ACEDS course on Cyberintelligence
You can accumulate credits for your ACEDS certification by taking an online course offered on the ACEDS site. Roy Zur is the CEO of CyberInt, and a retired major with the Israeli security forces, who teaches a course entitled, Cyber Intelligence Tools to Empower All Aspects of Litigation. Here are some brief notes I took while taking the course.
Zur divides Cyber intelligence into 7 groups:
1. Advanced Search Abilities 2. Profiling and Deep Due Diligence 3. Hidden Data Uncover & Recover 4. Digital Evidence and Metadata 5. Geo-Location 6. Trend Analysis and Statistics 7. Dark web and criminal trade
Make a distinction between the World Wide Web, (what you can search in Google); the Deep Web (everything that is not indexed) ; and the Dark Web (site with criminal activity).
Zur described how Facbook LIve can show you the location of all of the people who are watching a particular video. The source page lists the exact location of all viewers. He also highlighted a site called Black Book Online, which leads you to white pages, campaign contribution and corporate records databases where you can find information on an individual. Zur is a big fan of Google reverse image search, see the Tip of the Night for December 13, 2015, and noted that it has recently improved its algorithm.
He noted that Dark Web sites often have a long alphanumeric sequence followed by the extension .onion for the Tor browser, such as http://uxxasdkkxtrzppvv.onion,
One can find who registered a web site on a who is site such as, https://whois.icann.org/en. It will give you information about a registrant's organization, IP addresses, server type, IP location, and so forth Reverse whois lookup search engines, can be used to search for registrant user names and find out if legitimate sites belong to someone who may have more covert sites.
The metadata for photos shows which camera was used, where the photo was taken, and when the photo was taken.
Facebook automatically removes metadata for photos which are uploaded to it.
The Save Page Now option in the Wayback Machine, allows a version to be downloaded that can be edited.
Wikipedia is another unlikely, but useful cyberintelligence tool . Wikipedia archives uploaded data indefinitely even if someone else deletes it. You can tell if a subject edited detailed information about its own entry on Wikipedia.
The Lumen database collects and analyzes user complaints for the removal of online data.
The Social Bearing site can be used to filter tweets and other social media posts to show which are made from particular locations.