Saving Bozo Eruptions

I normally suggest using the WayBack Machine to preserve Bozo Eruptions, but there is another way to do this. takes a ‘snapshot’ of a webpage that will always be online even if the original page disappears. It saves both text and a graphical copy of the page for better accuracy. Saved pages will have no active elements and no scripts, to guard agianst malware. However, the stored page with all images must be smaller than 50Mb. Pages which violate our hoster’s rules (cracks, porn, etc) may be deleted.

Bear in mind that when you archive a page, your IP is being sent to the the website you archive.

This site also shortens URLs of what you archive much like tinyurl, and do and only supports search by URLs and domains as in the Google or Bing site: command.

A handy bookmarklet button for your toolbar is offered on the site.

When things get complex

Advangle helps you build complex web-search queries in Google and Bing.

You can quickly build a query with multiple parameters (such as the ‘domain’, ‘language’ or ‘date published’) and immediately see the result of this query in Google or Bing search engines. Any condition in a query can be temporarily disabled without removing it to allow you to try several combinations of different conditions and choose the one that works best.

Canadian Criminal Court Documents

The following lists the court documents that you should order when reviewing an accused’s involvement in a criminal prosecution in Canada.

In Canada, the charges are contained in the ‘Information‘. A person must swear under oath that the information about the crimes committed is true. This document usually contains a list of appearances and a synopsis of the verdict. It also identifies the victim and any co-accused.

The Bail or Recognisance will explain the conditions of the accused’s pretrial release. This may identify the sureties, where the accused must live, and other conditions such a a prohibition of having weapons.

Search warrants are a treasure trove of useful information because the police will meticulously explain their need for the warrant. However, court staff often try to prevent you access to these, but they are public record unless sealed by a court order.

Probation orders are like the Bail document in that they set out conditions. However, they also may indicate where the subject lived. In some cases, the probation order will be sent to another province. In that case, you know that during his probation, he was living in that province and a search of criminal court records in that province is indicated to see if he abided by the conditions of his probation.

Exhibits also represent a valuable source of information. Once a case is concluded, you may view the exhibits. Like search warrants, the court staff often tries to deny your access to exhibits. Persevere and demand access to the exhibits and you will eventually get to view them.

Searching Periscope & Meerkat

Periscope, the free iPhone app from Twitter is the clear winner against first-comer Meerkat. Periscope is mobile live streaming that lets the user share what is happening right now and relive it later thanks to the service’s saved streams feature.

At the moment, from the investigator’s perspective, Periscope and Meerkat offer an opportunity to see a lot of useless streaming video if you don’t know how to search effectively. Both are hard to search by keyword or topic–you usually have to search via people.

You can use Getxplore and link your Twitter account to them. This will then allow you to see current Periscope and Meerkat streams and then enter search quires to find the types of streams that you are looking for.

Another option is the Twitter search and programs such as Tweet Deck or Hootsuite which you can setup to constantly pull Periscope and Meerkat streams direct to you dashboard. Simply add #Periscope OR #Meerkat as a search term and now you will have access to every single live-streaming video that is shared to Twitter.

You can refine the search by geography as in  #periscope OR #Meerkat near:”Toronto, Ontario” within:50mi. To further filter results add keywords to make the search even more specific, (#periscope OR #Meerkat) AND (Jays OR Skydome).

OPSEC & Social Network Sites


An investigator can use LinkedIn, Facebook, and other sites to build a profile of someone’s personal and work life, but like so many things in life, this is both good and bad. What might happen if it is done to your business’s employees? How might this hurt your company? Most businesses do not think about this and if they do, they usually consider key executives to be most at risk. This is entirely wrong!

Operational security (OPSEC) is the lens through which to view this risk. View each employee in terms of what he knows and to what he has access. This will change your entire outlook.

The janitor has keys and is in the building alone. Security guards possess sensitive information. The secretary to the VP of Marketing knows when you will launch a new product. Are you starting to get the picture? This leaves the problem of how to analyse the content of sites like LinkedIn and Facebook.


For example, Facebook identifies your friends and family, and where they live. It knows your likes and dislikes. It knows your travel destinations. It knows posting habits and posts to which you will respond. All of this creates an OPSEC nightmare.

The Wolfram Alpha Facebook Report lets you see what information Facebook knows about you and your friends. It yields easy-to-understand charts, tables, and graphs in a personalized report.

This needs the account holder to log into Facebook before it will run, however, this will not stop an industrial spy, foreign agent, gangster, or terrorist. In certain dark corners of the Internet, hacking a social media account will cost about $350. Changing the privacy settings is a meagre deterrent. With the hacked account and the Wolfram Alpha Facebook Report, the crook or spy has everything he needs to plan the compromise of an employee.

LinkedIn & Spies

Using LinkedIn, researchers found the personal details of 27,000 intelligence officers that the researchers say are working on surveillance programs. They compiled the records into the ICWatch database, which is searchable by company, title, name, and location.

What might a skilled researcher find regarding your employees?


The biggest part of dealing with this OPSEC risk is recognising that it exists. The rest of the solution involves a combination of strict social media policies, non-disclosure agreements, conditions of employment, and employment contracts coupled with employee indoctrination and training.

How to Hide Your Searches from Google

Are you uncomfortable with how much Google knows about you? Google makes a lot of money mining your search history. A Boston-based privacy company Abine has a solution to this problem.

The Blur Private Search service prevents Google from linking a search query to you. Search results appear normally, except your search, IP address, and the links that you click on can’t be identified or connected to you by the search engine. It is easy to set-up and use—you don’t have to sign-up using Gmail or other service. Create an account using a throw-away email address.

Nothing is perfect. Private Search only works with Firefox because Chrome tells Google about everything you do all by itself. It won’t protect you from other search engines like Bing or Yahoo.


Normally, I don’t use different browser profiles because I might confuse profiles and make a mistake. ProfileSwitcher might change that.

This extension makes it easier to use different profiles in Firefox and Thunderbird. I have installed it successfully in Firefox and Comodo IceDragon, which is based on Firefox.

It adds two items to the File menu to start another profile or the profile manager. From the extension’s preferences, you can choose what to do when you launch another profile. It allows you to choose to close the profile in use or not and if you choose to run the profile manager in safe-mode, the current profile will be always closed. In the options, I set it to display the current profile in the status bar. This allows easier control over the profiles than using the clumsy process offered in Firefox.

On my dedicated research computers, this seems to work quite well. It works in a Virtual Machine (VM) and closing the profile running Hola seems to stop Hola in its tracks.

Accessing Geo-blocked Content with Hola

Many websites confine access permission to specific countries. If you live outside the US, you may get this a lot.

There are three ways around this. The first is using a VPN. The second is using a third-party DNS server. The final method is Hola.

Hola is the easiest method. It comes in the form of a very intrusive browser extension that is free and easily installed. It is available for Chrome and Firefox. Just click the Hola icon in your browser’s toolbar and select a country. It will route your browsing activity through IP addresses in that country.

Remember, I said this thing was intrusive. If you are a professional investigator, you must always keep the rules of evidence (S. 30 & S. 31) in mind. Your computers must be free of malicious code or code that could change the content of the collected evidence. I always run Hola on a clean machine that is separate from other evidence collection. If you use Hola to collect evidence, then you will have to be a very good Internet Eyewitness.

My first objection to Hola for investigators is that it is only available for Windows, Mac OS X, and as an app for Android devices. It is easier and quicker to create a clean machine with Linux.

Secondly, Hola sends your web browsing through other servers. More importantly, it uses your computer’s idle bandwidth for other users. Sharing bandwidth with other users exposes your machine to outside threats other than the websites you visit. I have seen  DNS Spoofing when using Hola that does not happen when using other methods. Unfortunately, you have to prepare for this if you want to route your browsing activity through other locations and not pay anything.

Third, you must disable Hola when not using it. Install it in a separate browser. For example, if you use Firefox for most things, then install Hola in Chrome to access geo-blocked content. When you are finished using Hola, close the browser.

Finally, you must really spend some time rehearsing the visual, logical, and reproducible nature of your testimony. If you do not, then you will not be able to reproduce the process of collecting the evidence in court. Explaining how Hola works is not something I want to do in court if the other side is sharp and scrappy.

Even with all my reservations, I still use Hola, particularly for reconnaissance prior to using other collection methods.

Online Resume Searches

If you are doing a background investigation, then the subject’s employment history is important data. Here are a few sites where a subject may post a resume.

Of course, the first stop is LinkedIn to start getting a handle on the subject’s employment history. Next, go to for the US and for Canadians. Use the advanced search and enter the subject’s name in the phrase search. Then do the same for all of the words of his name. is for hiring freelance professionals. Use the search box with ‘freelancers’ selected and search the subject’s name. is an interesting site. I often get better results using the Google site: command and the person’s name than using the site’s search facility. requires an account to search or you may use the Google site: command with the subject’s name.

You can also search the relevant local craigslist site and use the search facility to search the subjec’t name in quotations. Sometimes you will find brief resumes for people seeking work.

The job sites have a lot of resumes but you have to pay to search them. If you do enough searching then this is worth the cost.

How to be a Facebook Spy

If you need access to someone’s Facebook profile this is how to accomplish that task.

Set up an appealing Facebook account, then request to be friends of some people friended by the subject. Wait until some of them accept your friend request. With mutual friends in hand, request to be the subject’s Facebook friend. The subject will see that you have mutual friends and he should accept you as a friend. Then you have access to his profile, photos, postings, and perhaps you may find what you need. However, there are a few legal issues to consider.

If you are an Investigator, and your subject is represented, then asking permission to see his or her page is contact with a represented litigant. In Canada, if the opposing litigant is represented by council, then you may not contact him or her in person, by telephone, or electronically. In most cases you have to ask to be listed as a friend to view the subject’s Facebook page. Doing this will be considered improperly making contact with the litigant and whatever you find will be deemed inadmissible.

However, what you find in Google, other search engines, and unrelated Facebook pages may be used as the basis for a motion for the production of the subject’s entire Facebook page as happened in KOURTESIS V. JORIS (2007) O.J. No. 2677 (Sup. Ct.).

Survival in the Netherworld

Over the last couple of years we have seen a trend developing in the nether regions of the Internet that is changing how I conduct research. This netherworld is populated by malign crooks who create sites loaded with malicious code.

I now conduct a lot of research using fresh installs of Linux and the programmes that I need for each job. I conduct the research from behind my own anonymizing proxy and an assortment of VPNs. Browsers operate in a sandbox to prevent movement of malicious code from an attack site to other programmes on my machine.

This is a nasty environment. It takes time and experience to operate in this infernal region. In two years I have learned a lot, but most of all, I have learned how little I really know. The crooks are much further along the learning curve in this environment.

Finding Deleted Tweets is a web service that let’s members create a daily newspaper of sorts containing their favorite material that they then sharing it with their followers. Here are some points that the investigator should note:

  • A lot of content of these papers comes from Twitter.
  • These papers are archived.
  • Twitter users sometimes delete Tweets
  • Deleting Tweets on Twitter are not deleted on sites like is a content curation service. A Content Curator is someone who continually finds, groups, organizes and shares the best and most relevant content on a specific issue online. These sites are a good place to find content deleted from the originating social networking site.

If you go to and use their search feature, you won’t find anything unless your search is for the title of a paper. Their search doesn’t look within individual articles.

To find mentions of content from Twitter, or any other content, use the Site: operator. When using this search strategy, search by the Twitter account’s name and the user name (@username) along with any keywords that might apply to what you are looking for.

Operative Research

Operative research is the process of learning how things work in a particular area. As an investigator, I often have to learn how something works or the nature of the skills used in a certain area of human endeavour.

I sometimes start by interviewing people who are in the field, but more often, I do a literature search of the topic before conducting interviews. That leaves me with the task of locating relevant published material that will give me an overview of the topic and allow me to formulate a list of questions to ask during interviews.

The first task in this is to understand how the subject matter is indexed. That means understanding who might have a use for this material. For example, many military topics are also useful to engineers, construction companies, outdoorsmen, miners, sailors, and many more individuals and organisations. Another example would be the topic of physical security.

Once you know who might collect and catalog the subject material that interest you, learn what terms they might use to describe the material. Now add the words “library” and “subject guide” to your search. What you are looking for is a targeted collection of material. Once you find such a collection search the site using the site: operator.

Using the above search strategy in a recent search for information on evacuation of urban areas, I found and its library of ebooks. While searching for data on electrical wiring led me to the Pole Shift Survival Information site and its library of publications about wire where I found tables of wire-gauge sizes. When trying to decipher old shorthand notes in a deceased lawyer’s file I found a library of publications about shorthand.

The focus of each of these ‘library’ sites is far removed from my interests, however, the people who created these sites had their own use for the information and that made my job easier.

Site Investigation Tools

When you start to investigate a particular Internet site, I suggest you begin with these resources.

Domain Dossier Investigate domains and IP addresses. Get registrant information, DNS records, and more—all in one report.

InterNIC Public Information Regarding Internet Domain Name Registration Services

Network Solutions’ Whois  Search multiple top level domains at once to see if the domain name is in use. I use it to find the domain name in other top level domains.

Convert Host/Domain Name to IP Address and vice versa  Find the IP of a host machine (convert host to IP) or domain name (convert domain name to ip address) or find the name of one of the hosts at an IP address (convert ip address).

Using Traceroute Learn how to use and interpret traceroute results.

Additions thanks to Kirby:  Provides lot of information, but most importantly, it identifies other users of same Google Analytics account and all the sites using that account.  Sometimes shows older servers, which is useful when website has upgraded to cloud service or CloudFlare.


Do you want a search engine that does the following:

  • doesn’t keep details on what you are searching for
  • doesn’t store your IP address
  • doesn’t use cookies
  • doesn’t track you
  • doesn’t send your search term to the site you clicked on
  • doesn’t store or share your search history
  • doesn’t share your personal information
  • doesn’t have servers in the U.S.A.
  • doesn’t hide the search results amongst a deluge of ads

Try Motherpipe. It operates privacy oriented search engines at,, and that don’t do things I don’t want done.

It gets its data from Yahoo!Bing. It offers the search operators “site:” and Boolean operators “AND” and “OR“. It also searches Twitter anonymously.