You might have noticed fewer posts lately. This is due to the time it takes to edit my forthcoming book, Sources & Methods for Investigative Internet Research, which will be published in the coming months.
A sub-title for the book might be (if I believed in sub-titles):
What They Don’t Teach in Private Investigator School
For the last 20 years the author has been a leading provider of Investigative Internet Research to Private Investigators. This book presents what the author has learned and applied, but perhaps of more importance, based upon the author’s extensive experience, it addresses what Private Investigators don’t know about Investigative Internet Research and its reporting.
However, the reader doesn’t need to be a Private Investigator to benefit from this book. The investigative process does not belong solely to the Private Investigator. Investigation is at the heart of every human activity. Scholars investigate. Antique dealers and appraisers investigate. Investors investigate. Medical Doctors investigate. In one way or another, we all investigate something or other using the Internet.
To investigate is to seek a solution. This book is about how to turn Investigative Internet Research into a solution. Let this book guide you to the following:
- Techniques that focus and refine your search results
- The best sources to use for searching
- How to conduct anonymous Internet searching
- How to conduct “safe searching” – being anonymous isn’t enough
- How to document the search process for use as evidence
- How to evaluate the quality of what you find
- The best practices to preserve and organise your data for reporting.
- How to use Microsoft Office in the most efficient manner to produce a superior report.
- Sources, methods, tips and tricks learned over 20 years
Google enjoys change — and you should too.
The link to cached pages is now underneath the page link at the end of the page URL in the form of a little downward arrow. Click on the little arrow and then on the word Cached to go to the cached page.
News of this ‘significant’ change at Google is brought to by a boring Monday when our American friends and clients are having a day off.
File erasure is something every Investigator needs to consider. Investigators collect a lot of data that never makes into a report. Sometimes that data is irrelvant or something that cannot be reported. That stuff should not be left hanging around to be recovered later and then missused. Some form of file erasure software should be used to make it unrecoverable.
Some examples of file erasure software:
If you haven’t heard, the Toronto Mayor, Rob Ford, supposedly appears in a video smoking crack. Gawker wants donations to buy the video for $200,000. Well this seems like a 80/20 situation. 80% of the damage done in 20% of the time that this goes on.
Here are some things to consider about this strange news item:
1. If they don’t get enough money to buy this video, then we don’t know if it really exists, but the damage is done.
2. If they buy it, then they are paying-off criminals. After all they are self-professed crack dealers. They are the gangsters that bring about most of the shootings and murders in Toronto.
3. If they buy it, they need to buy the device that recorded the video or we can’t tell if it was altered.
4. It will take a long time to analyze the video to determine if it is likely unaltered. If it is altered or fake, it doesn’t matter, the damage is done.
5. While the video may be unaltered, we might not ever know if it was a continuous recording or one that was recorded selectively for some desired effect.
6. No matter what happens, the damage is done — damage that goes far beyond one mayor or city. Welcome to the brave new journalism.
I always use the subject’s known email addresses as search terms. I assume that any good Investigator would do the same. However, where you search matters.
Have you ever searched an email address and found that it was compromised? Groups like Anonymous and Lulzsec sometimes post lists of compromised email addresses along with the associated passwords. Do you know where to search for this and how to report it?
“I didn’t post that! My account was hacked!” is a common ‘Weinergate’ inspired excuse. If the Investigator doesn’t make a reasonable effort to search for the possibility of a compromised account, then he may be judged incompetent or negligent.
Without the co-operation of the subject, the Investigator must start an organised search for indications that the email account has been compromised.
Always search for the name of the email service provider and the words ‘hacked’ and ‘compromised’ along with ‘accounts’ and ‘email’. If you find something, then compare the date of the security breach to the time of your own Weintergate.
Next, search shouldichangemypassword.com, pwnedlist.com, and hacknotifier.com. The first two only tell you if the account might be compromised, while the last one sometimes links the searcher to online information about the security breach.
Of course the Investigator should document the search and explain the sources that were searched.
We often use cut-outs to gather information in smaller communities as government clerks occasionally talk too much. Sometimes they deliberately tell the subject, or even local news media, that a search is underway. We never tell our agents why our client needs the information. We frequently request unrelated documents from the same government office to conceal why we are using the agent’s services. This disinformation also proves useful should our agent become too talkative while doing his job.
We often find it prudent to get an agent in another province to requisition federal government documents under the Access to Information Act as we are sometimes seen as adversarial towards government or bureaucratic interests. While we have never had a request denied, we have certainly been delayed because the department involved has guessed for whom we act.
flickriver.com is a Flickr viewer and search tool, searchable by user name, tag, group and place.
If you need a good picture of the Earltown NS general store, or all pictures by DeadFred.com, or a picture of the DEW Line radar picket ship, USS Investigator(AGR-9/YAGR-9), then you can find it through flickriver.com.
The Boston Marathon incident is somewhat instructive from an Investigative Internet Research (IIR) perspective.
News reporters are skilled at IIR — some to the exclusion of real journalistic skills if the preponderance of churnalism in the popular media is any measure. However, one instance of a reporter finding the terrorist’s Amazon Wish List is interesting. The reporter was drawing conclusions about the terrorist from the contents of the wish list.
The default Amazon Wish List setting is ‘Public’. The other settings are ‘Shared’ and ‘Private’ which seems to defeat the purpose. The default setting is the most common.