Part 5: Documenting and storing your data: OSINT investigations
One thing about OSINT is that you start gathering a lot of information which can be in the form of text, images, videos and so on. It is important that you as an investigator document all your findings and the digital evidences. The internet is a volatile environment, the information available now may not be available after an hour, a day or even after a year: Information disappears. Correct tools must be used that will store your data and is also presentable to your client/ court for any form of inquiry. Amongst the many available resources, the following are the popular ones. You could search and find the one you are comfortable with.
1. Fireshot, ShareX, Lightshot: Your data is stored, converted to a pdf for examinations of presentation. Snipping tool and Grab to capture screen shots on Windows and Mac respectively. Bandicam is good for screen recordings as I mentioned in my previous articles.
2. Save the internet pages in HTML formats, applications like Save page WE or inbuilt options- Right click on the page- click save as- Webpage, HTML only and if you need then save other formats too depending on your investigation.
3. OneNote, EverNote, Google Keep, Zoho Notebook, Zotero have extensive features and very useful to document and save your data. Remember to save all your data on your PC and not on Cloud.
4. OSIRT is a browser curated for Open Source Intelligence. It allows you to capture the web, video screen recordings, web page downloading, inbuilt TOR browser, Automated logging process with a date and time stamp on your case file, case notes to keep a track of the progress details and attachments. Download and install OSIRT on your investigation PC and refer the user guide at http://osirtbrowser.com/downloads/osirt-user-guide-23122016.pdf
5. Add-ons are extensions or programs that allows the user to perform tasks/ actions that the browser cannot do. For example, I use a Mendeley as my reference managing software and I have installed a Mendeley Web Importer which is an extension that collects cookies and technical information from the browser to capture the reference over the web page. Browser input and output needs to be controlled to reduce the chances of tipping off your suspect, we can influence what comes back. So first thing is to download User agent spoofer https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg : Set the user settings to Google Spider and you are ready to spoof your device information.
To expand the capabilities of a browser for an OSINT investigator are:
1. Exif extractor is one useful extension that allows the user to extract the exif data from the raw images on the internet. Exif data includes details about the date and time when the image was taken, camera model, location and camera settings too. https://chrome.google.com/webstore/detail/exif-viewer/mmbhfeiddhndihdjeganjggkmjapkffm?hl=en
2. Buscador: Is considered one of the best however it hasn’t been maintained or updated since 2019. https://inteltechniques.com/buscador/
3. Privacy Badger or U-block origin: To prevent being tracked, use privacy tools like Privacy Badger which will help to monitor what information goes out. It will tell you about the advertisements being blocked and allows you to concentrate on areas you are working on. Here are the links: · https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp · https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
4. One click video down-loader: The name is self-explanatory, download videos in one click. https://chrome.google.com/webstore/detail/one-click-video-downloade/bhepgcoaibmmehlmckhlmbdgcemhidcg?hl=en These extensions will work with Chrome, Firefox and some other browsers too (see what works best for you).
Dr Malvika Mehta (ACSFS) (MSc) (BAMS) Forensic Investigator, Consultant, Trainer & Independant Expert Witness, OSINT specialist, Forensics course designer