Information Vs. Actionable Intelligence & the PI

I see many courses for Private Investigators (PIs) about using the Internet for Open Source Intelligence (OSINT). These courses are predominately about Internet sites that might yield useful information. These courses don’t teach how to process and analyse the captured data or how to properly report what was found. The OSINT concept usually misses the “intelligence” part, and it’s more about gathering raw information, not the production of intelligence.

As an example, I just captured a FB account with about 1000 posts, thousands of friends and pictures, along with about 20 videos. How would anyone search through all of this and link it to relevant people, places, things, or companies? Even if the PI can identify some useful linkages and other data, how does he report it in a timely and cost-effective manner? All these courses conveniently omit the fact that a senior decision-maker needs an accurate and concise report that illustrates the linkages between relevant data.

Unfortunately, many of the course providers don’t create investigative or intelligence product, they teach courses about Internet sources.

According to Justin Seitz, the creator of Hunchly, a Chrome browser extension for collecting OSINT material from the Internet, “the greatest limiting factor of the OSINT concept is budgets that don’t recognise the time, resources, and training needed to complete the research, or the complexity of creating a true intelligence product. The budget provided to the PI leaves no choice but to simply provide screenshots and captured raw data to clients who don’t want to pay the premium required to deconstruct a network, or to chase-down the best breadcrumbs.” In the information industry, we call this ‘rip & ship’. Nobody expects other professionals to work like this.

In a recent discussion with Mark Northwood of Northwood & Associates, a large Canadian private investigation company, he easily summed-up the problem. “If a client retains a lawyer and the lawyer researches case law in order to determine which are the best methods to advance or defend a claim does the client simply say “give me the case law, I will interpret it”–No–the lawyer gives the client his opinion and supports it with the case law. Clients pay lawyers substantial fees for their analysis of case law, not the collected the case law itself.” Clients need the PI doing OSINT to work in the same manner.

Northwood believes that PIs need to educate their clients into understanding that someone needs to analyze the raw OSINT data and the only person that can do that is the PI because he collected the raw data and has it immediately at hand. The PI is in the best position to collate, analyse, and report on the data he has collected.

Chicken or Egg

As I see it, this is a chicken or egg problem.

The Egg

Without reasonable budgets on offer, clients won’t find PIs with the programming experience necessary to mine the collected data. Nor will clients find PIs experienced with the complex and expensive software to collect and report on the data in the first place.

Clients cannot find PIs to conduct OSINT and create actionable reports because there is no profit in it for the PI. No PI is going to acquire such skills if there is no profit in doing so. Without the prospect of reasonable wages, people with the above skills won’t become PIs; nor will people with the training in the logic, rhetoric, and argumentation needed to produce actionable reports. Existing PIs won’t be motivated to learn these skills without the prospect of financial benefit.

The Chicken

If the PI consistently has appropriate budgets to work within, then he will have or acquire proper tools and skills needed to collect, analyse, and then report on the significance of the collected data. Proper budgets also permit the PI to develop a viable reporting protocol for the type of data he collects. Proper budgets preserve the integrity of the collected data and allow for the creation of intelligence reports that include proper citations.

This chicken definitely grows from the budget egg. A large Canadian PI firm is currently advertising for someone to conduct ‘social media investigations’ at a pay rate of $15 per hour. One can only imagine the nature of the client’s expectations and the type of work produced for so little pay.


Today, any intelligence or investigative product requires a fusion of many types and sources of data. A complete report usually needs surveillance observations, content from interviews, public records, and government documents.

Again, the budget to collect and analyse public records and government documents creates the skills and knowledge needed to perform this task. This fusion of data sources allows the PI to establish relevant links between the people, places, things, and companies of interest to the client.

OSINT Tools & Skills

If the budgets come to truly represent a desire for a better product, then the following will be the tools and skills your PI should possess in the realm of OSINT. This is the rocket science behind real OSINT.


Hunchly is a Google Chrome extension that tracks and captures every page that you view during an investigation. This saves you from having to stop and take screenshots or from having to create handwritten logs of every URL that you have visited. It includes the ability to track names, phone numbers and other pieces of information. Hunchly builds a data rich case file from all of your investigative steps that helps you to preserve evidence.

Hunchly permits the use of “selectors,” such as a name, address, or phone number that save you from manually searching each page or the collected data for the terms. In my opinion, this feature alone is worth the purchase price. The other useful features include:

  • being able to add notes to what you find
  • you can download notes as a Word document
  • all collected data is stored, tracked and accessed on your local machine–no security or privacy concerns about cloud use


If your research requires graphing of the relationships between people, places, things, and companies, then CaseFile provides that at a much lower cost than other solutions if the dataset small enough to be managed manually and this is the case presently for most of the PI’s work.


Maltego is the favoured software of many intelligence analysts, researchers, and investigators for searching, and linking OSINT data. While it helps search through mountains of data and sort it in useful ways based on publicly available information that is currently sitting on the Internet, it has many limitations.

If you need to search FB by email address, Instagram by photo GPS, search people in social media sites, or search LinkedIn by company or college, then this is the tool to use. However, some these capabilities can cost $1000 per year on top of the Maltego yearly fees. Less costly alternatives exist.

Given its current state of development, I am not certain that Maltego warrants its cost for the PI. Most of the search capabilities of Maltego are in ‘transforms’, which are Python scripts that access a search site’s API[1].

The search functions of the most used ‘transforms’ can be created in Python for a lower cost. The graphing component of Maltego is available in CaseFile. Using Hunchly, CaseFile, Python scripts, Word, and PowerPoint together should produce on acceptable product if the collected data is properly summarised and then analysed.


Python is a programming language best described as a language used to create scripts that execute specific tasks, such as searching for a specific word in a sea of text.

Python automates time-consuming tasks. It allows you to parse raw data untouched by other tools and read information from databases. It aids in the generation of reports and moves files into folder structures based on their content type. From the PI’s perspective, Hunchly can handle these tasks.

Python scripts may also provide access to a search site’s API. A page of scripts enables searching a site for search terms in a variety of ways. In practice, this is the PI’s favored use of Python.

The High-end Tools

When the volume of collected data increases, so does its lack of organisation for investigative purposes. This fact has spawned many products designed to search and retrieve text strings in masses of data. This is usually called “free text retrieval” (FTR) software. The following are the current leaders in utility for investigative purposes.


The dtSearch[2] product line enables searches of terabytes of text across a desktop, network, Internet or Intranet site.


In the near future, PIs may resort to high-end tools like the Nuix suite to find connections in the vast seas of data that like the Panama Papers dataset. Nuix is a FTR software that enables searching through huge volumes of unsorted data for people, places, things, and companies. It also allows users to display connections between all these entities along with timelines is a manner similar to Maltego and CaseFile.

For more than a decade, FTR software has been the province of well-funded intelligence agencies, law firms, and businesses. Journalism has discovered this due to the donation of Nuix to the Panama Papers project[3].

Social Media Monitoring

Products like XI Social Discovery[4], Geofeedia[5], Dataminr[6], Dunami[7], and SocioSpyder[8], to name a few, are being purchased by Fortune 500 companies, and government to manage social media research. These products are now becoming necessary for the successful private investigator.

The Report

In broad strokes, the PI’s report creation process should look like the following:

  • The PI will assemble or collate all of the collected information from all the tools used, examine links, or shared information such as URLs, email addresses, etc.. From this collated material, a summary begins to take shape.
  • The investigator ensures that each piece of crucial information is put into its own section within the logical order of the summary; visuals (screenshots, text captures, tagged photos) are included as much as possible.
  • Relationship graphs exported from CaseFile or Maltego should be included in the report if they fit the page, if not, screen clips may be used or Powerpoint slides can be imported.
  • From the summary rises the true analysis of how the data relates to or affects the client’s objectives.
  • The report must describe the sources and methods used and describe all investigative activities. This is crucial when little information is uncovered about a subject. This level of detail is not included in the summary.
  • Evidence (captured images, videos, etc.) remains in a separate file from the report.


In conclusion, as with all new products, the price will drop and quality will improve as PIs adopt the necessary programming skills and software in an increasingly competitive market. Of course, this will not happen if clients are not willing to provide reasonable OSINT budgets today.

[1] Application program interface (API) specifies how software components should interact, ie. a search interface.








Security & Shortened URLs

As we all know, clicking on a link can send us to digital purgatory. While I don’t worry about this when I am working in a VM, I do in a normal browsing session. This hunter doesn’t want to become the hunted.

The best advice, for general browsing, is to use the WOT browser pluggin available for Firefox and Chrome. This will deal with most problem links. While in a VM, I sometimes now do a manual scan of shortened URLs using VirusTotal.

A trusted collegue tells me, “the bad actors are beginning to step up their game now, some actually check the useragent string from the browser and will redirect you to malware and fool the link scanners.”

VPN Security & Firefox

When you’re hunting in the digital landscape, you don’t want to stand out like a white lion on the Serengeti.

PeerConnections are enabled by default in Firefox. This is a bad juju for me as enabling this can leak my IP address when using a VPN connection.

In Firefox, go to ‘about:config’ in the address bar. In the config window search for this setting and change it as follows:

  • media.peerconnection.enabled and doubleclick it to change the value to false.

As this is such bad juju, I check this to make sure it is set at false before I start any research project. Of course, I do this because I always use a VPN.

Hunting YouTube Content

A successful hunt for data includes dragging your prey home and preparing it for consumption. If you have a hungry client to feed, then you will have to chop-up your prey into digestible chunks, cook it properly, and then serve it up all pretty-like on a fancy platter, because clients are picky eaters.

Here is what you need to make a delightful repast of what you find on YouTube.

After the disappearance of Google Reader, Feedly became the new standard in RSS readers. However, Feedly is much more than an RSS reader. It allows you to collect and categorize YouTube accounts.

For example, you can monitor the YouTube accounts of politicians, activists, or anybody else who posts a lot of YouTube videos. You get the latest uploads to their YouTube accounts almost instantly. This continuous stream of updated content can be viewed and played in Feedly and does away with individual manual searches of known YouTube accounts.

Of course, Feedly has other uses, but the YouTube use is the greatest time saver. The time saved can be applied to summarizing the video content and analyzing it in terms of how it relates to your client’s objectives.

Inoreader is another feed reader that can organise YouTube account feeds into folders along with a limited number of feeds from Twitter, Facebook, Google+ and VKontakte. It also allows the user to gather bundles of subscriptions into one RSS feed and export them to another platform to go along with the YouTube content.

Just paste the URL of a YouTube video into Amnesty International’s YouTube Dataviewer to extract metadata from the videos. The tool reveals the exact upload time of a video and provides a thumbnail on which you can do a reverse image search. It also shows any other copies of the video on YouTube. Use this to track down the original video and the first instance of the video on YouTube.

A lot of fake videos appear on YouTube. Anything worth reporting needs to be examined to see if it is a possible fake. The Chrome browser extension Frame by Frame lets you change the playback speed or manually play through the frames. While this is the first step in uncovering a fake, it is however, an easy way to extract images from the video for inclusion into a report.

Of course, you will use the Download Helper browser extension, which is available for both Firefox and Chrome, to help download the videos. Just remember to set the maximum number of ‘concurrent downloads’ and ‘maximum varients’ to 20 and check ‘ignore protected varients’ to speed the process.

To make a long list of videos to download, you can use the browser extension, Copy All Links, or Link Klipper or Copy Links in Chrome, to make a list of the links to every video you find. In addition to using this list in your report, you can turn it into an HTML page and then let Download Helper work away on it for hours by downloading all the videos for you.

Collecting all this video is the easy part. Sitting through all of it to extract useful data and then analysing it to see how it helps or hinders your client’s interests is the painful and expensive part, but it is the only way cook-up what the client wants to eat.

Forcing Firefox to Open Links in a New Tab

During a training class I watched everybody trudge around looking for lost search results. They tried reloading results pages, only to get distored results. They kept losing the search engine results page and were getting lost in a sea of tabs. They wanted to know how to get “google search results” to open in a new tab.

Here is my solution for getting tabs to open where I want them to. In Firefox, go to ‘about:config’ in the address bar. In the config window search for these settings and change them as follows:

  • – if true, will open a search from the searchbar in a new tab if you use the return key to trigger the search
  • browser.tabs.loadBookmarksInBackground – if true, bookmarks that open in a new tab will not steal focus
  • browser.tabs.loadDivertedInBackground – Load the new tab in the background, leaving focus on the current tab if true
  • browser.tabs.loadInBackground – Do not focus new tabs opened from links (load in background) if true
  • browser.tabs.opentabfor.middleclick – if true, links can be forced to open a new tab if middle-clicked.

This is the type of ‘boring stuff’  that you must master if you want to do Investigative Internet Research and make any money at it. Clients won’t pay for wasted time. You may know where to hunt for data, but you need to also know how to get it into the larder before it goes bad.


Finding and verifying social media content is becoming a greater concern for private investigators (PIs) and their clients. Unfortunately, most PIs do not possess the skills and resources to do this beyond the most rudimentary level.

Some investigation companies will try to build an in-house operation. They will buy technology, or spend money on subscriptions to tools that claim to do the work with a click of a button. This usually proves to be a costly expedition into the unknown that ends in failure. The purchased tools do not live up to their claims or clients usually want something the purchased tools and subscriptions don’t deliver.

Some investigation companies will send staff to courses to learn about sources. These are billed as Open Source Intelligence (OSINT) courses. Unfortunately, the OSINT concept usually misses the “intelligence” part, and it is more about gathering raw information than producing usable investigative reporting.

The ‘intelligence’ part is the expensive part. It involves time to conduct the analysis and many hours of learning to present the analysis along with the sources and methods reporting.

Producing a report that goes beyond the OSINT concept is not a secretarial task. Once you go beyond the popular OSINT concept, you start doing Investigative Internet Research (IIR).

Why You Can’t Dictate an IIR Report

Proper IIR reporting does not rely on haphazard Internet searches and does not dump a disorganised load of raw data from the Internet into a client’s inbox. Reports summarize then analyse the collected data and then explain the sources and methods used to collect data.

The researcher must understand how to use Word and other software because he cannot dictate IIR reports. A dicta-typist cannot produce an IIR report for the following four reasons:

  1. The person transcribing the dictation will not place images, graphs, and video clips properly yet, a picture, screenshot or video is worth a thousand words.
  2. There is no efficiency at all in dictating a URL and plenty of mistakes would result.
  3. Some Web site names are hard to pronounce and would lead to misspelling (although you might spell them out, there is still a risk).
  4. Whoever writes the report must have all the collected material at hand in order to create footnotes and appendices.

Now you know why the person doing the IIR must also prepare the report.

In the next few articles I will describe the tools and techniques that actually work, but there is no magic button that does the analysis for you.

Hunchly & Casefile

As I move away from Windows due to privacy and security issues, I have been looking for new software for Investigative Internet Research (IIR). Taking Casefile from one OS to another has not created any problems.

I have been watching the development of Hunchly and have tried it on Windows, Mac, and the recent Linux release with success and it works well with Casefile. Browser-based tool Hunchly  creates local copies of every page visited during a session, and organises them into a searchable database for future reference. Hunchly is a Google Chrome extension. I have some privacy and security concerns about using Chrome, but the IIR world isn’t a perfect place.

Hunchly permits the use of “selectors,” such as a name or phone number that save you from manually searching each page for the terms. In my opinion, this feature alone is worth the purchase price. The other useful features include:

  • being able to add notes to what you find
  • you can download notes as a Word document
  • all collected data is stored, tracked and accessed on your local machine–no security or privacy concerns about cloud use
  • you can export Hunchly data to a Casefile or Maltego graph.

Hunchly isn’t a replacement for Maltego, but it is a good tool for smaller IIR tasks that might later require the use of Maltego. The ability to export to Casefile or Maltego can help with further research and reporting the linkages within the collected data.

Disabling the WIN 10 Upgrade Nagging

In June 2016, this nagging became much more intrusive. MS began squatting on your machine with the Win 10 install files. They then began installing Win 10 without warning on unsuspecting users.

Given the privacy and security concerns with Win 10, you may not  want to be nagged to update, here’s how to stop the Windows 10 upgrade notifications and run Windows 7 or 8 forever.

There are a few methods which worked in the past but no longer stop the nagging and surreptitious install of Win 10. Never10 is the current tool that most easily disables the upgrade.

Windows 10 as Spyware

Current users of Windows 7 or 8 have been offered free upgrades to Windows 10. This would be tempting except for the liability that this may create. As we all know, there is no such thing as a free lunch.

Many experts deem lots of the new so-called features to be spyware. It is one thing to find an application misbehaving; it is entirely different to use an OS designed to allow Microsoft (MS) to monetize your data and squat on your computer hard drive. Built into the Windows 10 OS are spying and data-mining features that deliver data to MS which MS then uses to generate profits.

The long-winded Microsoft Services Agreement runs to 40,000 words of impenetrable legalese and you must agree to everything in it to get your new OS. Unfortunately, or is it predictably, the agreement appears to grant Microsoft the right to read, save, and share anything stored on or accessed using any computer running MS Windows as well as any computer using MS products or services. By default, all of this snooping is turned on and I have serious concerns that it may be impossible to entirely prevent this snooping.

Portions of Microsoft’s privacy policy, which is part of the services agreement, indicates that the MS may use a keylogger to collect users’ data. This means, if you open a file and type, MS has access to what you type, and the file containing the what you type. This may also apply to voice information from speech processing software. Of course, MS offers a way to shut-off all this logging, but you have to believe that it actually works and stays off.

If you are careful in planning your upgrade to Windows 10, and if you have the technical knowledge, then you can probably upgrade the OS while preserving your professional obligation to protect client confidentiality and privacy, at least initially.

To maintain privacy and confidentiality you should use Microsoft’s Media Creation tool. This gives you a copy of the OS installation files. You’ll need at least a 6 GB USB drive. You can use it on multiple PCs. During an upgrade, the installation will look to see if you already have a product key. To do a clean install you may need to have your Windows 7 or 8 product key. You should tape it on your PC. Keep the USB since there’s no other way to get back to Windows 10 if anything unexpected happens. Doing the installation otherwise may allow MS to scrape data from your computer.

By clicking on “Express Settings” during installation you give away your contacts, calendar details, text and touch input, location data, and a whole lot more. It is clear that MS wants to monetize the confidential information on your computer. This creates a serious liability for Canadian private investigators who maintain personal identifiers and other confidential information on Windows 10 machines. Under Canada’s Personal Information Protection and Electronic Documents Act (PEPIDA), by accepting the terms of the Microsoft Services Agreement you have chosen to share this information and in most cases that may be illegal. Accepting this agreement may also put private investigators in contravention of their licencing statutes.

If you click on the small “Customise settings” button at installation, you must toggle many settings on two pages to ‘off’. Don’t forget to include Wi-Fi Sense. Using the Privacy App to turn-off the data stream to MS for those who have already installed the OS using “Express Settings” will be even more confusing to the average user. After doing all the above, Windows 10 continues to send confidential data to MS unless you dig into the registry and group policy editor. Stopping the snooping will disable many features like the digital assistant Cortana that MS is marketing as a reason to upgrade to Windows 10. However, what I am describing here only describes what we can see. Without conducting packet-level analysis, we you don’t really know what data is being sent back to Microsoft, and by which service.

You will also need to go into Windows Firewall and turn-off the rules that allowed a whole slew of Microsoft applications to transmit information.

Windows 10 Home comes with full-disk BitLocker encryption. To enable it, you must use a Microsoft account and the recovery key needed to decrypt your drive resides on Microsoft’s servers. Doing this violates your professional obligations. However, Windows 10 Pro doesn’t have this restriction: you can use BitLocker with a local account and keep your key out of the cloud. Most investigators would use Windows 10 Home and theoretically, a third party could decrypt their drives remotely.

The data stream from your PC to MS is bad enough, but somebody will learn to intercept this data stream and this will leave you open to a targeted attack. If the hacker releases the stolen data and it is tracked back to you or your computer, then your career is likely over. You can expect some form of action under PEPIDA and/or prosecution under your licencing statute. This data breach will almost certainly result in a civil suit and adverse publicity. Who would hire a PI or researcher like that?

Another concern is how updates are delivered. Like Bittorrent, Win 10 updates will be distributed from other Win 10 PCs  This presents an extreme risk, as you don’t know where the update is really coming from. You have to know enough to choose how your updates are delivered.

Privacy & the PI

Let’s address this situation realistically from the perspective of the PI or researcher determined to use Windows 10.

Let’s assume that you are a trusting individual. You trust MS government officials, litigants, lawyers, and everybody else to not understand or care that you accepted the Microsoft Service agreement that grants MS access to all your confidential data and the right to save and share it. You must also trust that your own technical expertise is up to the task of properly installing Windows 10 to circumvent all the efforts of MS to access your data.

At the outset, you pay extra for the Pro version to set-up disk encryption with a local account because you are security conscious.

First, you try to install the OS without it being connected to the Internet to ensure it doesn’t scrape data from your PC. This doesn’t work, as it needs connectivity to complete the installation. You discover that you must use the clean install method (using Microsoft’s Media Creation tool) described above to isolate your PC from the Internet to ensure that MS doesn’t scrape data from you computer during the installation. There are reports of Win 10 install files being placed on your computer on Patch Tuesday to use your PC to further distribute the OS installation files. You must learn how to get your patches from only a trusted source and to prevent MS from using your PC to distribute the OS.

Second, upon ensuring that it will not scrape data from your PC during installation, you toggle two pages of settings to ‘off’ and lose many of the new features.

Third, you edit registry and group policies to staunch the continuing flow of data to MS. Doesn’t everybody know how to do this without damaging the usability of the OS?

Fourth, in Windows Firewall, you turn-off the rules that allow MS applications to transmit information to MS.

Fifth, you then choose how your updates are delivered to prevent updates from untrusted sites. You ensure that updates come from trusted computers in your own network.

Sixth, you conduct packet-level analysis and shut-off any service that continues to send data to MS. Doesn’t everybody know how to do this and have the time to do it?

Finally, with every update and patch, you do a packet-level analysis to make sure your privacy and security is intact.

Of course, sending all this private and confidential data to MS is not necessary to have a functioning OS and applications. It is only necessary for MS profits and probably some government snooping.

Next, how to stop the Win 10 install nagging.


For anonymous web surfing, at a minimum, two components are required: a proxy and a browser that doesn’t identify you. At the office, I have both and much more to protect my privacy and provide anonymity. If I have to use a Windows computer at a client’s offices, then temporary measures have to be undertaken.

The simplest solution for this, without using an anonymous VPN, is the JonDo Proxy program that will hide your IP address (Java application) and JonDoFox, a Firefox profile optimized for anonymous and secure web surfing. Using the USB doesn’t leave any traces on the computer for some snoop at the client’s office to uncover. This need Windows as the OS.

For more privacy and anonymity, you can use JonDo/Tor-Secure-Live-DVD, a secure, pre-configured environment for anonymous surfing and more. This has its own OS based on the Debian GNU/Linux OS. The live system contains proxy clients for JonDonym, Tor Onion Router and Mixmaster remailer and much more.

The advantage of the live system is that it is on a DVD, which prevents any other system from writing something dangerous to the DVD.

Using these do not make it impossible to uncover individual users, as there is no such thing as a 100% security, but for most users, this will be adequate for most situations. If you are concerned about this, I suggest you read the surveillance reports on the law enforcement page.

Web Proxies & User Agents

A web proxy provides an easy way to change your IP address while surfing the Internet. They don’t require software or modification to your networking settings.  You just enter a website address and the sites you visit through the proxy see an IP address belonging to the proxy rather than your IP address.

I am very cautious about using web proxies as you never know who actually operates it and what data they might collect as you use it. You also don’t know  to whom they might give that data. On the other hand, I have found one that has a useful feature.

nroxy offers all the usual web proxy features plus something interesting–it offers the ability to change the user agent.  For example, some web sites cannot be viewed properly using Firefox. Sometimes it is an old site that requires MS Internet Explorer (IE) or it may be a site designed for mobile devices. This proxy offers user agents typical of 5 mobile devices and a long list of browsers.

To get the information I need I am finding it necessary to switch user agents more often. Usually, I use the User Agent Switcher extension that adds a menu and a toolbar button to switch the user agent of a browser. It allows you to chose from three versions of IE or an iPhone. Selecting the iPhone user agent often reveals additional  functionality on the site. The extension is available for Firefox and will run on any platform that this browser supports including Windows, OS X and Linux.

Now I have another option when I need to change the user agent and I get the additional proxy features as well.

National Missing and Unidentified Persons System

If you are looking for someone in the USA and cannot find anything, you might want to look at NamUS.

According to the site, “the National Institute of Justice’s National Missing and Unidentified Persons System (NamUs) is a national centralized repository and resource center for missing persons and unidentified decedent records. NamUs is a free online system that can be searched by medical examiners, coroners, law enforcement officials and the general public from all over the country in hopes of resolving these cases.”

Unreliability of Eye Witnesses

Some jurisdictions allow expert testimony about the unreliable nature of eye witness testimony.  One example is Commonwealth of Pennsylvania v. Benjamin Walker, No. 28 EAP 2011-Supreme Court of Pennsylvania.

I recommend that anyone interested in this subject read The Invisible Gorilla: How Our Intuitions Deceive Us which is about attention, perception, memory, reasoning, and how they can cause problems in eye witness testimony.

Another book to read is Picking Cotton: Our Memoir of Injustice and Redemption which is about a man falsely accused of rape by a woman who said that she memorized certain characteristics about her attacker so she “wouldn’t forget”.

When things get complex

Advangle helps you build complex web-search queries in Google and Bing.

You can quickly build a query with multiple parameters (such as the ‘domain’, ‘language’ or ‘date published’) and immediately see the result of this query in Google or Bing search engines. Any condition in a query can be temporarily disabled without removing it to allow you to try several combinations of different conditions and choose the one that works best.