26-9-2020
Presenter: @AletheDenis
Notes below are my personal notes
- Zoom! Enhance
- There is no substitution for scrolling
- scroll geolocated posts on IG
- scroll profile posts+tweets
- Screen cap or it didn't happen.
- Link usernames to other profiles.
- Family trees have handy information
- Annotations are fine on screenshots for proof. However, evaluate the time it will take vs being able to concisely provide links and information using text.
- Tools aren't really required to do good OSINT work. It ends up just complicating your workflow. Focus on good analysis.
-
You should be able to submit a few hundred points in the first 30 mins. If you can't the subject may not have enough information to analyse.
-
Sometimes you cannot submit the same link twice. To get around this, submit a link to the specific post or information. This can sometimes be done via permalinks and via embed/share options.
-
Aim for 150-200 points in the first 20 minutes. This creates a good feedback loop for your brain to keep looking.
-
Low point flags must be submitted -- STACK and LAYER until you hit a wall. Rinse and repeat.
-
Aim: decrease
Time:Pointsratio.
-
Build your case with low point flags e.g. facebook profile --> confirmed. Utilise this to build bigger flags and mention that "since the fb account was confirmed previously..."
-
You won't always have the same judge. Therefore, always substantiate - especially towards the end.
-
Create rapport with your judge where possible. E.g. a group chat with the judge and your team in Slack (DM).
e.g. sister's fb page
- Screenshot of information [the flag]
- Proof = public link to sister's fb page
- Relevance = "there could potentially be comments or interactions on this facebook page relating to the subject"
- Substantiation / Evidence = Include a link to the specific page and write how this is showing the above e.g. sister is talking about the brother 2 weeks before they disappeared.
- Make sure you are able to get foundational flags correct and verified. All future and potentially larger flags will depend on this foundation.
Q. Thoughts on using paid services to obtain open source intel?
A. As long as the link that it produces is public it's OK (and that you can provide evidence in an open manner). However, if it is behind any type of paywall it will not be allowed.
Additional tips
So some historical flags submitted in 2019 displayed on the Aussie hackathon website https://www.missingpersonshackathon.com.au/2019-event:
Reverse engineering this:
1. Drone footage of an area where one of the subjects went missing from
last seen location -> if nothing specific find out from other sources e.g. facebook page; person X missing from street Y. --> youtube search for "Area" + drone OR footage OR live cams OR vlog
2. Multiple aliases of missing persons uncovered, along with secondary social media accounts
find one alias -> pivot to other services via name -> discover diff. alias used on other services. Alternatively, look for specific details that appears on another social media webiste using diff. alias
3. Investigation into revenue streams for missing persons, including a website operated by one of the subjects that generated ad revenue
Find a website or blog run by missing person -> plug that into google analytics and places like socialblade to provide approx income at the time of their disappearance (or that it is still earning money)
4. License plate numbers for vehicles
Facebook + insta photos. Would need to prove that the car belonged to them or family or establish a pattern. go on insurance website or RMS and plug in the licence plate - may reveal names, initials or other details
5. Secret email addresses
??? not sure about this one - maybe find alias used on other social media that also had their email public?
6. Travel agency accounts such as TripFinder
After finding all possible popular accounts of person (if any), focus on potential hobbies and interests and search those services instead. So if Person A likes Travel -> look for the username/alias/email etc on places like tripview, tripfinder, lonelyplanet etc.