How to Catch a Cheat

Let me guess... You're in a marriage that just doesn't seem like it has been up to par. You think maybe it is because of the stress of work, the kids, or some inexplicable changes in how your spouse is behaving. You've been aware something is wrong but you can't pin it down.... until... that first piece of randomly discovered evidence slaps you awake. Maybe it was a call you answered in the middle of the night, a piece of mail your spouse forgot to hide, a text message you read over their shoulder.. Whatever it was, it hits you like being slapped with a raw fish. Unbelievable, painful, stinky. In a snap, your mind is reeling and you have the emotional equivalent of cosmic gut-punch. What do you do now?

How to Go from Emotionally Devastated to Impartial Investigator

Okay, that's not going to happen. Accept that you will not be impartial but you need to figure out how to avoid obsessing. While you are digging for the truth in your most important personal relationship you need to realize that there are boundaries you need to set for yourself. Here is my list:

Boundaries

1. Don't hurt anyone. It doesn't matter how much they might deserve it, just don't do it.
2. Don't cheat your kids out of time with them because you want to go investigate/brood over your sorry life.
3. Don't be unproductive at work. Still earn your paycheck. Work stress can help displace family stress for 40 hours per week and that is wonderful!
4. Know when to fold 'em. If you're in too deep during your investigation, get out of the pool and come back later. Knowing when to walk away is an essential skill.
5. Have a lifeguard. My lifeguard was an ex-co-worker who lived 3,000 miles away and didn't know any of my friends. When ever things were too dark, too painful.. My lifeguard was there to talk me down from being a danger to myself or others.

Setting Expectations for Yourself

Also, figure out what you need to figure out.

1. There is no *WHY*? - only *WHAT*?. You will never find out why. Nothing you will find will explain the reason for infidelity to your satisfaction. You need to learn to let it go... "What" is defined as documenting facts about actions, dates, people, time. That is what is returned by all your efforts in an investigation.
2. Are you arming yourself for a legal battle? If so, STOP right now and talk to a lawyer. Investigating on your own can compromise you legally. It can remove the validity of what an investigator can bring to divorce hearings. Just imagine how quick the computer records would be thrown out of court when the judge hears you have been tampering with your spouse's computer!
3. Are you going to try to save the marriage? Or at least leave the door open to it? Then get into marriage counseling right now. A good marriage counselor can help you work through confrontations as well as persuade your spouse to be honest.

Computer Investigations

First Step - Baseline

In order to gain insight to your spouses behavior you should gain access to their computers, phones, cameras, and other electronic devices. Your goal at this time is to make a base-line copy of their files to investigate later.

Computers

Try to make a forensic copy of the hard drive. Include copying the free-space of the drive. You will need to store this on a device with at least as much capacity as the target hard drive + 20%. The most accessible software for this comes from OSForensics from Passmark Software, briefly discussed here.

If you are unable to do this process through time or material constraints, copy their important files. These are listed in their user profile on the computer. This includes everything under the path C:\Users\WindowsUserName\ for Win7 and C:\Documents and Settings\WindowsUserName\ for WinXP. Transfer these to a portable hard drive. Be sure to include Hidden and System files when you copy and paste!

These important files include the data in their Skype profile and browser history. I've discussed Skype before, as it is a very juicy subject, here and here. Browser data is juicy too, a more detailed discussion was posted int he subject here.

Save points/Restore points - these would be ideal to access. However, they do not back-up all of the files in the user's profile.

Phones

Access the phone logs on the device and export. Export contacts. Scan the internal memory for media (pictures, video). Remove the media card and use a recovery tool as explained in the 'Cameras and Other Media Devices" topic, below.

Note- It may be possible to access internal phone memory with a data recovery tool. Just link the phone to your own computer and run the recovery software on the device that shows in windows explorer. I believe this accesses both internal and removable memory but I have not tested it.

Cameras and Other Media Devices

Use a media rescue tool to recover data from the cameras, camcorders, GPS systems, and anything else a SD or Micro-SD card could fit into. I wrote about recovering data from devices here.

Second Step - Monitor

Install spyware if you are comfortable doing so. It is an easy process but has moral and legal ramifications. I have an in-depth introduction to spyware here.

You could also continue to take 'baseline snapshots' periodically. This would require you to access the target systems regularly and save a new copy of the important files each time. This is very time consuming.

Smoke them out. Not everyone is behaving badly all the time. You may need to say or do something to get your spouse to act inappropriately. It may just be as simple as going away for the weekend and letting them do what they would normally do. It may also be relating to some bit of info you have already found out... if you know one of your spouses friends cover for them while they are supposedly doing something different, message that friend and ask what they are up to - maybe even let them know you are suspicious. It will get back to your spouse and they may react by reaching out to their other significant others.

Third Step - Research

Wrangle every last piece of information you can out of the data you have. Here's some quick tips:

1. Recover deleted files as discussed here.
2. Look for the Thumbnails index, Thumbs.db Viewer as discussed here is a great tool.
3. Attack Skype as discussed here and here.
4. Raid browser data as discussed here.
5. Deeper delving

Fourth Step - Laying it Out

Now you have some data. You made it into information through research and connecting the dots. I wrote about structuring mass data here.

From here on out you are the investigator! Dig up clues, follow leads, document the facts. It would be a fun game if it were not for the reason you are doing it in the first place.

Here are some other helpful investigating tips..

Non-Computer Investigations

Not everything you can find useful will come from a phone or hard drive. Here are some non-computer tips for investigators:

1. Be the one who gets the mail every day. Look for bills, bank statements, credit card bills, collection notices, etc that suggest you spouse has another spending account.
2. Read all credit card statements and bank statements for ATM withdrawals, pay attention to dates and locations of charges
3. Order your and your spouse's credit reports from the three credit bureaus. This will show items such as credit card accounts, bank accounts, bank overdraft loans and other financial accounts your spouse may be using to pursue their activities.
4. Check the odometer on their vehicle. Note how far they drive to and from work on a daily basis and look for spikes in mileage if they have to 'work late'.

Behavioral Observations

Below are some examples of observing the behavior of your spouse to help develop avenues for further investigation:

1. Do the unexpected!
1. Before going out on an urgent errand, tell your spouse your car has a slowly leaking tire or is making a funny noise. Tell them you can't find your phone so they should let them borrow their phone just in case you need help on the road. Observe how reluctant they are to lend you their phone. 
2. Let your spouse know in advance that you are going on a business trip (or need to visit family). When time comes for your trip, head off but go to a movie. Come back home after a few hours and see if there is any panic from your spouse. You may want to consider an overnight stay when you head out and show up in the middle of the time you were supposed to be absent. 
3. Busting by romance. If your spouse if off on a trip or visiting family, you may want to pay them a surprise visit at their location. Bring your spouse their favorite take-out to their office when they are working late. Bring the kids over to the family your spouse is supposed to be visiting because they missed their mommy/daddy. The intent is to show up where they are supposed to be with all of the best intentions. 
4. If your spouse is at home while you work, head home for lunch sometime. Or stop by and get your healthcare insurance card prior to a doctor's appointment they were not aware of. Just show up unexpectedly at times to see if everything is kosher.
2. Identify suspicious behavior!
1. The bathroom is a sanctuary of privacy in any home. Does your spouse hole-up in there to take a bath frequently? Do they always take their phone or laptop with them? How pissed are they when you knock on the door unexpectedly?
2. If you think something fishy is going on, ask a lot of questions! If your spouse is suspicious about your intentions tell them that you just wanted to talk about their day like you both used to do. If your spouse went to a movie with their friends, ask who was there, how the movie was, what did they think of the movie plot, were there any twists, how did the bad guy get it, etc. then do your homework and see the movie to determine if your questioning got a lot of BS answers. 
3. Shut down your Internet router or modem saying it is due to a technical problem. Let them know you are working on it but it might take a day or two. Observe the level of panic in your spouse. If you suspect the phone is their primary means of communication, try causing an outage there. The intent is to disrupt their normal method of communication and see how bugged out they get. 
4. Observe when your spouse complains or pines about things. If winter weather is their top daily complaint and they always talk about Florida as a nice place to go/live, it may indicate something about their other person that bubbles through into their conversations and complaints about life. Many authors believe that the other person personifies resolution for untended needs your spouse may have in their life and that wayward spouses wrap much more into an affair partner than can be attributed to a normal person. The level of infatuation and escapism a wayward spouse has invested in the other person builds them up to the embodiment of the solution to all their ills. Just beware that your spouse's complaints and yearnings may, in fact, be describing aspects of the other person. And also this a very tentative connection so keep your ears open but don't jump too far to conclusions...
3. Don't trust anyone!
1. People you have been close to may have known about this for a long time and have kept information from you to protect your spouse. In my case, I was very close with my sister-in-law and spoke to her about my feelings of my impending divorce... my absolute depression, my thoughts of suicide, and I even made the comment 'this would be so much easier if my spouse had just cheated'. She said nothing.. I was very dumb to think she would have my best interests at heart if she had been covering for my spouse's infidelity.
2. Some people will care too much for you and take action on your behalf without your knowledge or consent. I never told my overprotective older brother of my spouse's infidelity. If I had, there would have been a family schism, revenge, violence, or worse. The last thing you need right now is someone justifying your anger and pushing bad decisions.
3. Loose lips sink ships. You are in the role of an investigator... gathering facts. The absolute last thing you need to do is confiding with someone who may, intentionally or not, tip off your spouse that you are suspicious. This may lead to the destruction of the very facts you have set out to collect.

I'm hopeful this article has helped you in deciding how (and if) you investigate your suspicions of infidelity. Stay strong and stick to the facts.

---DNS

Spyware, An Introduction

There's an old saying that being paranoid doesn't mean that they aren't out to get you... In our case, being paranoid doesn't mean your spouse isn't being unfaithful. The uncertainty and dread of the unthinkable happening is maddening. Many people turn to spyware to find evidence. I will recount my experiences here with some popular software.

Morality and Legality

Without question, it is immoral to invade another person's privacy. In fact, it is illegal. What I'm writing in this post is a review of products and not an endorsement. I don't want to influence you in your decisions - you are responsible for your own actions and their consequences. My post is merely a discussion of popular software and hardware and their benefits and restrictions.

Spyware

Spyware is classified as any software used to capture data without the primary user's consent and/or knowledge. There are several general types of spyware; key loggers, parental/employee monitoring, network packet inspection, and "professional" software.

Nota Bene! 

Installing Spyware

Everyone has a virus scanner and spyware protection software package these days, as well they should. So, how do you install spyware without it being instantly removed? The answer is to modify the security program to create an exception, or blind-spot, for the spyware you install. Prior to installation, you need to create these exceptions in the security software's settings. The software you decide to use will likely have detailed instructions on how to create exceptions. 

The big risk to installing any spyware is that the user may be savvy enough to review their security software settings, do a clean re-install of their security software, or download a new security software package entirely. If the user does this, the exceptions you created will be lost and the user will be alerted to the presence of the spyware.

Key Logger

A key logger is a program that is used to track which keys are struck while the computer is in use. There are many variations on the basic key logger program. Most of the free programs will track the basic keystrokes and save the data to a hidden directory on the computer for later retrieval. More advanced programs will capture additional data, such as; programs in use, screenshots, etc.

Parental/Employee Monitoring

All spyware is distributed or sold to "monitor the computer use of children/employees". As such, parental monitoring software has many spyware features built-in. The features generally include a key logger, a website filter, instant messaging capture, webcam locks, and others. The website filters can often be configured to track, not block, web use. Some monitoring software offer a real-time communication for specific events, such as; visiting an adult website, sending an instant message, computer use during prohibited hours, etc.

There are some software packages which can do an IP lookup and provide a generalized location for the computer. Note that the lookup here isn't very precise and is based on the assigned IP address of the machine. Proxy servers, onion routers, and other actions that impact the domain name server (DNS) assignment of IP addresses can mess with its accuracy.

It is important to note that most parental/employee monitoring software has a splash screen, notification tray icon or other visual cue to alert the user to its presence. You will need to find a solution that meets your needs. If you are negotiating a reconciliation with a wayward spouse, asking them to install a monitoring software on their computer may be one of your conditions.

Network Packet Inspection

This is, by far, the nerdiest of the geekery on this post. Here's an article or two to get you familiar with packets and networking.

In general, networks operate by sending packets of data back and forth. Each packet has a header which tells your router (the traffic cop of you home network) where each should go and in what order. Once packets are received by the destination machine they are decoded and transmuted into data.

Network packet inspection software allows you to monitor these packets. It is also referred to as a "packet sniffer" because it intercepts and decodes each packet sent over the network and presents you with raw data. These are essential and valuable network admin tools. As powerful as these tools are, I found many very cumbersome to use and far too technical for a casual user. My experience has primarily been with Wireshark, Ethereal and WinPcap.

"Professional" Software

For those of us who need a solution that ameliorates the need to have physical access to the computer to download keystrokes, the "professional" software fits the bill. The main operator in the arena is Spectorsoft. I have experience with their product line; eBlaster, SpectorPro, eBlaster Mobile. In my opinion, they have excellent customer service and are very responsive. I've only had to wait an hour most of the time I sent an *email* inquiry to their team.

eBlaster

The features worth mentioning in the eBlaster software are as follow:

• Sends email reports on a user-defined schedule
• Reports contain keystrokes, program use, files transferred or printed, IM activity
• Keywords can be set to send an immediate email report containing the keyword, program use and a screenshot of the computer at the time it was detected
• Remote control panel once installed allows user to adjust what's monitored, how frequent the reports are sent, set keywords, set websites to block, and allow customization of the emailed reports to give a "friendly" subject, sender, etc.
• Forwards emails sent from the computer to an account you select.

Some cons to using the software I learned the hard way:

• The application doesn't support non-major browsers. If your subject uses Opera, Chrome, Iron, RockMelt, etc. much of the beneficial tracking info is lost. You still get the keystrokes logged but the output can be randomly mixed, confusing and lack association with the appropriate webpage or webapp (think of Skype integration in Facebook through the RockMelt browser as an example).
• The frequency and quality of screenshots is limited by Spectorsoft. However, if you utilize your own Gmail account as the SMTP server to send the screenshots this can be circumvented.
• Video streams and audio streams are not captured. Voice/video calls through Skype do not capture the audio or video component. If you're lucky your subject might type a keyword so you can get a screenshot.

SpectorPro

SpectorPro is a software program much like eBlaster. The following are the main differences:

• SpectorPro won't send you email reports. It spools them to a hidden directory on the subject machine. You will need to access the computer to get to them. The software does allow the user to set up a network path where these files can be accessed remotely.
• SpectorPro records computer use like a video recording. You can playback the files and see exactly what was being displayed on screen during the time the subject was using the computer.
• SpectorPro doesn't record audio. A pure voice call on Skype or any other VoIP app wouldn't provide much more detail than seeing the call being made/accepted.

eBlaster Mobile

In my opinion, eBlaster Mobile is where Spectorsoft falls down. First the features:

• Sends periodic email reports.
• Logs calls made, missed and received with time and duration. Looks up the caller in the user's contact book to provide a name with the number.
• Logs website pages loaded (big caveat here, read on for its limitation).
• Logs SMS and MMS sent and received with contact information.
• Sends a thumbnail of a photo or video taken with the phone with geo-tagging and time the picture was taken.
• Looks up GPS location and resolves to a street location at a set schedule
• Allows a geo-fence to be set up which provides alerts when it has been entered or exited. 
• Remote dashboard to set and manage delivery settings
• "Friendly" names for sender of reports, subject, etc.

Limitations:

• The eBlaster Mobile app won't track any websites visited outside of the native android browser. Any use of a browser outside of the crappy one the android was packaged with circumvents eBlaster Mobile entirely.
• The eBlaster Mobile app won't track app usage. You won't know if your kid plays Angry Birds all day in that expensive private school you're sending him to, or if your spouse uses the Skype app for calls/video chat, uses Google Talk, uses Google Voice, Meebo, What's App, and on and on... All of the apps are invisible to eBlaster Mobile.
• The geo-location feature that provides the location of the phone at set intervals is a battery-burner. As an example, the phone I use has a 1.5 day battery life. Using a 2-hour lookup for location during normal use reduces that to about 6-hours.
• It was pretty convoluted to set up. It required I jail-break my phone (more a limitation set by my service provider) prior to set-up.

The Final Word

Find software that works for you. I found the email reports provided by Spectorsoft extremely useful and worth the cost and limitations. I just wish they had a more comprehensive mobile offering.

Hardware

There is hardware available for snooping. The most useful being mini-GPS, spy cameras, and voice recorders (bugs). I have found most of my needs resolved through software but there are hardware options out there.

The Mini-GPS

The Garmin GTU 10 is a mini-GPS unit that's about 3 inches by 1 inch by 1 inch and is fairly expensive. The signal is strong enough to transmit through the body panels of most cars. It sends an email report of its location and Garmin provides an online dashboard to view locations and modify settings.

It has a handy geo-fencing feature which allows you to set it to sleep inside a location. For example, you can have it report hourly and set a geo-fence around your home which it will wake up once it leaves. The GTU 10 can switch to continuous tracking which reports every 30 seconds or so - in real time.

Spy Cameras

Admittedly, I do not have much experience with different types of spy cameras. There is a dizzying array of options and prices. Many are wireless, motion activated and record to a DVR or computer. The small design of modern cameras allow them to be placed almost anywhere. I ran into a major stumbling block when considering the areas I'd want to monitor and the possible locations for a spy cam. I couldn't reconcile where to place it that wasn't in the direct line of sight of my subject and I quickly abandoned the idea.

Audio Recorders

The old "bug". An audio recorder is a discreet method of documenting what is going on when you are not present. The trick is to find a portable, battery friendly device with lots of memory that your subject will likely always be near. One popular choice is a voice-activated recorder made to resemble a key fob. Granted your spouse may be suspicious when you get her a new key fob for no real reason, so it is up to your ability to bullshit your way through it.

Summary

The only thing worse than knowing is not knowing. However, as I always recommend, talk out your problems first. Using these devices and programs in a manner which compromises anyone's privacy is immoral and illegal. It will also break any threads of trust your spouse may have for you and may lead to an inevitable conclusion of divorce. I doubt any of us would be considering these technologies if we didn't have a very solid suspicion but do consider this before hopping down the rabbit hole - what if you are wrong?

-- DNS