The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 1

Internet Profiling and Intelligence Gathering Instructor: Michèle Stuart

JAG INVESTIGATIONS INC.

8490 S. Power Road Suite 105-146 Gilbert, Arizona 85297

(480) 988-2580

Michele@jaginvestigations.com

www.jaginvestigations.com

Online Trackers: Article about being tracked: http://www.digitaltrends.com/computing/how-do-advertisers-track-you-online-we-found-out/ Download: Collusion Ghostery Internet Protocol Address: “This number is an exclusive number all information technology devices (printers, routers, modems, et al) use which identifies and allows them the ability to communicate with each other on a computer network. There is a standard of communication which is called an Internet Protocol standard. In laymans terms it is the same as your home address. In order for you to receive snail mail at home the sending party must have your correct mailing address (IP address) in your town (network) or you do not receive bills, pizza coupons or your tax refund. The same is true for all equipment on the internet. Without this specific address, information cannot be received.”

DYNAMIC: One that is not static and could change at any time. This type is issued to you from a pool of addresses allocated by your ISP or DHCP Server.

STATIC: One that is fixed and never changes. This is in contrast to a dynamic IP address which may change at any time.

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 2

ANONYMIZERS will help access the internet while protecting your personal information from disclosure. An anonymizer protects all of your computer's identifying information while it surfs for you, enabling you to remain at least one step removed from the sites you visit. A good whitepaper on this: https://www.sans.org/reading-room/whitepapers/detection/surfing-web-anonymously-good-evil-anonymizer-33995 http://www.techspot.com/downloads/5301-surf-anonymous-free.html https://www.anonymizer.com/ www.vpn4all.com/ www.Hidemyass.com

www.torproject.org/ https://www.torproject.org/projects/torbrowser.html.en

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 3

CELLULAR SECURITY AND COMPROMISES:

Android market is unregulated – Always read the terms before agreeing to installation!

“Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware. iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.” – SYMANTEC.COM Android released its new operating system called MARSHMALLOW. It will allow the user the ability to control app access and allow the user to use your fingerprint as a password. https://www.android.com/versions/marshmallow-6-0/ However, currently marshmallow is running on only 0.3 percent of active devices. ”Android Marshmallow's release date is more complicated than iOS. Remember now it has launched it doesn't necessarily mean you'll have instant access to it. In fact, you probably don't. It's down to device manufacturers and in some countries like the US carriers spend quite a bit of time with the new software before treating their phones and tablets to it.” http://www.techradar.com/us/news/software/operating-systems/android-m-release-date-when-can-i-get-it--1297182 APLLIE IOS 9 – released an awesome security guide to walk you through the system: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 4

However, remember nothing is safe if you allow the compromise! PROTECT YOUR PHONE:

Lookout Malwarebytes Avast AVG Avira 360 Security Stealth Texting Apps - examples

During the course of an investigation, you may be trying to determine HOW individuals are communicating. We used to be able to view a phone bill to determine this information; however, now there are hundreds of encrypted communication applications that can be downloaded to a person’s phone or tablets that allow them to ‘speak’ anonymously. As mentioned, before ever installing any of these you should always research them first. These are provided as just a few examples that are available: TextSecure Kryptos THREEMA Enssages Babel Cryptocat Phone X Secure Calls Messages StitMe Silent Text2 RedPhone Surespot ChatSecure Silent Phone

To find apps that are currently popular use www.appcrawlr.com

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 5

CELLULAR APPLICATIONS THAT PROVIDE GEOLOCATE: TWITTER: Streamdin Map for Twitter Vizible TweetsNearby Twizgrid Twitmap Panaramio Meetweet INSTAGRAM: Mapgram Instalook Instabam SEARCH WARRANT / SUBPOENA INFO: http://www.search.org/resources/isp-list/ The ISP List is a database of Internet service and other online content providers that will help you get the information you need for your case. For each Internet Service Provider listed, you’ll find the legal contact information and instructions needed to serve subpoenas, court orders, and search warrants. METADATA / EXIF: http://www.imageforensic.org/ http://www.getghiro.org/ http://regex.info/exif.cgi http://imgops.com/ http://camerasummary.com/

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 6

ACTIONABLE INTELLIGENCE: We need to define information that rotates around the subject of the research. Family, friends, work, education, sporting activities and hobbies as well as current and/or old addresses and telephone numbers. www.advancedbackgroundchecks.com www.thatsthem.com

www.whitepages.com http://neighbors.whitepages.com/

a. Will give you neighbors names and phone numbers (spouses and children) b. Allows you to see who is around an address for FREE c. Will not give you an unpublished number

** Remember to look at this information in relation to the neighbors maintaining social platforms which may be able to point you to your subject’s own personal social platforms. Cell Phones: Determine Carrier and Type

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 7

FREE PHONE LOOKUP – for carrier http://exigentinfo.us/ www.ZetX.com

Trapcall.com http://www.trapcall.com

Allows you to unmask blocked calls Shows who/number that is calling from a blocked number Always know who is calling

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 8

Spydialer.com **** MAKE SURE TO SIGN UP! http://spydialer.com

Only works on Cell Phones will not do landline number and sometimes VOIP Phones The phone will not ring and NORMALLY will go directly to voice mail From http://spydialer.com

WHAT IS SPY DIALER? Spy Dialer is the newest, fastest, SNEAKIEST free reverse phone lookup on the web. Say you have a missed call or some other cell phone number and you need to know who it goes to WITHOUT calling it. Finally, there's a free cell search that is REALLY a free cell phone search. It will go directly to the voicemail of the phone number and you'll hear whose cell phone it is and it will be confidential and anonymous so your privacy is protected! Cell phone number lookups are not cheap if you're going to pay for a cell number search. For a truly FREE cell phone lookup use Spy Dialer -- it's sneaky BUT legal!

DISCLAIMER: Sometimes it may actually ring through and tell the person they have been spydialed. The number that shows will be a voip number.

SEARCH ENGINES: http://en.wikipedia.org/wiki/List_of_search_engines Google.com metacrawler.com Bing.com excite.com Zabasearch.com mamma.com Aol.com webcrawler.com Yahoo.com Blekko.com Deeperweb.com

Qualifying Search Engine Searches:

Always qualify your searches on search engines with Quotes to qualify your searches.

Use the Minus Symbol (-) to take away from a search to limit what you want searched for - “michele stuart” –pies

To search site specific:

For Example: “ipad 3” site:craigslist.org Phone Number Example: “ 602 262 8712” site:craigslist.org Facebook Example: "michele stuart" site:facebook.com

Limit the Date Range: How to find old adds such as Craigslist adds which have been cached – remember this can be found on Google under ‘show search tools – customize date search

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 9

Google Alerts: Google Alert will do a Search for you at set times, like each day, when things are posted about your subject. Google will do the search for you, and then alert you, by email.

How to run an Email Address through a Search Engine: Run all 3 ways

“Msbatgirl@mindspring.com” “msbatgirl@” “msbatgirl”

http://www.googleguide.com/advanced_operators_reference.html

Facial Recognition Software Google Images: will use Facial Recognition Software to find other places on the Web with a Name Associated with the picture and other websites where you have Tagged.

1. Go to Google.com 2. Go to Images 3. Go to the Camera Icon 4. Upload the Image of the person that you want to find their Identity 5. Always use frontal Images if possible 6. Crop out other People

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 10

Google Goggles: Scans popular Images

Persons Places Things

Other Languages Search: Will give you the search in multiple languages such as English and Spanish. http://sobotong.com/ or http://www.2lingual.com/ Meta Search Engine Searches: Searches multiple search engines at one time. www.Turboscout.com www.Dogpile.com www.zulu.com www.infospace.com Visual Search Engines

Gives you a Full Slide Show View of the Sites that were located rather than just a link. www.spacetime3d.com

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 11

PUBLIC RECORDS:

Property records/ Foreclosures Court Records

Criminal, Civil, Family, Probate, Bankruptcy Licensing

Medical, real estate, contractors ect… Corporations, Partnerships, UCC's

Traffic Tickets, Newspaper articles, Warrants County Records Search: Do these in the Order They are Listed

Tax Appraiser Website Will give Property Owned by Subject Will give Addresses for the Property Will give Address of where the tax bill is sent.

If the physical address and where the tax bill is sent is different: Find out Why????

For Females, you must go and extra step and find the ex-spouse and current spouse to find all property, assets, civil suits, and other legal documents that have been filed under that spouse’s name.

Recorder’s Office can include but not limited to: Military Records DD214 Financial Statements Deeds of Trust / Mortgages Quit Claims State / Federal Tax Liens / Medical liens Power of Attorney

Civil court / Family court Look for All Civil Cases and Family court cases Look for Children Names: To be used to look for information on Facebook Look for Name Changes

Remember to search all courts and corporate / ucc records

http://PublicRecordCenter.com

Do not go to the advertisement search bar (Paid) Do not go to the columns on the Left or Right (not really useful) Stay in the center section Will give you the Phone Numbers for the County or City Public Office

Small Towns: Always Contact the Town Clerk and Librarian. Check Library Records for the subject Children's Names Check the Post Office

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 12

Legal Name Changes Always Confirm Legal Names and Given Names. People will change their name and this may not link to past documents. You must run both names to get all information.

BlackBookOnline.info http://blackbookonline.info/ many ‘off type’ open source sites for records

City to County Converter: Will give you the County if you know the State and City. Gives other Public Records Sites for that County that you can search such as property appraiser, tax office, courthouse, animal control, arrest database, jail archives P.O. Box Locator: Will not give you a name but will give you the geographical location of the P.O. Box.

International Investigations www.SearchEngineColossus.com State Searchable Databases Put this link into your Browser Search Line - Searchable database site: state.fl.us

TIME TO BE FAKE:

Alibinetwork.com http://www.alibinetwork.com

Will set up Virtual Employment Show Fake Employment Records Virtual Office Addresses Fake Business Cards

Fake Doctor Notes Can send emails from your personal email making it look from anywhere in the world. Will give fake receipts, sporting tickets, and other fake dated materials. Will set up Virtual Business Conferences to allow you to fake business trips, to include fake certificates.

Set up untraceable phone numbers, that they will answer for you. www.fakenamegenerator.com http://www.identitygenerator.com/ Creates fake names, addresses, email addresses, usernames, passwords, mother’s maiden name, jobs ect…. http://sortedbyname.com

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 13

TEMPORARY EMAIL ADDRESSES: www.Fakemailgenerator.com www.10minutemail.com www.Mailinator.com How is Mailinator different than some other web email, like Yahoo or Hotmail?

Mailinator is fundamentally quite different from other services. Other services let you "own" email addresses. Not here - at Mailinator all email addresses are owned by everyone. All email is public. Also, email services like Gmail or Yahoo allow you to actually send email - Mailinator is "receive-only". You cannot send email from Mailinator. After several hours, all email is auto-deleted. There is no real security here.nThe upside is that Mailinator does not require sign-up. Send email to a name, and the account is created automagically. In a nutshell, other services provide more functionality but require a sign-up (which takes time, even if you falsify all the information anyway). Mailinator provides less, but requires no sign-up.

Rental Car Companies - http://enterprise.com http://hertz.com

www.BinDB.com https://www.bindb.com/

With a Credit Card Number can get the issuing bank information.

DOMAIN TOOLS: www.domaintools.com www.whois.com www.networksolutions.com

Will give all the information from the person who registered the domain. (remember a domain CAN be annonymized) Usually will give email addresses, phone numbers, and possibly physical addresses of the person and or cooperation that registered the domain.

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 14

BLOGS

Blogs are personal postings, diaries, or journals that discuss anything you can imagine. Also used by many companies to keep the public and employees informed. Time Frames: The Age of the BLOG does not matter as it may contain names of children or associates. Those names will not change. Many Blogs are cached and can be there FOREVER.

BLOG SEARCH ENGINES: http://www.blogsearchengine.org/ https://www.google.com/blogsearch http://www.ljseek.com/ http://blogs.icerocket.com/

ARCHIVED INFORMATION SEARCH SITES: www.archive.org

www.screenshots.com Will document a Website from the date it begins being captured.

It will allow you to view a Website like it was on the date that it was captured.

ChangeDetection.com: Will tell you if a webpage has changed and will notify you when a website changes. SEARCH ALL CRAIGSLIST: AdHuntr.com : Will search all of Craigslist, EBay, Amazon, and several other Web Based classified sales sites. www.adhuntr.com/ www.searchallcraigs.com relays to www.searchalljunk.com/ **** "CHEAP" means possible "Stolen" Look at headers with the Word "Cheap" ****

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 15

PEOPLE SEARCH SITES: www.pipl.com www.zabasearch.com POLITICAL CONTRIBUTION SITES: http://www.fec.gov/pindex.shtml -- This site will provide the actual FEC filing which will provide subject’s name, address and employment Arrest Records/Mug Shots Criminal Searches: Criminal History Check gives you a soft search to see if someone has been arrested in other states. www.criminalsearches.com/ Jail Base www.jailbase.com / Not all States have access: Gives Arrest information from other States Mugshots.com: Will give Mug shots will also give you links to Newspaper articles and News Videos of Arrest if available. www.mugshots.com/

Crime Mapping

1. Google 2. Example: Marion County Florida Crime Map

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 16

THE SOCIAL WEB Finding Internet User Names and Profile Pages The subject’s email address and usernames are what should be considered

their “social security numbers of the internet”. PeekYou.com: Will find User Names for Online Sites www.peekyou.com/

Namechk.com: Will check Multiple Sites (157) such as Facebook/Myspace/Linkedin/Twitter for Profiles once you have a Screen Name or User Name. www.Namechk.com/ www.Knowem.com Spokeo: (Paid Site): Gives You a Persons: Name/Age/Address/Phone Number/Email Address www.spokeo.com/ Social Networking http://en.wikipedia.org/wiki/List_of_social_networking_websites

1. Facebook 2. Twitter 3. Instagram 4. Foursquare 5. BLOGS 6. Email 7. MySpace: Completely redone and focusing on the music industry

Sometimes looking for your subject does not bring you up any current profiles on them. If this happens, start to concentrate on their known family members and associates.

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 17

HASHTAGS

www.hashatit.com www.tagboard.com FACEBOOK: Facebook Graph Search no longer working through Facebook itself; however, we can still manipulate by finding the Facebook ID: www.findfacebookid.com www.findmyfbid.com www.netbootcamp.org/facebook.html - use Facebook ID to run searches Instagram Searches – Geolocation information www.searchinstagram.com www.iphoneogram.com www.iconosquare.com FOR GEOLOCATION INFORMATION ON TWEETS: www.tweetpaths.com www.geosocialfootprint.com REMEMBER anything that was shown today can be gone tomorrow. The internet is very transient and sites come and go daily. Also, remember that there is always more than one site to locate information on and you should always search for additional sites to assist you with your online profiling.

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 18

USE IN COURT Romano V. Steelcase, INC: Case law that allows using Facebook and MySpace Information in Court.

Romano vs Steelcase:

The pressing question in Romano v. Steelcase, Inc., centers on an e-discovery request in a personal injury action. Steelcase requested all current and historical Facebook and MySpace pages maintained by Romano. They argued that her Facebook pages contained information that disproved her claim of loss of enjoyment of life and revealed information about the nature and extent of her injuries.

In addressing both relevance and privacy questions, Spinner ultimately held that Steelcase had a right of access to Romano's pages—including the areas that she intentionally segregated as private. If Spinner's well-reasoned decision finds favor in other jurisdictions, businesses and individuals alike may want to take note.

McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (C.P. Jefferson, Sept. 9, 2010)

In this personal injury case, defendant Hummingbird Speedway, Inc. sought access to plaintiff’s social network accounts and requested production of his user names, log-in names, and passwords. Plaintiff objected, arguing that the information was confidential. Upon defendants’ Motion to Compel, the court found the requested information was not confidential or subject to the protection of any evidentiary privilege and ordered its production to defendants’ attorneys within 15 days and that plaintiff should not take steps to delete or alter the existing information on his social network accounts.

Largent v. Reed, No. 2009-1823, slip op.

(Pa. C.P. Franklin Co. Nov. 8, 2011).

Trial courts continue to allow discovery of social network (specifically Facebook) user profiles, and to deflect the privacy arguments offered to limit such discovery. In Largent, a personal injury Plaintiff refused to provide access to her Facebook account as part of civil discovery. In granting the Defendant’s Motion to Compel, the court provided an excellent synopsis of the overall state of the law in this area, a useful primer on the security and privacy setting available in Facebook, and illustrates the trend that courts throughout the country are refusing to view Facebook postings as “private.” In fact, the court in Largent says:

“There is no reasonable expectation of privacy in material posted on Facebook. Almost all information on Facebook is shared with third parties, and there is no reasonable privacy expectation in such information.” Id at 9 (internal citations omitted).

In response to the Plaintiff’s argument that she had modified the default account settings to provide more “privacy” on her account, the court further held:

[M]aking a Facebook page “private” does not shield it from discovery. This is so because, as explained above, even “private” Facebook posts are shared with others. Id at 10 (internal citations omitted).

The proprietary course material is copyrighted by Michèle Stuart and may not be distributed or published to third parties without the express permission of the author. Page 19

PROPRIETARY MATERIALS

It is understand and agreed that while you are welcome to benefit from such Materials through the immediate teaching of this class, It is understood and agreed to not 1) reproduce, distribute, resell, modify and sell, or repackage and sell the Materials; or 2) use these Materials to provide fundraising training for any clients, affiliates, chapters, organizational subdivisions, or other organizations with whom I have an interest whether or not for financial remuneration. These materials or any additional materials received during the training will not be either reproduced or modified, as part of any seminar, training program, workshop, consulting, or similar formal business activity that I make available to my clients, affiliates, or to the public for the purpose of personal financial gain or otherwise.