CSI: Internet © 2012 Henk van Ess henk@vaness.nl Site: http://www.searchbistro.com Phone (US): +1 (225) 341-7595 Skype: searchbistro

Why Forensic Internet Research?

(1) find peopleYou can try to contact the author directly. No need to contact PR yet. You can make assumptions about the author his/her place in the hierarchy of the organization

(2) create leadsRevisions and drafts can reveal sensitive data by comparing them with the final versions. You can get a glimpse of meetings behind closed doors, as I showed you with LaSalle, Calipari and Blair.

(3) verify information Compare hidden author names with supposed names. (4) track emails

You can actually track location and nationality (< 70%) of web mail (Hotmail, Yahoo, Gmail).

How to find metadata in Office documents

Open any Microsoft Office Document. Click File->Properties (older then Office 2007) or Prepare –> Properties -> Advanced Properties (2007 or above). Start reading the boxes. If the name is grey, it’s mostly a technical guy who installed the macro’s. If the name is in black, you can start checking the person’s name. What can you find?

• Text from other documents open at the same time • Previously deleted text • E-mail headers and server information • Printer names • Data about the machine where the document was written • Where the document was saved • Word version number and document format • Names and usernames of document authors • E-mail address of author

You won’t find the author history as I showed you with Blair’s letter. For this, download special software:http://www.stellent.com/en/products/outside_in/clean_content/p88012218

How to unblock blacked out information in PDF

(Only if human errors are made)Open the PDF. Click Control-A, then copy the text with Control-C. Paste it with Control-P in Microsoft Word.

How to find blocked sites in Archive.org

Zelnorm example: they redirected the archived pages. Try http://web.archive.org/web/*/zelnorm.com/* to get every link of any given site (replace zelnorm.com by your site). Shorten your list by examining the link: http://web.archive.org/web/*sr_11nr_10/http://zelnorm.com/* Now change the number behind sr into a higher number, f.e.:http://web.archive.org/web/*sr_296nr_10/http://zelnorm.com/*

Interesting folder found? Type the whole folder into archive.org, f.e. http://zelnorm.com/hcp/images Do URL-slashing if it doesn’t work at once, so http://zelnorm.com/hcp

The beauty of robots.txt

Examine www.whitehouse.gov/robots.txt or www.google.com/robots.txt. Track changes with Website Watcher,http://www.aignes.com/download.htm. If a new source is added, you can see it as one of the first.

The art of comparing drafts and final versions

Go http://www.softinterface.com/MD/Document-Comparison-Software.htm

Tracing mail

Is your message opened? Is your message forwarded, if yes, to whom (<10%)? Where is the recipient? What language has his pc? Use this special link http://www.readnotify.com?from=toronto2007. It will cost you $36 a year.

Want me on your work for a full day of CSI: Internet with more great tools? Contact Henk van Ess henk@vaness.nl or go to www.voelspriet.nl/contact.htm. Phone (US): +1 (225) 341-7595