Getting your sock puppet connections on LinkedIn

Guest blog by Michael Paulie. Throughout investigations, working ongoing missing persons cases with organizations like Trace Labs, or having fun with CTFs, LinkedIn can be a valuable source of information on people of interest.  Information including email addresses, phone numbers, work locations and friends, family, and colleagues are just some of the data that can be obtained to pivot off of.  However, unless you have … Continue reading Getting your sock puppet connections on LinkedIn

Discord OSINT

Investigating Discord: A Primer

Guest blog by BOsintBlanc. Discord for the uninitiated is a group chat service in the vein of Telegram, Whatsapp, or IRC (if you’re that old ;-P). Channels are set up as ‘servers’ usually based around a shared topic of interest. As of 2020 Discord had over 300 million registered users (source) and that number does not appear to be dwindling any time soon. What does … Continue reading Investigating Discord: A Primer

Ten Minute Tip: Image Geolocation Part 2

In the first Ten Minute Tip in this series we saw how to use EXIF data to geolocate an image. Unfortunately most images found on the internet have their EXIF data removed, so this approach is not always possible. However we also began to use a three-step methodology to geolocate images, and we can apply this even when there is no metadata to help us … Continue reading Ten Minute Tip: Image Geolocation Part 2

Maritime Live Stream Notes 4/1/21

After an exciting week where the whole world was tracking the EVER GIVEN, the large container ship stuck in the Suez Canal, we put together a live stream to discuss Maritime OSINT! In this stream, we talked about various ways to track the movements of vessels large and small. We also talked about ways to use social media, job boards, real-estate, and shipspotting sites to … Continue reading Maritime Live Stream Notes 4/1/21

gray steel file cabinet

Using Archive.org for OSINT Investigations

The Internet Archive, commonly known as the Wayback Machine allows users to visit archived versions of websites. The Internet Archive has been archiving sites since 1996 and has 514 billion archived web pages!  If you are wondering how you can use the Internet Archive in your OSINT research, you’ve come to the right place. There are many methods to extract important information from the Wayback … Continue reading Using Archive.org for OSINT Investigations

Using Snapchat for OSINT – part 2

Snapchat is a very popular platform and it’s quite a challenge to use for investigative purposes. Especially because you need a mobile phone in order to dig a little deeper. The website Snapchat offers is simply just not comprehensive enough.So in this blog post you’ll find some hints and tips on how to use Snapchat for OSINT. Snapchat.com First of all there is the website … Continue reading Using Snapchat for OSINT – part 2

COSINT – OSINT on Cars

Whether you are an insurance investigator, working in law enforcement or supporting crowd-sourced OSINT investigations, e.g. with the National Child Protection Task Force, you will often come across vehicles in the cases you work on. There are many different approaches to find information on vehicles and sometimes also on their owners. This blog will show some of the resources you can use when conducting COSINT: … Continue reading COSINT – OSINT on Cars

Don’t Hesitate, Isolate (Your Virtual Machine)

Guest blog post by Jeff Lomas (@BleuBloodHound). There have been several excellent virtual machines (VMs) designed to assist in OSINT assessments including popular VMs such as Tsurugi Linux (OSINT and digital forensics) and Trace Labs’ OSINT VM. While these are great tools for conducting OSINT assessments it is also important to configure them to protect your host system. What is Isolation? Before we go down … Continue reading Don’t Hesitate, Isolate (Your Virtual Machine)