OSINT: Online Investigations

Open enrolment and in-house options available

The success of any online investigation is determined by the researcher’s ability to leverage a rich set of technical, procedural and analytical tools. This five-day course will provide guidance on how to investigate organisations, individuals and websites in a manner that is rigorous and legally compliant. You will be shown how to develop your investigative skills using hands-on case studies and exercises. You will also be shown how to manage an online investigation from the moment you receive your tasking up to and including the submission of your final report.

Course Outline

Effective Investigations

Course Introduction

  • The variety of online investigations
  • The mindset of an effective investigator
  • The investigative skillset and toolset
  • Investigative challenges and trade-offs

Planning and Management for Online Investigators

  • Defining the scope of your investigation
  • The “Getting Started Checklist”
  • Process planning and management
  • Process monitoring and adjustment
  • OpSec for investigators
  • Defining and working to your legal obligations
  • Understanding the ethical complexities
  • Learning while doing and after-action reviews

Prepping Your Browser

  • Selecting the right browser
  • Configuring your browser settings
  • Essential browser tools and extensions

Documenting Your Investigation

  • Maintaining an audit trail: how and why?
  • Working with Hunchly and its alternatives

Capturing and Organising Your Data

  • Developing custom approaches
  • Working with a casebook
  • Working with target profiles and templates
  • Useful tools and extensions

Validating Your Data

  • Data validation schemas
  • Data validation strategies
  • Legal admissibility tests

Investigating Individuals

Introduction to People Search

  • The people search process
  • Overcoming challenges to people search

Finding People Online

  • Working with key identifiers
  • Recommended search tools
  • Recommended search queries
  • Recommended search strategies
  • Mapping an individual’s online footprint
  • Building your target profile
  • Monitoring an individual’s online activity

Investigating Online Profiles

  • Investigating usernames and IDs
  • Investigating avatars and profile photos
  • Investigating profile content
  • Investigating comments and interactions
  • Investigating a target via friends and followers

Investigating Emails and Phone Numbers

  • Finding emails and phone numbers
  • Working with email permutation tools
  • Validating emails
  • Email tracing and trafficking analysis
  • Reverse lookups
  • Phone numbers and e-mails as starting points for data collection

“Grey” OSINT – Strategies and Sources

  • Leveraging breached data
  • Working with archived data
  • Legal and ethical constraints

Geolocating Individuals

  • Mining for geospatial identifiers
  • Mining for geolocational data
  • Geolocating through imagery data
  • Geolocating through IP and technical data

Investigating Websites

Introduction to WEBINT

  • Internet fundamentals for investigators
  • Working with a WEBINT research template
  • Key identifiers for WEBINT
  • Essential WEBINT tools and extensions

WEBINT Footprinting

  • Working with IPs, DNS and Whos data
  • Reverse IP checks
  • Investigating IP histories
  • Dedicated hosting checks
  • Investigating domain and subdomains
  • Investigating inbound and outbound links
  • Investigating site content
  • Investigating web caches and archives
  • Working with IDs and unique identifiers
  • Working with site technologies
  • Risk profiling a URL
  • Generating site maps
  • Leveraging IoT search engines

Identifying Site Owners

  • Identifying and validating site owners
  • Finding contact details
  • Recommended elicitation strategies

Working with Metadata

  • Understanding metadata
  • Working with document metadata
  • Working with image / video metadata
  • Metadata extraction tools
  • Running metadata investigations

Investigating Organisations

Introduction

  • Investigating organisations and corporations
  • Investigative and due diligence frameworks
  • Working with research templates
  • Key identifiers

Strategies for Investigating Organisations

  • Investigating ownership
  • Investigating subsidiaries
  • Investigating an organisation’s digital footprint
  • Working with official records and registries
  • Working with news and industry sources
  • Working with grey literature
  • Identifying clients and business partners
  • Recommended elicitation strategies
  • Monitoring an organisation's online footprint

Working with Maltego / Reporting

Working with Maltego

  • Set up and configuration
  • Security considerations
  • Understanding the Maltego interface
  • Working with entities
  • Working with transforms
  • Working with machines
  • Running investigations in Maltego
    • Investigating organisations
    • Investigating individuals
    • Investigating digital assets
    • Vetting and validating your results
    • Analysing your results
  • Alternatives to Maltego

Reporting for Investigators

  • The varieties of reports
  • Understanding the audience
  • Developing and working with templates
  • On effective briefings and presentations

Course Details

Who is this Course For?

This course is intended for investigators, intelligence analysts, security officers and law enforcement professionals wishing to improve the rigour and effectiveness of the entire investigative process.

How You Benefit

On completion of this course, you will have the ability to:

  • Understand the elements of a successful online investigation
  • Use structured approaches to streamline your investigative efforts
  • Apply a broad range of investigative tools and strategies
  • Maintain a detailed record of your investigation
  • Capture, organise and validate data relevant to your investigation
  • Leverage geospatial data for investigative purposes
  • Use Maltego to generate and analyse investigative data
  • Generate concise, effective investigative reports
  • Conduct your investigations legally and ethically

What You Receive

  • A full set of course slides / user guides in PDF
  • Tip sheets and cheat sheets to enable rapid learning
  • An index of recommended search queries for investigators
  • An index of investigative workflows
  • Templates to capture and organise investigative data
  • Templates to generate written reports
  • Six months of post-course support

Course Prerequisites

We recommend that participants wishing to take our Online Investigations course should first complete our OSINT: Foundations course and / or our OSINT: Advanced Search Skills course to understand the technical standards and operating principles that underpin our approach to data collection and analysis.

Course Requirements

Please bring a Windows or Mac laptop and ensure you have full administrative rights to this device. Please also install Maltego CE and set up a Google account to facilitate the use of different tools. Additional software requirements will be sent prior to the start of the course.