OSINT: Online Investigations
The success of any online investigation is determined by the researcher’s ability to leverage a rich set of technical, procedural and analytical tools. This five-day course will provide guidance on how to investigate organisations, individuals and websites in a manner that is rigorous and legally compliant. You will be shown how to develop your investigative skills using hands-on case studies and exercises. You will also be shown how to manage an online investigation from the moment you receive your tasking up to and including the submission of your final report.
Course Outline
Effective Investigations
Course Introduction
- The variety of online investigations
- The mindset of an effective investigator
- The investigative skillset and toolset
- Investigative challenges and trade-offs
Planning and Management for Online Investigators
- Defining the scope of your investigation
- The “Getting Started Checklist”
- Process planning and management
- Process monitoring and adjustment
- OpSec for investigators
- Defining and working to your legal obligations
- Understanding the ethical complexities
- Learning while doing and after-action reviews
Prepping Your Browser
- Selecting the right browser
- Configuring your browser settings
- Essential browser tools and extensions
Documenting Your Investigation
- Maintaining an audit trail: how and why?
- Working with Hunchly and its alternatives
Capturing and Organising Your Data
- Developing custom approaches
- Working with a casebook
- Working with target profiles and templates
- Useful tools and extensions
Validating Your Data
- Data validation schemas
- Data validation strategies
- Legal admissibility tests
Investigating Individuals
Introduction to People Search
- The people search process
- Overcoming challenges to people search
Finding People Online
- Working with key identifiers
- Recommended search tools
- Recommended search queries
- Recommended search strategies
- Mapping an individual’s online footprint
- Building your target profile
- Monitoring an individual’s online activity
Investigating Online Profiles
- Investigating usernames and IDs
- Investigating avatars and profile photos
- Investigating profile content
- Investigating comments and interactions
- Investigating a target via friends and followers
Investigating Emails and Phone Numbers
- Finding emails and phone numbers
- Working with email permutation tools
- Validating emails
- Email tracing and trafficking analysis
- Reverse lookups
- Phone numbers and e-mails as starting points for data collection
“Grey” OSINT – Strategies and Sources
- Leveraging breached data
- Working with archived data
- Legal and ethical constraints
Geolocating Individuals
- Mining for geospatial identifiers
- Mining for geolocational data
- Geolocating through imagery data
- Geolocating through IP and technical data
Investigating Websites
Introduction to WEBINT
- Internet fundamentals for investigators
- Working with a WEBINT research template
- Key identifiers for WEBINT
- Essential WEBINT tools and extensions
WEBINT Footprinting
- Working with IPs, DNS and Whos data
- Reverse IP checks
- Investigating IP histories
- Dedicated hosting checks
- Investigating domain and subdomains
- Investigating inbound and outbound links
- Investigating site content
- Investigating web caches and archives
- Working with IDs and unique identifiers
- Working with site technologies
- Risk profiling a URL
- Generating site maps
- Leveraging IoT search engines
Identifying Site Owners
- Identifying and validating site owners
- Finding contact details
- Recommended elicitation strategies
Working with Metadata
- Understanding metadata
- Working with document metadata
- Working with image / video metadata
- Metadata extraction tools
- Running metadata investigations
Investigating Organisations
Introduction
- Investigating organisations and corporations
- Investigative and due diligence frameworks
- Working with research templates
- Key identifiers
Strategies for Investigating Organisations
- Investigating ownership
- Investigating subsidiaries
- Investigating an organisation’s digital footprint
- Working with official records and registries
- Working with news and industry sources
- Working with grey literature
- Identifying clients and business partners
- Recommended elicitation strategies
- Monitoring an organisation's online footprint
Working with Maltego / Reporting
Working with Maltego
- Set up and configuration
- Security considerations
- Understanding the Maltego interface
- Working with entities
- Working with transforms
- Working with machines
- Running investigations in Maltego
- Investigating organisations
- Investigating individuals
- Investigating digital assets
- Vetting and validating your results
- Analysing your results
- Alternatives to Maltego
Reporting for Investigators
- The varieties of reports
- Understanding the audience
- Developing and working with templates
- On effective briefings and presentations
Course Details
Who is this Course For?
This course is intended for investigators, intelligence analysts, security officers and law enforcement professionals wishing to improve the rigour and effectiveness of the entire investigative process.
How You Benefit
On completion of this course, you will have the ability to:
- Understand the elements of a successful online investigation
- Use structured approaches to streamline your investigative efforts
- Apply a broad range of investigative tools and strategies
- Maintain a detailed record of your investigation
- Capture, organise and validate data relevant to your investigation
- Leverage geospatial data for investigative purposes
- Use Maltego to generate and analyse investigative data
- Generate concise, effective investigative reports
- Conduct your investigations legally and ethically
What You Receive
- A full set of course slides / user guides in PDF
- Tip sheets and cheat sheets to enable rapid learning
- An index of recommended search queries for investigators
- An index of investigative workflows
- Templates to capture and organise investigative data
- Templates to generate written reports
- Six months of post-course support
Course Prerequisites
We recommend that participants wishing to take our Online Investigations course should first complete our OSINT: Foundations course and / or our OSINT: Advanced Search Skills course to understand the technical standards and operating principles that underpin our approach to data collection and analysis.
Course Requirements
Please bring a Windows or Mac laptop and ensure you have full administrative rights to this device. Please also install Maltego CE and set up a Google account to facilitate the use of different tools. Additional software requirements will be sent prior to the start of the course.