Sunday, September 29, 2013

Building a Better Tool Chest: Browser Apps & Extensions

As an organization aiming to use the best tools possible, many of our analysts rely on the power of Google Chrome. Chrome is developer friendly and has a wide variety of free apps and extensions available for use in the Chrome Web Store, which allows us to increase performance even on the browser level. In order to increase efficiency, we rely heavily on tools to block ads, quickly screen images, and capture screenshots. Here are three tools that can help increase the performance of your workflow during online investigations.

Adblock Plus

A screenshot of a Google search with ads blocked via Adblock Plus

One of the major things we have to worry about in the Internet advertising era is the browser slowdown that occurs from ads. Adblock Plus is one of the best adblockers out there. It blocks ads on sites such as Google, Facebook, and YouTube. Instead of wasting time sitting through videos and waiting for pages to load, you can quickly and easily navigate the Internet using Adblock. It is important to note that in order to block all ads, you have to set your options in Adblock Plus by unchecking the box for “Allow some non-intrusive advertising.” (Not a Chrome user? Adblock Plus is available for a variety of browsers.)

Hover Zoom

A screenshot of a Google Image search while using Hover Zoom

Hover Zoom is one of our favorites because of its ability to save time. Traditionally, whenever photos appear on websites, you have to click into them to see a larger version of the photo. Hover Zoom skips this step in the workflow process. Once you hover over the photo with your cursor, a larger view of the image will appear. This tool is perfect for going through large batches of images on photo and social media sites. (Currently, Hover Zoom is only available for Google Chrome.)

A screenshot of PRISM being captured by Lightshot

We used to be ardent Awesome Screenshot users, but lately it has only worked sporadically. Recently, we discovered Lightshot as a viable alternative. Lightshot is user friendly and has great features built in for photo editing and exporting, as well as searching for similar images on Google. So far, it is proving to be the best alternative to our old standby. (Lightshot is available for a variety of operating systems and browsers.)

This list is in no way inclusive of all of the tools that can save you time during online research. In the past, we wrote about the Chrome extension Image Tools and its ability to assist with image searching and examining exif data. There are a variety of other extensions for Chrome that can assist you with first-language translation, secure browsing, cache clearing, rss reading, and more. Add-ons are not exclusive to Chrome. You can often find similar tools on Firefox and Internet Explorer. No matter which browser you use, you can help ensure you are working efficiently just by building out a better browser.

Saturday, September 21, 2013

Social Media Platforms 101: Reddit

At the i2 User Conference we realized that people have started gaining a better appreciation for comprehensive societal knowledge. There is no website in the United States that can provide domestic cultural knowledge on a greater level than reddit.

What Is Reddit?

Reddit is a social media platform that allows redditors (users) to share content with one another. The structure and the language patterns of reddit are similar to that of a traditional online forum. Redditors customize their reddit experience by subscribing to subreddits (essentially subforums) about topics of interest. The content is shared on reddit as links and text (“self”) posts on subreddits, and redditors upvote and downvote content based upon their personal preferences. These votes influence what individual users see on their reddit front (feed/homepage).

What Can You Learn From Reddit?

Unlike more traditional social media sites such as Facebook or LinkedIn, reddit is not typically a site in which you learn about an individual user. Most redditors are anonymous and make it difficult to ascertain their true identity. Reddit is typically used more to share and identify online content. There are four major types of information redditors can access: breaking news, general cultural trends, topical knowledge, and subculture familiarity.

Many times, we have identified breaking events on reddit before they hit major news outlets, which allowed us to have better situational awareness than if we had relied on traditional news media. Reddit also provides us with an abundance of cultural memes on the Internet; this allows our investigators and analysts to more accurately discern the meaning of social media posts made by persons of interest.

One of the best things about reddit is that there is a subreddit for almost anything, which allows us to learn about almost any topic or subculture of interest. Want to know more about or ask questions to law enforcement officers? Subscribe to ProtectAndServe. Interested in video footage of combat? Check out CombatFootage. Need to know more about marijuana users and production? Visit Trees (not to be confused with MarijuanaEnthusiasts which is actually about trees). There is very little limit to what you can learn from reddit.

How Can You Use Information Found on Reddit?

Fundamentally, reddit makes you a better investigator by providing you with the general cultural knowledge you need to complete almost any task. No matter who or what the subject is at hand, you can learn more about it. Often, subreddits will even identify external websites associated with the content found in the subreddit. From learning about a person of interest’s subcultural groups and language patterns to keeping up with changes in information technology, reddit can provide a great starting point for your research.

Sunday, September 15, 2013

3 Key Takeaways from the 2013 i2 User Conference

This week, two of our analysts attended the 2013 i2 User Conference. We were able to network with and attend sessions led by individuals working in the law enforcement, intelligence, and financial communities in the United States and Canada. Although many of us work in seemingly different fields, many of us concluded that we were ultimately doing similar tasks and face similar issues. At the end of the conference, there were three major takeaways that can relate to any investigator or analyst, regardless of their industry or what tools they use.

Data Silos are the Past and Fusion Centers are the Future

The key issue discussed by almost every speaker and attendee was the difficulty we all face gaining access to and sharing information across departments and agencies. One problem almost every agency reported was having too many data silos housing their information. Multiple storage locations fragment the information in such a way that individuals can be consumed by looking through disparate sources for data, even in their own agency. It also impedes the flow of information between both coworkers and partner organizations. This problem was stressed by multiple law enforcement agencies during their presentations, especially in the case of the Boston Marathon Bombing.

Now, these agencies are working together to tear down the walls between organizations to adapt a fusion center model. The Tucson Police Department, Massachusetts State Police, and the Miami-Dade Police Department have all reported they are working on initiatives to bring together interagency data sources to assist with investigations and prevent agencies from stepping on one another’s toes. Similar collaborations are happening in the financial industry in Canada through the Canadian Banker’s Association. It is becoming imperative that agencies share information to be effective in their day-to-day intelligence and investigative endeavors.

Nothing Exists in a Bubble

Multiple speakers discussed the need for us all as investigators, analysts, researchers, and intelligence operatives to understand the world around us. It is extremely important to understand the world around you from culture to events to societal changes. Dr. Steve Chan really drove the point home that nothing we examine exists in a vacuum, and in order to fully understand the issue at hand, we have to educate ourselves about the larger picture as a whole, including historical and present context. To be truly effective, we must keep up with items such as current events, changes in society, trends, new technology, and pop culture. In addition, we also need to ensure we are constantly engaging coworkers and individuals from other agencies to share information.

Social Media is Paramount

It was evident from the start of the i2 Conference that social media was going to take the main stage. Most of the sessions at this conference touched on the importance of social media, and the sessions specifically regarding social media were standing room only. Social media is now becoming widely regarded for its ability to give analysts and investigators new leads in cases when all internal data and public records information have been exhausted. It also is a fantastic resource for network building because we can identify underlying connections that may have been missed through other investigative means. However, there are still some issues with data normalization and legal admission of social media evidence. People are now looking for new ways to better extract, analyze, authenticate, and fuse data from the social media goldmine. As researchers, it is imperative that we stay abreast of all of the changes in the social media landscape.


For us, the i2 User Conference was a success. We were able to learn from individuals in related industries about the challenges they face and how they are working to conquer them. One of the only ways we can learn is to work together to create new, innovative solutions to the issues that plague our organizations.

Wednesday, September 4, 2013

Social Media Platforms 101: LinkedIn

One of the first things people ask during PRISM training sessions is “how does that social media site help me accomplish [my goal]?” Often, we spend more time during our training sessions covering the usefulness of social media sites rather than talking about how to use the tool itself. We decided it was time to launch a little series called Social Media Platforms 101. It is designed to help our readers understand the basic construct of the platform itself, the information you can gather from different social media platforms, and how that information can be used.

As we’ve been focusing on employment issues recently, we thought it was pertinent to begin with LinkedIn.

What is LinkedIn?

LinkedIn is a professional networking site. It allows users to create profiles that showcase their current and past work experience, educational background, and skills that they may have. Users can also connect with individuals and join groups based upon their industries, interests, and affiliations. This allows LinkedIn members to network with one another to find new business and job opportunities. Currently, the main users of LinkedIn are professionals looking for new job opportunities, employers and recruiters looking to hire new talent, and managers and executives searching for new business ventures and partners.

One important thing to note about LinkedIn is that privacy settings can be very stringent. While many people leave their profiles open to attract more traffic, it can be difficult to glean information from a profile without being connected to the individual. However, you can still often access information by being connected to a user who is connected to the individual of interest.

What Can You Learn From LinkedIn?

In order to demonstrate how you can pull information off of LinkedIn, our Legal Counsel, Blake Haase, volunteered his LinkedIn profile.


When you look at Mr. Haase’s page, you can see a brief overview of his work experience and the number of connections he has made on LinkedIn. If you scroll down a little further you will notice he has listed out some of his job duties and a few projects he has worked on during his professional career. In addition, you will find information about the degrees he earned, his listed skills, and the groups he belongs to. Cumulatively, this page paints a basic profile of Mr. Haase’s job experience and qualifications.

In addition, if you are logged in to an account and are connected to the individual, you can access a connection chart that will show your commonalities with the person of interest.
How Can You Use Information Found on LinkedIn?
The major use of LinkedIn is obviously employment related. Whether you are an employer vetting out applicants or a firm conducting background checks on behalf of another organization, LinkedIn’s strongest usage is in constructing educational and professional profiles. This information can be used to corroborate or find inconsistencies in information provided by prospective employees on resumes and applications, and it can provide additional information about the individual’s past history that was omitted from their resume. However, it can also be used for basic investigative purposes: constructing timelines, building connections, learning interests and skills, and gaining more general insight into your person of interest.
Not all social media sites are created equally. Each one has its own unique set of data and serves a different set of purposes. As technology evolves, the usage of and the information found on each site will evolve along with it. It is up to us as investigators and analysts to keep abreast of these trends and provide the best services possible.

About CES PRISM Blog

My photo
The CES PRISM blog is the place where CES shares the newest developments in social media sites and tools, data analytics, eDiscovery, investigations, and intelligence. We will also share workflow tips and tricks, case studies, and the developmental progress of our open source social media research and analysis tool, PRISM. Our goal is to open a dialogue with the community which allows all of us to learn together.