Lee focuses mainly on active online monitoring, or looking at online activity of certain individuals or groups to detect signs of potential danger. He says that one useful tool is Google’s Alerts function, which lets users enter key words and set Alerts to monitor certain chat rooms or news sites for occurrences of those words. “It can be helpful if you can’t check sites yourself [too frequently],” says Lee.
Investigators must be careful of the legal limitations when using social media, however. Universities can create a policy on monitoring and have students and other relevant parties sign off on it, advises Lee. With regard to any other aspects of investigating online, such as using fake profiles, security professionals should consult legal advice to ensure that no laws are being broken.
When it comes to using any evidence gleaned online in a court of law, there are numerous challenges and unsettled issues, says Benjamin Wright, an attorney as well as an instructor on data security and investigations at the SANS Institute. There have been at least a few cases in which courts have said attorneys couldn’t use any information acquired online through deception, he says. Sometimes the evidence is rejected because it cannot be verified or the source is unclear—for example, there may be no way to prove that the information discovered online was not posted by a roommate or someone else with access.
For that reason, according to Wright and other experts, investigators will sometimes use social media and other online resources as a way to attempt to gain some initial information. Then later they can carry out a more formal or traditional investigation.