Investigation

Gap Analysis: Chrono and Geolocation In Berlin (Quiztime 7th October 2019)

I’ve written a few blogs about gap analysis before, but it’s an important skill for investigation and intelligence analysis work so I decided to write about it again. Daily Quiztime challenges are a good platform to demonstrate how this kind of methodology can be applied, and it is just as suitable for small scale OSINT …

Gap Analysis: Chrono and Geolocation In Berlin (Quiztime 7th October 2019) Read More »

Digital Shadows: Seeking Sector035 – Quiztime 26th September 2019

How could you use open source information to trace a fugitive or a missing person? For this post I thought it would be an interesting exercise to see what information it would be possible to gather from Sector035’s recent Quiztime challenge. On the surface it was quite a straightforward photo geolocation question, but there is …

Digital Shadows: Seeking Sector035 – Quiztime 26th September 2019 Read More »

The Attrition of Information in OSINT: Why Acting Quickly Matters, And How To Recover When You Don’t.

Speed is a critical factor in investigations of any kind. The longer information is left or ignored, the more likely it is to become obscured, contaminated, or disappear altogether. This is true of any kind of information, whether it be an eyewitness, a server log, a tweet, a fingerprint, or anything else that an investigator …

The Attrition of Information in OSINT: Why Acting Quickly Matters, And How To Recover When You Don’t. Read More »

Where In The World? Global and Local Identifiers – Quiztime 12th Sept 2019

I don’t think any investigative training programme ever recommends that you just use your gut instinct to reach a conclusion. This is not necessarily a bad thing because any conclusions that an investigator reaches has to be support by objective evidence. Anyone should be able to take the same steps and come to the same …

Where In The World? Global and Local Identifiers – Quiztime 12th Sept 2019 Read More »

Website Investigation – Where Did 8Chan Move To?

After the El Paso shooting this past weekend, it quickly emerged that the shooter had apparently posted his manifesto on 8Chan prior to carrying out the killings. As a result Cloudflare announced that they would no longer permit 8Chan to use their services. Without Cloudflare’s protection, 8Chan is highly vulnerable to DDOS attacks and so …

Website Investigation – Where Did 8Chan Move To? Read More »

Website Attribution Without WhoIs – Reverse IP Lookups (Part 2)

In my last post on Reverse IP Lookups I wrote about the challenges OSINT investigators face when it comes to attributing a website to someone. Reverse IP lookups show which other domains are hosted at the same IP address, which is often (but not always) an indicator of what other websites your subject controls. This …

Website Attribution Without WhoIs – Reverse IP Lookups (Part 2) Read More »