In this new era of cyber investigations, there are many pitfalls to avoid while conducting online investigations. Spending the time up front to understand some of the biggest mistakes cyber investigators have made over the years you can make will save you from not making the same mistakes.
Not correctly identifying your person of interest: One of the single biggest investigation mistakes online investigators have made in the past is not correctly identifying their person of interest.
Best practice is to ensure the person you identify is in fact the person of interest you are looking to gather intelligence on. Check gender, race, location, religion, friends, family, car, pictures, etc. to what you know about the subject through additional OSINT.
Not running a background check on the person: The second biggest mistake online investigators have made in the past is not running comprehensive background checks on their person of interest.
Best practice is to utilize services like TLO, Accurint, Lexus Nexis and others. This will help you to identify family, acquaintances, addresses, schools, jobs, cars, and more.
Not recording the criminal information you identified online at the time of discovery: Another one of the biggest mistakes online investigators have made in the past is not using screen recording software to record their investigative activities. This has haunted many investigators over the years that have either identified valuable information that was later removed, or second not knowing the information was valuable at the time and was later removed.
Best practice is to utilize screen recording software like camtasia studio to produce good quality investigative recordings and digital evidence.
Not spending time identifying additional accounts, profiles, etc. on multiple websites. Last but not least, I think one of the biggest mistakes that are often made by online investigators is not seeing the case to completion or identifying additional accounts across the internet. This means that often times its easy for an investigator to find an eBay seller with stolen goods, but where they fail is to identify any potential other accounts that fraudster has like additional ecommerce accounts (in their name, a friends name, families name), or Facebook accounts, Craigslist accounts and so on. They often get so excited about finding the main account they fail to find additional sources of criminal activity or intelligence.
Best practice is to use google advance searches to identify additional accounts utilizing the site: search function like this for a simple phone number search to identify additional accounts.
- 309-255-4525 Site:facebook.com
- 309-255-4525 Site:craigslist.org
- 309-255-4525 Site:ebay.com
Or if you use variations of a sellers ID it might look like this:
- Joesshack site:ebay.com
- Joesshack site:craigslist.org
- Joesshack site:ubid.com
Utilizing some of these simple investigative techniques will save you from years of frustration. It will help to identify the totality of the impact to your organization, client or citizens, and help you to correctly, efficiently and effectively gather the appropriate intelligence you need at a time when you need it the most.