WEBVTT 1 00:00:00.040 --> 00:00:03.759 All right, let's jump right into it. Welcome everyone, We're 2 00:00:03.759 --> 00:00:05.960 about to take a deep dive into the world of 3 00:00:06.080 --> 00:00:07.360 open source intelligence. 4 00:00:07.480 --> 00:00:08.400 Ocent for sure. 5 00:00:08.599 --> 00:00:11.439 Oh, since that's right. If you want to learn some serious, 6 00:00:11.480 --> 00:00:15.279 cutting edge techniques, you are in the right place because 7 00:00:15.279 --> 00:00:20.399 today we're diving into Michael Bizell's book Open Source Intelligence Techniques. 8 00:00:20.480 --> 00:00:20.920 That's right. 9 00:00:20.960 --> 00:00:23.440 We are, so get ready to uncover some secrets that 10 00:00:23.480 --> 00:00:24.640 are hidden in plain sight. 11 00:00:24.920 --> 00:00:27.600 Yeah. But before we before we start digging into other 12 00:00:27.640 --> 00:00:31.000 people's lives, we really have to talk about protecting your own. 13 00:00:31.120 --> 00:00:32.039 Oh that's a good point. 14 00:00:32.119 --> 00:00:34.960 It's like, imagine like you're trying to track someone and 15 00:00:35.000 --> 00:00:38.159 you find out they're already tracking you. Uh oh yeah, 16 00:00:38.240 --> 00:00:38.640 not good. 17 00:00:38.840 --> 00:00:41.880 That sounds like a like a bad spy movie waiting 18 00:00:41.880 --> 00:00:42.320 to happen. 19 00:00:42.600 --> 00:00:44.520 Right, So how do we make sure we're not the 20 00:00:44.560 --> 00:00:46.000 ones being investigated? Yeah? 21 00:00:46.039 --> 00:00:47.359 How do we protect ourselves? 22 00:00:47.359 --> 00:00:50.759 So think of it like building a digital fortress around yourself. Yeah, 23 00:00:50.840 --> 00:00:54.320 you gotta start with the basics. Anti virus, malware protection, 24 00:00:54.479 --> 00:00:55.320 super important. 25 00:00:55.520 --> 00:00:56.520 Those are the essentials. 26 00:00:56.600 --> 00:00:59.960 Yeah, definitely. Now, ClamAV that's a great open source opwa 27 00:01:00.159 --> 00:01:00.799 If you're looking for. 28 00:01:00.759 --> 00:01:02.719 Something free, okay, good to know. 29 00:01:02.840 --> 00:01:05.239 Then you want to harden your browser, so disable any 30 00:01:05.280 --> 00:01:06.680 plugins you don't actually need. 31 00:01:06.840 --> 00:01:08.719 Oh yeah, I'm always surprised by how many I have 32 00:01:08.799 --> 00:01:09.400 and I don't even. 33 00:01:09.359 --> 00:01:12.319 Realize it exactly exactly. And then we got to talk 34 00:01:12.359 --> 00:01:15.959 about privacy focused add ons. Okay, think of these as 35 00:01:16.000 --> 00:01:19.879 your OCENT toolkit, all right, so you block origin, blocks 36 00:01:19.959 --> 00:01:23.159 those annoying ads. Fire shot. This one lets you capture 37 00:01:23.439 --> 00:01:24.439 entire web pages. 38 00:01:24.480 --> 00:01:28.040 Oh neat, like a screenshot, but like a better version. 39 00:01:27.840 --> 00:01:31.079 Way better. And bulk media downloader, Yeah, that's for well, 40 00:01:31.400 --> 00:01:34.760 downloading media in bulk. And of course exit viewer. This 41 00:01:34.920 --> 00:01:36.959 lets you analyze images, get all the metadata. 42 00:01:37.000 --> 00:01:39.280 That sounds pretty powerful it is. 43 00:01:39.560 --> 00:01:40.640 And of course a VPN. 44 00:01:40.879 --> 00:01:42.000 Always got to have a VPN. 45 00:01:42.120 --> 00:01:44.599 Oh yeah, that's essential for masking your IP address. Right, 46 00:01:45.159 --> 00:01:46.680 but Bazel takes it a step further. 47 00:01:46.840 --> 00:01:48.040 Oh what does he say? 48 00:01:48.439 --> 00:01:51.560 He really advocates using a Linux virtual machine. 49 00:01:51.719 --> 00:01:53.599 A virtual machine? What's that? 50 00:01:53.879 --> 00:01:58.480 So think of it as a mini computer inside your computer? Whoa, yeah, right, 51 00:01:58.920 --> 00:02:01.000 and this one is dedicated it's solely to OCENT. 52 00:02:01.680 --> 00:02:02.799 Ah, I get it. 53 00:02:02.799 --> 00:02:04.879 It's an extra layer of security. 54 00:02:04.439 --> 00:02:05.400 That makes a lot of sense. 55 00:02:05.719 --> 00:02:08.960 So even if your main system gets compromised, your OCENT 56 00:02:09.080 --> 00:02:11.680 work stays safe. Yeah, you want to be the one 57 00:02:11.680 --> 00:02:13.960 doing the investigating, not the other way around. 58 00:02:14.159 --> 00:02:14.840 Very true. 59 00:02:15.120 --> 00:02:17.199 All right, So now we got our digital defenses up, 60 00:02:17.280 --> 00:02:19.639 let's get into some actual ocent techniques. 61 00:02:19.759 --> 00:02:21.199 Let's do it. Where should we start? 62 00:02:21.639 --> 00:02:23.840 I think a good place to start is social media. 63 00:02:23.879 --> 00:02:27.280 Of course, that's like a gold mine of information. 64 00:02:26.919 --> 00:02:30.800 It really is. Let's start with Facebook, all right, Facebook? 65 00:02:30.840 --> 00:02:34.520 Did you know that every Facebook user has a unique 66 00:02:34.560 --> 00:02:36.360 ID that can be exploited? 67 00:02:36.599 --> 00:02:39.639 Wait, a secret code, like a like a skeleton key. 68 00:02:39.719 --> 00:02:42.120 It's a skeleton key. Yeah. Once you find it, you 69 00:02:42.120 --> 00:02:46.400 can uncover photos, they've liked, groups, they've joined events, they've attended. 70 00:02:46.520 --> 00:02:50.360 Whoa, It's like a whole secret history, it really is, and. 71 00:02:50.319 --> 00:02:52.479 It's all stuff that Facebook tries to keep hidden. 72 00:02:52.759 --> 00:02:55.080 That's kind of creepy but also kind of cool. 73 00:02:55.319 --> 00:02:58.800 Yeah. Right, so how do we find this magical user id? 74 00:02:59.039 --> 00:02:59.879 Yeah? How do we do it? 75 00:03:00.080 --> 00:03:03.319 Well, there are tools that can help, or you can 76 00:03:03.360 --> 00:03:05.560 find it by looking at the source code of their 77 00:03:05.560 --> 00:03:10.080 profile page. And here's where it gets really interesting. You 78 00:03:10.120 --> 00:03:13.360 can search for Facebook profiles not just with email addresses, 79 00:03:13.479 --> 00:03:14.719 but also phone numbers. 80 00:03:15.000 --> 00:03:17.400 Wait, so I could find your profile just using your 81 00:03:17.400 --> 00:03:18.800 phone number. That's wild. 82 00:03:19.039 --> 00:03:19.759 It's possible. 83 00:03:19.840 --> 00:03:20.639 That's a bit scary. 84 00:03:21.120 --> 00:03:23.319 It is, it is, and that's not all. You can 85 00:03:23.400 --> 00:03:26.560 uncover connections between people, connections that aren't obvious. 86 00:03:26.759 --> 00:03:27.960 Okay, like how do you do that? 87 00:03:28.080 --> 00:03:31.520 By analyzing their friends networks. You can even use Facebook's 88 00:03:31.520 --> 00:03:34.439 live video map to find someone's location in real time. 89 00:03:34.639 --> 00:03:36.800 Hold on real time? That's I mean. Isn't that an 90 00:03:36.800 --> 00:03:37.879 invasion of privacy? 91 00:03:37.960 --> 00:03:40.719 It can be. Yeah, but it's all public information. 92 00:03:40.960 --> 00:03:43.439 That's crazy, Yeah, it is, all. 93 00:03:43.360 --> 00:03:45.039 Right, let's switch gears. Let's talk about Twitter. 94 00:03:45.120 --> 00:03:46.159 Okay, Twitter, so. 95 00:03:46.199 --> 00:03:49.800 Unlike Facebook, Twitter is much more open, but you need 96 00:03:49.840 --> 00:03:53.360 a strategic approach. You can use advanced operators to filter, 97 00:03:53.479 --> 00:03:57.719 buy date, location, even the device someone used to tweet. 98 00:03:57.800 --> 00:03:59.360 Okay, that sounds pretty specific. 99 00:03:59.479 --> 00:04:02.800 It is like Facebook. You can sometimes unearth deleted tweets. 100 00:04:02.840 --> 00:04:05.599 Oh wait, deleted? How's that possible? 101 00:04:05.919 --> 00:04:09.360 So nothing is ever truly gone on the internet. Oh, 102 00:04:09.840 --> 00:04:12.360 that's the beauty and the danger of it. There are 103 00:04:12.400 --> 00:04:16.920 services that archive web pages, including tweets, even after they've 104 00:04:16.959 --> 00:04:17.480 been deleted. 105 00:04:17.639 --> 00:04:20.319 Oh wow, So even if someone thinks they've covered their. 106 00:04:20.199 --> 00:04:21.920 Tracks, it's still out there. 107 00:04:22.040 --> 00:04:24.600 That's a bit scary but also fascinating. 108 00:04:24.720 --> 00:04:27.160 It is. And then there are tools like tweet beaver 109 00:04:27.399 --> 00:04:31.000 and tinfol leak that can analyze a user's network and 110 00:04:31.079 --> 00:04:32.519 activity patterns. 111 00:04:32.279 --> 00:04:34.560 So we can see who they're connected to and how 112 00:04:34.600 --> 00:04:37.240 they're using Twitter exactly. I'm starting to feel like a 113 00:04:37.279 --> 00:04:38.079 digital detective. 114 00:04:38.120 --> 00:04:40.839 Here you are, you're getting it. Okay, let's move on 115 00:04:40.879 --> 00:04:41.480 to Instagram. 116 00:04:41.519 --> 00:04:44.439 All right, Instagram everyone's favorite photo sharing app. 117 00:04:44.680 --> 00:04:47.240 Right, So Instagram search function is kind of limited. 118 00:04:47.439 --> 00:04:48.759 Yeah, it's not the best. 119 00:04:48.600 --> 00:04:51.920 But you can bypass that use Google to find profiles 120 00:04:51.920 --> 00:04:56.360 and tag posts. Plus, Instagram often keeps metadata in photos, 121 00:04:56.480 --> 00:04:57.920 which can reveal locations. 122 00:04:58.279 --> 00:04:59.519 Oh right, metadata. 123 00:04:59.519 --> 00:05:01.639 We talked to that even a selfie can give away 124 00:05:01.639 --> 00:05:02.560 more than you intended. 125 00:05:02.800 --> 00:05:05.120 Yikes, gotta be careful about what I post. 126 00:05:05.319 --> 00:05:07.600 You do you do? So what else can we use 127 00:05:08.079 --> 00:05:09.120 beyond social media? 128 00:05:09.240 --> 00:05:10.199 Yeah? What else is there? 129 00:05:10.360 --> 00:05:14.920 People? Search engines, pipil peak you. These are amazing resources. 130 00:05:15.079 --> 00:05:17.319 I've used those before. It's always a bit unnerving how 131 00:05:17.360 --> 00:05:18.279 much they find, right. 132 00:05:18.279 --> 00:05:20.319 It's eye opening. Yeah, and you can use them to 133 00:05:20.319 --> 00:05:24.360 find potential email addresses and even social media profiles, even 134 00:05:24.360 --> 00:05:26.120 if you only have a name and a location. 135 00:05:26.319 --> 00:05:29.000 So like one piece of information leads to another and another. 136 00:05:29.160 --> 00:05:31.920 It's like a digital trail, a trail of breadcrumbs, exactly. 137 00:05:31.920 --> 00:05:33.680 You can go even deeper than that. Deeper. 138 00:05:33.720 --> 00:05:34.959 How much deeper can it go? 139 00:05:35.160 --> 00:05:36.600 Have you ever heard of the dark Web? 140 00:05:36.839 --> 00:05:39.199 I have, but it sounds kind of intimidating. 141 00:05:39.240 --> 00:05:42.000 So think of the Internet like an iceberg. Right. The 142 00:05:42.120 --> 00:05:45.399 surface web is what we see every day, but underneath 143 00:05:45.839 --> 00:05:49.759 lies this vast hidden network the dark web. 144 00:05:50.759 --> 00:05:53.639 Okay, so like the tip of the iceberg versus what's underneath. 145 00:05:53.800 --> 00:05:57.959 Exactly, it's a place where anonymity rains and information. Well, 146 00:05:58.040 --> 00:06:01.360 it can be valuable, but also. 147 00:06:00.639 --> 00:06:02.120 Sounds like a risky place to be. 148 00:06:02.360 --> 00:06:05.199 It can be. You can access it using TOR, that's 149 00:06:05.240 --> 00:06:06.480 the anonymous browsing network. 150 00:06:06.560 --> 00:06:07.439 Oh, I've heard of Tor. 151 00:06:07.680 --> 00:06:11.720 And then there are specialized search engines like showdan. This 152 00:06:11.759 --> 00:06:16.959 can reveal Internet connected devices, potentially including unsecured webcams and servers. 153 00:06:17.279 --> 00:06:19.199 That's wow. That's kind of scary. 154 00:06:19.639 --> 00:06:22.720 It is a bit it is. So you've got social media, 155 00:06:22.920 --> 00:06:25.720 you've got people search engines, you've got the dark web. 156 00:06:26.759 --> 00:06:29.439 With all this information, how do you even keep track 157 00:06:29.480 --> 00:06:29.680 of it? 158 00:06:29.920 --> 00:06:31.720 That's a good question. It sounds like it could get 159 00:06:31.759 --> 00:06:32.959 overwhelming pretty quickly. 160 00:06:33.120 --> 00:06:37.040 It definitely can. That's why archiving and Documenting your findings 161 00:06:37.079 --> 00:06:38.120 is so important. 162 00:06:37.759 --> 00:06:38.800 So you don't lose track. 163 00:06:39.120 --> 00:06:42.480 Right, you need to capture, preserve the evidence, especially if 164 00:06:42.480 --> 00:06:44.639 you might need it later for legal purposes. 165 00:06:44.680 --> 00:06:46.000 Maybe right makes sense. 166 00:06:46.040 --> 00:06:48.040 Tools like hunchly they're invaluable for this. 167 00:06:48.360 --> 00:06:49.720 Hunchy, i'f check that out. 168 00:06:49.839 --> 00:06:52.519 It's like having a digital notary for your investigation. 169 00:06:52.759 --> 00:06:56.079 So you've got social media, people, search engines, the dark web. 170 00:06:56.160 --> 00:06:58.040 Can you give me some real world examples of how 171 00:06:58.040 --> 00:07:00.160 these overcent techniques have been used? Oh? 172 00:07:00.240 --> 00:07:04.160 Absolutely. The Housel's book has some incredible stories. There was 173 00:07:04.199 --> 00:07:06.720 one case where a missing person was found thanks to 174 00:07:07.040 --> 00:07:10.279 deleted social media posts. Yeah, they used osin techniques to 175 00:07:10.319 --> 00:07:10.920 recover them. 176 00:07:11.120 --> 00:07:14.680 Wow. So it's like bringing a digital ghost back to life. 177 00:07:14.800 --> 00:07:17.279 You could say that that's amazing. 178 00:07:16.959 --> 00:07:19.560 It really is. And there was another case where a 179 00:07:19.639 --> 00:07:23.319 suspect in a vandalism case was identified using a reverse 180 00:07:23.360 --> 00:07:23.959 image search. 181 00:07:24.240 --> 00:07:27.199 Oh wow. So even seemingly harmless photos can. 182 00:07:27.040 --> 00:07:30.920 Be incredibly revealing. Osin's even been used to uncover a 183 00:07:30.959 --> 00:07:34.639 company's hidden connections by analyzing their domain name. 184 00:07:34.839 --> 00:07:37.720 So it's not just about finding people, it's about understanding 185 00:07:37.759 --> 00:07:40.079 connections networks exactly. 186 00:07:40.120 --> 00:07:41.639 It's a powerful tool that's for sure. 187 00:07:41.720 --> 00:07:44.519 With great power comes great responsibility. 188 00:07:44.720 --> 00:07:47.480 You got that right. Yeah, We've covered so much already. 189 00:07:47.959 --> 00:07:49.759 I need a minute to let it all sink in. 190 00:07:49.920 --> 00:07:52.279 I know, right, We've gone from social media to the 191 00:07:52.360 --> 00:07:53.959 dark web. It's a lot to process. 192 00:07:54.120 --> 00:07:56.560 We've only just scratched the surface. The world of ocent 193 00:07:56.800 --> 00:07:58.839 is vast, constantly evolving. 194 00:07:59.040 --> 00:08:01.839 I can't wait to learn more. Welcome back to our 195 00:08:01.879 --> 00:08:04.480 deep dive into the world of open source intelligence. 196 00:08:04.560 --> 00:08:07.480 It's like we're putting together a giant puzzle, and each 197 00:08:07.519 --> 00:08:10.439 piece of data brings us closer to the bigger picture. 198 00:08:10.560 --> 00:08:13.360 Exactly, So let's keep uncovering those pieces. What other techniques 199 00:08:13.360 --> 00:08:13.839 can we use? 200 00:08:14.079 --> 00:08:17.040 Let's talk about email addresses. Even if you don't have 201 00:08:17.079 --> 00:08:19.560 the full email address, you can often piece it together. 202 00:08:19.759 --> 00:08:22.160 You mean, like a digital guessing game. 203 00:08:22.519 --> 00:08:25.160 It's more than just guessing. You can try different combinations, 204 00:08:25.199 --> 00:08:29.120 right their name, use your name, other details with common 205 00:08:29.240 --> 00:08:30.480 email providers, so. 206 00:08:30.519 --> 00:08:33.799 Like Gmail, Yahoo, those sorts of things. 207 00:08:33.879 --> 00:08:34.440 Exactly. 208 00:08:34.600 --> 00:08:35.960 Are there tools that can help with this? 209 00:08:36.120 --> 00:08:41.200 Oh? Absolutely? Bizell mentions this website find any email really effective. 210 00:08:41.360 --> 00:08:42.159 Find any email? 211 00:08:42.240 --> 00:08:44.919 Okay, You just need their name and the employer's domain, 212 00:08:45.240 --> 00:08:48.200 and it generates a list of possible email addresses. 213 00:08:48.279 --> 00:08:50.759 That sounds super helpful. Okay, So let's say we have 214 00:08:50.799 --> 00:08:53.240 a potential email address. What do we do with it? 215 00:08:53.559 --> 00:08:58.120 First, verify it's real email. Hippo can check if it exists. 216 00:08:58.159 --> 00:09:00.080 If it's active email, Hippo got it. 217 00:09:00.159 --> 00:09:04.360 Then have I been planed? Check if it's been compromised? 218 00:09:04.440 --> 00:09:06.799 Oh right, like a data breach or something exactly. 219 00:09:06.799 --> 00:09:09.240 You wouldn't want to rely on a compromise email address. 220 00:09:08.960 --> 00:09:12.000 Right, definitely not. Okay, So what else can we do 221 00:09:12.039 --> 00:09:13.559 with a verified email address? 222 00:09:13.840 --> 00:09:17.200 You can gather some intel. Try creating an account on 223 00:09:17.360 --> 00:09:20.879 Apple ID using their email if it's already in use, 224 00:09:21.279 --> 00:09:22.720 you know they have an Apple account? 225 00:09:22.759 --> 00:09:24.159 Ah, clever. 226 00:09:24.360 --> 00:09:26.639 You can do this with other services too, build a 227 00:09:26.679 --> 00:09:28.320 profile of their online activity. 228 00:09:28.399 --> 00:09:30.919 It's like a digital fingerprint exactly. 229 00:09:31.480 --> 00:09:34.960 Okay, let's shift gears a bit. Say we're not investigating 230 00:09:35.000 --> 00:09:36.840 a person but an event. 231 00:09:37.440 --> 00:09:40.159 Okay, so like a protest, a crime or something like that. 232 00:09:40.240 --> 00:09:43.000 Yeah, osin can be really helpful there too. How so 233 00:09:43.000 --> 00:09:46.720 social media is your starting point, right? Search Twitter, Facebook, 234 00:09:47.039 --> 00:09:52.240 Instagram using keywords makes sense. Remember those advanced search operators. 235 00:09:51.879 --> 00:09:53.519 Oh yeah, those are super powerful. 236 00:09:53.559 --> 00:09:55.360 They can help you filter through the noise and get 237 00:09:55.360 --> 00:09:56.639 to the most relevant. 238 00:09:56.200 --> 00:09:58.559 Posts, so you don't have to weighe through everything. 239 00:09:58.240 --> 00:10:03.440 Right, and don't forget about tools like tweet monitor, multiple feeds, hashtags. 240 00:10:03.120 --> 00:10:06.320 Tweet deck like a command center for information exactly. 241 00:10:06.639 --> 00:10:09.440 What about events that aren't widely discussed on social media? 242 00:10:09.679 --> 00:10:11.559 Hmmm, yeah, those are trickier. 243 00:10:11.679 --> 00:10:14.639 Online communities are a good place to look. Think forums, 244 00:10:15.159 --> 00:10:16.360 message boards. 245 00:10:16.399 --> 00:10:18.240 Like those niche communities exactly. 246 00:10:18.480 --> 00:10:20.600 They usually have their own search functions, or you can 247 00:10:20.679 --> 00:10:21.159 use Google. 248 00:10:21.759 --> 00:10:23.639 Okay, So we got to find the right communities for 249 00:10:23.679 --> 00:10:25.120 our investigation. 250 00:10:24.679 --> 00:10:28.759 Right and look for discussions, threads, any mentions of the event, 251 00:10:29.159 --> 00:10:32.320 user names, timestamps. Pay attention to those details. 252 00:10:32.360 --> 00:10:33.919 It's like virtual detective work. 253 00:10:34.000 --> 00:10:37.639 It is bizelle mentions. Reddit. It's a great example, vast 254 00:10:37.639 --> 00:10:39.240 network of communities. 255 00:10:38.759 --> 00:10:41.440 I've heard of Reddit. It seems a bit overwhelming, it. 256 00:10:41.360 --> 00:10:44.960 Can be, but once you get the structure, it's a 257 00:10:45.039 --> 00:10:45.679 gold mine. 258 00:10:45.679 --> 00:10:47.200 So how do you even navigate it? 259 00:10:47.559 --> 00:10:50.720 Search for specific subredits or use the main search function 260 00:10:51.200 --> 00:10:52.200 look for keywords? 261 00:10:52.759 --> 00:10:54.720 Okay, so we found some interesting posts. 262 00:10:54.759 --> 00:10:56.639 Now what try to identify the users? 263 00:10:56.720 --> 00:10:56.919 Right? 264 00:10:56.919 --> 00:10:59.000 Yea, Then you can use those other techniques we talked 265 00:10:59.039 --> 00:11:01.480 about to find their social medt profiles, learn more about them. 266 00:11:01.639 --> 00:11:03.240 Ah. Okay, so it all ties together. 267 00:11:03.440 --> 00:11:06.080 And there's this service push Shift. It lets you search 268 00:11:06.120 --> 00:11:07.519 for deleted Reddit. 269 00:11:07.200 --> 00:11:10.240 Posts, deleted posts, so even if they try to cover their. 270 00:11:10.120 --> 00:11:11.759 Tracks, it might still be out there. 271 00:11:12.000 --> 00:11:14.559 Wow, the Internet never forgets, it really doesn't. 272 00:11:15.159 --> 00:11:16.840 All right, let's move on to a different kind of 273 00:11:16.879 --> 00:11:19.240 online space, dating websites. 274 00:11:19.559 --> 00:11:22.639 Oh interesting, So we're not just talking about finding lost loves, 275 00:11:22.720 --> 00:11:23.399 not this time. 276 00:11:23.600 --> 00:11:29.120 Yeah, these platforms can be valuable for investigations, relationships, infidelity, 277 00:11:29.559 --> 00:11:30.840 even criminal activity. 278 00:11:30.960 --> 00:11:33.120 Okay, I can see how that would be relevant. 279 00:11:33.399 --> 00:11:36.080 But how do we even investigate them? They seem pretty private? 280 00:11:36.399 --> 00:11:37.639 Yeah, that's what I was thinking. 281 00:11:37.759 --> 00:11:41.279 Most have search functions filter by location, age, interests, that 282 00:11:41.320 --> 00:11:41.799 sort of thing. 283 00:11:42.039 --> 00:11:44.360 Okay, so you can narrow down the search, and you. 284 00:11:44.279 --> 00:11:48.039 Can always use Google. Some profiles are publicly. 285 00:11:47.639 --> 00:11:49.480 Visible, even if they think they're private. 286 00:11:49.639 --> 00:11:54.240 Sometimes. Yeah, now here's a cool technique sentence searching. Take 287 00:11:54.279 --> 00:11:57.000 a unique phrase from their profile and search for it 288 00:11:57.039 --> 00:11:57.559 on Google. 289 00:11:57.879 --> 00:12:01.480 Ah. So if they've used that phrase elsewhere, you might. 290 00:12:01.360 --> 00:12:04.440 Find their other accounts, social media blogs. 291 00:12:04.720 --> 00:12:05.080 Clever. 292 00:12:05.519 --> 00:12:08.200 And don't forget about reverse image search. If you have their. 293 00:12:08.000 --> 00:12:10.480 Photo, Oh right, that can be powerful. 294 00:12:10.600 --> 00:12:13.039 It can lead you to their other online identities. 295 00:12:13.279 --> 00:12:16.240 So many techniques. How do we keep it all organized? 296 00:12:16.519 --> 00:12:21.399 Organization is key, especially for complex investigations. Bizell suggests using 297 00:12:21.440 --> 00:12:23.840 mind maps or other visual tools. 298 00:12:23.559 --> 00:12:25.840 To connect the dots exactly. 299 00:12:25.600 --> 00:12:27.440 And spreadsheets. Those are your friends. 300 00:12:27.559 --> 00:12:31.360 I love a good spreadsheet, simple but effective, they really are. 301 00:12:31.879 --> 00:12:34.559 Speaking of practical tools, what about online classifieds? 302 00:12:34.639 --> 00:12:36.000 Oh, like craigslists. 303 00:12:36.080 --> 00:12:39.679 Yeah, Craigslist. You might think it's just for furniture and apartments. 304 00:12:39.960 --> 00:12:41.440 Yeah, that's what I usually use it for. 305 00:12:41.559 --> 00:12:45.720 But it can be useful for investigations, missing persons, stolen goods, 306 00:12:46.080 --> 00:12:47.279 even criminal activity. 307 00:12:47.399 --> 00:12:48.919 Wow, I didn't realize. 308 00:12:49.039 --> 00:12:52.919 You can search by location, keywords, even phone numbers. 309 00:12:53.120 --> 00:12:54.440 Okay, that makes sense. 310 00:12:54.480 --> 00:12:57.600 And there's this technique called site searching. You use Google 311 00:12:57.679 --> 00:12:59.879 to search for specific content within a. 312 00:13:00.080 --> 00:13:03.000 Website, so like searching for a specific phone number, but 313 00:13:03.120 --> 00:13:04.360 only within craigslists. 314 00:13:04.440 --> 00:13:08.720 Exactly. Pay attention to the language, time of posting, any patterns. 315 00:13:08.799 --> 00:13:09.919 It's all about the details. 316 00:13:10.000 --> 00:13:12.879 It is. It is a scent. Is more than just techniques. 317 00:13:12.919 --> 00:13:18.000 It's a mindset, way of thinking, curiosity, persistence, connecting the dots. 318 00:13:18.320 --> 00:13:20.519 We've covered a lot, but there's still more to come. 319 00:13:20.799 --> 00:13:23.480 This is all so fascinating. I can't wait to learn more. 320 00:13:24.320 --> 00:13:27.720 Welcome back to our final deep dive into ocent. We've 321 00:13:27.759 --> 00:13:31.919 explored so much already, social media, the dark web, even 322 00:13:32.000 --> 00:13:33.039 dating apps. 323 00:13:32.799 --> 00:13:35.639 We have, but there's still so much more to explore. 324 00:13:35.759 --> 00:13:36.519 I'm ready for it. 325 00:13:36.559 --> 00:13:39.240 What else is there today? Let's shift gears a bit 326 00:13:39.759 --> 00:13:43.080 less about specific platforms, more about the information itself. 327 00:13:43.200 --> 00:13:44.279 Okay, I like where this is going. 328 00:13:44.360 --> 00:13:46.000 Let's talk about document analysis. 329 00:13:46.080 --> 00:13:49.399 Document analysis like reading reports and stuff. 330 00:13:49.559 --> 00:13:54.840 More than just reading, it's about analyzing think reports, presentations, spreadsheets, 331 00:13:54.919 --> 00:13:58.000 legal filings, all publicly available online. 332 00:13:58.120 --> 00:14:00.559 Oh okay, I can see how those could be valuable. 333 00:14:00.600 --> 00:14:03.399 They're gold mines if you know how to analyze them. 334 00:14:03.440 --> 00:14:05.360 That is, So, where do we find these documents? 335 00:14:05.759 --> 00:14:09.519 Search engines those are your best friend. Use specific keywords 336 00:14:09.559 --> 00:14:11.720 file types to narrow down your search. 337 00:14:11.919 --> 00:14:13.720 So if I'm investigating a company, for. 338 00:14:13.720 --> 00:14:17.000 Example, exactly, you could search for their name, plus file 339 00:14:17.039 --> 00:14:22.480 types like PDF or DOCX, find reports, presentations, even internal documents. 340 00:14:22.519 --> 00:14:24.399 Sometimes that's pretty cool. It's like going on a digital 341 00:14:24.480 --> 00:14:25.159 treasure hunt. 342 00:14:25.399 --> 00:14:28.519 It is, and Bazell has some great tips on search 343 00:14:28.559 --> 00:14:31.720 operators that can make this even more effective. Ooth like 344 00:14:31.759 --> 00:14:34.960 what the file type operator that lets you search for 345 00:14:35.000 --> 00:14:38.799 specific file types or site to restrict your search to 346 00:14:38.840 --> 00:14:39.840 a specific website. 347 00:14:39.960 --> 00:14:43.720 Okay, those are useful, But once we've found some promising documents, 348 00:14:43.799 --> 00:14:45.200 how do we analyze them? 349 00:14:45.399 --> 00:14:49.240 It's a skill definitely takes practice. Start by scanning for keywords, 350 00:14:49.399 --> 00:14:53.919 phrases relevant to your investigation, names, dates, locations, things like that. 351 00:14:54.080 --> 00:14:57.519 So it's like you're looking for those key pieces of information, right. 352 00:14:57.360 --> 00:14:59.720 And then try to understand the context. Who created the 353 00:14:59.759 --> 00:15:01.639 doc document when why. 354 00:15:01.519 --> 00:15:04.039 So it's not just about what the document says, but 355 00:15:04.120 --> 00:15:06.799 who wrote it, why they wrote it exactly. 356 00:15:07.000 --> 00:15:08.559 And don't forget about the metadata. 357 00:15:08.600 --> 00:15:10.639 Metadata Like with photos. 358 00:15:10.279 --> 00:15:13.240 Yep, documents have it too hidden information about the creation, 359 00:15:13.440 --> 00:15:15.080 modification history. 360 00:15:14.960 --> 00:15:16.799 So that could tell us who the author is, when 361 00:15:16.799 --> 00:15:18.120 it was created, things like. 362 00:15:18.039 --> 00:15:20.639 That, even the location where it was created. It's like 363 00:15:20.679 --> 00:15:23.159 having x ray vision for digital documents. 364 00:15:23.240 --> 00:15:26.120 Wow, that's powerful. Are there tools that can help us 365 00:15:26.159 --> 00:15:27.399 extract this metadata? 366 00:15:27.720 --> 00:15:30.879 Oh yeah absolutely ex off tool that's one Bazell recommends, 367 00:15:31.120 --> 00:15:34.399 handles a ton of file types, reveals a lot of information. 368 00:15:34.600 --> 00:15:37.039 Ex of tool. I'll have to check that out. But 369 00:15:37.799 --> 00:15:40.679 with so much information in these documents, how do we 370 00:15:40.720 --> 00:15:41.600 stay organized? 371 00:15:41.840 --> 00:15:46.440 Organization is key? For any kind of ocent. Really, label store, 372 00:15:46.759 --> 00:15:51.519 cross reference your findings, spreadsheets, mind maps, those are your friends. 373 00:15:51.639 --> 00:15:53.519 Keep it all straight exactly. Yeah. 374 00:15:53.600 --> 00:15:56.039 Okay, So let's say you've analyzed the document, you've found 375 00:15:56.039 --> 00:15:57.960 something interesting. What's next? 376 00:15:58.240 --> 00:15:59.639 What do we do with that information? 377 00:16:00.120 --> 00:16:04.240 Corroborate it? Can you verify it through other sources, other documents, websites, 378 00:16:04.360 --> 00:16:07.080 social media? Does it match what you already know? 379 00:16:07.279 --> 00:16:10.320 So it's like building a case, making sure all the pieces. 380 00:16:10.000 --> 00:16:13.559 Fit precisely, and if you find discrepancies, don't ignore them. 381 00:16:13.600 --> 00:16:14.679 Oh those could be important. 382 00:16:14.720 --> 00:16:16.919 It could be clues pointing you in a new direction. 383 00:16:17.080 --> 00:16:21.200 Okay, so let's switch gears again from documents to something 384 00:16:21.240 --> 00:16:23.840 more visual. Maps, satellite imagery. 385 00:16:24.279 --> 00:16:28.320 Those are great tools. Say you're investigating a company an individual, 386 00:16:28.720 --> 00:16:33.159 you want to understand their physical environment. Google maps being maps, 387 00:16:33.600 --> 00:16:36.480 you can view their office buildings, their homes, even the 388 00:16:36.519 --> 00:16:37.600 surrounding neighborhoods. 389 00:16:37.639 --> 00:16:39.440 So we can get a feel for the place without 390 00:16:39.480 --> 00:16:41.039 even being there exactly. 391 00:16:41.720 --> 00:16:44.639 Pay attention to details, the size of the building, what 392 00:16:44.799 --> 00:16:47.559 kind of cars are parked there, even the landscaping. 393 00:16:47.679 --> 00:16:49.440 Ah, I never thought about those details. 394 00:16:49.480 --> 00:16:51.919 They can tell you a lot about a person, an organization, 395 00:16:52.480 --> 00:16:54.559 their wealth, status activities. 396 00:16:54.679 --> 00:16:56.080 It's like being a virtual detective. 397 00:16:56.159 --> 00:16:59.039 You are, and don't forget about historical imagery. 398 00:16:59.279 --> 00:17:01.919 Oh right, you can see how places have changed. 399 00:17:01.600 --> 00:17:05.799 Over time exactly, construction projects, patterns of activity, it's like 400 00:17:05.839 --> 00:17:06.599 a time machine. 401 00:17:06.640 --> 00:17:11.119