Learning New Skills

All good investigators strive to learn new skills. Most skilled investigators are true readers. Some investigators are autodidacts.

To be an expert in your field, you should read one book about it every week. You heard me right, one book a week. But what happens when you are having difficulty getting through the book because you are encountering material that is over your head?

My solution to this is 3×5 index cards in two colors. I write down what is going well on one colour and what I am struggling with on another. Do this for small portions of the book at a time and use other resources to get a grasp of the problem area. Don’t move on until you overcome all the areas over which you struggle. If it is something you can practice hands-on in the real world, then do so. An example would be to actually use the the software you are reading about and work through the aspect that presents some difficulty. As you overcome the things you struggled with, write them on the going well cards but note that they were originally difficult.


mypicsmap.com shows Flickr images on a on a full screen Google map. you can search by username or photoset ID.

This is a handy tool for seeing the image and it location on a map.

Edit-for-Cash at Wikipedia

Sarah Stierch, a senior staffer at Wikipedia, was fired for taking cash for edits to the popular encyclopedia site. Stierch offered her services as a “long time Wikipedian, curator, researcher and outreach coordinator” on a job board. Paid editing is a persistent problem on Wikipedia.

The End of Dialog

The database aggregator, Dialog, is no more. It was consumed by ProQuest to become ProQuest Dialog. The resulting product has become completely useless to us for due diligence and corporate research.

The Standard & Poor’s and Corporate Affiliation databases are gone along with several others that we relied upon to create a basic profile of a company’s structure and operations. Alternatives exist, but none are as convenient as the old Dialog.

Google Free Wednesday — Yahoo! Alerts

The apparent demise of Google Alerts forced me to turn to Talkwalker and Mention for alerts. However, Yahoo! Alerts offer some utility for keeping up with the world. In the past Yahoo! Alerts was only good for news. It now extends into the full web as catalogued by the Bing database. If you don’t already know it, Microsoft swallowed Yahoo! search whole in 2009. Perhaps we should call it Microhoo.

You need a Yahoo! account for Yahoo! Alerts. The results cannot be pushed to an RSS feed, they only arrive via email, Yahoo Messenger, or mobile device, depending on what you have set-up in your Yahoo! account. Not all alerts allow for delivery using all three of the above delivery options.

To create an alert, select Y! Search from the drop-down list on the right side of the opening page or select Y!Search from the list on the initial screen. Next sign-in to your Yahoo! account. In the Search keyword field add the search terms as you would in the normal Yahoo! search box. In the next drop-down list select what you want searched, I normally select Web or News. Finally select the frequency of the search. The search preview will only show anything added to the database in the last 24 hours.

Windows Error Reporting Risk

Windows Error Reporting (WER) is a crash reporting technology introduced by Microsoft with Windows XP. However, we now know that it may send Microsoft unencrypted personally identifiable information contained in the memory and application data that may make you vulnerable to attack. WER is turned on by default. WER from Windows 8 may now use TLS encryption.

The Snowdon leaks described how the U.S. National Security Agency intercepts the unencrypted WER logs to fingerprint machines like some malware to identify potential system, network and application weaknesses to execute attacks that move through an enterprise network. WER reports on more than Windows crashes. It reports hardware changes, such as the first-time use of a new USB device and mobile devices. It sends time-stamp data, device manufacturer, identifier and revision, along with host computer information such as default language, operating system service pack and update version, hardware manufacturer, model and name, as well as BIOS version and unique machine identifier. This creates a blueprint of the applications running on a network to help an attacker develop or execute attacks with little chance of detection.

This is only one example of the OS, applications, browsers, etc. leaking information that the investigator must be aware of when conducting investigative internet research.

To shut-off WER in Windows 7 go to Control Panel>System and Security>Action Center>Change Action Center settings>Related settings>Problem reporting settings. The selections for “Each time a problem occurs, ask me before checking for solutions” and “Never check for solutions” disable WER. Choosing Never check for solutions will fully disable error reporting in Windows 7.


Search Link and Results Copying

The Google/Yandex Search Link Fix Firefox extension prevents Google Search and Yandex from modifying result links when they are clicked. If you try to copy the link you may get gibberish instead of the actual link. If you try to copy the text description in the results it won’t work unless you got to the Edit menu and select Copy — Ctl+C won’t work. This extension disables these behaviors on any Google domain without having to configure anything.


jotpix.com is a search tool for finding geotagged Flickr, Panoramio, Picasa, & YouTube.Searching is done by entering a place name and a keyword. However, Panoramio does not support search by keyword or time and Picasa does not support search by time.

In practice, this is not a very useful tool.

Training for Investigative Internet Research (IIR)

IIR is a very competitive sport. If you don’t find the needed data, then the opposition wins.

Now you might ask, “how does one train for the ongoing IIR competition?” My answer to this question comes in two parts.

First, read about IIR and read the manuals for the software that you use to produce your end product. You must learn about sources and the methods used to produce a report that is fit for decision-making.

Second, one must practice using these sources and methods.

You can get a sound grasp of the first requirement from my book, Sources and Methods for Investigative Internet Research and this and other blogs, and I will share some secrets about the second requirement right now.

Practice finding more details about obscure news items that you see on TV or Twitter. You must collect the full story, write the story in report format, and preserve all the supporting material. Time yourself for completing the overall task. Also time your wasted effort. It is important to do both if you want to improve your performance. You can also set a time limit for the task using a countdown timer like XNote Stopwatch. For a timer that allows you to log wasted time, you can use Time Stamp.

Consider the following training exercise; there is a news item about a Spitz dog found near death on a trash heap in California during the week of 9 Dec 13. I knew the dog was a Spitz from the TV news item and I also knew the approximate date from the date of the news item. My training task was to get the basic 5 W’s on paper in twenty minutes. Could you do the same thing? If not, then here’s how.

I had the basic when and where—only in a vague sense. I know that search engines are not very good at handling calendar dates. I know my basic search statement will be dog trash California and I am certain they won’t report the breed accurately. That leaves me with the date, search statement, and as it was a TV news items there will be images and video. Where do I start to get it done in twenty minutes?

I know that only Google handles calendar dates in a usable manner and that it has excellent news content. I should also search Bing, Yahoo!, DDG, and Devilfinder. Time is not on my side.

I set-up a OneNote notebook with two tabs. One for research material collected from the web and one for the 5 W’s. Under the 5 W’s tab, I create a sub page for each W. I will use the 5 W’s material to create my report in Word as I would any other report.

Fagan Finder to the rescue. It organises search engines into useable groups and gives you an easy to use interface, such as the Google Ultimate Interface and Google Search By Date Interface.

For the search term, dog trash California, Google had excellent results and Bing had poor results, as did DDG and Yahoo!. The problem was that there were two similar stories one involving a poodle and one that was the subject of this exercise. Google eliminated the poodle stories when searched by date. Devilfinder produced excellent results as well.

From Devilfinder, along with the Google Ultimate Interface and Google Search By Date Interface I was able to provide all the W’s and complete a short reporting memo in twenty minutes while maintaining the proper citations and source material in OneNote.

Train hard.

What You See Matters

I don’t like doing surveillance work. It’s hectic and often unproductive, but somebody has to do it.

I have always preferred using a real camera whenever possible — the real SLR type with a long lenses. Knowing this, a colleague asked me to help out as the second man.

This white-collar type went from one office complex to another and coffee shop to coffee shop all morning. He met people and I got good pictures of the people he met. He went for lunch in a shopping mall food court. This was rather strange as he was wearing a $2000 suit. From the mezzanie I watched. He opened his briefcase and I took pictures of its contents.

The briefcase contained three intersting items, all were books. The titles were:

  • How To Survive Prison For The First Time Inmate: Take a look at a dangerous society within our society
  • Prison Guide: Prison Survival Secrets Revealed
  • The Suburban Inmate: A Man’s Guide To Surviving Prison

Now this shone an entirely different light upon what we were doing. You guessed it, he was settling his affairs before the sentencing.

The book has been published!

My new book, Sources and Methods for Investigative Internet Research, is available on Amazon.

My Amazon Author Page is now available.

My author’s Facebook page has been up and going for some time.

Geo-locating Images

MyPicsMap.com allows viewing Flickr photos on a fullscreen Google map. To view photos of a  particular Flickr user just enter the username.

loc.alize.us provides the geo-location of photographs uploaded to Flickr. You can search by username, tags, and sort them by date. It uses satellite imagery is provided by Google.

Bizarre Social Networks

Hundreds of different social networks exist. Some social network sites are downright strange and some are really suspicious. There seems to one for every demographic from people with allergies to those interested in zen.

For example, DateMyPet.com is for people who want to date someone based upon the pet they own. You never know when someone might be allergic to Fluffy. FarmersOnly.com is an online dating network that pairs rural couple seeking mates. My favorite is MyFreeImplants.com which facilitates crowd-funding for women raising funds for breast implants.

As always, practice safe social networking.

Connect the Dots and the Dox

You don’t need to hack into a computer to learn about someone. Today, most people that I investigate leave a revealing online profile — I just have to connect the dots or the publicly available dox (documents).

Online malefactors try to do their misdeeds anonymously through an alias. Usually, they tend to reuse their aliases. It only takes one obscure use connected to the miscreant’s real name. Now I have the real name to run through the usual searches which will reveal other aliases, Facebook pages, and Twitter accounts, all of which yield titbits of useful information.

Getting Advance Knowledge of New Products

Companies operating in the U.S. often file ‘Intent-To-Use’ applications for trademarks and thereby disclose the names and descriptions of forthcoming products and services six months before the product launch. Extensions of up to two years are sometimes granted if the launch process becomes bogged down.

Searching the Trademark Electronic Search System (TESS) of the U.S. Patent & Trademark Office will find the ‘Intent-To-Use’ applications.