Computer Forensics Inc. Electronic Evidence Experts
What's New? Tip of the Month Site Map
What's New? - Press Releases

CSI for Your Home PC: Cybersleuth Offers 6 Tips for Keeping Kids Safe

SEATTLE– September 15, 2004 – Television crime shows often depict computer forensic examiners seeking out a smoking gun clue in a complex murder mystery, but what can parents do to monitor their children’s Internet activity and help keep them safe?

According to Joan Feldman, founder and president of Seattle-based Computer Forensics, Inc. and one of the nation’s foremost authorities in the field of computer evidence discovery, there are six simple tips that virtually any parent can follow in order to conduct CSI on their home PC:

1. Become a Cybersleuth

According to Feldman, the first step toward investigating the use of your home computer is to understand how Microsoft Windows manages Internet activity. For example, all Web-based email messages, such as those from Hotmail and Yahoo Mail, and each Web page visited by kids get transferred to the home PC. These files are stored in the Internet “cache” (e.g., the “Temporary Internet Files” folder created by Internet Explorer) and do not go away when the user signs off the Internet. “It’s important for parents to understand that the contents of any type of Web page their kids view may still be stored on their computer’s hard drive,” says Feldman. “The clues are often sitting there, just waiting to be discovered.”

There are a few simple procedures that any novice computer user can follow to track activity on their home PC. Of course, it’s important to understand that these procedures are not true forensic procedures and should not take the place of a computer forensic examination, when something that professional is warranted. “Any parent who is willing to become an amateur cybersleuth can fairly easily learn where their kids have been while they were on the Internet,” says Feldman.

2. Darkroom Detective

The majority of photographs viewed on the Internet are in a format known as “JPEG,” which refers to files that end in the extension “.jpg.” When a user surfs the Web, the graphics within each page are downloaded to the user’s computer hard drive and stored in their “Temporary Internet Files” folder until they are deleted. This folder contains both individual graphics and entire Web pages that have been viewed from that computer. According to Feldman, parents can use the Windows search tool to find all “.jpg” files stored on their hard drive and locate all JPEG files in the directory structures for the entire PC.

3. Follow the Cookie Crumbs

As opposed to the trail left behind by kids in the kitchen, these cookies are small files placed on a computer hard drive by the Web sites they visit from the home PC. This is the way that Web site owners track their visitors and identify who has previously visited their sites. Cookies are located in a folder labeled “Cookies” that is stored in the same general area on the PC as the Temporary Internet Files folder, so it’s fairly easy for parents to search this folder and review the names of the files. “Web sites that contain adult-oriented material typically leave cookies on your PC that are obvious and easily identifiable by file name,” says Feldman.

4. Seek Out Hidden Files

Image and movie files take up large amounts of space and take a long time to download, so frequent computer users quickly learn that these kinds of files are better kept on the computer’s hard drive, rather than re-downloading them each time they go back to their favorite Web site. “A savvy Web surfer will typically hide adult-oriented files deep in the computer’s directory structure, such as those in the Windows system directories, in order to slip them in places not likely to be noticed by other users of the computer,” explains Feldman. “Since these files tend to be large, parents can use the Windows search tool to locate files based on size, rather than by file name or extension. They can then review the names of these files one at a time to see if any concerns are raised.”

5. Embedded Clues

Internet browsers, such as Microsoft’s Internet Explorer, download Web-based email messages (e.g., Hotmail and Yahoo Mail) and Web pages visited to the computer’s hard drive for viewing. That means these pages can still be viewed when the computer is disconnected from the Internet. To see the pages, make sure you are working “off-line” and use the search tool in Windows to find all files that have “.html” or “.htm” contained in the file name. According to Feldman, parents can then use the “Details” option in Windows to reveal information about each file, such as the last time the file was modified. This will provide an idea of when the page was last viewed.

6. Keep Your Cool

“It’s crucial for amateur cybersleuths to understand that one piece of information gathered from a computer is not evidence of wrongdoing, and all of the evidence needs to be considered before parents reach a conclusion,” says Feldman. There are reasonable explanations for finding a few inappropriate files on a computer’s hard drive, such as unwanted Web pages that pop-up on the computer screen or offensive email from an unknown source, so parents should never rush to judgment too soon and always give their kids the benefit of the doubt.

“The goal with this advice is not to turn parents into snoops invading their kids’ privacy, but rather to help them protect their kids from smut peddlers and anonymous predators roaming the Internet,” concludes Feldman. “Perhaps by showing your kids that you know how to routinely perform CSI on the home PC in order to find unwanted material, everyone can avoid an unsafe or embarrassing scenario down the road.”

Founded by world-renowned data discovery expert Feldman, Computer Forensics Inc. (CFI) pioneered the fields of electronic media discovery and electronic risk control in the early 1990s. CFI’s clients rely upon the company’s certified forensic, discovery and testifying experts for services including e-discovery strategy consulting, hard drive imaging and analysis, and tape restoration. The company provides electronic discovery planning and technical support to the nation’s most respected law firms and corporate law departments, helping uncover electronic evidence buried in email files, desktop and laptop computers, network servers and backup tapes.

Computer Forensics Inc. is headquartered in Seattle and operates a regional office in Lawrence, Kansas. For more information, please call (206) 324-6232 or go to www.forensics.com.

Media Contact:
Teague Communications
Daryn Teague, 661-297-5292
dteague@teaguecommunications.com