by
John Sedoski, High-Tech Crime Specialist, NW3C | Sep 02, 2021
This article discusses the types of information available to investigators from public sources. Social media, address history, and a treasure trove of other information is available to be used in conjunction with law enforcement data sources to enhance your investigations and close more cases faster.
Getting the right information on a person can make all the difference in an investigation. It can mean determining if the online presence is authentic or created by someone pretending to be someone else. No matter what type of investigation, there is no doubt that having access to someone’s contact information is an advantage. Fortunately for us, there are plenty of ways to find someone's physical location and other personal details using only PAI.
To explain how all of this exists, we need to realize and understand that Personally Identifying Information (PII) (i.e., identifying information about a person), phone carriers (e.g., AT&T, Verizon, Spirit, T-Mobile), OS manufacturers (e.g., Apple iOS, Google Android), and device capabilities/settings (e.g., biometrics, cellular, Wi-Fi, Bluetooth, NFC, GPS) are oftentimes being placed online by our own doing through our everyday activities. We will walk through the processes with someone using their phone and interacting with apps and the aforementioned items above.
We use our phones on a daily basis utilizing the various apps to help with both business and pleasure. When we setup up our smartphone for the first time we begin the process of providing PII to include your name, address, email, etc. Depending on the type of smartphone, you will create/use an account for one of the service providers (Google/Apple) to set up the phone. This will also be one of the first steps to agree to the terms of service which begins the process of collecting all kinds of information from your daily usage.
We are continually entering/providing more PII to link our device to our service provider (Google/Apple). Throughout the setup process, we may leave settings as default options, such as voice assistance services, location-based services, Wi-Fi, Bluetooth, tap to pay service, and ad-tracking. Our smartphone is now set up and primed for pseudo seamless digital-life integration. The only thing left is to download and use whatever apps that make life easy for us.
We connect our phone to our home Wi-Fi network, download a coffee shop app, and create an account to earn points and receive promotions. Creating an account means sharing more PII and device information with the coffee shop. Often, we blindly accept the terms of service, despite knowing they are probably siphoning off our information. The next download will be an existing popular social media app that we will log into and start sharing everything about our life with others. By logging into our account, we blindly accept the terms of services again, share more PII with the social media service provider, and possibly the world.
We leave our house and place an order from the coffee shop’s app to have it ready for pickup. This was done seamlessly because of linking a payment card and then even adding it as a waypoint in our phone's GPS.
Once we pick up the coffee, we will get loyalty points for the purchase and engage with a promotion that they are running. All we need to do for a “free” coupon is share the purchase on social media and/or like the coffee shop’s page. While in the coffee shop, we connect and remember the coffee shop’s free public Wi-Fi, to which we agree to the terms and services. We go through the steps to participate in the promotion and we even "check-in" to the coffee shop. When exiting the coffee shop we ask our voice assistant, “What song is playing right now?” Our phone quickly returns the name of the band and the song while we head to our car.
Now we are in the car and are starting to check our social media app. Coincidentally, we start seeing ads for the band of the song that was playing in the coffee shop and more specifically when they will be in our town next. This everyday cycle continues by our own doing and by others also sharing PII.
Why does all of this matter? Because it contributes to our digital footprints. Our digital footprint is one’s unique set of traceable digital activities, actions, contributions, and communications that are manifested on the Internet or on digital devices. It is just as unique as our fingerprint.
Today, many factors play a role in our digital footprint. It could be anything that you put in your personal blog, social media accounts, professional LinkedIn accounts, news articles about you, etc.
To recap our scenario, we purchased a new phone and service and tied our PII to the device, the carrier, and the device manufacturer. Then, we downloaded apps where we agreed to the terms of services, created and logged in to the new accounts, and tied our PII to more services.
We find that we did not read any of the terms of services or privacy notices. Someone or better yet, something is collecting this data and anything else it can collect to then make a profit. What you may not realize is all this information can be obtained from PAI and/or the service provider(s).
One of the most common ways to search PII is with a search engine like Google, Bing, or DuckDuckGo. Simply "Googling" someone may provide great results and a possible break in an investigation. If the suspect is actively involved on the Internet, chances are pretty high that you will be able to find something by simply "Googling" their name, e-mail address, phone number, moniker, etc. However, one aspect of search engines that are not utilized as often is the advanced search features built into them natively. These advanced searches use operators to search more specifically and with a narrow focus.
Then there are data broker/data aggregator websites like Pipl, FamilyTreeNow, and many others that find and correlate disparate pieces of information and produce results in pages that cannot be found on regular search engines. You can often search by name, e-mail, monikers, or phone number to identify an online presence (social media profiles) that may include a wealth of PII like photos, historical residence, age, relatives, associates, phone numbers, and even court records.
As we discussed, many factors play a role in our contribution to our PII. It could be anything that you put in your personal blog, social media accounts, professional LinkedIn accounts, news articles about you, etc. All of this may seem like witchcraft and how the technology companies know more about us than someone we know. It is because the technology companies are in it for the money, but luckily the same data that we provide willingly can be utilized by the law enforcement community to keep our communities safer by allowing us to see the data and allow us to make intelligent lead decisions.
Author
John Sedoski is High-Tech Crime Specialist with the National White Collar Crime Center (NW3C). John joined NW3C in the fall of 2010 as a Computer Crimes Specialist and has served as the Special Projects Coordinator. John has provided thousands of hours of training to numerous state, local, and federal law enforcement personnel in data recovery and analysis. Training topics range from basic identifying and seizing electronic evidence, analysis of artifacts Operating Systems, and to an ever-evolving field of Social Media investigations. John is also a Certified Forensic Computer Examiner (CFCE) and has served on his local High Technology Crime Investigation Association (HTCIA) board.