Part 2: Your route from strategies to presentation: OSINT investigation.
Now, since you have been introduced to OSINT investigations, this article will lead you to the necessary steps that are essential for any investigation (refer figure 1 in part 1*).
It is wisely said,
A vision without strategy, remains an illusion”- Lee Bolman
Your investigation goals define your strategy. For example, your client has received an email asking her to pay ransom in Bitcoins, the email id which you have is email@example.com (email id has been used only for education purpose, being quirky enough to not ask for a ransom being an investigator myself), there is no other known information. Your goal is to find out the full name, address and mobile number of the sender and finally trace his/ her current location.
How will you make a strategy now?- lets define it! What can you find out with an email? How can you create a suspect profile with just this email? Figure 2 explains how one can stem out of one element to fix a part or the whole puzzle.
Figure 2: An example of how from one email you could stem to so many possibilities and gather information to create your suspect profile.
This covers your planning and strategy.
The next step is Collection of information, identify which OSINT tools you will use to find out the sequence of the investigation. Refer to www.osintframework.com for a brief overview, not all tools will give you results, some are updated tools, while some aren’t. Keep exploring until you find your favourite tool.
Acquire your information, do screen recordings using Bandicam (free tool records only 10 mins videos) and take screen shots using Snipping tool which is inbuilt in Windows or Grab for Mac (Command + Shift + 3)
Depending upon the information you have received, process it in logical sequence and identify further investigation possibilities. Exploit or Analyze the information and create an actionable piece of Intelligence which gives you a bigger picture of the whole scenario. Remember, all these procedures must be thoroughly documented, use handwritten case logs and maintain digital records. Internet is a volatile environment and information that is currently available may not exist tomorrow. Also, the whole investigation should yield close to similar results when performed by another expert. Present all your findings in a clear and a concise report. Refer to Part 1,2 and 3of the articles on how to write effective Expert Witness Reports, the links are attached below.
Now, your task is to:
1. Create a criminal case yourself (don’t do the crime, assume you have a case to solve). Write a short summary of your story.
2. Then create a mind map (refer figure 2) discussing how you would solve your case quickly and efficiently.
3. Email me your techy and creative reports at firstname.lastname@example.org
Hint: Use latest trends of crimes for example: Paytm Scams, Alcohol and food delivery scams during COVID19, Facebook messenger scams and so on. You are also free to explore other areas of forensics other than cybercrime.
There will be instances where you will not find anything or sometimes your pool of information will be very overwhelming. Don’t worry! Keep calm and hang on! Often you can’t solve the whole puzzle in one go, you need other resources, other sources of intelligence like HUMINT (Human Intelligence) or supporting clues from other areas of forensics. If I can do it, you could too!
Dr Malvika Mehta (ACSFS) (MSc) (BAMS) Forensic Investigator, Consultant, Trainer & an Independent Expert Witness, OSINT specialist, Content developer.