Basic E-mail Security for the Private Investigator
By Julie Posey
Email: investigator@pedowatch.org
http://www.pedowatch.org

 

 As private investigators become accustomed to a more technological society,
we need to be aware of the challenges of Internet based investigations. The
investigator must have the proper tools to do an online investigation and
the ability to gather evidence and at the same time not jeopardize the
integrity of his/her cases.

E-mail communications are widely used for networking with other
professionals. The thing that we must keep in mind is that there are risks
to sending sensitive information in standard e-mail messages. A message can
be easily addressed improperly and end up in the wrong hands as well as
intercepted before it gets to the intended recipient. Send only information
that is required. I once did a case where there was some question about my
experience so I sent a copy of my resume attached to e-mail. I was rather
shocked as I sat on the witness stand as my resume was entered into defense
evidence as "exhibit A" becoming a part of public record forever.

Using encryption software such as:

PGP http://www.pgp.com

Norton Secret
Stuff http://www.symantec.com/region/uk/product/nss/fs_nss.html

and other savailable is a good idea but your e-mail and any attachments containing
sensitive information are still only as secure as the person you send them
to. The use of encryption alone only prevents someone from reading your
mail and whatever attachments included in it if it happens to get
intercepted.

As you would not go showing your case files to your friends and neighbors,
you would not want to post personal information about your client or your
subject such as Social Security Numbers, birth dates, license plate numbers
and other identifying information in e-mail, public or private forums, on
public or private mailing lists or on Web sites. Every subscriber on a
mailing list receives a copy of everything that is sent and it remains on
his/her hard drive until they decide to delete it. Many mailing list host
sites such as:

e-Groups/Onelist http://www.onelist.com
archive the messages sent to mailing lists.

These can be viewed by current members as well as
future list members.
DejaNews http://www.deja.com

has newsgroup archivesclear back to 1996 and is now archiving their discussion areas as well.These archives and discussion areas are searchable by e-mail address of the
author, date and keyword. You may want to use one of the following products
when sending e-mail to colleagues.

Disappearing, Inc. has a service that allows you to send e-mail that will
literally self- destruct after a specified period of time. It is eliminated from
the sender's PC, the recipient's PC, mail servers and even the backup tapes that
are sitting on shelves. It works with the common e-mail clients such as Eudora and
Microsoft Outlook.


For details on this product go to http://www.disappearing.com/

QvTech, Inc. offers e-mail service with features including an expiration
date when the message will become unreadable, a read only feature that disables the
recipient's ability to cut, copy, paste and print. For details on this product go
to


http://www.qvtech.com/

1on1 Lite is so sure of the security of their e-mail product that they are
offering $50,000 to anyone who can crack it. Features include header
encryption,

http://www.1on1mail.com/

Be aware of US import/export laws regarding
this encryption software.

If you are sending e-mail to multiple recipients using the "carbon copy"
feature of your e-mail client, remember that all the people that you send a
message to have each other's addresses unless you suppress the list of
e-mail addresses to your recipients. An easy way to do this is to put your
address in the "To" section and but the rest of the addresses in the "BCC"
or 'blind carbon copy" section.

I can't emphasize enough how important it is to keep backups of all e-mail.
This includes both e-mail that you send and e-mail that you receive. You
never know when you are going to be called upon to produce that message
again. I'm always getting calls from either an investigator or a law
enforcement officer that tells me that they need a message that I've sent.
Some even say that they didn't't get the message. It makes things go much
smoother when you can locate that message and resend it. I would suggest
backing up the files that contain e-mail and storing them somewhere other
than your hard drive. The ideal situation would be to back up the e-mail and
store the disk at another location other than your home or office. Here is
some information on what to backup:

Microsoft Outlook
There is one large file that contains all of the mail, calendar,
contacts, etc. The name of this file depends on your setup. To find it, click on "Start", then
"Find", and select "Files and Folders". In the top box where it says "Named" type in
"*.pst" and then click on "Find Now." Remember not to use the quotes. If you are using

Microsoft
Exchange Server, your file will end in .ost instead of .pst. For more details go to:

http://chkpt.zdnet.com/chkpt/xlinkhelp/http://www.zdnet.com/zdhelp/stories/m
ain/0,5594,903410,00.html

Eudora
Everything with the .mbx extension and the corresponding files with
.toc extensions contain your e-mail. For more information visit the Eudora Web Site at

http://www.eudora.com/techsupport/kb/1602hq.html

AOL
Your AOL e-mail is only saved for a certain length of time. You can
save it for longer periods by saving it to the "Personal Filing Cabinet (PFC)"
On the "My AOL" menu on the AOL toolbar, click "Preferences." In the "Preferences" window, click "Mail". Select one or both of the following:

To save outgoing mail, select the "Retain all mail I send in my
Personal Filing Cabinet" check box.

To save incoming mail, select the "Retain all mail I receive in my
Personal Filing Cabinet" check box. Click "OK."

Although most of the virus warnings that you may see in mailing lists or
get from friends are hoaxes, there are some real ones. A virus can pose a
threat to your entire system and depending on what virus you are infected
with, it can wipe our your entire hard drive if you don't take precautions
against them. Here are some simple rules that will help you avoid getting a
virus:

NEVER configure your email program to execute attachments automatically.
Configure your Web browser to launch Wordpad or Wordviewer when it
encounters Microsoft Word templates. This will help you avoid executing a macro virus.
Use a quality anti-virus program that scans files whenever they are
accessed by your program or operating system. Keep the anti-virus software updated. Even if you know the person real well that's sending you an attachment, scan it with your anti-virus software.

Here are some resources for virus protection:

· McAfee Anti Virus http://www.mcafee.com/
· Norton Antivirus http://www.symantec.com/
· Admiral Virus Scanner http://www.yellowforest.com/

I hope that this article has been helpful and has helped you see that with
just a few precautions, e-mail can be one of the most effective
communication tools available to the private investigator.

HOW TO INVESTIGATE BY COMPUTER 2000
Interactive Training CD

THE DIGITAL DETECTIVE!
CD Training On How To Discover/ Recover/ Clone Files
From A Computer