LITIGATION SUPPORT TIP OF THE NIGHT

You can accumulate credits for your ACEDS certification by taking an online course offered on the ACEDS site. Roy Zur is the CEO of CyberInt, and a retired major with the Israeli security forces, who teaches a course entitled, Cyber Intelligence Tools to Empower All Aspects of Litigation. Here are some brief notes I took while taking the course.

Zur divides Cyber intelligence into 7 groups:

1. Advanced Search Abilities 2. Profiling and Deep Due Diligence 3. Hidden Data Uncover & Recover 4. Digital Evidence and Metadata 5. Geo-Location 6. Trend Analysis and Statistics 7. Dark web and criminal trade

Make a distinction between the World Wide Web, (what you can search in Google); the Deep Web (everything that is not indexed) ; and the Dark Web (site with criminal activity).

Zur described how Facbook LIve can show you the location of all of the people who are watching a particular video. The source page lists the exact location of all viewers. He also highlighted a site called Black Book Online, which leads you to white pages, campaign contribution and corporate records databases where you can find information on an individual. Zur is a big fan of Google reverse image search, see the Tip of the Night for December 13, 2015, and noted that it has recently improved its algorithm.

He noted that Dark Web sites often have a long alphanumeric sequence followed by the extension .onion for the Tor browser, such as http://uxxasdkkxtrzppvv.onion,

One can find who registered a web site on a who is site such as, https://whois.icann.org/en. It will give you information about a registrant's organization, IP addresses, server type, IP location, and so forth Reverse whois lookup search engines, can be used to search for registrant user names and find out if legitimate sites belong to someone who may have more covert sites.

The metadata for photos shows which camera was used, where the photo was taken, and when the photo was taken.

Facebook automatically removes metadata for photos which are uploaded to it.

The Save Page Now option in the Wayback Machine, allows a version to be downloaded that can be edited.

Wikipedia is another unlikely, but useful cyberintelligence tool . Wikipedia archives uploaded data indefinitely even if someone else deletes it. You can tell if a subject edited detailed information about its own entry on Wikipedia.

The Lumen database collects and analyzes user complaints for the removal of online data.

The Social Bearing site can be used to filter tweets and other social media posts to show which are made from particular locations.

The Center for Internet Security's Configuration Assessment Tool can be downloaded for free here: https://learn.cisecurity.org/cis-cat-landing-page

After downloading it simply click on the 'CIS-CAT.BAT' file to run the program.

The Center makes benchmarks available for a variety of operating systems and applications.

The software will generate a report showing whether or not a system passes security tests.

Kaspersky Lab has been widely regarded as a reputable cybersecurity firm, by security experts like Senseient and leading electronic discovery vendors like Kroll. In 2016 it had the largest market share in Europe of any cybersecurity vendor. Here on Litigation Support Tip of the Night, Kaspersky's password checker and anti-virus software has been recommended. I can no longer endorse their products.

As the New York Times has reported Kaspersky's antivirus software, which requires complete access to a PC's hard drive, has been used by Russian intelligence to gain access to government documents improperly stored on the home computers of government employees. On September 13, 2017, the Department of Homeland Security ordered all government agencies to uninstall Kaspersky software.

The Times report described findings by Israeli intelligence showing that Russian government agents were able to use Kaspersky software as a tool to search millions of computers.

As you can see from the patent posted here, Kaspersky uses a method called silent signatures to look for malware. Silent signatures let malware detention be deducted in stealth mode, but can also be used to search a hard drive for keywords.