SlideShare a Scribd company logo

Advanced Research Investigations for SIU Investigators

S
Sloan Carne

The past, present and future of Research Investigations including Social Media Investigations and Internet Profiling.

Presentations & Public Speaking
1 of 48
Download to read offline
Advanced Research Investigations for SIU Investigators “Obtaining optimal investigative results though the implementation of our diverse team, made up of specialized research investigators and skilled surveillance experts” 888-989-2800 www.claimspi.com info@claimspi.com Adam Groth, Research Investigations Manager - (does all the work) Daniel Klimek, Director of Operations - (takes credit for all the work)
About Us • Sherlock Investigations takes great pride knowing that we are different. Our size and diversity allow us to leverage specialists in a variety of investigative disciplines to ensure that we are designing the best possible investigations for our clients; resulting in the most optimum results on a consistent basis.
What is Internet Profiling? Collecting and analyzing a person’s Internet footprint to give the investigator a broad insight into the person’s activities, background and relevant characteristics.
Definitions • “Social Media Investigation” - technically refers to locating and documenting sources of data found within profiles primarily used for social or professional networking. The most common examples are Facebook,Twitter, LinkedIn, Instagram • “Internet Investigation” and “Internet Profile” - encompass both social media searches and various deep-web internet searches, including Google and other indexable platforms
Social Media Internet Profile Includes only information from social networking sites Includes social networking sites Limited to input data Full internet footprint Usually only from target’s individual profile Deep web searches Excludes more obscure platforms Searches images of target and known assoc./family Largely computerized/automated Better looking reports! Uses multiple sources to identify target profiles, even if the user name is an avatar/screen name unrelated to the target Even non-internet/social media users have data online
Topics of the Day • The Past & Present of Research Investigations • OSINT • Types + Sources + Tools • The Future of Research Investigations
History Lesson •Credit Header Information •Social Networking Sites • What’s up with Facebook? •GeoSearches • The firehose has been shut off Slide 7 of 687
Cambridge Analytica • Graph API intentionally left open by FB for developers and other apps • Granted other apps access FB data • Used people, likes, shares, etc… as objects to make connections between people, events, products • Provided an “open door” to data on private profiles through friends and shared connections • 530k on one particular app turned into nearly 30m user accounts available for access
Changes to FB • Search Features Removed
Geo-targeted Searches • Searching for social media across various platforms in a specific geographic location/area • As large as a shopping mall or event center • As small as a single home or specific highway mile marker • Specific timeframes for posts can also be set
Remaining GeoSearch Tool
Current Solutions •OSINT •OSINT Tools •API/URL Manipulation •Hash Value/Metadata Capture • Federal Court Rule 902
Federal Rule of Evidence 902(13) (14) • (13) Certified Records Generated by an Electronic Process or System. A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent must also meet the notice requirements of Rule 902(11). • (14) Certified Data Copied from an Electronic Device, Storage Medium, or File. Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent also must meet the notice requirements of Rule 902(11).
• Allows for the self-authentication of digital (internet) evidence • Requires MD5 Hash values (metadata) presented by a qualified person • Hash values are a unique algorithm (128bits, 32 characters) for each unique page, image, post, etc… • This has to be done at the time of collection to ensure data is not deleted from the internet
Digital Media Authentication Solutions • Largely software based • Have been available for years • Include metadata (hash values) for social media, images, pages, etc. • Metadata pertains to the capture of the media • Reports are ugly and long, but they ensure compliance when necessary • Should be done right away if planned to be used
METADATA • The data within the data • Identifies when a photo was taken • Possibly even WHERE the photo was taken and with what device • In most cases is critical in proving WHEN something occurred • Can include geographic location • Data about the device, user, domain
Current Metadata Usage
Metadata vs. Authentication • Authentication proves that the data was collected, when it was collecte and where it was collected from. • It can also show the investigative “path” that was taken to obtain the data • Can prove data was collected legally and when/where the data existed • Metadata is what actually proves WHEN or WHERE data was created • Think about a Facebook image • Prior slides confirm, there is no metadata available on the majority of social media sites • This includes Facebook, which means that even with Authentication software, you cannot prove when a photo was TAKEN, only posted to Facebook.
OSINT •Open Source Intelligence
WHAT IS OPEN SOURCE ? A.K.A. OSINT Open Source Intelligence (OSINT) is the collection and analysis of information that is gathered from public, or open, sources. OSINT is distinguished from research in that it applies the process of intelligence to create tailored knowledge supportive of a specific decision by a specific individual or group.
Where does OSINT Stop? • OSINT doesn’t “touch” or make contact with a source or a target • This includes domains, servers, internal databases • Changes nothing • Hands off collection of what is available outwardly • API and web scraping is outward facing, just not easy to get to • Unintentionally open and available data is still OSINT
OSINT is Generally Broken into 6 Main Categories • Media:, print newspapers, magazines, radio, and television. • Internet, online publications, blogs, discussion groups, citizen media (i.e. – cell phone videos, and user created content), YouTube, and other social media websites (i.e. – Facebook, Twitter, Instagram, etc.). • Public Government Data, public government reports, budgets, hearings, press conferences, and speeches. • Professional and Academic Publications, information acquired from journals, conferences, symposia, academic papers, dissertations, and theses. • Commercial Data, commercial imagery, financial and industrial assessments, and databases. • Grey Literature, technical reports, preprints, patents, working papers, unpublished works, and newsletters.
What are we actually after? • Text • Images/Video • Metadata • Data about Data • Connections • Databases • Export Raw Data
Real OSINT Requires Specialized Tools
Tools of the Trade • OSINT Framework
A Personal Favorite (before Adam gets really technical) • Tinfoleak – Free Tool to help Analyze Twitter Users • http://tinfoleak.com/reports2/sherlock_claims.html
Where does OSINT fit in if we do our jobs right?? • Investigating Sharon Henry in New Jersey • No social media (that could be found), No court records, No criminal history • OSINT to save the Day! • Search Local Newspapers and find that Sharon attended Clifford J Scott High School • Find the Yearbook from her graduating class and the world opens up……
Some of the ways we do it: • APIs and URL Manipulation
Understanding APIs and URL Manipulation • API - Application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact. Additionally, APIs are used when programming graphical user interface (GUI) components. • API – How websites interact with each other to share data. • URL Manipulation - the process of altering the parameters in a URL. URL manipulation can be employed as a convenience by a web server administrator, for nefarious purposes or by a private investigator. • URL Manipulation – altering the URL to produce results not offered by the website’s normal platform.
Application Programming Interfaces • APIs were created to make web platforms more efficient. • Service APIs allow access to data that would be secured on the original version of a website. • They achieve this by sharing code that would normally be protected or proprietary on one platform, so the code may be used on multiple platforms. • Why do we care? • If we ask Facebook (the webpage) for specific information, it will tell us that we do not have access to it. • If we ask the service API for Facebook for this data it will provide it to us.
URL Manipulation • Knowing where the information is coming from on social media websites allows us to manipulate the URL of these pages to access content not usually available through the webpage. • There is still information that cannot be accessed (as it should be) but the additional pieces of information this methodology unlocks aids in the investigation process. • A perfect example is a case assigned to us from your office: • Michael Williams • Flint, MI • June 18, 1953 • Head, Neck, Back and Hip Injuries • Replacement Services Suspected • One would think a 64 year old might not be the best candidate for a social media investigation… • Clear criminal history, no apparent history of personal injury suits and he has a very common name…
A Better Way of Searching on Facebook • The key to searching Facebook through URL manipulation is to identify the subject profile’s “user number” • Michael Williams chose not to have his “user name” shown in the Facebook settings which makes this easy as it is displayed in the URL. • If it were not displayed but instead showed michael.williams9888 as his “user name” you could find his “user number through the URL of any of his images.
Using the Facebook User Number • Once the “user number” is identified you can manipulate the URL for Facebook to provide you with search results for only your Michael Williams and not every Michael Williams on Facebook. • This URL produces photos posted by the subject. • This URL produces photos the subject is tagged in. • This URL produces posts the subject is tagged in. • This URL produces photos the subject has commented on.
Why do you care about these searches? • Behavior Analysis – If we can understand who the subject is, what makes them tick, and what is important to them, we can better investigate a claim. • All of these searches offer up a piece of the puzzle into “who” Mr. Williams is as a person. • With these pieces (many or few) we will have certain advantages when it comes to surveilling Mr. Williams should it be needed.
Twitter • Each website has a different protocol to follow but there are additional searches that can be run. • There are other websites that make it easier to find information on Twitter. • Foller.me – strips biographical info from a profile as well as join date. • Moz.com – allows you to analyze followers to see overlap between up to three profiles to find common links. • This search allows me to get all tweets within 1km of a lat/long. • This search strips out just media posts by the subject to remove “re-tweets” • This search strips out just outgoing tweets • This search strips out just incoming tweets
What does the future hold? •Web Scraping/Intelligence Aggregation • Data Importation •AI/Automated Searches •Data Visualization •Image Searches
Web Scraping • Web Scraping (also termed Screen Scraping, Web Data Extraction, Web Harvesting etc.) is a technique employed to extract large amounts of data from websites whereby the data is extracted and saved to a local file in your computer or to a database in table (spreadsheet) format.
How do we use this information? • Identify current address • Locate common locations and habits • Identify friends/relatives locations • Locate employment • Create graphical displays (link analysis) – Visual Data
Timelines
Timeline Elements • Social Media Images/Videos • Events • Criminal Records • Court Dates • Vehicle Sightings • HUMINT • Hospital/Pharmacy Records • Additional collisions • Law Enforcement Contacts • Hunting/Fishing Licenses • Vehicle or Home Purchases • Employment Dates • Education Records
• Adam Groth • Daniel Klimek • Info@claimspi.com • 888-989-2800

Recommended

OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesSyedAmoz
 
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...Nicholas Tancredi
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringJeremiah Tillman
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligencec0c0n - International Cyber Security and Policing Conference
 

Recommended

OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesSyedAmoz
 
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...
Digital Breadcrums: Investigating Internet Crime with Open Source Intelligenc...Nicholas Tancredi
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringJeremiah Tillman
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligencec0c0n - International Cyber Security and Policing Conference
 
Osint skills
Osint skillsOsint skills
Osint skillsFelixK4
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
OSINT
OSINTOSINT
OSINTKristinaParker16
 
Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)itgsabc
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 
Osint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftOsint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftSteph Cliche
 
Surveillance
SurveillanceSurveillance
SurveillanceJennifer Howard
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Internet Surveillance
Internet SurveillanceInternet Surveillance
Internet Surveillancecfeutlinske
 
Surveillance Society
Surveillance SocietySurveillance Society
Surveillance SocietyKaren Moxley
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
Info leakage 200510
Info leakage 200510Info leakage 200510
Info leakage 200510Prof John Walker FRSA Purveyor Dark Intelligence
 
Leveraging mobile & wireless technology for Law and Order
Leveraging mobile & wireless technology for Law and OrderLeveraging mobile & wireless technology for Law and Order
Leveraging mobile & wireless technology for Law and Orderc0c0n - International Cyber Security and Policing Conference
 
Cyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 PresentationCyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 Presentationaxnv
 
Creepy tool
Creepy toolCreepy tool
Creepy toolGaurav Thorat
 
LIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015Ryan Renicker CFA
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 

More Related Content

What's hot

Osint skills
Osint skillsOsint skills
Osint skillsFelixK4
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)itgsabc
 
Osint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftOsint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftSteph Cliche
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Internet Surveillance
Internet SurveillanceInternet Surveillance
Internet Surveillancecfeutlinske
 
Surveillance Society
Surveillance SocietySurveillance Society
Surveillance SocietyKaren Moxley
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
Cyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 PresentationCyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 Presentationaxnv
 
LIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015Ryan Renicker CFA
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 

What's hot (20)

Osint skills
Osint skillsOsint skills
Osint skills
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINT
 
OSINT
OSINTOSINT
OSINT
 
Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)Revision Terrorist And Rebel Use Of It (David & Jorge)
Revision Terrorist And Rebel Use Of It (David & Jorge)
 
OSINT
OSINTOSINT
OSINT
 
Osint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftOsint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraft
 
Surveillance
SurveillanceSurveillance
Surveillance
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Internet Surveillance
Internet SurveillanceInternet Surveillance
Internet Surveillance
 
Surveillance Society
Surveillance SocietySurveillance Society
Surveillance Society
 
OSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and futureOSINT 2.0 - Past, present and future
OSINT 2.0 - Past, present and future
 
Info leakage 200510
Info leakage 200510Info leakage 200510
Info leakage 200510
 
Leveraging mobile & wireless technology for Law and Order
Leveraging mobile & wireless technology for Law and OrderLeveraging mobile & wireless technology for Law and Order
Leveraging mobile & wireless technology for Law and Order
 
Cyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 PresentationCyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 Presentation
 
Creepy tool
Creepy toolCreepy tool
Creepy tool
 
LIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS - Financial Cybercrime
LIFARS - Financial Cybercrime
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Similar to Advanced Research Investigations for SIU Investigators

Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisOpen Analytics
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysisikanow
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Lecture 5: Mining, Analysis and Visualisation
Lecture 5: Mining, Analysis and VisualisationLecture 5: Mining, Analysis and Visualisation
Lecture 5: Mining, Analysis and VisualisationMarieke van Erp
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next BattlegroundSensePost
 
Why private search is important for everone and how you can protect your pers...
Why private search is important for everone and how you can protect your pers...Why private search is important for everone and how you can protect your pers...
Why private search is important for everone and how you can protect your pers...Kelly Finnerty
 
Why private search is important for everone and how you can protect your pers...
Why private search is important for everone and how you can protect your pers...Why private search is important for everone and how you can protect your pers...
Why private search is important for everone and how you can protect your pers...Kelly Finnerty
 
MECO3602 2014, Week 4 Lecture 'Duck Duck Go[ogle]: The politics of search
MECO3602 2014, Week 4 Lecture 'Duck Duck Go[ogle]: The politics of searchMECO3602 2014, Week 4 Lecture 'Duck Duck Go[ogle]: The politics of search
MECO3602 2014, Week 4 Lecture 'Duck Duck Go[ogle]: The politics of searchUniversity of Sydney
 
Privacy, Ethics, and Future Uses of the Social Web
Privacy, Ethics, and Future Uses of the Social WebPrivacy, Ethics, and Future Uses of the Social Web
Privacy, Ethics, and Future Uses of the Social WebMatthew Russell
 
Noticing the Nuance: Designing intelligent systems that can understand semant...
Noticing the Nuance: Designing intelligent systems that can understand semant...Noticing the Nuance: Designing intelligent systems that can understand semant...
Noticing the Nuance: Designing intelligent systems that can understand semant...Elizabeth Murnane
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 

Similar to Advanced Research Investigations for SIU Investigators (20)

Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
 
Building Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media AnalysisBuilding Effective Frameworks for Social Media Analysis
Building Effective Frameworks for Social Media Analysis
 
Open Source Intelligence
Open Source IntelligenceOpen Source Intelligence
Open Source Intelligence
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Osint
OsintOsint
Osint
 
Lecture4 Social Web
Lecture4 Social Web Lecture4 Social Web
Lecture4 Social Web
 
Lecture 5: Mining, Analysis and Visualisation
Lecture 5: Mining, Analysis and VisualisationLecture 5: Mining, Analysis and Visualisation
Lecture 5: Mining, Analysis and Visualisation
 
Social Media Dataset
Social Media DatasetSocial Media Dataset
Social Media Dataset
 
Unit 1
Unit 1Unit 1
Unit 1
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next Battleground
 
Why private search is important for everone and how you can protect your pers...
Why private search is important for everone and how you can protect your pers...Why private search is important for everone and how you can protect your pers...
Why private search is important for everone and how you can protect your pers...
 
Why private search is important for everone and how you can protect your pers...
Why private search is important for everone and how you can protect your pers...Why private search is important for everone and how you can protect your pers...
Why private search is important for everone and how you can protect your pers...
 
MECO3602 2014, Week 4 Lecture 'Duck Duck Go[ogle]: The politics of search
MECO3602 2014, Week 4 Lecture 'Duck Duck Go[ogle]: The politics of searchMECO3602 2014, Week 4 Lecture 'Duck Duck Go[ogle]: The politics of search
MECO3602 2014, Week 4 Lecture 'Duck Duck Go[ogle]: The politics of search
 
Privacy, Ethics, and Future Uses of the Social Web
Privacy, Ethics, and Future Uses of the Social WebPrivacy, Ethics, and Future Uses of the Social Web
Privacy, Ethics, and Future Uses of the Social Web
 
Noticing the Nuance: Designing intelligent systems that can understand semant...
Noticing the Nuance: Designing intelligent systems that can understand semant...Noticing the Nuance: Designing intelligent systems that can understand semant...
Noticing the Nuance: Designing intelligent systems that can understand semant...
 
Digital investigations
Digital investigationsDigital investigations
Digital investigations
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 

Recently uploaded

call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 

Recently uploaded (20)

call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 

Advanced Research Investigations for SIU Investigators

  • 1. Advanced Research Investigations for SIU Investigators “Obtaining optimal investigative results though the implementation of our diverse team, made up of specialized research investigators and skilled surveillance experts” 888-989-2800 www.claimspi.com info@claimspi.com Adam Groth, Research Investigations Manager - (does all the work) Daniel Klimek, Director of Operations - (takes credit for all the work)
  • 2. About Us • Sherlock Investigations takes great pride knowing that we are different. Our size and diversity allow us to leverage specialists in a variety of investigative disciplines to ensure that we are designing the best possible investigations for our clients; resulting in the most optimum results on a consistent basis.
  • 3. What is Internet Profiling? Collecting and analyzing a person’s Internet footprint to give the investigator a broad insight into the person’s activities, background and relevant characteristics.
  • 4. Definitions • “Social Media Investigation” - technically refers to locating and documenting sources of data found within profiles primarily used for social or professional networking. The most common examples are Facebook,Twitter, LinkedIn, Instagram • “Internet Investigation” and “Internet Profile” - encompass both social media searches and various deep-web internet searches, including Google and other indexable platforms
  • 5. Social Media Internet Profile Includes only information from social networking sites Includes social networking sites Limited to input data Full internet footprint Usually only from target’s individual profile Deep web searches Excludes more obscure platforms Searches images of target and known assoc./family Largely computerized/automated Better looking reports! Uses multiple sources to identify target profiles, even if the user name is an avatar/screen name unrelated to the target Even non-internet/social media users have data online
  • 6. Topics of the Day • The Past & Present of Research Investigations • OSINT • Types + Sources + Tools • The Future of Research Investigations
  • 7. History Lesson •Credit Header Information •Social Networking Sites • What’s up with Facebook? •GeoSearches • The firehose has been shut off Slide 7 of 687
  • 8. Cambridge Analytica • Graph API intentionally left open by FB for developers and other apps • Granted other apps access FB data • Used people, likes, shares, etc… as objects to make connections between people, events, products • Provided an “open door” to data on private profiles through friends and shared connections • 530k on one particular app turned into nearly 30m user accounts available for access
  • 9. Changes to FB • Search Features Removed
  • 10. Geo-targeted Searches • Searching for social media across various platforms in a specific geographic location/area • As large as a shopping mall or event center • As small as a single home or specific highway mile marker • Specific timeframes for posts can also be set
  • 11.
  • 12.
  • 13.
  • 14.
  • 16. Current Solutions •OSINT •OSINT Tools •API/URL Manipulation •Hash Value/Metadata Capture • Federal Court Rule 902
  • 17. Federal Rule of Evidence 902(13) (14) • (13) Certified Records Generated by an Electronic Process or System. A record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent must also meet the notice requirements of Rule 902(11). • (14) Certified Data Copied from an Electronic Device, Storage Medium, or File. Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12). The proponent also must meet the notice requirements of Rule 902(11).
  • 18. • Allows for the self-authentication of digital (internet) evidence • Requires MD5 Hash values (metadata) presented by a qualified person • Hash values are a unique algorithm (128bits, 32 characters) for each unique page, image, post, etc… • This has to be done at the time of collection to ensure data is not deleted from the internet
  • 19. Digital Media Authentication Solutions • Largely software based • Have been available for years • Include metadata (hash values) for social media, images, pages, etc. • Metadata pertains to the capture of the media • Reports are ugly and long, but they ensure compliance when necessary • Should be done right away if planned to be used
  • 20. METADATA • The data within the data • Identifies when a photo was taken • Possibly even WHERE the photo was taken and with what device • In most cases is critical in proving WHEN something occurred • Can include geographic location • Data about the device, user, domain
  • 22. Metadata vs. Authentication • Authentication proves that the data was collected, when it was collecte and where it was collected from. • It can also show the investigative “path” that was taken to obtain the data • Can prove data was collected legally and when/where the data existed • Metadata is what actually proves WHEN or WHERE data was created • Think about a Facebook image • Prior slides confirm, there is no metadata available on the majority of social media sites • This includes Facebook, which means that even with Authentication software, you cannot prove when a photo was TAKEN, only posted to Facebook.
  • 24. WHAT IS OPEN SOURCE ? A.K.A. OSINT Open Source Intelligence (OSINT) is the collection and analysis of information that is gathered from public, or open, sources. OSINT is distinguished from research in that it applies the process of intelligence to create tailored knowledge supportive of a specific decision by a specific individual or group.
  • 25. Where does OSINT Stop? • OSINT doesn’t “touch” or make contact with a source or a target • This includes domains, servers, internal databases • Changes nothing • Hands off collection of what is available outwardly • API and web scraping is outward facing, just not easy to get to • Unintentionally open and available data is still OSINT
  • 26. OSINT is Generally Broken into 6 Main Categories • Media:, print newspapers, magazines, radio, and television. • Internet, online publications, blogs, discussion groups, citizen media (i.e. – cell phone videos, and user created content), YouTube, and other social media websites (i.e. – Facebook, Twitter, Instagram, etc.). • Public Government Data, public government reports, budgets, hearings, press conferences, and speeches. • Professional and Academic Publications, information acquired from journals, conferences, symposia, academic papers, dissertations, and theses. • Commercial Data, commercial imagery, financial and industrial assessments, and databases. • Grey Literature, technical reports, preprints, patents, working papers, unpublished works, and newsletters.
  • 27. What are we actually after? • Text • Images/Video • Metadata • Data about Data • Connections • Databases • Export Raw Data
  • 28.
  • 29.
  • 30. Real OSINT Requires Specialized Tools
  • 31. Tools of the Trade • OSINT Framework
  • 32. A Personal Favorite (before Adam gets really technical) • Tinfoleak – Free Tool to help Analyze Twitter Users • http://tinfoleak.com/reports2/sherlock_claims.html
  • 33. Where does OSINT fit in if we do our jobs right?? • Investigating Sharon Henry in New Jersey • No social media (that could be found), No court records, No criminal history • OSINT to save the Day! • Search Local Newspapers and find that Sharon attended Clifford J Scott High School • Find the Yearbook from her graduating class and the world opens up……
  • 34. Some of the ways we do it: • APIs and URL Manipulation
  • 35. Understanding APIs and URL Manipulation • API - Application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact. Additionally, APIs are used when programming graphical user interface (GUI) components. • API – How websites interact with each other to share data. • URL Manipulation - the process of altering the parameters in a URL. URL manipulation can be employed as a convenience by a web server administrator, for nefarious purposes or by a private investigator. • URL Manipulation – altering the URL to produce results not offered by the website’s normal platform.
  • 36. Application Programming Interfaces • APIs were created to make web platforms more efficient. • Service APIs allow access to data that would be secured on the original version of a website. • They achieve this by sharing code that would normally be protected or proprietary on one platform, so the code may be used on multiple platforms. • Why do we care? • If we ask Facebook (the webpage) for specific information, it will tell us that we do not have access to it. • If we ask the service API for Facebook for this data it will provide it to us.
  • 37. URL Manipulation • Knowing where the information is coming from on social media websites allows us to manipulate the URL of these pages to access content not usually available through the webpage. • There is still information that cannot be accessed (as it should be) but the additional pieces of information this methodology unlocks aids in the investigation process. • A perfect example is a case assigned to us from your office: • Michael Williams • Flint, MI • June 18, 1953 • Head, Neck, Back and Hip Injuries • Replacement Services Suspected • One would think a 64 year old might not be the best candidate for a social media investigation… • Clear criminal history, no apparent history of personal injury suits and he has a very common name…
  • 38. A Better Way of Searching on Facebook • The key to searching Facebook through URL manipulation is to identify the subject profile’s “user number” • Michael Williams chose not to have his “user name” shown in the Facebook settings which makes this easy as it is displayed in the URL. • If it were not displayed but instead showed michael.williams9888 as his “user name” you could find his “user number through the URL of any of his images.
  • 39. Using the Facebook User Number • Once the “user number” is identified you can manipulate the URL for Facebook to provide you with search results for only your Michael Williams and not every Michael Williams on Facebook. • This URL produces photos posted by the subject. • This URL produces photos the subject is tagged in. • This URL produces posts the subject is tagged in. • This URL produces photos the subject has commented on.
  • 40. Why do you care about these searches? • Behavior Analysis – If we can understand who the subject is, what makes them tick, and what is important to them, we can better investigate a claim. • All of these searches offer up a piece of the puzzle into “who” Mr. Williams is as a person. • With these pieces (many or few) we will have certain advantages when it comes to surveilling Mr. Williams should it be needed.
  • 41. Twitter • Each website has a different protocol to follow but there are additional searches that can be run. • There are other websites that make it easier to find information on Twitter. • Foller.me – strips biographical info from a profile as well as join date. • Moz.com – allows you to analyze followers to see overlap between up to three profiles to find common links. • This search allows me to get all tweets within 1km of a lat/long. • This search strips out just media posts by the subject to remove “re-tweets” • This search strips out just outgoing tweets • This search strips out just incoming tweets
  • 42. What does the future hold? •Web Scraping/Intelligence Aggregation • Data Importation •AI/Automated Searches •Data Visualization •Image Searches
  • 43. Web Scraping • Web Scraping (also termed Screen Scraping, Web Data Extraction, Web Harvesting etc.) is a technique employed to extract large amounts of data from websites whereby the data is extracted and saved to a local file in your computer or to a database in table (spreadsheet) format.
  • 44. How do we use this information? • Identify current address • Locate common locations and habits • Identify friends/relatives locations • Locate employment • Create graphical displays (link analysis) – Visual Data
  • 46. Timeline Elements • Social Media Images/Videos • Events • Criminal Records • Court Dates • Vehicle Sightings • HUMINT • Hospital/Pharmacy Records • Additional collisions • Law Enforcement Contacts • Hunting/Fishing Licenses • Vehicle or Home Purchases • Employment Dates • Education Records
  • 47.
  • 48. • Adam Groth • Daniel Klimek • Info@claimspi.com • 888-989-2800