ABA Issues Opinion on Social Media Ethics

May 7, 2014

The most common question in cases involving Open Source Intelligence (OSI) to support an electronic investigation, is: “To what extent may an attorney ethically use social media during case investigation and discovery?”

The question is not at all surprising.  The extent to which we can develop and use information from social sites, and other types of OSI, has a really high “creep factor”.  My answer has always been:  “If a person has given up information and made it publicly available to anyone with a browser and knowledge of where to look, then what’s the question?”.

Two weeks ago, the ABA agreed… mostly.  In the ABA’s “Formal Opinion 466”, issued on 4/24/2014, the ABA states, in part:

A lawyer may review a juror’s or potential juror’s Internet presence, which may include postings by the juror or potential juror in advance of and during a trial.

In summarizing, the opinion states:

In sum, a lawyer may passively review a juror’s public presence on the Internet, but may not communicate with a juror. Requesting access to a private area on a juror’s ESM is communication within this framework.
The fact that a juror or a potential juror may become aware that the lawyer is reviewing his Internet presence when an ESM network setting notifies the juror of such review does not constitute a communication from the lawyer in violation of Rule 3.5(b).

While this opinion is specific to jurors, might it also apply to witnesses, attorneys, and other parties to a case?  I would think so.

Link to the ABA Journal’s Final Opinion PDF

Deepweb and Google Cheatsheets Updated

If you are interested in researching OSI (Open Source Intelligence), and are an attorney, you will want to request a login to Vidoc Razor’s RazorSuite.  The RazorSuite includes a connector to conduct your own OSI searches in a fraction of the time, and with more information, than manual techniques.  You can request a login here.

If you prefer to do your own manual work, I have been maintaining two “Effective Internet Search” cheat sheets since 2009. The cheat sheets cover the best sites for developing information manually, as well as how to use Google’s advanced features effectively when performing online searches of people, places, and companies.

Link to the updated DeepWeb Cheat Sheet

Link to the updated Google Search Cheat Sheet

1 Comment | Forensics Beyond the Hard Drive, Inforensics News, Reading, Tools and Tips | Tagged: , , , , , , | Permalink
Posted by inforensics

Open Source Intelligence (OSI) and Your Case

April 2, 2014

Open Source Intelligence (OSI or OSINT) is intelligence collected from sources that are available publicly.  Much of the information fed to the internet by users, collected by advertisers, or otherwise left behind during a person’s interaction with electronic systems (or with retailers and advertisers that store such information electronically and the resell it) can be identified through “deep-“, or “dark-“ web research.  OSI is important enough of a research methodology that many law enforcement agencies, especially Federal, have dedicated resources to OSINT analysis and gathering. 

In civil litigation OSI is an invaluable resource for:

  • Research of retained and opposing experts
  • Information regarding opposing attorneys
  • Witness and litigant information
  • Uncovering other emails, social site accounts, properties, activities, and repositories of information not disclosed

Consider a recent case that I was involved with: The opposing party had disclosed certain online accounts that contained relevant information regarding their corporate history, communications via web mail, and travel.  An OSI search revealed two alternate web mail addresses, as well as a connection with a competing firm, travel information (previously undisclosed), and some “known associates” that had information relevant to the case.  Metadata analysis of documents and photos contained on the newly discovered sites yielded even more information.  None of this information was contained on the hard drive submitted for inspection.

OSI, on the web, is broken down into two main categories: Direct indexed information, and Dark web (or Deep web) information.

Direct indexed information is the category most familiar to practically anyone that uses the web.  It is information that has been picked up and indexed by a search engine and, with the correct search techniques, can be narrowed down to particular people, places and things.  Indexed information typically ends up on the web through three different paths:

Deliberate – Deliberate information is information that is on the web because of the direct interaction of an entity with a web resource.  This could be information that is publicly available because of social sites, website registration, or signing on to public newsgroups and forums. 

Accidental (Through fault of the information Owner) – Often times information is deliberately provided, but the provider of the information didn’t realize that the information would be publicly searchable.  Facebook is a perfect example of where, by not understanding ALL the privacy implications of use, users (or their friends) often provide way more details, photos, or location information than is intended, desirable, or realized.

Accidental (Through fault of the information Custodian) – Very large data breaches are far too common these days.  The reality is that they have been very common for years and years, but focus has only recently been turned towards the size, and frequency of breaches.  Aside from breaches, however, “information leakage” is not at all uncommon.  Information leakage is where a website or internet resource unintentionally will provide more information than the user, or the owner, realize. There are teams of people, advertisers, and intelligence gathering entities that  look for information leak and harvest the results.

Dark (or Deep) Web information sounds very “techie” and mysterious, but in reality simply describes the large portions of the web that contain information that is not indexed by search engines.  Typically these are databases of information that are accessible from a website, registration information, attendance and membership databases and information of that nature.

The challenge with OSI is to compile information both from direct indexed resources and dark web resources, and then correlate and narrow the information so that it accurate to the particular entity that is being researched.  A thorough manual search can be performed using the “cheat sheets” provided with this book.  The challenge is that aggregation, correlation and verification can take many hours.  There are tools available to an attorney that speed up the process.  LexisNexis offers access to a static database through the Accurint tool (http://www.Accurint.com), and Westlaw (http://www.Westlaw.com) also provides static database information as well.  There are any number of smaller sites that offer various degrees of information through static databases. 

Static information can quickly become inaccurate or stale, and there are tools that fill the niche for automated research.  Vidoc Razor maintains such a tool (If you are an attorney, you can request a login at: http://www.vidocrazor.com/RSInfo.php) that actively mines “live” social information, media and publications, photos, as well as location and known relations and associate information.  The information is then aggregated, correlated, and a baseline validity check performed.  The information is available for filtering and refining from a single point, and custom reports can be generated.

Whether using manual techniques, static databases, or automated approaches, the nature of OSI is important to keep firmly in mind:  it is fluid.  The information “lives” and changes as people live and change.  It is also contradictory; some OSI is incredibly volatile and can “evaporate” without warning, while other OSI is incredibly persistent, and will stay available through harvesting techniques even when the information owner is actively trying to remove it.  Any information derived from any of the harvesting techniques discussed must be verified before action is taken on it.

Leave a Comment » | Cases, Forensics Beyond the Hard Drive, Investigation, Tools and Tips | Tagged: , , , , , , | Permalink
Posted by inforensics

Part One: Simple Steps To Secure Your Client During Litigation

September 11, 2012

In the past year, there has been a distinct uptick in cases involving data breach and key logging malware- especially in family law cases. This uptick is not by anonymous, random third parties, but rather by the actual litigants in a case.

Part of the reason for the uptick is that “bugging” someone’s computer  or cell phone (electronic intercept) has gotten significantly easier. Most people can handle installing software.  Likewise with breaking into someone’s webmail, banking, or other online accounts.

Here are steps your client can take, right now, to protect their information and communications:

  • Create a List of Electronic Assets – Experience shows that, without a list, things will be overlooked.  Have your client list out cell phone, webmail, social network, and online banking accounts. In the same manner, have them list out things like wifi and home network assets.  This list is the starting point.
  • Change Passwords and Password Recovery Questions – Simply changing passwords is not enough. Password recovery questions (“What is the name of your favorite pet?”) are an easy way for someone who is familiar with your client to gain entry to their online resources.
  • Avoid Password Reuse – Using the same password for everything is a recipe for disaster. Understandably, it can be an inconvenience to use different passwords everywhere, but there are ways to make meaningful passwords that are easy to remember. Here is a full write-up on password reuse.
  • Review WiFi Security – If the opposing side in a matter was the one that set up the home wireless network, then all they need to do is be within range to join back on the network and gain access to systems or to “sniff” and view network traffic (including your client’s passwords, communications, etc.).
  • Review Joint Cellular Accounts – Depending on the carrier, joint cellular plans can give the opposing party access to endpoints in voice and text communications. Some carriers may actually have access to the content of text messages online. While TRO and data protection may prevent a direct change to the account or plan, your client may consider using a pay-as-you-go plan.

These are some simple steps that can be taken with minimal cost, and yet they will provide an immediate boost to your client’s security stance.

Tomorrow: Part 2- Simple Steps In Case of Breach

If you or your client feel that there has already been a breach, or you are facing a particularly aggressive or knowledgeable opposition, you may consider inquiring about our Client Information Security package (CISP).

The CISP is a flat-rate, full assessment of your client’s information security and includes a drop-in firewall with logging and 24/7 monitoring for intrusion attempts, malware activity, and other breach behavior.  Vidoc Razor not only will assess the security of your client, but fixes the issues identified.  All hardware is provided by Vidoc Razor.

You can find more information by clicking HERE.

Leave a Comment » | Forensics Beyond the Hard Drive, Tools and Tips | Tagged: , , , , | Permalink
Posted by inforensics

Weekly Highlights: September 10, 2012

September 10, 2012

Things You Might Have Missed Last Week

(Highlights in legal and electronic discovery news for the past week)

Interesting Electronic Evidence Cases

Robinson v. Jones Lang LaSalle Americas, Inc., No. 3:12-cv-00127-PK (D. Or. Aug. 29, 2012)

The defendant was seeking to compel production of discovery in (among other things) “all social media content involving [Plaintiff] since July 1, 2008” related to the Plaintiff’s “‘emotion, feeling, or mental state,’ to ‘events that could be reasonably expected to produce a significant emotion, feeling, or mental state,’ or to allegations in [Plaintiff’s] complaint.”.

Magistrate Judge Paul Papak (Oregon) found:

“I see no principled reason to articulate different standards for the discoverability of communications through email, text message, or social media platforms. I therefore fashion a single order covering all these communications.”

Link to Opinion PDF

Apple, Inc. v. Samsung Elecs. Co. Ltd., No. C 11-1846 LHK (PSG) (N.D. Cal. July 25, 2012)

The Defendant in this case was sanctioned for the loss of relevant emails due to Defendant’s failure to follow-up with employees to ensure compliance, and the Defendant’s failure to halt the email system’s auto-delete function.  Sanctions included an adverse inference that allowed the jury to presume that the missing evidence was relevant and favorable to the Plaintiff.

Link to Opinion PDF

Weekly Highlighted Case

EEOC v. Simply Storage Mgmt., LLC, 270 F.R.D. 430 (S.D. Ind. May 2010)

This case can be very useful when dealing with social media electronic evidence matters.  It was utilized by the Oregon magistrate in the above listed case (Robinson v. Jones Lang LaSalle Americas) when forming his opinion.

The defendant in this matter was seeking production of claimants’ social networking site profiles, as well as other communications from social sites used by the claimant.

Last May, the Great State of Texas saw a similar matter that relied, in part, on the EEOC case:

IN RE MAGELLAN TERMINALS HOLDINGS, L.P. AND MAGELLAN MIDSTREAM HOLDINGS GP, LLC 
Link to PDF Document

Electronic Evidence News

State Bar of Texas Alert Says ‘Scam Artist’ Stole Nonpracticing Lawyer’s ID for Fake Website

West Let Off the Hook on Web Malpractice Claim

OJ Simpson Prosecutor: Johnnie Cochran May Have Tampered with Bloody Glove

Leave a Comment » | Admissibility, Cases, Forensics Beyond the Hard Drive, Inforensics News, Investigation, Production, Reading | Permalink
Posted by inforensics

Quick Tips For Preserving Social Media

June 6, 2011

There is no arguing that social media sites are a boon for information related to a case, and not just for Family law, but also for corporate litigation as well.  We have had tremendous success with using social sites to tie component pieces of  a hard drive or cell phone investigation together.

The proliferation of social websites like Facebook can create discovery issues, though: How do you properly preserve a social site?  How do you deal with the opposing side arguing that the request to preserve is “overly burdensome”?

In this article I will walk you through three of the most popular social media sites and some techniques to preserve them easily.

1: Facebook (www.FaceBook.com):  Facebook is probably the easiest site to preserve.  The user can simply go to “Account Settings”, scroll down to “Download Your Information”, and click on “learn more”.  From the Facebook description:

“This tool lets you download a copy of your information, including your photos and videos, posts on your Wall, all of your messages, your friend list and other content you have shared on your profile. Within this zip file you will have access to your data in a simple, browseable manner.”

Once the user clicks “Download”, FaceBook will aggregate the information and email a link to the download.  Depending on how much information is there, this can take several minutes or even hours.

2: LinkedIn (www.LinkedIN.com):  LinkedIN is a site geared more towards a professional profile than Facebook.  We have been successful in using it to uncover additional email addresses, business documents, associations and affiliations primarily in Corporate cases, but it has factored into family law cases before.

The good news is that, while the Facebook preservation method is only useful if you are the specific user, LinkedIN can be documented for the profile information of other users.  The bad news is that it is slightly more complex than Facebook to preserve (but not much more!).

The easiest way to archive a LinkedIN account is to already have one yourself, or to create one.  NOTE: If the person you are archiving has LinkedIN’s upgraded service, or has agreed to let others see when they view a profile, they will be able to see that you viewed their profile.  I’m not going to encourage you to break the Terms of Service by creating an archive account, but that is one way to get around this.

Next, you will want to navigate to Profile-> Profile Organizer.  This is actually a paid service offered by LinkedIN, but usually it has a free 30-day trial.  More importantly, the free trial does not require a credit card.

Once you sign up for the Profile Organizer, you will be able to search for specific individuals, companies, etc.  When you find a profile you can save it to your organizer, archive it, and print it to a PDF.

3: Twitter (www.Twitter.com): Unlike the others, Twitter doesn’t have an actual built-in archiving functionality.  Twitter DOES have a great advanced search function that you can access at: search.twitter.com

Once on the Twitter search site, look for the “Advanced Search” link.  This will allow you to drill into searches by user, dates, topics, specific words or phrases, locations, etc.
Once you have search results, you can print to PDF, save the list, or use the nifty RSS link in the upper right called “Feed for this query”.

Leave a Comment » | Forensics Beyond the Hard Drive, Tools and Tips | Tagged: , , , , , , | Permalink
Posted by inforensics

Eight Strategies To Control Information Forensic Costs

April 12, 2011

I’m often told that the biggest barrier to introducing information forensics to a potential case is the cost of doing so, and I believe it.  It is hard to explain to a client that they may expend resources with no return on the expenditure, and yet effective use of information forensics can be a valuable part of case strategy.  Here are eight strategies to effectively control information forensic cost:

  1. Prioritize Systems. In cases where there are multiple computer systems, hard drives or electronic devices involved, try to identify which ones are more likely to contain key evidence or facts in the case.  Your expert should be willing and able to help you do this, based on the facts of the case and the role of the devices involved.
  2. Image and Hold. Perform forensic imaging of the systems and devices involved to preserve them, but unless there are other factors involved you may not need to do analysis on ALL the systems at once.  Start with the high priority systems, and then see if there is likely to be value on the other systems or devices involved.  “Image and Hold” can also be an effective early strategy for a single computing device as well.
  3. Be Selective. We are often approached with multiple cell phones and hard drives.  One of the first questions I ask is if the cell phones were potentially backed up on one of the computer systems.  If so, then we can often process the backup (or “synch”) of the cell phones just as though we had the cell phone itself.  This helps to prevent duplicating cost.
  4. Evaluate Before Analyze. Full disclosure: This is a self-serving statement, in that Vidoc Razor runs a flat-rate evaluation service, but that doesn’t make it any less true.  Your expert must be able to provide an evaluation of the computer systems involved to identify which devices are useful to a case, versus ones that are redundant or don’t contain case useful information.  Make sure that the evaluation is  in context with the case, and not a simple cookie-cutter print-out of log files.
  5. Look for Flat-Rate Services. I have heard many complaints of forensic costs that run wild because of hourly rates.  It isn’t hard for a forensic service to provide cost-effective, flat rates that still provide high-quality results.  Your expert should be interested in looking for a long-range relationship as part of your legal arsenal, rather than getting rich off of a single big case.
  6. Understand the Differences Between Data, Information, and Intelligence. This seems like semantics, but it really isn’t.  Data is a stream of un-evaluated, un-interpreted symbols.  Information is what data becomes once it is useful (in context).  Intelligence is what information becomes once it becomes fact.  Once you stop thinking about “data forensics” and start utilizing “information forensics” you can find all three in a variety of places beyond the hard drive, or as a supplement to the evaluation or analysis performed on a hard drive or cell phone.
  7. Know Your End-Game. It is easy to get caught in the flood of information that can open up in the effective use of information forensics.  It is equally easy to chase down information that doesn’t necessarily support your overall case strategy.  For each new  tributary that opens up to you, ask yourself if it is actually something that supports your end-strategy, or potentially alters it.  If not, then why spend resources to chase it?
  8. Take a Deep Breath. If I had a nickel for every time I have heard the phrase “I am completely computer illiterate”, I would be living on easy street.  In a Yogi Berra-esque way: “This ain’t rocket surgery.”  For some reason the mere exposure to electronic investigation causes people to shut down.  While information forensics can be very technical, I promise you that the average attorney has dealt with much more complicated issues.  Take a deep breath and enjoy the new strategies and brand new streams of information that open up to you and your client and augment your ability to argue your cases.

Next Post:  Effective Information Forensic Strategy

Leave a Comment » | Forensics Beyond the Hard Drive, Inforensics Opinion, Tools and Tips | Tagged: , , , , , , , | Permalink
Posted by inforensics

Stripping Anonymity From the Internet

January 13, 2011
Stripping anonymity is like peeling an informational onion. It is about tying together otherwise benign pieces of information that, in the aggregate, allow you to identify, uncover, and infer the existence of other pieces of information. 

Pieces of information across the internet can be pulled in from so-called “Dark web” sources (sounds sexy, right? It actually just refers to information that is contained in databases that are not indexed by search engines), public records, search engine indexed information, metadata information contained in posted documents (photos, PDF docs, various graphics formats, etc.), online newsgroups, social media sites to name a few.

Using these pieces of information to uncover locations, associations, activities, behaviors and motives is entirely possible (and, in fact, is done every day in active investigative work), but not in every case. As you may imagine, it is easy for the thread to get broken and for a logical disconnect to occur. The trick is to combine inductive and deductive reasoning with the real information you find, and then to develop theories about other possibly available pieces of information and test those theories.

At a certain point any investigation, electronic or otherwise, will likely require “boots on the ground” to verify assumptions.

For your reading pleasure I’ve provided a link to a popular story back in 2006 about the accidental release of “anonymous” search results by AOL and the subsequent work done by a NY Times reporter in using aggregated information about search queries to strip anonymity.

http://select.nytimes.com/gst/abstract.html?res=F10612FC345B0C7A8CDDA10894DE404482

Wikipedia entry on the same incident:

http://en.wikipedia.org/wiki/AOL_search_data_scandal

Leave a Comment » | Forensics Beyond the Hard Drive, Inforensics Opinion, Tools and Tips | Tagged: , , , , | Permalink
Posted by inforensics

Qualifying An Expert Using Open Source Information

November 2, 2010

“Knowledge is of two kinds. We know a subject ourselves, or we know where we can find information upon it.” – Samuel Johnson

Those that have heard me speak on electronic forensics know well the distinction that I make between data forensics and information forensics (“inforensics“).  The distinction is very clear:  data is a stream of unevaluated symbols, and information is the point at which the symbols become useful.

The inforensics approach also encompasses the use of relevant information and evidence that extends beyond the hard drive and can be used even when there is no hard drive or direct electronic platform available.

Take for example researching experts.  Using “open source information (OSI)”, sometimes referred to as “Publicly Sourced Information”, one can research a retained or opposing expert very effectively.

What Are Your Sources?

Google is a great place to start, and for purposes of this post we will focus primarily on Google – although the attachments to this post include other resources that you may explore as well.  There is definitely “life after Google” and you should explore it.  Possible research sources can include:

  • Newsgroups
  • Social networking sites (Facebook, Myspace, LinkedIN, etc.)
  • Blogs
  • Online news resources
  • Registration databases (websites, public records, etc.)

What Types of Information Are Out There?

In general you will be working with two main categories of information on the web:

  • Indexed Information.  This is information that has been picked up, searched and indexed by a search engine.
  • “Deep Web” or “Dark Web”.  This sounds mysterious, but really just means information that is usually in a database and has not been indexed by a search engine.  The location of a particular database can be found using a search engine, but the information contained within the database is usually accessed directly via the site that provides it, not a search engine.

Registration databases tend to fall into the”Deep Web” category, whereas many newsgroups can be searched directly through Google or a search engine.

What to Look For?

You might start with making a list of information you want to know about your expert, or an opposing expert:

  • Areas that indicate bias.
  • Published works.
  • Attributed quotes.
  • Other activities.
  • Work history.
  • Multiple versions of a CV.

These are just some examples.

Where Do I Start?

Start with the “Google Cheatsheet” PDF document that I have linked to this post.  For life beyond Google you can look at the “Deep Web Cheatsheet” that is attached.

Google Cheatsheet rev. 201011

DeepWeb Cheatsheet rev 201011

Last Minute Tips

If you are not already comfortable doing so, learn how to use “Browser Tabs” in your internet browser.  This will help you organize information you find and will allow you to conduct multiple-threaded searches.

Good luck!  As always, if you are an attorney or member of law enforcement and want to contact me to ask questions feel free to do so.  This post is actually a distillation of a 1.5 hour CLE training, and an 8 hour training that has been done for TCLEOSE credits.  If your law firm, legal association, or branch of LE is interested in the full training, I am happy to help.

Leave a Comment » | Forensics Beyond the Hard Drive, Tools and Tips | Tagged: , | Permalink
Posted by inforensics

Please Disseminate:  Abused Women and Electronic Trace Information (in memory of Sandy B)

February 12, 2010

As many of you know, I recently had a case that ended tragically in a murder/suicide.

My client was an incredible woman who was trying to escape an abusive situation.  She had already fled her home and was working with a safe house.

It is my opinion that her husband used a specific electronic method to obtain information and identify her location.  He then followed her and waited until she came out of a store, ran her down with his vehicle and then took his own life.

Since this occurred I have spoken with a few safe house organizations and have come to realize that, while there is a marked increase in the use of electronic means to track an abused spouse, there is not a corresponding level of information on how to “Cut The Electronic Cord”.

In a recent Houston Chronicle article (Mary Flood, “Till Texts Do Us Part”, Houston Chronicle, Front Page, 12/17/2009) I covered with Ms. Flood a few of the areas that can be abused on cell phones and mobile devices.  While the article was helpful to a number of people, for some of them it was helpful in a way we had not intended — they were planning to use the information to further their own nefarious ends.

Realizing all of this, I have developed a web seminar that I will offer free to safe house organizations, divorce and family attorneys and abused women to attempt to share my knowledge base in the area of cutting electronic trails.  The webinar is entitled “Cutting the Electronic Cord: Managing Electronic Trace Information” and runs approximately 30 minutes.  I will provide the web seminar facility, call in number, and other resources to make this available.  There will also be a facility to handle live questions.

The seminar is NOT a marketing ploy and there will be absolutely NO commercialization or pitching of any products.

I have chosen my cause – and this is it.

If you are a family attorney or safe house organization you may contact me and schedule the webinar on your timetable.  Please be ready with at least three dates and times so that we can correlate calendars more efficiently.

On a go forward basis, I invite attorneys, safe house organizations and abused women to contact me free of charge for consultation.  I will supply safe house organizations with my direct cell phone for emergency events regarding questions related to electronic tracking means.

I am asking my business contacts, Facebook and Twitter contacts to disseminate this information, as well as my contact information, to appropriate sources so that we can start an education program in earnest.

With regards,

Aaron Hughes, CISSP
Vidoc Razor, LLC
Aaron.Hughes@VidocRazor.com
713-474-2286

1 Comment | Forensics Beyond the Hard Drive | Tagged: , , , | Permalink
Posted by inforensics

Forensics Beyond the Hard Drive: Kindle 2 Logging

June 26, 2009

Platform: Kindle 2

Artifact Type: Log

Information Type: GPS Location

Caveats: Debug mode and 611 logging must be on.

Usefulness: Very Limited

I was interested in what information was available via a Kindle 2 to assist in investigations.  In poking around to see what work others have done I found two sites that were really in depth and had great information:

Kindle Hacking: http://kindle2hacks.com/

Igorsk Blogspot: http://igorsk.blogspot.com/

These two sites do a great job dissecting the Kindle and Kindle 2.

Because inquiring minds want to know, I did a cursory review via FTK and Encase of a brand new Kindle 2, and did not find a whole lot that was very interesting.  Based on my reading of the two blogs above, it seems the more useful bits occur once you have access to the actual filesystem.

One item caught my attention: the “611 Log”.  Upon activating debug mode and turning on this log, one thing immediately stood out:  Latitude and Longitude information.

It is important to say that this log is going to be limited in an actual investigation, but it is worthy of note just the same.

The primary items that limit its usefulness are:

  • It is not on by default
  • It only logs GPS coordinates when the Kindle 2 is actually turned on (screensaver is not “On” for our purposes)
  • The readings are from cell towers, and not actual queries to GPS satellites, so the information is definitely not as accurate.

*** Important Note:  I am not forcing you to do stuff to your Kindle 2, if you do and mess your device up you have no one to blame but yourself.  These steps worked great for me, you take the life of your Kindle 2 in your own hands if you decide to play along. ***

Now that I have doused you with cold water, here is how you actually turn the logging on:

Follow the excellently written directions found on the Kindle2 hacking blog here. Look for the “Enable Debug Mode” section.  Do not continue on through the USB networking section… unless you just want to!

Next, type:   ‘help

That is a single hash, found near the “}” under the Sym menu, followed by the word help.  All of your commands from here on out will be prefaced with that character.  You should see an informational pop-up that looks like this.  Take a moment to enjoy some of the possibilities of what you are seeing.

Next, close the pop-up and type the following: ‘log611

There will be a short hesitation, a screen blink and that is it.  When you plug your Kindle 2 into the USB cable and attach to your system you will find a folder called “611” and a log that is formatted: YYYY.MM.DD.HH  (Hour in military time).  Open that log and peruse to the “1xRTT” section.  In this section you will find “Latitude” and “Longitude”.  These are the coordinates supplied by the cell tower.

If you turn off the Kindle 2 (ie. hit the slide button so the screensaver comes on) and travel, this log will not add information until you hit the slide again and it has a chance to hop back on the network.

To turn off the logging:  Go to “Menu”> “Settings”.  Then hit “Menu”>Restart.

3 Comments | Forensics Beyond the Hard Drive | Permalink
Posted by inforensics