Setting up an investigators computer is an essential part of conducting cyber investigations and intelligence gathering missions. There are many considerations an investigative dept./agency should address in setting up an undercover investigative computer. This computer will, after all, contain sensitive documentation that at some point will become evidence to be used in court proceedings. Continuity and preservation of evidence will come into play any time defense counsel feels there has been a breach. With this in mind, agencies also must create a machine that is not only legally secure but also operationally protected from hackers. It is also imperative that investigators have all of the tools they may need to conduct the vast array of investigations they will be called upon to perform.
As with the rapidly changing face of technology and the criminals who use it, the configuration of a computer such as the one described here will also change with time. This list is by no means exhaustive and will be updated at regular intervals as required.
The undercover computer: General Guidelines
- The computer must be stand alone and must not be networked with another computer in any way. This network issue can raise considerable discussion among investigators. However, the fewer people who have contact with the potential evidence on the undercover hard drive the better. This leaves room for fewer “smoke and mirror” arguments from defense attorneys.
- The computer should have removable drive-trays. This permits the investigator to remove and lock up a particular drive when it’s not in use. This also permits investigators to utilize the computer using their own drives.
- Online investigators should work in an office that is not open to pedestrian traffic from co-workers or visitors. This type of work can be very demanding, requiring concentration and minimal distractions.
- With respect to the computer configuration, there are many different thoughts on this one, but there are no “hard-fast” rules. Consider the following suggestions in setting up a computer for investigative purposes:
- Use the largest, fastest computer possible.
- Ensure it has the largest hard drive/ram available.
- Use an Internal/External CD Burner
- Consider a video card with as much onboard ram as possible
- Ensure the computer is equipped with both LAN and Wireless access
The following are our minimum requirements for providing internet connectivity to the undercover computer:
- Use of High-Speed Internet Connection (not shared Internally or proper measures are taken as outlined below):
- Use of a Proxy Service
- Use of a VPN Service
- Use of Tor
Multiple connections allow the investigator if they desire to monitor a suspect from several angles. The can change their IP address or appear they are coming from a different location for example. There are occasions in which one connection is just not enough. For example, there is a situation in which the investigator might be using two sock puppet accounts to talk with a suspect and he wants it to appear they are in two different geographical locations.
Both of the below browsers work the best. They will allow you to install a variety of extensions into the browser to help with the investigative and intelligence process.
- Chrome (Download Link) https://www.google.com/chrome/browser/desktop/index.html
- Mozilla Firefox (Download Link) https://www.mozilla.org/en-US/firefox/
- Tor Browser (Download Link ) https://www.torproject.org/projects/torbrowser.html.en
A proxy lets you go online under a different IP address identity. Here are two we like below:
- Storm Proxies (Download Link) http://stormproxies.com/
- Luminati (Download Link ) https://luminati.io
A virtual private network is the best way to stay anonymous on the net. Here are a few we like:
- Nord VPN (Download Link) https://nordvpn.com
- Pure VPN (Download Link) https://www.purevpn.com/
- Private Internet Access VPN (Download Link) https://www.privateinternetaccess.com
Image viewers can help extract key meta information from images. Try these three to help you with your case:
- Jeffry’s Exif Viewer (Download Link) http://exif.regex.info/exif.cgi
- Photoshop (Download Link) https://www.adobe.com/products/photoshop.html
- Get Meta Data (Download Link) https://www.get-metadata.com/
System protection is extremely important and often overlooked as an unnecessary expense. It is not until a virus strikes, or a system attack is launched that these programs pay for themselves.
- McAfee (Download Link) https://www.mcafee.com/us/index.html
- Norton (Download Link) https://us.norton.com/
A good firewall can be invaluable in protecting the online computer and can function as an investigative tool (such as by capturing IP addresses).
- ZoneAlarm (Download Link) https://www.zonealarm.com/
- Comodo Free Firewall (Download Link) https://personalfirewall.comodo.com/
- GlassWire (Download Link) https://go.redirectingat.com/
During the online investigation, the ability to capture images, moving files and entire Web pages can enhance the evidence capture, continuity, and court preparation. Here are some resources that will help:
- Camtasia (Download Link) https://discover.techsmith.com/
- Snag It (Download Link) https://discover.techsmith.com/
- Movavi (Download Link) https://www.movavi.com/mac-video-recorder/
- TLO (Site Link) https://tlo.com/
- TruthFinder (Site Link) https://www.truthfinder.com
- Melissa Data (Site Link) https://www.melissadata.com/
- ICANN (Site Link) https://whois.icann.org/en
- Hosting Review (Site Link) https://hosting.review/check-whois/
- Ultra Tools (Site Link) https://www.ultratools.com/tools/ipWhoisLookup
- MX Tool Box (Site Link) https://mxtoolbox.com/ReverseLookup.aspx
- Melissa Data (Site Link)https://www.melissadata.com/lookups/iplocation.asp