OSINT Methodology
OpSec
Create a Sock Puppet
Fake account that cannot be linked to you
Build a posting history (post stuff, etc.)
Resources
Use separate browser profiles or isolation tools (e.g., Firefox Multi?Account Containers) for any sock?puppet activity.
Acquire disposable VoIP/SMS numbers (e.g., Burner, Silent Link) to satisfy platform verification without exposing real phone numbers.
Audit every browser extension before installation; supply?chain attacks on popular add?ons have targeted investigators since 2024.
Cryptocurrency Investigation
Transaction Analysis
Track transaction flows between wallets
Identify clusters of related addresses
Monitor large transfers and whale activity
Use block explorers to trace fund movements
Tools:
Cielo: Multi-chain wallet tracking (EVM, Bitcoin, Solana, Tron)
TRM: Create relationship graphs for addresses/transactions
Arkham: Multichain explorer with entity labels, graph creation, and alerts
MetaSleuth: Transaction visualization for retail users
Range: CCTP bridge explorer
Socketscan: EVM bridge explorer
Pulsy: Bridge explorer aggregator
Chainalysis: Horizon�2.0 cross?chain tracing suite (paid)
Elliptic: Lens visual link explorer (launched�Dec�2024)
Most compliance suites now provide real?time bridge?risk scoring dashboards (e.g., TRM, Chainalysis)
Wallet Profiling
Analyze wallet age and activity patterns
Check for connections to known entities
Monitor balance changes over time
Identify associated exchange accounts
Exchange Investigation
Track deposits/withdrawals
Monitor trading patterns
Identify linked accounts
Check for regulatory compliance
NFT Investigation
Track ownership history
Monitor sales and transfers
Analyze metadata and hidden content
Identify connected wallets and marketplaces
Image Analysis
Contextual Analysis
Use multiple reverse image search engines to find matches or similar images:
Copyseeker AI?based reverse?image search engine
Use browser extensions for quick searches:
Change search terms and time to narrow down the possible results
You can leverage FakeNews Debunker Extension as well
Picarta might help with geolocation as well
Check for embedded metadata (EXIF data) that may contain geolocation or device information:
Foreground
Signs, license plates, clothing styles, vegetation, and weather conditions.
Background
Landmarks, unique buildings, mountains, bodies of water, and infrastructure.
Map Markings
Flora and fauna types, which can indicate geographic regions.
Seasonal indicators like snow, foliage, or daylight hours.
Trial and Error
Manually compare features from the image with maps and street views.
Use platforms like
Google Street View,Bing Streetside, andYandex Panoramato virtually explore locations.Employ Overpass Turbo
Pull Text from Image
you can use google or Yandex OCR to pull text from image
you can also search that text alongside your image for better results
Image Forensics
Analyze images for signs of manipulation or to uncover hidden details.
Tools
Exposing.ai facial?dataset search
Techniques
Error Level Analysis (ELA)
Metadata examination
Clone detection
Noise analysis
Mountain Geolocation
Use tools to identify mountain peaks and match them with the image.
Tools
PeakLens AR mountain identifier
Methodology
Align the silhouette of mountains in the image with the 3D models in the tools.
Adjust parameters like viewing angle and elevation.
Fire Identification
Identify fires, deforestation, or environmental changes.
Tools
Copernicus EFFIS EU wildfire monitoring portal
Track and Find Planes
Use Apollo Hunter to find exact satellite image time
Then use FlightRadar to track that plane that you found
Verify the size and plane features
ADS-B Exchange � unfiltered global flight data
Video Analysis
Find context regarding the video
Signs, banners, and billboards.
Architectural styles and building materials.
Road markings and traffic signs.
License plates
Clothing styles and local customs.
Search for video snippets on platforms like YouTube, Twitter, or TikTok.
Metadata Extraction
ExifTool: Extract metadata from downloaded video files.
Platform-Specific Techniques
TikTok and Instagram
Analyze user profiles for location tags.
Examine comments and hashtags for clues.
Auditory Clues
Languages or dialects spoken.
Background noises (train horns, call to prayer, wildlife).
Tools
Audacity: Audio editing software
Sonic Visualiser: Visualize audio data
SoundCMD crowd?sourced sound?matching engine
Methodology
Create spectrograms to identify unique sound patterns.
Use Shazam or SoundHound to identify music tracks.
Extract Key Frames
Use tools like FFmpeg or VLC Media Player to capture frames.
Extract frames at regular intervals or when significant changes occur.
Stitch frames together if the camera pans to create a panoramic image.
Create a panorama if the camera pans across a scene.
Analyze frames using the same techniques as in image geolocation.
Chronolocation and Time Analysis
Shadow Analysis
Use shadows to estimate the time of day and date when the image or video was captured.
Methodology
Determine the length and direction of shadows in the image.
Identify objects casting the shadows (e.g., poles, buildings).
Calculate Sun Position
Use the object's height and shadow length to calculate the solar elevation angle.
Determine the azimuth (sun's compass direction).
Astronomical Calculations
For night images, use celestial bodies to determine time and location.
Tools
Stellarium: Planetarium software
SkyMap: Mobile app for stargazing.
Methodology
Identify visible stars, constellations, or the moon phase.
Use software to simulate the sky at different times and locations.
Match the celestial arrangement in the image to a specific date and time.
Satellite Imagery Time
Use historical satellite imagery to determine changes over time.
Tools
Google Earth Pro:
Use the historical imagery slider to view images from different dates.
Access Sentinel and Landsat data.
Create TimeLapse animations.
Methodology
Enter the location coordinates.
Select appropriate satellite datasets (Sentinel-2, Landsat 8).
Analyze changes in the environment to narrow down dates.
People & Social Media Investigation
Username Enumeration
Profile Picture & Face Search
Tools:
Azure Face API (subject to compliance policies)
Social Graph & Content Analysis
Tools:
Infrastructure OSINT
IP & Domain Discovery
Certificate & Passive DNS
Tools:
Automation & Case Management
Tools:
Hunchly (browser evidence capture)
Kasm Workspaces OSINT?ready workspace images
ArchiveBox � self?hosted web archiver
Synthetic Media Verification
Last updated