Blog: 09.09.24

Staying Secure Online: Essential Tips for Investigators

Staying secure online is no joke. Investigating is already challenging, and rigorous information and operational security (OpSec) measures can make it even more arduous and tiring.

Falkor helps analysts of all kinds investigate securely and anonymously. We've decided to share some general best practices for analysts, regardless of budget.

Tip 1: Use a Password Manager

The first tip is to start using a password manager. This is a recommendation for everyone, not just those working in investigations.

What is a Password Manager?
Password managers are personal vaults that allow users to store and encrypt all their login information for various sites. Most importantly, they generate random passwords for every service you use.

Why is This Important?

It’s part of risk management. At some point, one of your online accounts—whether personal, work-related, or for investigations—will likely be exposed. This exposure could include your registration information, such as IP address, name, email, password, phone number, username, and other data.

If your password is exposed, it’s especially problematic because many people reuse passwords. If an older or insecure hashing algorithm is used to hash your password, or worse, if it’s stored in cleartext, that password could be used to access not only your account but also other accounts.

How Password Managers Help:
Password managers mitigate this risk by generating randomized passwords for each of your accounts. If one account is exposed, only that account is at risk.

Choosing a Password Manager:
There are many options available. When choosing one, make sure it is truly secure and not vulnerable to being hacked.

Password: A great example, storing your data locally and keeping it encrypted with a secure key that only you have access to. Even if 1Password were compromised, your data would remain secure.
Keepass: An open-source, free alternative.

Other providers also offer great products, so choose one that fits your needs.

Investigation-Specific Advice

Now that we’ve covered the basics, let’s move on to advice specifically for investigations.

Tip 2: Carefully Select Your Investigation Workspace

One common option is setting up a local VM (Virtual Machine) using VMWare or Oracle Virtualbox, then configuring a VPN and other security measures on top of that. This should be done on dedicated investigative devices, not on your personal computer, as the VM + VPN option isn’t bulletproof and can be compromised.

Steps to Set Up Your Workspace:

Select Your VM Provider:
We recommend VMWare Pro for its ease of use and modularity. Set up a VM of your choice—Kali Linux, Ubuntu (our recommendation), Trace Labs, or others. Ensure it is configured securely without any identifying information, and never mix it with personal or professional information.
Choose a VPN:
VPN selection is crucial. We recommend IVPN or Mullvad for their high degree of security and anonymity, including a no-logs policy and anonymous payment options. Free options like ProtonVPN may be acceptable but are often blocked by mainstream sites.
Harden Your Browser:
Select a privacy-oriented browser like Brave, or configure Chrome or another browser properly. Regularly delete cookies, turn off tracking, and install privacy extensions like PrivacyBadger.

Secure Environment Providers:
Consider using secure environment providers such as KASM Systems or Authentic for general browsing. For enhanced security and anonymity in investigations, check out Falkor for a holistic solution.

Final Tip: Indirect Page Access

Often, you’ll need to access risky domains during investigations. Accessing a domain leaves traces. One of the best ways to protect yourself while tracking your investigation and evidence is to archive a domain before visiting it.

How to Archive a Domain:
Use the Wayback Machine or Archive Today to keep a record of the domain. This allows you to visit it frequently without the domain knowing you ever accessed it!