Privacy Tools Guide

Protect investigative case files using VeraCrypt encrypted volumes, GPG for encrypted communications, and encrypted USB drives for offline storage. Store surveillance photos with GPS stripped, segregate client data from investigation notes, implement role-based access controls, and maintain audit logs of all case file access.

Understanding the Threat Landscape

Private investigators face unique security challenges. Case files often contain:

Unauthorized access to this information could compromise investigations, violate client privacy, or even endanger individuals involved. The stakes are high, making digital security essential. Unlike most professionals who need to protect data from external attackers, PIs also face adversarial subjects who may actively try to discover what evidence has been gathered against them — and potentially tamper with or steal it.

The threat model for a PI’s case files typically includes: opposing legal teams attempting to access evidence before trial, subjects under investigation seeking to suppress damaging information, disgruntled former clients, and opportunistic cybercriminals attracted to the high-value personal data contained in investigative files.

Encrypted Storage Solutions

VeraCrypt

VeraCrypt creates encrypted volumes that protect files even if your device is compromised. For investigators, this means storing case files in encrypted containers that require password access. VeraCrypt supports hidden volumes — a powerful feature that allows you to maintain a decoy volume with plausible but non-sensitive content, while a separate hidden volume (opened with a different password) contains the actual case files. If you’re ever coerced into revealing your encryption password, you can provide the decoy password.

# Install VeraCrypt on macOS
brew install veracrypt

# Create a new encrypted volume (interactive)
veracrypt -c

# Mount an existing volume
veracrypt /path/to/volume

# Dismount when finished
veracrypt -d /path/to/volume

When creating encrypted volumes, use passwords with at least 20 characters combining random words, numbers, and symbols. Store the password separately from the device — a hardware security key like YubiKey can be used as an additional authentication factor.

Consider naming your VeraCrypt containers with innocuous filenames — something like project-archive-2026.dat rather than case-files.vc. File names visible in directory listings can reveal operational information even when the contents are encrypted.

BitLocker (Windows) or FileVault (macOS)

Enable full-disk encryption on your work devices. These built-in solutions protect everything on your drive if the device is lost or stolen — a significant risk for PIs who regularly work from vehicles and field locations.

# Enable FileVault on macOS
sudo fdesetup enable

# Check FileVault status
fdesetup status

Full-disk encryption is your baseline protection layer. Add VeraCrypt containers on top for case-specific compartmentalization.

Compartmentalization by Case

Never store all case files in a single encrypted volume. Create separate volumes for each active case, so that a compromise of credentials for one case doesn’t expose all others. Name volumes by an internal case number rather than by client name or subject identity. Maintain a separate, encrypted index file mapping case numbers to client names — accessible only with a master key known only to you.

Secure Communication Channels

Signal for Sensitive Conversations

Signal provides end-to-end encryption for text messages and calls. Unlike standard SMS or popular messaging apps, Signal doesn’t store message metadata on servers. For PI work, the disappearing messages feature is particularly valuable — configure conversations with clients to delete after 1-7 days depending on sensitivity.

Key settings for investigators:

Do not use Signal as your only record-keeping system — if your client later disputes what was communicated, deleted messages cannot be recovered. Maintain a separate encrypted log of key communications.

Proton Mail

For email communication, Proton Mail offers encrypted storage and end-to-end encryption between Proton users. Even non-Proton recipients can receive encrypted messages through password-protected links.

Key features relevant to investigators:

When sending case-related documents by email, always use Proton-to-Proton encryption or password-protected links. Never send unencrypted PDFs containing subject information, witness data, or investigation findings through standard email.

VoIP for Client Calls

Consider using a privacy-respecting VoIP service for client calls rather than your personal mobile number. Services like MySudo allow you to maintain separate phone numbers for different clients, preventing subjects from identifying your personal number if they gain access to a client’s communications.

Case Management with Security in Mind

Obsidian with Local Encryption

Obsidian is a powerful note-taking application that stores everything locally. Combined with its encrypted vault feature, it becomes an excellent case management tool.

// Obsidian vault structure example
/
├── Cases/
   ├── 2026-001-surveillance/
      ├── observations.md
      ├── timeline.md
      └── evidence-links/
   └── 2026-002-financial/
└── Templates/
    └── case-note-template.md

Enable encryption in Obsidian through Settings → Security → Vault encryption. Store the Obsidian vault inside a VeraCrypt container for a double layer of protection — encryption at the file system level and at the application level.

Encryption at Rest with Cryptomator

If you prefer cloud storage for backup, Cryptomator adds client-side encryption before files sync to services like Dropbox or Google Drive.

# Install Cryptomator
brew install cryptomator

# Create encrypted vault (GUI application)
# Vaults can then be synced via cloud services

Be cautious: cloud sync creates copies of your data on servers you do not control. For the most sensitive case files, use air-gapped physical backups rather than cloud sync, even with Cryptomator.

Handling Surveillance Media

Surveillance photographs and videos require special handling beyond standard file encryption.

Strip Metadata Before Sharing

Every digital photograph contains EXIF metadata that can reveal your camera model, shooting location (if GPS was enabled), date and time, and camera settings. Before sharing any surveillance photograph with clients or for legal proceedings, strip this metadata.

# Remove all EXIF data using exiftool
exiftool -all= surveillance-photo.jpg

# Verify metadata has been removed
exiftool surveillance-photo.jpg

# Process an entire directory
exiftool -all= -r ./surveillance-photos/

Be aware that courts may require authentication of evidence, and stripping metadata could affect admissibility. Consult with the attorneys involved in each case about which metadata, if any, should be preserved for evidentiary purposes.

Secure Storage of Video Evidence

Video files are large and often impractical to store in encrypted volumes on a daily basis. Use hardware-encrypted external drives (such as IronKey or Apricorn) for video evidence storage. These drives require PIN entry directly on the device and implement hardware-level encryption that cannot be bypassed by removing the storage chip.

Document Protection Strategies

Redaction Best Practices

When sharing documents, always redact:

Use dedicated redaction tools rather than simple drawing tools, as the latter can sometimes be reversed. Adobe Acrobat’s redaction tools burn the removal into the file permanently. For open-source options, PDFtk and LibreOffice both offer proper redaction that removes the underlying text.

Secure File Deletion

Simply deleting files doesn’t remove them from storage. Forensic recovery tools can retrieve deleted files from standard drives. Use secure deletion tools when disposing of case files after a case closes.

# Use shred for secure file deletion (Linux/macOS)
shred -u -z -n 7 sensitive-file.pdf

# On macOS, use rm with secure-delete option
rm -P sensitive-file.pdf

For SSDs, secure deletion is more complex because of wear leveling — the drive controller distributes writes across storage cells in ways that prevent individual file overwriting from working reliably. For SSDs, full-disk encryption from the start means that deleting the encryption key effectively destroys all data without needing to overwrite individual files.

Network Security for Field Work

Using VPNs Responsibly

When accessing case files remotely, always use a reputable VPN. However, remember that VPNs hide traffic from your ISP but not from the VPN provider. Choose providers with strict no-logging policies and based in privacy-friendly jurisdictions. Mullvad and ProtonVPN both offer independently audited no-log policies and accept cash payment, which avoids creating a billing record tied to your identity.

Air-Gapped Backup Drives

For extremely sensitive case files, maintain air-gapped backup drives that never connect to the internet.

# Create a dedicated backup workflow:
# 1. Encrypt case files locally
# 2. Transfer to air-gapped drive using physical media
# 3. Verify transfer integrity with checksums
# 4. Store drive in physically secure location

Perform air-gapped backups on a schedule — weekly for active cases, then a final archival backup when a case closes. Store backup drives in a physically separate location from your primary work devices.

Password Management

Investigators should use dedicated password managers with:

# Bitwarden CLI example for generating secure passwords
bw generate --length 24 --symbols --numeric

Never reuse passwords across client portals, investigation databases, or communication services. A compromise of one credential should not cascade into access to other case-related accounts.

Incident Response Preparation

Have a plan for potential data breaches:

  1. Immediate isolation — Disconnect affected devices from networks to stop ongoing exfiltration
  2. Assessment — Determine what was accessed or stolen, prioritizing understanding of which cases and which individuals are affected
  3. Notification — Follow legal requirements for client notification; consult your attorney about breach reporting obligations in your jurisdiction
  4. Preservation — Document the incident in detail for potential legal proceedings and your own liability protection
  5. Review — After the incident, conduct a systematic review of all security controls and update practices to prevent recurrence

Frequently Asked Questions

Do I need to tell clients if their case data is exposed?

This depends on your jurisdiction and contract terms. In many US states, breach notification laws require reporting any unauthorized access to personal information. Even where not legally required, notifying clients whose confidential information was exposed is an ethical obligation that protects your professional reputation.

Can encrypted files be recovered by law enforcement?

Strong encryption using tools like VeraCrypt is highly resistant to forced decryption. However, courts can compel disclosure of encryption keys in some jurisdictions. Consult an attorney if you receive a legal demand for encrypted case files. In some cases, claiming inability to recall a password has been treated as contempt of court.

How long should I retain case files?

Retention requirements vary by jurisdiction and case type. Most PI licensing boards recommend retaining files for at least 5 years after case closure. Store closed case archives in encrypted offline storage with a documented retention schedule showing planned destruction dates.

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides