View
112
Download
3
Category
Preview:
Citation preview
S O C I A L M E D I A I N V E S T I G A T I O N S : D O N ’ T
M I S S T H E B O A TP R E S E N T E D B Y : J O S E P H J O N E S
C E R T I F I E D S O C I A L M E D I A I N T E L L I G E N C E E X P E R T
SOCIAL MEDIA INVESTIGATIONSSURVEILLANCE/ SUBROSA
RECORDS RETRIEVALPROCESS SERVINGASSET LOCATES
COURT FILING
www.BoscoLegal.orgCompany License # PI 14169 1
2
Help you see why SMI’s are important
Help you see why they need to be done properly
Provide you with some basic tools and skills
O B J E C T I V E S
3
A SMI is collecting evidence and information through Social Media AND through Open Source Intelligence.
Who are doing SMI’s?
o DHS, FBI, CIA, etc.
o Security/personal protection firms
o Major corporations
o Sometimes… insurance companies and law firms
W H A T I S A S O C I A L M E D I A I N V E S T I G A T I O N ( S M I ) ?
4
Facebook: 1.5 billion active monthly users
Twitter: 1.3 billion registered users, 100 million daily users
Instagram: 500 million monthly active users
LinkedIn, Pinterest, Snapchat, Flickr, YouTube, Reddit, Vine, Tumblr, Google+, VK, and on and on……
W H Y S H O U L D Y O U B E C O N D U C T I N G S M I ’ S
5
W H A T K I N D S O F T H I N G S A R E P E O P L E P O S T I N G ?
oWhere they are going
oWhat they are doing
6
Other types of information available:o Family relationships
o Social relationships
o Work information
o Romantic relationships
o Religious views
o Political views
o Crimes they are committing
W H A T K I N D S O F T H I N G S A R E P E O P L E P O S T I N G ?
7
W H A T K I N D S O F T H I N G S A R E P E O P L E P O S T I N G ?
oWhatever stupid thought enters their brain…
8
Surveillance v. SMI
o Recent case with “Mr. Ghetto Loudmouth”
The “Person of Interest” effect
o This is basically the same kind of work we’ve always done, just in a different way.
Anything found with SMI is EVIDENCE!!!
H O W E V I D E N C E C O L L E C T I O N H A S C H A N G E D
9
Finding accounts by doing more than name searches (i.e. using advanced search techniques, searching for alias’s, and screen names)
LIVE DEMO https://www.facebook.com/Ahhhhhlicia https://www.facebook.com/search/
100000244090955/photos-of https://www.facebook.com/search/
100000244090955/photos-commented
H O W T O L O C A T E E V I D E N C E
10
Thoroughly searching the accounts of friends and family memberso Mr. big bad biker man
REAL internet searchingo Using OSINT tacticso Boolean search terms - use your “ “ and *
Avoid using unlawful methodso i.e. “friending” represented parties or guessing passwordso DO NOT use your personal accounto Either use a blank account or a good “decoy”
H O W T O L O C A T E E V I D E N C E
11
NO SCREEN PRINTS!!!
Document who found the evidence, when they found it, and how they found it
Extract metadatao MD5 Hash = 32 character hexadecimal string AKA digital fingerprint
o The who, when, and where of the post
P R O P E R P R E S E R V A T I O N
12
R A W M E T A D A T A E X A M P L E
13
C L E A N M E T A D A T A E X A M P L E
14
S P O T T H E F A K E
15
How do you know an account wasn’t hacked or that it’s not a fake profile?
Post/User ID
Review account for “specific indicia”
Photos, friends, family, specific details of their life
Obtain IP address/ registrant information
P R O P E R A U T H E N T I C A T I O N
16
MOROCCANOIL v. MARC ANTHONY COSMETICS, [F.SUPP.3D, 2014]
A Federal district court explicitly ruled that Facebook screenshots were inadmissible as the defendant in a trademark infringement action merely offered the screenshots without supporting circumstantial information, which is difficult to obtain when mere screenshots are relied upon. The Moroccanoil court cited Internet Specialties W., Inc. v. ISPWest, 2006 WL 4568796. In that case the court ruled: “Defendant’s argument, that [web pages] could be ‘authenticated’ by the person who went to the website and printed out the home page, is unavailing.” The Moroccanoil court applied the same rule to Facebook screenshots.
W H Y I N F O R M A T I O N M U S T B E A U T H E N T I C A T E D
17
Additional Case Law
o Rene v. State o Bland v. Robertso Richards v. Hertzo State v. Tiendao State v. Byon Keele o Tompkins v. Detroit Airporto Thompson v. Autolivo Romano v. Steelcase Inc.
W H Y I N F O R M A T I O N M U S T B E A U T H E N T I C A T E D
18
H O W T O F I N D D E L E T E D P O S T S
Deleted content won’t be available on most of the major platforms.
Look for who else might have what you’re looking for.
Can’t retrieve, but active monitoring may be able to preserve them.o Ms. Drunk and disorderly and her uncle
The way back machine
19
S U B P O E N A S F O R S O C I A L M E D I A I N F O R M A T I O N
Stored Communications ACT – SCA (18 U.S. Code 2701)o Protects personal information stored by ISP’so Prohibits ISP’s from knowingly disclosing information—18 U.S. Code 2702(a)o Only exception is disclosure to government for criminal investigations
Can Only Be Issued For Subscriber Information:o Name, Address, IP Address, Length of Service, and Telephone Number
Ways Around It:o Federal Rule of Civil Procedure 34: communication subject to discoveryo Flagg v. City of Detroit: court can compel originator to direct ISP to release
information as normal discovery procedureo Court may compel ISP provider to produce information
20
SMI-That’s something my college intern can do!
Is that person someone you want on the stand?
o Colleague case
By the time the information becomes relevant,it might be goneo Mr. City council
P O T E N T I A L H A Z A R D S O F D O I N G A N “ A M A T E U R ” S M I
21
Information can’t be authenticated
Information can be missed
Subject can be notified of the investigation
Potential violation of ethical rules
P O T E N T I A L H A Z A R D S O F D O I N G A N “ A M A T E U R ” S M I
22
A T T O R N E Y ’ S - C L I E N T S A N D L E G A L A D V I C E
Lester v. Alliance Concrete Co., a Virginia state court reduced a jury award by over $4 million dollars and ordered the plaintiff and his counsel to pay the defendants over $700,000 in fees and expenses because of deliberate deletion of Facebook photos responsive to discovery requests
Rule of Professional Conduct 4-3.4 A lawyer can’t be involved in concealing evidence
Clients should be advised to preserve Social Media Evidence (preservation letter is your CYA)
Self publicity
23
Joseph Jones, Vice President
Bosco Legal Services, Inc.
(877) 353-8181
joe@boscolegal.org
www.linkedin.com/in/pijosephjones
www.BoscoLegal.org
C O N T A C T I N F O R M A T I O N
24
A D D I T I O N A L R E S O U R C E S
o Google Subpoena Information Link:https://support.google.com/faqs/answer/6151275?hl=en
o Facebook Subpoena Information Link:https://www.facebook.com/help/473784375984502
o Instagram Subpoena Information Link:Same as Facebook now that it owns Instagram
o Twitter Subpoena Information Link:https://support.twitter.com/articles/41949
25
A D D I T I O N A L R E S O U R C E S
o Overview of why SMI is importanthttps://www.boscolegal.org/legal-services/social-media-investigations
o In depth article including additional case lawhttps://www.boscolegal.org/social-media-investigations-the-facts/
o Comparison of Surveillance and SMIhttps://www.boscolegal.org/files/2016/04/The-New-Surveillance-v5.jpg
Recommended