CSI Internet

1,260 views

Published on

Why Forensic Internet Research? It helps you find people, create leads, verify information and track emails

Published in: Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,260
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

CSI Internet

  1. 1. CSI: Internet© 2012 Henk van Ess henk@vaness.nl Site: http://www.searchbistro.com Phone (US): +1 (225) 341-7595 Skype:searchbistroWhy Forensic Internet Research?(1) find people You can try to contact the author directly. No need to contact PR yet. You can make assumptions about the author his/her place in the hierarchy of the organization (2) create leads Revisions and drafts can reveal sensitive data by comparing them with the final versions. You can get a glimpse of meetings behind closed doors, as I showed you with LaSalle, Calipari and Blair.(3) verify information Compare hidden author names with supposed names.(4) track emails You can actually track location and nationality (< 70%) of web mail (Hotmail, Yahoo, Gmail).How to find metadata in Office documentsOpen any Microsoft Office Document. Click File->Properties (older then Office 2007) or Prepare –> Properties -> AdvancedProperties (2007 or above). Start reading the boxes. If the name is grey, it’s mostly a technical guy who installed the macro’s.If the name is in black, you can start checking the person’s name. What can you find? • Text from other documents open at the same time • Previously deleted text • E-mail headers and server information • Printer names • Data about the machine where the document was written • Where the document was saved • Word version number and document format • Names and usernames of document authors • E-mail address of authorYou won’t find the author history as I showed you with Blair’s letter. For this, download special software:http://www.stellent.com/en/products/outside_in/clean_content/p88012218How to unblock blacked out information in PDF(Only if human errors are made)Open the PDF. Click Control-A, then copy the text with Control-C. Paste it with Control-P in Microsoft Word.How to find blocked sites in Archive.orgZelnorm example: they redirected the archived pages. Try http://web.archive.org/web/*/zelnorm.com/* to get every link of anygiven site (replace zelnorm.com by your site). Shorten your list by examining the link:http://web.archive.org/web/*sr_11nr_10/http://zelnorm.com/* Now change the number behind sr into a higher number, f.e.:http://web.archive.org/web/*sr_296nr_10/http://zelnorm.com/*Interesting folder found? Type the whole folder into archive.org, f.e. http://zelnorm.com/hcp/images Do URL-slashing if itdoesn’t work at once, so http://zelnorm.com/hcpThe beauty of robots.txtExamine www.whitehouse.gov/robots.txt or www.google.com/robots.txt. Track changes with Website Watcher,http://www.aignes.com/download.htm. If a new source is added, you can see it as one of the first.The art of comparing drafts and final versionsGo http://www.softinterface.com/MD/Document-Comparison-Software.htmTracing mailIs your message opened? Is your message forwarded, if yes, to whom (<10%)? Where is the recipient? What language has hispc? Use this special link http://www.readnotify.com?from=toronto2007. It will cost you $36 a year.
  2. 2. Want me on your work for a full day of CSI: Internet with more great tools?Contact Henk van Ess henk@vaness.nl or go to www.voelspriet.nl/contact.htm. Phone (US): +1 (225) 341-7595

×