5 min read

Online Investigations

Online Investigations
Photo by Markus Spiske / Unsplash

The inception of the internet!

Believe it or not, the sharing of information via computers began in the 1960’s. (A Brief History of the Internet) Much like the TOR (The Onion Router) Project, the internet started as a means for government research to share information over long distances. The internet wasn’t always called the “internet”, but eventually as more and more entities (schools, higher education, businesses), and then the public started connecting to this giant network of computers, it became known as the internet.

SIDE NOTE: If you don’t know what the TOR Project is, don’t worry. I plan on putting out a future post all about it. For now, the quick definition is that it is the development group that builds and maintains software for accessing dark web.

Let’s regress a bit, what is a network, the intranet, extranet, and internet?

According to Dr. Roy Winkelman, Director of the Florida Center for Instructional Technology, networks…

consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams.

Let’s test this definition a bit, you are out and about and spot a suspicious vehicle in a parking lot. You sit and watch from a distance and see that the driver is all along texting on a cell phone. The driver is texting and then looking around the area as if waiting for someone to arrive, but you can tell the driver is nervous. This area of town is well known to you to be a meeting spot for drug buyers and dealers. A few minutes pass by and you see another subject approaching the vehicle on foot.  You observe this subject pass a small clear baggy of an off-white substance to the driver as the driver rolls their window down. In exchange, the driver hands the subject on foot some cash. The subject on foot parts ways with the driver and the vehicle starts to move. You follow the vehicle until you are clearly out of sight of the subject on foot and then make an investigative traffic stop for your suspicion that drug activity has occurred in front of you.

https://images.unsplash.com/photo-1453873531674-2151bcd01707?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=MnwxMTc3M3wwfDF8c2VhcmNofDI1fHxwYXRyb2wlMjBjYXJ8ZW58MHx8fHwxNjU2MTg1NTI0&ixlib=rb-1.2.1&q=80&w=2000

Photo by Matt Popovich / Unsplash

You speak with the driver, confront them with what you have observed, and they hand over the illegal item and admit to you that they just communicated with their dealer via a few text messages and purchased the drugs in the parking lot. You don’t know the subject on foot, so you ask the driver to give up their dealer’s name, they refuse.

Now I have to preface this, because I live in a state where our motto is, “Live free or die.”  In New Hampshire, there is no exception to the search warrant requirement for a motor vehicle. We, as law enforcement officers, have to be very tactful in how we approach traffic stops and developing probable cause for a search warrant. Granted, recently there has been some support from the New Hampshire Supreme Court in seizing items in plain view, but a search warrant is always the gold standard.

You advise the driver to stop out of the vehicle, place them under arrest, and find the phone and drugs in their pocket. The scenario is about to end right? Wait, how does this even relate to a network? What is the point in the story?

The point is this, your investigation doesn’t stop there. You have probable cause for an arrest and probable cause to continue your investigation into the dealer and further obtain evidence to support a conviction in court beyond a reasonable doubt through communications on the cell phone. The first step in seizing any digital evidence is knowing how to handle that evidence. The phone, immediately after seizure, is just one device but is still connected to a network (either through Wi-Fi or the cellular network). When we seize digital evidence, we need to ensure that:

  1. There is probable cause to believe that evidence of a crime exists.
  2. It is currently present and can be located within the digital device.
  3. The evidence is preserved in a matter to prevent destruction or alterations of the evidence.

To protect the data that is one the digital device trained law enforcement officers know that we often have to place the cell phone either into a faraday bag (which disrupts the phones connection to any outside networks) or take steps to place the phone in airplane mode to disable any outside connections to the phone. The phone not being able to access Wi-Fi, or the cellular provider means that the phone is no longer connect to the network. It is a singular “computer” not sharing any information or resources with the outside world. This means, nothing from the outside work can affect the device as well.

Networks can vary in size and complexity

This will be the last topic of my post for today, there are several sizes associated with networks. To introduce some of the final terminology for today, the size can break down types of networks. The following as obtained directly from Microsoft’s style guide at https://docs.microsoft.com/en-us/style-guide/a-z-word-list-term-collections/i/internet-intranet-extranet:

Use internet to refer to the worldwide collection of networks that use open protocols such as TCP/IP to communicate with one another. Don’t capitalize.Use intranet to refer to a communications network based on web technology but that’s available only to certain people, such as the employees of a company. Don’t capitalize.Use extranet to refer to an extension of an intranet that uses internet protocols to give authorized outside users limited access to the intranet. Don’t capitalize.

‌ Okay, so there you have it! This is just a general overview of what a network and the internet is all about. The sending and receiving of data between two or more computer or electronic devices. I know it seems like we don’t need to know this in order to be effective at our investigations, but when we understand what a network is, we understand why we treat electronic devices the way we do in order to preserve evidence.

Resources

A Brief History of the Internet. University System of Georgia. (n.d.). Retrieved October 22, 2021, from https://www.usg.edu/galileo/skills/unit07/internet07_02.phtml.

Winkelman, R. (n.d.). Chapter 1: What is a network? Florida Center for Instructional Technology. Retrieved October 22, 2021, from https://fcit.usf.edu/network/chap1/chap1.htm Pallep. (n.d.). Internet, intranet, extranet - Microsoft Style Guide. Microsoft Style Guide | Microsoft Docs. Retrieved October 22, 2021, from https://docs.microsoft.com/en-us/style-guide/a-z-word-list-term-collections/i/internet-intranet-extranet.

Published by:

Richard Theberge