Professional Documents
Culture Documents
01 Intro To OSINT and Public Domain
01 Intro To OSINT and Public Domain
01 Intro To OSINT and Public Domain
Diana Ngo
Associate Director, Blackpeak
About Blackpeak Group
• International investigative
research and risk advisory
firm
• North America—USA
• Greater China—Mainland China,
Hong Kong, Macau, Taiwan
• North Asia—Japan, Korea,
Mongolia
• India
• Southeast Asia—Singapore,
Indonesia, Vietnam, Malaysia,
Thailand, Philippines, and others
• Oceania—Australia, New Zealand
Types of Projects
Business Intelligence
Due Diligence Corporate Investigations
Research
About Diana Ngo
• Associate Director, Blackpeak
Group
• Worked and lived around the
world—United States, France,
Switzerland, South Korea,
Mainland China, Hong Kong,
Thailand, and Singapore
• Manages complex reputational and
investigative enhanced due
diligence projects for Blackpeak
What We’ll Cover Today
• Introduction to OSINT
• Public Domain Tools and Techniques
• Social Media Investigations
• How Search in a Foreign Jurisdiction
• Case Studies
Introduction to OSINT
OSINT
Definition:
• Data collected from all publicly available sources
• The term “open” refers to overt (versus covert) information
• The data is used for intelligence purposes
When Do You Use OSINT?
OSINT is often the most important step, as we lay the
foundation or find or employ other methods to
complete the task.
• It can also lead to
information that the
investigator may need to
OSINT
verify and corroborate, as
well as uncover leads that
OSINT were unknown before.
• The process is ideally
+
Source Inquiries
Site Visits iterative to get the best
possible outcome.
When Do You Use OSINT?
In our work, OSINT is important as we are
independently and discreetly gathering and
analyzing information to look for undisclosed
incidents or risks. Some of the issues we may look
at include:
• Fraud • Regulatory • Commercial
• Corruption breaches disputes
• Sanctions • Labor problems • Other such risks
• Money • Litigation and reputational
laundering matters issues
What Types of Cases Can You Use
OSINT For?
The following are just a few situations in which
OSINT searches are valuable:
• Fraud • Asset searches
• Embezzlement • Competitive intelligence
• Due diligence • Sanctions
• Intelligence gathering • Criminal searches
• Phishing schemes
• Loss prevention
OSINT Resources
Examples of OSINT resources:
• Public records (i.e. corporate, litigation,
bankruptcy, regulatory)
• Social media
• Online databases
• Internet searches
• Media articles
Source Reliability
Official
statements
Corporate Filings
GOVERNMENT Litigation Records
DATABASES
Local Regulatory Databases
Browser hygiene:
• Clear your browsing data
• Disable password auto-fill
Browser Basics: VPN
What is a Virtual Private Network (VPN)?
• A network that extends a private network across a public network
• Creates a secure and encrypted connection
• Masks your identity online (IP address, approximate location, ISP)
Browser Basics: VPN
Recommendations: Private Internet Access, ProtonVPN
Browser Basics: Tor
What is Tor (The Onion Router)?
• Free and open source, volunteer-operated servers
• Usually slower Internet speeds
• Connect through a series of virtual tunnels rather than a direct connection
• Distributed traffic with separate set of encryption keys for each circuit hop
• Access dark Web but be warned: child porn, drug shops, hackers for hire,
and weapons
• Use ahmia.fi to search for indexed .onion network links
Browser Extensions
Some browser extensions:
• Adblock Plus — adblockplus.org
• Disconnect.me — blocks website tracking
• Download Helper — assists with downloading videos found on
a site
• EFF Privacy Badger — blocks spying ads and invisible trackers
• Exif Viewer — image metadata
• FireShot — generate screenshots
• HTTPS everywhere — encrypts communication with most
major websites
• Hunch.ly — paid investigations tool
• Resurrect Pages — historical search on deleted websites
Browser Extensions
FireShot capture options Disconnect.me Toolbar
Disconnect Visualizer
Disconnect Visualizer — Forbes.com
Hunch.ly
Paid tool but worth a mention:
• Optimizes data capture and analysis
• Takes full content captures of every Web page visited
• Tracks usernames, phone, and email addresses automatically
• Stored on your hard drive, not cloud
Google and Baidu Search Operators
GOOGLE BAIDU
Search exact phrase “subject” “subject”
Exclude word in searches -subject -subject
Search within a website site:[url] site:[url] (no need to include
http://)
Searches that link to a website Link:[url] N/A
Search a cached version of the site Cache:[url] N/A
Search a particular file type Filetype:pdf N/A
Search for a term in the website URL N/A Inurl:[subject]
Search for a term in the website title N/A Intitle:[subject]
Search more than one term OR (capitalised) N/A
Wildcard * N/A
Using ‘Site’ Command for Stock
Exchange Website Workaround
Using ‘Site’ Command for Regulatory
Website Workaround
Using ‘Site’ Command
Live Demonstration
Live Demonstration
Yandex
• Largest search engine in Russia
Google Alerts
• Useful for monitoring of
online mentions of your
investigation subject
• Customizable
• Remember to use
quotation marks for
specific search terms
Archived or Cached Pages
View archived websites, compare information
before/after, and get around paywalls
Archive.is
Archived or Cached Pages
www.archive.org
Live Demonstration
• Related companies/websites
• Names of individuals
Reverse Image Searches: Exif Data
Imgops.com
Reverse Image Searches: Exif Data
More Image Tools
More image tools:
• Jeffrey’s Image Metadata Viewer — http://exif.regex.info
• Magnify pictures — https://29a.ch/photo-forensics
• Online barcode reader — https://online-barcode-
reader.inliteresearch.com
E.g., a discarded boarding pass can yield
valuable leads
More Image Tools
Image manipulation tools:
• Analyzes a photo to check for edits
— http://www.izitru.com
• Digital picture analysis —
fotoforensics.com
Live Demonstration
blackpeakgroup.com
&
it@blackpeakgroup.com
Search Engine Marketing Tools
Use websites to see backlinks, search rankings,
and related info:
• Alexa rankings
• Semrush.com — SEO statistics and backlinks
• Changedetection.com — monitor website changes
• Pentest-tools.com/information-gathering/find-subdomains-
of-domain — find hidden links on a website
IP and Domain Tools
• Backlink checker —
smallseotools.com/backlink-
checker
Shodan.io — search engine for
internet-connected devices (IoT)
• Robots.txt file search
• Instructs search engines not to index
certain files
• Find these files via:
acfe.com/robots.txt or use site
operator site:acfe.com “robots.txt”
• Provides insight into what the
domain owner considers sensitive
Email Address
• What could you potentially find with an email address?
• Social media profiles
• Domains registered
• Classifieds and forum postings
• If email account has been compromised
• Start with basic “quotation mark” searches and expand
your search from there
• Pipl.com — good first point of search
Email Address
Email Verification:
• Mailtester.com
• Verify-email.org
• tools.verifyemailaddress.io
Other tips:
• Use WHOIS to check for domains registered to email address
• Check hacked-emails.com and pastebin to see if it is compromised
• Username search: http://knowem.com
Search the Skype directory for your subject while logged in:
• User profile may have a photo, email address, user name
• This user name could be consistent across your subject’s social media
Phone Numbers
Harder to trace, but some sites worth a try (most require
accounts):
• Pipl
• True Caller
• Thatsthem.com/reverse-phone-lookup
• Nextcaller.com
Note that many of these services are U.S.-focused and may not
yield leads that are as valuable in APAC
Phone Numbers
Other tools and domains to search:
• Whocallsme.com
• Classifieds and forums (e.g., Craigslist, Gumtree, even escort
forums if there is even a hint your subject is into that)
Online Communities
Communities that may provide further leads:
• Craigslist, eBay
• Asia-specific sites: Carousell, Qoo10, Taobao, Rakuten
• Reddit (e.g., reddit.com/r/rbi – reddit’s bureau of
investigation)
• Public Google calendars (e.g., site:google.com/calendar
“appt”)
• Local prostitution or escort ad sites/forums/review
boards
• Online dating/networking websites — Match, Ashley
Madison, Meetup
Mapping
Mapping Tools:
• Google Maps —
maps.google.com
• Bing Maps —
bing.com/maps
• HERE WeGo —
wego.here.com
Editing Tools:
• Freemaptools.com
• Scribblemaps.com
Document Search: Filetypes
Commonly Indexed Filetypes File Extension
Microsoft Word or Open XML Doc .doc / .docx
Microsoft Excel or Open XML Spreadsheet .xls / .xlsx
Microsoft PowerPoint Presentation .ppt / .pptx
WAVE or Mp3 Audio Files .wav / .mp3
Adobe Acrobat Portable Document Format .pdf
OpenOffice Files .odp / .ods / .odt
Text Files .txt / .rtf
Compressed Files .rar / .zip / .7z
Images .png / .jpeg / .jpg / .bmp
Google Earth .kml / .kmz
Document Search: Methods
Search Methods:
1) Site:URL filetype:ext
2) “Search Term” filetype:ext (add hyphens + OR filetype:ext to
narrow results)
3) inurl:ftp -inurl:(http|https) filetype:ext “Search Term”
• Identifies File Transfer Protocol (FTP) servers that contain
your search term within the file
Document Search: Cloud
Whistleblowers
The Allegations
Client receives two separate but nearly identical
whistleblower allegations:
• Claim to be shareholders of large multinational mining company (Giant
Mining) who are planning to enter into a JV with a mining company in
Latin America (LAT Mining)
• Understands Client to have invested in LAT Mining
• Alleged that an individual named Kim is the “operator” of LAT Mining
and is under criminal investigation
• Attributed Kim’s involvement in LAT Mining and another mine in Africa
(AFR Mining) as “dubious” because mines did not produce any material
• The mining appraiser, Lee, who did mining report for EUR Mining and
LAT mining was expelled from an accredited institution for failing to
document his qualification
Client’s Questions
Copy and
Open as
Save Email Paste into
Text
on Desktop Trace
Message
Website
Investigation: Email Trace
Investigation: Email Trace
Investigation: Email Trace
CA Man’s Email
Investigation: Email Trace
NY Man’s Email
Investigation: Metadata
Investigation: Daniel Park
CA Man and Daniel Park
• Went to the same high school
• Both graduated in 2008
Investigation: Daniel Park
Daniel Park
• Was involved in track and field
at his high school
• Went to Temple University
• Same school as NY Man
• Google Searches did not find
info on “Daniel Park”
Investigation: Daniel Park
Diana Ngo
Associate Director, Blackpeak