at some future date what I find becomes important evidence, then how it was found, where it was found, when it was found, and what it actually looked like becomes very important. My report and the supporting material may be the only proof of the existence of the material being entered into evidence.

The computers must be free of malicious code (S. 31 Canada Evidence Act). We often set aside a computer for this purpose after doing some Spring-Cleaning.

The logic of the research process must be clear and easy to explain to anyone. This logic must be explained in the report. Search statements must be recorded. The project directory and file naming and structures must be logical and properly documented. The evidence must have a clear and documented chain of custody.

Providing this evidence requires skill, training, experience, software, computers, office space, support staff, and time.  Finally, did you know it takes at least twice as long to do the report as it does to do the research?

 

Security & Privacy Add-ons for Firefox

Published on January 13, 2012 in Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Search Strategies and Security. 2 Comments Tags: , .

Firefox is the online researcher’s best friend. No other browser gives so much control to the user as Firefox. It is more customizable than either Google Chrome or Internet Explorer.

Like any browser, you must be aware of what data you are releasing when you visit a Web site. The following add-ons help eliminate two serious security threats that occur when doing Investigative Internet Research (IIR).

BetterPrivacy—This add-on is pretty basic, but a must have. BetterPrivacy deletes flash cookies (LSOs/SuperCookies).

KeyScrambler—Check out Alex Long’s post from Null Byte for information about what KeyScrambler is and how it works.

I have already written about:

  • NoScript— NoScript allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the “trust boundaries” against cross-site scripting attacks (XSS). Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!). This is a must-have for IIR.
  • HTTPS Everywhere—This is a must-have add-on provided by the Electronic Frontier Foundation. HTTPS Everywhere enables a secure connection on pages that have SSLCertificates.  For example, when you use Google search most people use the unencrypted version. This add-on will force Google to deploy its SSL certificate. The DuckDuckGo (DDG) search engine also uses a version of this.

 

 

New Year Resolutions

Published on January 4, 2012 in Fitness and Lifestyle Management and Private Investigator. 0 Comments Tags: , , , , .

I know you secretly rebel against exercise in all its forms, but it is something we all must do.  Being an Investigator is the world’s most dangerous sit-down job, and computers have made it much more dangerous.  No matter what type of investigations we do, we spend too much time sitting.

I know you have made a resolution to start exercising. You don’t need to go to a gym to become stronger and more fit.

Stand-up Desks

In 2008 I wrote a series of articles on building a stand-up desk and I know first-hand the benefits and draw-backs of this.  Alex Hutchinson wrote about this in the Globe and Mail recently. His article illustrates that a stand-up desk is not a panacea for a sedentary computer-based job.

I have a typing desk for the lap-top computer and a writing desk in my office to prevent overuse type of pain that develops from staying in one position , so I guess I’m on the right path.

Butterflies & Chain Breakers

As a very devoted orthodox digital troglodyte (AKA Expert Searcher) I slave over a hot computer all day. This can quickly turn one into a weak, fat, and unfit troglodyte. This is a bad thing — a very bad thing — if a marauding felonious geek wants to invade and take-over my state-of-the-art cave.

These exercises help prevent me from becoming the weakest digital troglodyte on the block and they deal with the specific problems associated with using a computer all day.

This video is from the guys who wrote a book called Felon Fitness.

Be careful with these if you are really out of shape or you will be very sore and have headaches. It’s best to do only 3 or 4 repetitions of each, three times a day for a week to understand how your upper back and shoulders will react to the unaccustomed exercise.

 

Copernic Agent & Google

Published on December 9, 2011 in Methods, Private Investigator, Search Engines and Search Strategies. 0 Comments Tags: , , , , .

I have used Copernic for years, and just accepted its lack of a Google search.  I just got used to it, and never sought a way to add Google.

At a recent conference, Kevin Ripa told me that a registry entry would solve the problem after I mentioned that it didn’t search Google.  If you’re going to feel like an idiot, its good to shown-up by a really smart guy like Kevin.

Go to the registry key:

[HKEY_CURRENT_USER\Software\Copernic\Agent\System]

and insert the following string:

EngineUpdateAddress=

with value, http://updates.copernic.com/k2upd/agentex

 

Bulk Sales & the PI

Published on December 7, 2011 in Canada, Company Research, Competitive Intelligence, Courts, Methods, Private Investigator and Sources. 0 Comments

BULK SALES ACT SEARCHES – Ontario Only

Sales of large quantities of stock or the sale of assets and equipment of the business itself outside the regular course of business are considered a sale “in bulk”. The Bulk Sales Act is designed to protect the creditors of a business owner by requiring the owner to follow the procedures of the Act for sales outside the regular course of business.

If a buyer wishes to purchase the assets and equipment of a business, the seller “in bulk” must provide an affidavit stating that all creditors have been paid, or they will be paid from the proceeds of the sale.  In some cases the buyer pays an assigned trustee and creditors of the business may wish to waive their rights in which case the proceeds are paid.

A ‘Bulk Sales search‘ determines if a bulk sales affidavit has been filed with the relevant Ontario Superior Court of Justice office.

The Private Investigator (PI)

If you are interested in an Ontario business’s assets, debts, cash flow, and general financial condition, then a a Bulk Sale Act search is an important search.  It may tell you if the business is failing or if it has suffered a set-back.  You may learn of an abandoned line or the sale of a production facility.  You may learn of a legal action in another jurisdiction by contacting or researching the other parties to the bulk sale. Any sale that indicates that creditors will be paid from the proceeds of the sale may indicate a judgment that is being satisfied or it may be part of the settlement of a claim.

 

The Bank Act & the PI

Published on December 5, 2011 in Canada, Company Research, Due Diligence, Legislation, Methods, Private Investigator, Risk Management and Sources. 0 Comments

The Bank Act

The Bank Act (1991, c. 46) is an Act of the Government of Canada respecting banks and banking.  The Canadian banking industry includes 20 domestic banks, 24 foreign bank subsidiaries and 22 foreign bank branches operating in Canada.

Canadian Banks & Lending

Canadian Banks have the right to lend money to wholesalers, retailers, shippers and dealers in “products of agriculture, products of aquaculture, products of the forest, products of the quarry and mine, products of the sea, lakes, and rivers, of goods, wares and merchandise, manufactured or otherwise” on the security of such goods or products, and to lend money to manufacturers on their goods and inventories.

The Private Investigator (PI)

When doing a background investigation of a person, the PI will be looking for previously unknown assets, banking and financial arrangements, or corporate affiliations.  When investigating a company, the PI will be looking for previously unknown assets, banking, and financial arrangements.  In both cases, the equity held by the subject in the assets will be of interest.  Searching the Bank Act Security Registry may reveal all of the above.

Bank Act Security Registry

Under S. 427 of the Bank Act, the borrower must sign a document that provides the bank with the first preferential lien on the goods or equipment.  The Bank then registers a ‘Notice of Intention‘ to take the goods as security, to perfect its security interest.

The Bank of Canada offers a Security Registry service which may be searched for registrations.  The search will reveal whether the Bank of Canada has taken security on property that may interest you.  If the Bank does have a claim on the property, then it means that it has loaned the customer money and that it has the right to take possession of and sell the property if the loan is not paid.  This is important for you to know for two reasons.  First, it shows that the person or business is indebted to a Canadian chartered bank and may have equity in the property listed in the security agreement.  Second, it may uncover previously unknown assets, banking and financial arrangements, or corporate affiliations. You will need to provide the name of the person or business being searched.

Years ago, we only did this when we suspected the subject person or company might have an interest in an agricultural business.  Today however, we find more non-agricultural businesses in the Bank of Canada registry. We have online access to the Bank of Canada registry to search for Bank Act Security items. The search results often indicate that a business assigned its inventory to a bank as security under the Bank Act.

A manual search for Notices of Intention filed under Section 427 of the Bank Act are conducted at the agency of the Bank of Canada in the province or territory where the debtor’s place of business is located. For Bank Act searches,  “agency” means, in a province, the office of the Bank of Canada or its authorized representative but does not include its Ottawa office, and in Yukon, the Northwest Territories and Nunavut means the office of the clerk of the court of each of those territories respectively [see S. 427(5)].

 

Power-Searcher Add-ons for FireFox

Published on November 30, 2011 in Methods, Power User Tips, Privacy, Private Investigator and Search Leakage. 0 Comments

WorldIP

This displays the IP address of the page you are visiting and the IP data that you are revealing about yourself. The IP data seems more up-to-date than a whois search.

Ghostery

Ghostery  lets you see who’s tracking your web browsing when you visit a webpage. It looks for third party page elements (3pes) on the web pages you visit. These can be things like social network plugins, advertisements, invisible pixels used for tracking and analytics, etc. Ghostery notifies you that these things are present, and which companies operate them. You can learn more about these companies, and if you wish, choose to block the 3pes they operate.

LongURLPlease

This replaces short urls with the originals, so you can see where links will send you.

 

Image Searches for the Investigator

Published on November 9, 2011 in How to Become a Professional Private Investigator, Private Investigator, Search Engines and Search Strategies. 0 Comments Tags: , , .

Google’s Search by Image features all the functionality of Tineye and more from the Investigator’s perspective.

An Investigator whats to know where an image comes from and how it may be associated with the web page he is currently scrutinising.  The Firefox Extension, Search by Image for Google 1.0.3, allows one to right click on an image to quickly find out the source of an image, how it is used, or find higher resolution versions via Google Reverse Image search.  (This works in Firfox V.7 but may not V.8)

Search by Image usually returns more instances of an image than Tineye, which is understandable give the number of images indexed by Google compared to Tineye.

If you use Yahoo for images searches, you’ll get results from http://www.flickr.com/, which generally has the high quality photos. Yahoo owns flickr, but Google will usually finds flickr images.

The astute Investigator will use both Tineye and Search by Image, along with other tools and search facilities.
 

The Expert Searcher & the Private Investigator

Published on November 7, 2011 in How to Become a Professional Private Investigator, Private Investigator, Search Engines and Search Strategies. 0 Comments

I have written about the dangers of the Dunning-Kruger Effect and how this may inhibit best practices while using search engines.  Not using the best practices when conducting Internet research may lead to Tort for Negligent Investigations.  Skill and knowledge will overcome both of these pitfalls.

Developing the necessary skills and knowledge isn’t ‘rocket science’.  It is ‘time in grade’.  You must simply do it, study how to do it, and network with people who do it.  Unfortunately, this process takes years of effort. I have been doing this type of research for nearly 20 years and I am still learning.

The Search Engine Problem

Google, Bing, Yahoo, and other search engines are owned by businesses.  The search engine is a cost to those businesses.  The search engine is what brings customers through the door.  Once the customer is through the door, the search engine business sells something like advertising and other services.  Understanding this is the first step to understanding that the search engine may not properly index what you want, or censor the material you seek.  For example, the so-called ‘Googlegate’, where Google censored pages with data on the ‘climategate scandal’.

Another example is that Google AdSense stopped serving ads to this blog because there are words in the blog to which they object.  It is a small step to intentionally not indexing something they don’t like or censoring something that represents a threat to corporate profits.

As an Investigator, there is no point to becoming upset with such problems.  Problems are there to be solved.

The Solution

If you are your own Expert Searcher, then you must recognise where the difficulties lie. This will mean developing search statements that yield the best results through trial and error. This will mean running many different search statements, for each topic searched, in many search engines.  In turn, this will create a problem in documenting the searches and collecting the results for later use.  The Expert Searcher will overcome these difficulties.

Over time, the Expert Searcher will develop a methodology for searching and documenting the process.  The Expert will develop a set of sources on the Internet and elsewhere to fulfill most of his or her needs.  From this will evolve a means of reporting that accurately states the sources and methods without the clutter of the large amount of data collected.

The Expert & The PI

You may not be the Expert Searcher, which is fine if know this to be the case.  You are a potential problem, if you think you are an Expert Searcher and you are not one.

If you use an Expert Searcher, and you should, you need to apply your skills to give him a solid starting point, especially when developing an Internet Profile.  The Expert Searcher requires the following:

1.   Name & Nicknames
2.   D0B
3.   Address(es)
4.   Telephone
5.   Fax
6.   Email address(es)
7.   Known internet handles
8.   Known hobbies
9.   Known employment
10. Known business & personal affiliations

I typically run the searches through specialised software for social networking and search engine sites, followed by some in-depth search engine queries, and then, I combine that with some whois searches and archived website reports.  This develops a fairly robust Internet profile.  Finally, I combine the Internet profile with authoritative public records and content from a variety of database aggregators.

What You Get

Your Search Expert will:

1.  Report Sources & Methods
2.  Properly cite sources
3.  Properly evaluate the source data based upon 13 criteria.
4.  Use a proven search methodology
5.  Properly document the search statements and search methodology
6.  Select the best sources.

 

Temporary Email Addresses

Published on November 2, 2011 in How to Become a Professional Private Investigator, Methods, Privacy, Private Investigator and Security. 0 Comments

An email address is often required to download or activate any registration page.  Unfortunately, that email address often becomes the target of spam. Perhaps you don’t want anybody to know you have registered for use of that site.  A solution to these problems is a temporary email address.

Mailinator

Mailinator requires no sign-up. Send email to a name, and the account is created automatically. You cannot send mail from this. Visit mailinator.com and type in the email name where it says “Check your inbox!”, then click “Go!”, and Mailinator will display the list of email waiting. there is no password.  The mailbox will only hold 10 messages at once. All attachments – pictures, binary files, etc. – are stripped out. The mailbox doesn’t disappear on any set schedule.

Use this for items that don’t require a high level of security.  Create your Mailinator address using an email account only accessed via Tor and only for signing-up to things like Mailinator.

10 Minute Mail

Go to 10 Minute Mail and copy the e-mail address to your clipboard and use it for registration.  Your e-mail address will expire in 10 minutes.