Chapter 10: Online Investigations & Digital Footprinting

Welcome to Last Minute Lecture.

This free chapter overview is designed to help students review and understand key concepts.

These summaries supplement not replaced the original textbook and may not be redistributed or resold.

For complete coverage, always consult the official text.

Welcome to the Deep Dive.

You know, when you think about how much information is just

out there online, it's kind of staggering.

A whole interconnected world.

It really is vast.

And today, we're going to explore what it actually takes to navigate that world properly when you're looking for something specific.

Maybe understanding online risks, doing research, things like that.

Definitely way more involved than just, you know, typing a few words into Google.

Exactly.

Yeah, those basic searches, they give you a starting point, sure, but a real online investigation, that's systematic.

It's careful.

So we'll be digging into the methods, things you need to consider to find and understand online info responsibly.

The goal here is to give you a much clearer picture of how this work actually gets done.

Okay, so to kick things off, we've been looking at this framework, and it starts with something called online undercover investigations.

When we talk about a formal online investigation,

what does that really mean?

What are we trying to do?

Well, at its heart, it's a methodical search online, right, with a clear objective.

It's not just finding stuff.

It's also about securely documenting what you find, carefully figuring out if it's relevant, and then, you know, presenting those findings clearly.

It's all about being thorough, strategic.

And it's kind of wild how much real world impact online stuff can have, isn't it?

We've seen these cases where people face pretty serious consequences for things they just posted online.

Oh, absolutely.

You think about Arthur Love losing his job over Facebook posts or that Starbucks employee, Eli, fired after a TikTok.

Yeah, I remember that.

And they're not just one -offs.

That legal case, Ellis versus Bank of New York Melancor, that really cemented the idea that employers can act based on what employees do online.

It just shows our digital footprints.

They have real weight in our professional lives.

Okay, so here's where it gets really interesting for me.

This kind of deep online work, it isn't just for law enforcement anymore, is it?

Other organizations are doing undercover online investigations, too.

Why?

What's the driver there?

Yeah, that's a good point.

There are various reasons.

It could be a company trying to understand a competitor's moves, you know, opposition research, or maybe they're trying to track down someone stealing services or intellectual property, even identifying potential security threats before they blow up.

Makes sense.

Basically, if an organization needs to gather info discreetly online, yeah, undercover work can be a way to do it.

Okay, but if you're going undercover online, it sounds like you have to be incredibly careful, like super careful about not leaving any trails back to your real self, which brings us to this idea of undercover platform preparation.

Why is that so vital right at the start?

Oh, it's absolutely fundamental.

You're essentially trying to create a totally separate digital bubble for the investigation.

Right.

Any little piece of data linking, backtracking, cookies, browser history, even malware on your regular computer could potentially expose your cover and compromise everything.

Exactly.

The whole thing could be compromised.

So what are the key steps then?

How do you prepare a truly clean platform for this?

Well, you've got a few options.

You could maybe use a personal device or one the organization provides.

But ideally, you start with brand new hardware.

But whatever you use, the critical part is making sure it's spotless.

If it's been used before, that means wiping the hard drive completely.

A full wipe.

Yeah, a full wipe, fresh install of the operating system, and only the apps you absolutely need.

And once it's set up, that machine is only for the investigation.

No mixing.

Prevents cross contamination.

Precisely.

And it's not just the device itself, is it?

Your network connection matters too.

How do you handle that?

That's right.

Network protection is key.

You keep threats out.

And using a VPN, a virtual private network, is pretty standard.

It encrypts your traffic, masks your real IP address,

makes it way harder to trace you.

Right, obscures your location.

Yeah.

And for situations needing even more anonymity, like maybe accessing

certain parts of the web,

the Tor network is another option.

It bounces your traffic around multiple servers.

Adds more layers of obj station.

Okay, so you've got this secure digital space.

Clean machine, protected connection.

Now the really creative part, building your online persona.

This sounds almost like acting.

How do you make it believable?

It does feel a bit like that.

And making it credible, consistent, that's vital.

It involves a few careful steps.

First up,

a disposable email address.

Okay, temporary emails.

Right.

Accounts you use just for this, then you can just ditch them.

Protects your real email.

There are services like Tentmail, Gorilla Mail,

Tutanota, Protonmail too.

Gorilla Mail sounds interesting.

Yeah, Gorilla Mail's neat because it just gives you a random address when you visit the site.

You can customize it a bit too.

The main thing is that layer of separation it provides.

Got it.

And what about money?

If you need to make a transaction, you obviously can't use your normal bank account.

What are the untraceable options?

Exactly.

Personal accounts are a direct link.

So this is where cryptocurrencies can come in.

Bitcoin is the obvious one.

But even things like Dogecoin, you know, the mean coin.

They can be used for transactions where you want anonymity.

The blockchain tech behind them offers some privacy.

Okay.

What else?

Peer to peer apps like Cash App, Venmo, Zelle get mentioned.

But you have to be careful because sometimes they can be linked back.

Prepaid cards are another good option.

Often you don't need ID to buy.

That's another buffer.

Okay.

So how do you actually

flesh out the details?

The name address, all that stuff for the fake persona.

Yeah, this is where it feels a bit spy novel -ish.

There's a website called fake name generator.

It's surprisingly powerful.

Really?

What does it generate?

Names, addresses, phone numbers, fake email addresses, even things like a mother's maiden name.

It can also generate credit card numbers that look real syntactically correct.

But obviously they aren't real accounts.

Don't try using them.

Right.

Definitely don't do that.

You can even customize by nationality, gender.

The doctor points out kind of musically, you can even pick things like hobbit or ninja names just to see what it does.

Hobbit names.

Okay.

That's thorough.

And profile pictures.

You can't use your own or anyone real.

Correct.

For that, the chapter highlights a site called this person does not exist.

It uses AI to generate completely unique, realistic looking faces every time you refresh.

Wow.

AI generated faces.

Yeah.

The results are often incredibly lifelike.

Very useful for building that believable online presence without using a real person's photo.

Okay.

So you've built this credible fake identity online.

What about communicating using phones?

That's so common.

How do you stay anonymous there?

Yeah.

Mobile is critical.

The suggestion is pay as you go phones, burner phones, basically.

Right.

You can buy service without needing tons of personal info.

Mipmobile is given as an example, showing their plans and phone options.

And digital tools.

On the digital side, there are apps like fake caller ID lets you mask your number when calling, maybe change your voice, sometimes even with record calls.

Ah, but recording calls, that brings up a big legal issue, doesn't it?

Consent laws.

Yes.

Absolutely crucial.

The laws in the US vary by state.

Some are one party consent states, meaning if you, the recorder, consent, it's generally okay.

But not everywhere.

Right.

Other states are two party consent, meaning everyone on the call has to agree to be recorded.

The chapter says there are 12 states like that specifically.

Good to know.

And think about it.

Even businesses recording calls usually give you that this call may be recorded.

Oh.

Notice, right?

Continuing implies consent.

So yeah, anyone doing investigations involved in recording needs to be super aware of the specific laws where they operate.

Definitely a legal minefield to navigate carefully.

Okay.

So you've done the undercover setup.

Now let's say you've identified someone, a target.

The next phase is background searches.

What's the main aim here?

The goal now is reconnaissance, basically.

Gathering as much publicly available info, open source intelligence, or OSINT about that target as you can.

Okay.

It helps you build a profile, see their connections, find details relevant to your investigation.

And what kinds of specific info are you looking for in these searches?

Well, the chapter lists things like full names, maybe both dates, current and past addresses, their activity on social media, professional memberships, online groups they're in, forums, communities, that sort of thing.

Trying to paint full picture of their digital life.

Exactly.

Their digital footprint.

But it can get tricky, right?

Especially with common names.

How do you sort through all the John Smiths online?

That's a huge challenge.

The chapter points out that finding a specific email address linked to your target can be a game changer.

It really helps narrow things down.

Ah, the email address as a key identifier.

Makes sense.

But what if you have an email, but you're not sure if it's, you know, real or active, how do you validate it?

Good question.

There are online services for that.

Tools like EmailHippo, Hunter, VerifyEmail, HueXML API.

Yeah.

They check if the format is right, if the domain can receive mail.

So they ping the server basically.

Sort of, yeah.

They run checks.

The example uses HueXML API to show how quickly it can confirm if say badguy27 at yahoo .com is a

Okay, interesting.

So you know the email exists, but has it ever been compromised?

In a data breach, why check that?

Knowing if an email showed up in a public data breach gives you context.

Maybe reveals other associated accounts or info.

Where do you look for that?

Sites like Pastebin sometimes have leaked data.

But there are dedicated breach search sites too, like PSBDMP, Have I Been Porned,

and Spy Cloud.

I've heard of Have I Been Porned.

Yeah, it's well known.

The chapter shows searching badguy27 at yahoo .com there and finding it in the old MySpace breach and the Gravatar breach.

Wow.

And this is important.

Just because an email was in a breach doesn't mean the account is compromised now.

It's just a flag, a potential risk.

You'd need to investigate more.

Right.

Doesn't automatically mean it's hacked today.

Got it.

What about usernames?

How are they useful?

People often reuse usernames, right?

Across different sites.

For convenience, maybe habit?

Yeah, I do that sometimes.

So if you know a possible username, you can search for it everywhere.

Social media, forums, and see where else it pops up.

It's a good way to link different online activities to one person.

And are there tools to help with that search?

Yep.

The chapter introduces

knowhamknowham .com.

It specifically searches a username across tons of social networks and platforms.

You type in the username, say badguyneedslove, like in the example, and knowham checks if it's taken or available on each site.

It quickly found an active Facebook account with that name in the example.

That could be really useful for mapping things out.

So besides specialized tools like knowham, what about just general people searching?

Well, you can always start with Google, obviously.

But you might get buried in irrelevant stuff.

That's why dedicated people search engines exist.

Right.

The ones that aggregate public records.

Exactly.

They pull together publicly available info, often give you basic details free,

then charge for a full report.

And the chapter listed a few.

Yeah.

Names like true people search, white pages, zeva search, people search now, spokeo.

It then uses true people search as an example of how they generally work.

So what kind of info might you find on true people search, for instance?

You can search by name,

phone, or address,

and potentially find their current address on a map, phone numbers,

past addresses with dates, current emails,

maybe lists of possible relatives, associates, even businesses they're linked to.

Wow, quite a bit.

Yeah.

The chapter really stresses.

Validate anything you find.

These sites can have old info, wrong info, false positives.

Always double check.

And use multiple people search engines.

Don't rely on just one.

Good advice.

Cross -referencing is key.

Okay.

So you've gathered all this information.

Now, the absolutely critical step, preserving online communications.

Why is documentation so vital?

The chapter puts it bluntly.

An undocumented investigation might as well never happen.

True though.

Yeah.

If you ever need to present findings, internal report, legal case, whatever you need, solid documentation.

And that includes recording stuff that doesn't fit your theory too.

Not just the supporting evidence.

Keep everything.

A complete record.

So what are the basic ways to preserve this stuff?

Screen captures.

Screen captures are fundamental, but the key is focus capture the specific thing you need, not your whole messy desktop.

Mac OS has its screenshot tool.

Windows has snipping tool or snip and sketch.

Easy to use.

What about video?

Video recording your screen is another option, especially for dynamic stuff.

QuickTime on Mac or Windows key plus alt plus R on Windows.

Just be careful you don't accidentally record audio.

You shouldn't.

Good point.

And the Edge browser actually has a built -in capture tool too.

Control plus shift plus S.

Handy.

Okay.

But for really comprehensive capture, the chapter highlights a tool called Hunchly.

What's special about it?

Hunchly is designed specifically for investigators.

It's a Chrome extension and when it's running, it automatically logs the pages you visit, the searches you do, timestamps, everything.

So it automates the logging.

Yeah, but it does more.

It also tries to automatically pull out embedded data from webpages, email addresses, IP addresses, Google analytics codes, Facebook tracking stuff, even GPS coordinates if they're hidden in the code.

Whoa, that's powerful.

It is.

The example shows visiting the AKC website and Hunchly just grabbing all that background data automatically.

And it'll let you export everything, pages, data, your notes into a nice PDF report.

Very useful for creating case files.

Are there other tools like Hunchly?

Yeah, the chapter lists others.

Fireshot, HTTrack, Web2Disc, Sitesucker, X1 Social Discovery, Eyewitness, FAW, a whole range.

Different costs, different features, I assume.

Exactly.

Some are free.

Some are paid with support.

The point made is whichever tool you use, you need to understand a bit about how it works to make sure you're actually capturing what you think you are accurately.

Makes sense.

Understand the tech behind the tool.

Okay, wow.

We've covered a lot of ground in this deep dive.

Can we do a quick recap of the main areas?

Sure.

So we really look at the foundations of online investigations.

Started with undercover work, the absolute need for a clean platform, how to build that believable online persona, using things like disposable emails, maybe crypto, fake name generators, AI photos, anonymous phones.

Right, the setup phase.

Then we move to background searches, gathering that open source intelligence, how to validate emails, check for breaches, using tools like Have I Been Prowned, using usernames with tools like Noem, and leveraging those people's search engines like True People Search.

The reconnaissance part.

And finally,

the crucial step of preserving everything, screen captures, video, browser tools, and especially comprehensive capture tools like Hunchly, documenting the evidence.

And there were some really key warnings or takeaways threaded through all that, right?

Absolutely.

Big one.

Yeah.

Never use your personal online identity for investigations.

Protect yourself.

Critical.

Also, the reality that most people do have some kind of digital footprint these days.

It's usually there to find.

And maybe the most important thing, document everything.

Every step, every finding, positive or negative.

Undocumented work is basically worthless in any formal sense.

Couldn't agree more.

If it's not documented, it didn't happen.

The chapter even gives a little teaser about networking basics coming up next and how understanding data flow helps find digital artifacts.

And for digging deeper, it recommends Bazell's open source intelligence techniques and Troy's hunting cyber criminals.

Great resources.

Yeah.

Both excellent reads for anyone serious about this field.

Plus, there's that Discord community link for more discussion.

Right.

So as we wrap up this deep dive, here's something to think about.

Our lives are just getting more and more connected online, right?

Constantly.

How does that keep changing the game for online investigations?

The methods, sure, but also the ethics, the responsibilities.

What new challenges pop up as the tech evolves,

both for investigators and just for us navigating this digital world?

That's a really good question to ponder.

The landscape is definitely always shifting.

It is indeed.

Well, thanks for joining us for this exploration.