All right, ready to dive into some open source intelligence. We've got a stack of excerpts here from Open Source Intelligence Techniques by Michael Bizell, ninth edition. By the way, you really weren't kidding about a deep dive. I mean, wow, this book, it's.
A lot, but it's fascinating stuff.
It really is. You know, it's kind of wild to think about how much the world of investigation has changed. Like the book even mentions how some like veteran police chiefs, they were totally skeptical of this whole internet investigation thing back in the day.
Yeah, I read that. It's true though, and now forget about it. It's indispensable, not just for law enforcement either, journalists, cybersecurity. Everyone's using it.
You're preaching to the choir. But that's what makes this deep dive so important, right, Everyone wants to be good at osent these days, but you got to start.
With the basics, you got it, and there's no better place to start than with setting up a secure environment. The book calls it your ocent lab.
Okay, an ocent lab. It sounds kind of high tech and maybe even a little intimidating, to be honest.
Not really think of it, like think of it like a detective wanting a clean crime scene. You don't want your own stuff messing up the evidence, right.
You want that pristine environment where you can be sure everything you're finding is legit exactly.
So you got to create that digital equivalent. And the book is great about this because it walks you through it step by step. It even recommends a free anti virus called clam.
A clam of v Okay, is that one of the really well known ones.
Honestly, it's not flashy, but it gets the job done. Think of it like, hmm, a sniffer dog. It might not be the prettiest breed at the dog show, but it can sniff out those dangerous files that could be lurking on your computer, even if you think your system is clean.
Okay, So it's like a safety net. Yeah, even if you're pretty sure your system is secure. Clama v is there just.
In case, exactly. And once you've got that first line of defense. Bizelle talks about KEYPASSXC. This is huge. It's an offline password manager.
Offline, so it's not like those other ones that are you know, connected to the cloud.
Nope, And that's it. It's like imagine trying to rob a safe that's been airlifted to like a secret island.
Okay, that's a visual I get it. So offline equals super secure. What happens if you forget your master password? Though? Are you like totally locked out?
Let's just say it's important to chose a good one and keep it safe. But yeah, that's the trade off for that extra security. Okay, so you've got your secure environment. You're feeling good.
Now what time to start investigating?
Well, Bizell introduces this really cool tool called Boothscador, And this this is where things get really interesting.
Boskador sounds like mysterious and kind of powerful. What is it?
So? Imagine you have a toolbox, right, but instead of hammers and wrenches, it's full of specialized digital tools for OSENT.
Okay, I like where this is going. Right.
It's not just some app you download, it's a whole custom built Linux virtual machine.
Wait, a virtual machine? Does that mean I need to learn how to use Linux?
You don't have to be a Linux wisdom't worry. Basically, it's having a separate computer inside your computer.
Oh okay, so I'm not actually messing around with my own.
System files exactly. It's like wearing gloves at a crime scene. You're interacting with the evidence, but there's a barrier protecting you. Now, are you ready for one of the coolest tools in this buscador.
Kit always hitvy of it.
It's called the Metadata tool. Have you ever heard of metadata? It's like every digital file, a picture, a document, whatever, it's got this hidden information embedded within it.
Yeah, like the data was created, stuff like that.
That, but it can get way more specific, like who authored a document, what camera was used to take a photo? Even GPS coordinates sometimes no.
Way, So it's like what digital DNA or something.
It kind of is. In this tool, it lets you analyze even remove that hidden data. So let's say you're looking at a document someone claims they wrote, but the metadata says otherwise busted. Or maybe a photos metadata places it at a suspects house. It's digital detective work at its finest.
Okay, the Metadata tool. That's seriously cool. It's like having X ray vision for digital files. But what about something a little more you know in the moment, like say there's a live event happening, something breaking newsworthy. Can boost godor handle that kind of real time stuff? Oh?
Absolutely, it's got this tool called the Video Stream Tool, and it's not just about watching a live stream, it's about actually capturing it, like archiving that digital evidence before it disappears.
Oh wow, I see what you mean. So, like, if there's a protest happening, or maybe even a suspects live stream, you can hit record with this tool and save that footage for later.
Exactly. Think of it as a DVR for like the entire Internet. It's invaluable in those situations where every second counts.
That is seriously powerful stuff. Okay, shifting gears a little bit. Let's say we're trying to build a profile of someone online. Maybe we've got their username and email address something like that. Can Boostkador help us connect those dots? You bet?
Bouskador has what's called the Username Email Tool, and it's designed to do us that. It's like having a master key that unlocks a whole network of online profiles connected to that single identifier.
It's like those movies where they type in a name and boom, all these files and photos pop up on the screen.
Exactly, social media, forums, online shopping, you name it. This tool helps you paint a much fuller picture of someone's online presence.
Okay, so that's Bouskador, a seriously impressive toolbox. But before we get too far down the rabbit hole of specialized tools, let's talk about good old fashioned online research. I mean, Google's still king.
Right, absolutely, but it's not just about typing in a few keywords and hoping for the best. The book goes into a lot of detail about maximizing your Google Foo and one of the easiest yet most effective tips quotation marks.
Quotation marks really like for an exact phrase exactly.
Say you're looking for open source intelligence techniques, specifically, put that whole phrase in quotes, and Google knows to find exact matches, not just pages that happen to have those words scattered around.
Oh that makes sense. It's like, what narrowing down your search results? Yeah, making them super specific.
You got it. It's like using a laser pointer instead of a floodlight. Then there are search operators.
Search operators those sound kind of technical.
They're like little codes you can use to refine your searches even further.
So.
For example, inural lets, you find websites with specific keywords in their web address. So you want government websites ineral dot gov will narrow down those results for you.
Ah. Okay, so it's like adding filters to your search to weed out all the irrelevant stuff. Very cool. What about when you need to like travel back in time digitally speaking?
Of course, I know what you mean. The book actually talks about using Google's date range filter with the wayback machine.
I've heard of that one wayback machine. Yeah, it's like what an archive of the Internet. You can see how websites used.
To look exactly.
Yeah.
So by combining those two tools, you can actually see how a website looked at different points in time, even if the content has been deleted or changed.
Wow, that is like digital archaeology. Okay, so we've got Google working for us on a whole new level. But what about those times when even Google doesn't cut it? Are there other search engines out there that might have different information?
You're thinking like a true osent investigator, It's all about having the right tool for the job. The book recommends exploring other search engines like showdan for example, showdan.
Okay, what's special about that one? Well?
Showdan is interesting because it's not just searching websites. It's a search engine for Internet connected devices.
Devices. Wait, so I could search for like all the webcams in a certain city.
You absolutely could. Now we're focusing on the ethical applications here, of course, but yeah, Showdan is a powerful tool for researchers, security professionals, anyone who needs to understand the landscape of connected devices. Now, if you're looking for information about people, the book mentions a tool called piple Piple.
Right, that's one of those what people finder type.
Websites kind of but think of it like Peoplefinder on steroids, designed to uncover those online profiles, social media accounts, even blog posts that regular search engines might miss.
Oh wow, that's intense. So it sounds like the key takeaway here is don't limit yourself exactly.
Google's a great starting point, but it's not the end all, be all. Explore those specialized search engines and remember each one has its own strength. It's all about choosing the right tool for the task at hand, and of course, using them ethically and responsibly.
Speaking of ethical considerations, I think it's time we dive into the world of social media investigations. That's a whole other ballgame, right, you.
Could say that again, social media it's a gold mine of information, but it's also a mine field ethically speaking, you have to tread carefully.
So before we even think about creating a fake profile or anything like that, what are the ground rules for social media? Ows it?
Well, the book is really clear about this. Transparency and legality are key. No hacking, no impersonating others. You've got to respect people's privacy and operate within the law.
Okay, so digital detect not digital spies exactly.
We're gathering information ethically, not trying to, like, you know, ruin anyone's life. Speaking of which, the book highly recommends creating separate accounts specifically for your ocent work.
Oh yeah, that makes sense. So your personal life and your investigator life don't get all.
Mixed up exactly. You don't want someone you're investigating to suddenly see you liking their vacation photos.
Not a good look. But okay, let's say we've got our separate accounts all set up. Where do we even begin with social media investigations. There's so much information out there it can be overwhelming.
It's true, but the book breaks it down really well. Like it dives deep into Twitter, showing you how to uncover those hidden connections between users even how to view deleted tweets using the wayback machine.
Wait, hold on deleted tweets. You mean those can still come back to haunt you.
Oh yeah, the Internet never forgets. Even if something's deleted, traces of it often remain. It's all about knowing where to look.
So like, some of could try to erase their digital tracks, but a good osent investigator could still find them.
You got it. And it's not just about what people post publicly either. The book also talks about analyzing things like likes and other interactions.
Oh that's interesting. So like, what I like on social media says just as much about me as what I post myself, maybe even more.
It reveals your interests, your connections, your online behavior patterns.
It's like being a digital psychologist or something. But social media is just one piece of the puzzle, right, I mean we leave digital traces everywhere online, not just on our social media profiles exactly.
Social media is just the tip of the iceberg. Every website you visit, every online purchase, it all leaves a trail. The book calls these data trails, and it goes deep on uncovering those hidden connections.
Okay, data trails, I like it. So we're talking about like following the digital footprints people leave behind, exactly.
And just like a single footprint can tell a detective a lot about the person who left it, those digital can be incredibly revealing if you know what to look for.
So give me an example. What kind of digital breadcrumbs are we talking about here?
Well, let's start with something I bet you've used before, reverse image search.
Reverse image search, Oh yeah, like when you want to see if someone's using your photo without permission.
That's one use, but the book talks about how it can be much more powerful than that. Let's say you have a photo of someone and you want to learn more about them. Reverse image searching that photo could uncover their presence on platforms you might not even think of, Pinterest, dating apps, professional networking sites.
Oh wow, I see what you mean. It's like using a single photo to unlock a whole network of online profiles exactly.
It highlights how interconnected everything is these days. But sometimes the information we need isn't just sitting out in the open, It's hidden in the shadows of the internet.
Okay, now we're getting into some seriously cloak and dagger territory. What kind of hidden information are we talking about.
Well, you've probably heard about data breaches, right when hackers get in to accompany's systems and steal sensitive information.
Oh yeah, those are always in the news. It seems like it happens more and more these days.
It's a huge problem, and it's a reminder that digital security is an ongoing battle. But for ocent investigators, these data breaches can actually be a valuable source of information.
Really, you're saying that investigators sometimes use this stolen data.
It's more nuanced than that. It's not about condoning these brooches or exploiting anyone's misfortune. It's about understanding that this information is often already circulating online and knowing how to access it and analyze it can be crucial for certain investigations.
So it's like infiltrating the hacker's layer, but instead of stealing anything, you're using the information to I don't know, catch criminals.
Or something exactly. It's all about using this information ethically and responsibly. The book talks about the importance of understanding the source of the data, verifying its authenticity, and always being transparent about where your information came from.
Okay, that makes sense. You don't want to be presenting information that turns out to be unreliable or obtained the illegally exactly.
And that brings us to another important point.
Pastes pastes, I think I missed that one. What are those? So?
Pastes are basically snippets of texts that people post online, forum posts, code snippets, even parts of documents.
Oh okay, and why are those important? They sound kind of random.
Well, you might think these little bits of text are insignificant, but they can actually linger online long after the original source is gone.
Ah. I see. So it's like finding a scrap of paper with someone's handwriting on it. It might seem like nothing, but it could be a valuable clue exactly.
And these digital crumbs can turn up in some unexpected places. It's all about knowing where to look.
My mind is officially blown. This is all so fascinating and kind of overwhelming at the same time. I hear you.
But that's the thing about osin. It's a constantly evolving field. There's always something new to learn, a new tool to discover.
Well, speaking of learning and discovering, what other osent secret does the book have in store for us? I'm ready for more.
Well, get this. The book doesn't just stop at the basics. It goes deep on some seriously powerful tools. I'm talking advanced Linux tools.
Okay, Linux, I'm not gonna lie. That always sounds a little intimidating. Is this part of the book just for the tech wizards out there? Or can a regular person handle it?
You don't need to be a coding genius. Don't worry. The book actually does a great job of explaining everything, even the complicated stuff, in a way that like anyone can understand.
Okay, that's reassuring.
Think of fit this way. You're a detective, right and you've got your trusty tools, magnifying glass, fingerprint kit, the classics. These Linux tools, they're like adding a whole high tech forensics lab to your arsenal.
Okay, now that's an image. I like the sound of that, but I gotta be honest. The idea of like messing around with Linux on my computer makes me a little nervous.
And you should be cautious. But you don't have to be scared. The book walks you through this whole whole process of setting up something called a virtual machine. It's basically like imagine running a completely separate operating system, a.
Separate operating system on my computer.
Yeah, inside your computer. It's like a computer inside your computer. And in this case, that separate operating system would be Linux.
Oh okay, So it's like a safe space. If I mess something up, it's not going to affect my actual computer exactly.
It's self contained. It's like imagine you're a chef and you have a separate kitchen just for experimenting with new recipes. You wouldn't want to risk messing up your main kitchen.
Right, that's a great analogy. So I've got my virtual machine, my safe space all set up. What kind of tools are we talking about here? Give me the good stuff, all right.
One of the first ones the book introduces is called the harvester.
The harvester, okay, sounds intriguing. What does it do?
So imagine you're investigating a company, right, and you need to find out all the email addresses they use or maybe uncover any subdomains they might have. The harvester is like sending out this team of digital scouts to gather that information for you automatically.
So instead of like manually searching for hours on end, the harvester just goes out and finds it.
All for me exactly. It automates that whole initial phase of information gathering. Then there's METAGOOFHIL. Remember how we were talking about metadata earlier.
Yeah, that hidden data in digital files, right.
METAGOOFHIL is like a forensic expert that specializes in extracting that metadata.
Okay, so it can tell you things like what who created the file, when it was created.
That's just the beginning. It can even tell you things like what software they used to create it, where it's been saved, and a bunch of other technical details that most people don't even know exist.
Wow, that's amazing. It's like finding a hidden signature on a document or something.
It kind of is, and that kind of information can be incredibly useful for verification. Like let's say you have a document and you need to know for sure if it's authentic. Metagoofl can help you figure that out.
Okay, so we've got our digital scouts, got our forensic experts. What other specialists are in this Linux toolkit?
Well, once you've gathered all this information, you got to make sense of it, all right.
Yeah, it's one thing to click data, but it's another thing entirely to actually understand what it all means exactly.
And that's where a tool called Maltago comes in.
Multago, Kay, I'm ready. What does Maltago do?
So imagine this. You're in a detective movie, right, and you've got that classic scene where they're in a dark room pinning photos and notes to a giant corkboard, trying to connect the dots. That's basically what Maltiego does, but in the digital world.
So it's like what a mind mapping tool for investigators?
Exactly. It's a data visualization tool that helps you see the relationships between all those different pieces of information you've collected. It's all about connecting the dots and seeing the bigger picture.
That's amazing. But I got to ask, all of this relies on actually having data to work with in the first place, right, So where are we finding all this raw material for our investigations.
That's a great question, and it brings us to one of the most controversial yet undeniably valuable sources of information in the oscent world, data breaches and leaks.
Okay, so we're talking about those situations where hackers break into a company's system and steal a bunch of sensitive information, like I've definitely seen those headlines exactly.
It's a constant reminder that in the digital age, no system is foolproof, and unfortunately, these breaches often result in massive amounts of personal information ending up in the wrong hands.
It's like the digital equivalent of someone rummaging through your trash and finding all your personal documents.
It's an unsettling thought and it's a huge problem. But for ocent investigators, these breaches can also be a source of valuable information.
Wait, really, you're saying investigators sometimes use this stolen data.
It's not quite that simple. It's not about condoning these breaches or trying to profit from someone else's misfortune. It's about understanding that this information is often already circulating online and knowing how to access it and analyze it can be crucial for certain types of investigations.
So like if you're trying to track down a criminal or maybe find a missing person, this leaked data could provide a critical lead exactly.
But it's a morally complex landscape. That's why the book really stresses the ethical considerations. We're not talking about like exploiting people's misfortune or anything like that.
Right, because that would make you know better than the hackers who stole in the first place.
Exactly. It's all about using this information responsibly and legally, and that means understanding the source of the data, making sure it's authentic, and being completely transparent about where your information came from.
Okay, so we've talked about finding the information, analyzing it, verifying it. But what about the final product, Like, how do we take all this raw data and turn it into something actually useful.
Ah, that's where the rubber meets the road, right. The book dedicates a whole section to this analyzing, documenting, and reporting your OSENT findings.
So it's not enough to just like be a digital detective. You've got to be a storyteller.
Too, exactly because at the end of the day, the goal is to uncover the truth and then communicate that truth effectively. Whether it's writing a report, creating a presentation, or even just explaining your findings to someone.
It's about taking all that complex data and turning it into a story that people can understand. Wow, this has been an incredible deep dive. I mean we've covered so much ground, from basic Google searches to advance Linux tools and even the ethically complex world of data breaches.
It's a lot to take in, but hopefully our listeners are starting to see that Oscent isn't some mysterious dark art practiced only by like spies and hackers. It's a skill set that anyone can learn and use in their own life.
Exactly. It's about becoming an information detective, and like you said, it's not about being some kind of tech genius. It's about having the right mindset, the right tools, and always always remembering the ethical implications of the work well set. This is definitely one of those topics that we could probably talk about for days, but alas all good things must come to an end.
For now, at least, There's always more to explore in the world of Oocent, that's for sure.
But until next time, keep those detective hats handy and remember the truth is out there, just waiting to be uncovered.