Archive for the 'The Investigator’s Computer' Category

Searchable Clipboard Extender

Published on September 18, 2012 in Report Writing and The Investigator's Computer. 0 Comments

Ethervane Echo from Tranglos software is a clipboard extender that will hold all your data from the clipboard until you delete it, and it has excellent search capabilities. It works with Microsoft Windows XP or later. This is the kind of utility that nobody thinks about, but everyone uses once they have it.

If you are an Investigator, Journalist, Writer, or Translator, then this will be very useful. The search feature allows you to easily find words, phrases, etc., that you have previously copied. To use the search feature just type a few characters, and the list of clips will be automatically filtered to include only those that match the characters you have typed. It also has more advanced search features. Of course, you can delete any item or the entire content of the clipboard extender.

 

 

FireFox V.10

Published on February 2, 2012 in Methods, Power User Tips, Search Leakage, The Investigator's Computer and Web Worker. 0 Comments Tags: , .

The biggest change in V.10 that most Firefox users will see is the smaller number of add-ons marked as incompatible. About 80 percent of all add-ons should now be compatible. Previously, most add-ons would break when Firefox released a major update.

V.10 seems to work much better than any V.9 iteration. No more crashing and the add-ons and extensions work properly. I guess I will be able to stay with Firefox for a while yet.

Extended Support Release

Mozilla also released the enterprise version of Firefox, called ESR (Extended Support Release), which will release updates on a slower cycle (once per year) so that businesses don’t have to worry about their internal tools and security protocols failing. This should help make Firefox more popular in the corporate world.

 

The Clean Machine

Published on January 27, 2012 in Methods, Power User Tips, Private Investigator, Security and The Investigator's Computer. 0 Comments Tags: , .

When doing IIR, the computers must be free of malicious code (S. 31 Canada Evidence Act). We often set aside a computer for this purpose after doing some Spring-Cleaning. But how we prepare the machine for the installation of the clean version of the OS and application software is important.

We use Darik’s Boot and Nuke (“DBAN“) which is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which also makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer prepartation for IIR. It is also a good way to periodically clean a Microsoft Windows installation of viruses and spyware.

 

Securing Firefox – Configuration Settings

Published on January 23, 2012 in How to Become a Professional Private Investigator, Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 0 Comments Tags: , .

This is about stopping the dreaded disease, Data Diarrhea. The websites you visit can leave behind a trail of data on your computer and in their server logs. All of this Data Diarrhea can identify the Investigator and this can complicate the problem he is trying to solve. Lax privacy & configuration settings may also leave the Investigator’s computer vulnerable to attack by hackers.

This article describes more advanced methods of customizing Mozilla applications, by editing the configuration files.

about:config entries

about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. Using about:config is one of several methods of modifying preferences and adding other “hidden” ones.

Editing the user.js and prefs.js files are an alternative method of modifying preferences and recommended for very advanced users only. Unless you need a prefs.js and/or user.js file modified for a specific purpose, you should use about:config instead.

This article refers to the Firefox V. 9 edition of the browser. These entries may have adverse effects on Thunderbird and Mozilla Suite/SeaMonkey and older versions of Firefox. These settings will affect all profiles of the browser.

In Firefox, type about:config in the Location Bar (address bar) and press Enter to display the list of preferences. You may get a warning page next, just click OK and move on.

about:config > browser.display.use_document_fonts > change value to 0

0: Never use document’s fonts
1: Allow documents to specify fonts to use
2: Always use document’s fonts (deprecated)

Don’t let the site access to the fonts on your computer. That grants too much access that can be abused.

about:config > browser.sessionhistory.max_entries > change value to 2

The maximum number of pages in the browser’s session history, i.e. the maximum number of URLs you can traverse purely through the Back/Forward buttons. Default value is 50.  Set it to 2 so that the site you visit can’t see where you have been during your Investigative Internet Research (IIR) assignment.

about:config > dom.storage.enabled > double click to false

dom.storage.enabled is a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” Although use of session storage is subject to a user’s cookie preferences, this preference allows it to be disabled entirely.

about:config > geo.enabled > double click to false

True is location aware browsing enabled. Default is true. You want to disable this. See http://www.mozilla.com/en-US/firefox/geolocation/ for details of geolocation in Firefox.

 

Securing Firefox – General Privacy Settings

Published on January 20, 2012 in How to Become a Professional Private Investigator, Methods, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 3 Comments Tags: , .

General Firefox Privacy Settings

The basic privacy settings in general settings, are found in the options bar in Firefox 9.0 (Firefox > Options > Options) or for iOS, Preferences.

  1. Content: Enable block popup windows and disable Javascript when it isn’t needed.
  2. Privacy: Enable the DNT (Do-Not-Track). For History, use custom settings. “Always use private browsing mode” should be enabled. “Remember my browsing history”, “Remember download history” and “Remember search and form history” should be turned off. “Accept cookies from sites”, but un-check “Accept third party cookies” as they aren’t needed often. Location bar: select “Suggest nothing”.
  3. Security: Enable “Warn me when sites try to install add-ons”, “Block reported attack sites” and “Block reported web forgeries”. Under Passwords, disable “Remember passwords for sites” and use a master password.
  4. Advanced – General – System Defaults: Disable “Submit crash reports and performance data”.
  5. Advanced – Network – Offline Storage: Check “Override automatic cache management and limit cache to 0MB space”. Further—you can un-check “Tell me when a website asks to store data for offline storage use”.
  6. Advanced – Encryption: Ensure both “Use SSL 3.0 and Use TLS 1.0″ are enabled. Then click validation > check “When an OCSP server connection fails, treat the certificate as invalid”.

 

 

The Cost of Investigative Internet Research

Published on January 16, 2012 in Courts, How to Become a Professional Private Investigator, Methods, Power User Tips, Private Investigator, Report Writing, The Investigator's Computer and Training & Education. 1 Comment Tags: , .

Why does it cost so much just to look on the Internet?”

I get this question a lot, and too often from “professionals” who should know better. I will list a few of the reasons here.

To begin with, I never know how the research results will be used in the future. That means that the results must be properly documented so that it would be reproducible if someone else with similar skill did the searches at the same time as I did.

If at some future date what I find becomes important evidence, then how it was found, where it was found, when it was found, and what it actually looked like becomes very important. My report and the supporting material may be the only proof of the existence of the material being entered into evidence.

The computers must be free of malicious code (S. 31 Canada Evidence Act). We often set aside a computer for this purpose after doing some Spring-Cleaning.

The logic of the research process must be clear and easy to explain to anyone. This logic must be explained in the report. Search statements must be recorded. The project directory and file naming and structures must be logical and properly documented. The evidence must have a clear and documented chain of custody.

Providing this evidence requires skill, training, experience, software, computers, office space, support staff, and time.  Finally, did you know it takes at least twice as long to do the report as it does to do the research?

 

Erase Data with a Hammer

Published on February 28, 2011 in Forensic Science, Forensics, Methods, Private Investigator, Security and The Investigator's Computer. 1 Comment Tags: , , , , , , .

Flash-based solid-state drives nearly impossible to erase

Researchers from the University of California at San Diego delivered a paper at the FAST-11 Conference in San Jose, Calif., last week that shows it’s almost impossible to reliably erase data from a solid state drive.

The report, Reliably Erasing Data from Flash-Based Solid State Drives (PDF), goes through all of the known techniques for erasing data and they found the best method was a big hammer.

The Internet Kill-Switch

Published on February 2, 2011 in Communication, The Investigator's Computer and Web Worker. 0 Comments Tags: , , .

A Wired How-to Wiki article,  Communicate if Your Government Shuts Off Your Internet offers an excellent insight to your options should government turnoff the Internet.

The recent PC World article: Get Internet Access When Your Government Shuts It Down Does your government have an Internet kill-switch? Read our guide to Guerrilla Networking and be prepared for when the lines get cut, shows that the situation in Egypt has spurred geeks everywhere to start building Appocalypse apps  that may be headed our way to deal with similar situations in the future.

The Open Mesh web site content is  heavy going but useful if you have the technical knowledge.

Detecting Firesheep

Published on November 29, 2010 in Identity Theft, Methods, Privacy, Security, Social Sites, Surveillance and The Investigator's Computer. 0 Comments Tags: , , , , , , , .

I wrote about Firesheep awhile back. Predictably, a countermeasure has appeared called Blacksheep.

New Firefox Add-On Detects Firesheep, Protects You on Open Networks

If you’re concerned about using open Wi-Fi networks because of Firesheep, the highly popular new hacking tool, you should check out BlackSheep, a Firefox add-on that makes surfing on open networks safe once again.

Choosing Passwords

Published on November 24, 2010 in Odds & Sods, Power User Tips, Security, Sources, The Investigator's Computer and Web Worker. 0 Comments Tags: .

Here are a list of articles about password security that resulted from some recent research I was conducting.

Hijacking Social Network Connections

Published on November 8, 2010 in Identity Theft, Methods, Privacy, Security, Social Sites, Surveillance and The Investigator's Computer. 1 Comment Tags: , , , , , , , .

The Firesheep Firefox plugin makes it easy to hijack someone’s social network connections. For example, Facebook authenticates the client using cookies. If someone logs on using a public WiFi connection, the cookies are sniffable. Firesheep uses Wincap to capture the authentication information which allows you to hijack the connection.

Protect yourself by forcing the authentication through TLS or stop logging into Facebook using public networks.

Secure File Transfers

Published on September 20, 2010 in Security, The Investigator's Computer and Web Worker. 0 Comments Tags: , , , .

There are four common ways to transfer large files:

1. Middle-man approach
2. Direct file sharing
3. FTP
4. Multi user document repository

1. Middle-man approach

Most file transfer services use the middle-man approach. They require you to upload it first onto their server and then the recipient downloads it.  Depending upon your security requirements, these may be very dangerous as you are uploading important data onto someone else’s server without understanding exactly how they treat my data.  Furthermore, the server may not be secure from even the most inept hacker. These services usually limit file size to 2GB and they suffer from reliability problems due to dropped connections. Continue reading ‘Secure File Transfers’

LinkedIn E-Mail Could Infect Your PC

Published on August 18, 2010 in Social Sites and The Investigator's Computer. 0 Comments Tags: , .

Warning: Fake LinkedIn E-Mail Could Infect Your PC

Don’t look now, but that “LinkedIn” invite you just received from a “colleague” may in fact be yet another cleverly disguised piece of spam

Other LinkedIn spam isn’t so obvious or so benign though. I also received fake invites that lacked the Viagra Houdini image but still lead to weird sites (like one called “Cernoma”)…

This is not the first time social media has been abused by spammers, and it appears to be a rising trend. (I’ve also written about bogus Amazon spam here.)

This is an excellent article with lots of links to more accounts of social media being used as a vector for spam and malicious code.

Google Encrypted Search

Published on August 16, 2010 in Search Engines, Search Leakage, Search Strategies, Security, The Investigator's Computer and Web Worker. 0 Comments Tags: , , , .

Google introduced encrypted search which gives the user the option to use SSL (Secure Socket Layer) to prevent packet sniffing which in turn could reveal user’s searches on the site.  The encrypted search service moved to https://encrypted.google.com.

Only Google web search is available over SSL.  Other search products like Google Images and Google Maps are not currently available over SSL.

Three Dimensions of Note-taking

Published on December 21, 2009 in Methods, Notebooks, Private Investigator and The Investigator's Computer. 0 Comments Tags: , , , .

I have written previously on taking notes using audio, images, and handwritten notes.  Quite a while back I wrote about video notes using a simple camcorder called the FlipUltra.

Kodak Zi8

Now the Kodak Zi8 seems like a  better pocket-sized point-and-shoot video camera.  The digital image stabilization provides better video than the Flip. It has some hardware and software advantages over the Flip. It needs SD or SDHC memory cards which I see as an advantage even if it makes the Zi8 cost more.