SECTION II OSINT RESOURCES & TECHNIQUES Some may consider this section to be the "guts" of the book. It contains the OSINT tips, wicks, land techniques which I have taught over the past twenty years. Each chapter was rewritten and confirmed accurate in December 2020. All outdated content was removed, many techniques were updated, and numerous new resources were added. The first four editions of this book only ‘consisted of this section. Only recently have I adopted the preceding preparation section and the ‘methodology topics toward the end. OSINT seems to have become a much more complex industry over the years. Its exciting to watch the community grow and I am honored to play an extremely small roe, ‘This section is splitineo several chapters, and each explains a common type of targetinvestigation Thave isolated specific topies such as email addresses, usernames, social networks, and telephone numbers. Each chapter provides every valuable resource and technique which I have found beneficial toward my own investigations, No book could ever include every possible resource, as ‘any tools become redundant after a superior version has been identified. I do my best to limit, the "noise" and simply present the most robust options for each scenario. This section should serve asa reference when you encounter a specific need within your own investigations. Covert Accounts Before proceeding with any of the investigation methods here, it is important to discuss covert accounts, also referred to by some as "Sock Puppets". Covert accounts are online profiles which are not associated with your true densify. Many social networks, such as Facebook and Instagram, now require you to be logged in to an account before any queries can be conducted, Using your ‘rue personal account could reveal your identity as an investigator to the target. Covert accounts con all of the social networks mentioned here are free and can be completed using fictitious information. However, some networks will make this task more difficult than others. Google, Facebook, Twitter, Instagram, and Yahoo are known to make you jump through hoops before you are granted access, We begin this chapter discussing ways around this. Email: It is vital that you possess a "clean email address for your covert accounts, Every social network requires an email address as a part of account registration, and you should never use an already established personal address. Later chapters explain methods for researching the owners behind email addresses, and chose techniques can be applied to you and your own accounts. Therefore, consider starting fresh with a brand-new email account dedicated toward use for covert profiles. ‘The choice of email provider is key here. 1 do not recommend GMX, Proton Mail, Yahoo, Gmail, MSN, of any other extremely popular providers, These are heavily used by spammers and Section 177scammers, and are therefore more scrutinized than smaller providers, My preference is to create a free email account at Fastmail (hreps://reffim/u14547153). This established mail provider is tunique in two ways, First, chey are one of the only remaining providers which do not require a pre-existing email addeess in order to obtain a new address, This means that there will be no connection from your new covert account to any personal accounts. Second, they are fairly “off radat” from big services such as Facebook, and are not scrutinized for malicious activity. Fastmail will provide anyone unlimited free accounts on a 0-day trial I suggest choosing an email address that ends in fastmail.us inttead of fastmail.com, as that domain is lese used than their offical address. This is a choice during account creation. Once you have your new email address activated, you are ready to create covert profiles. Note that the ftee tral terminates your access to this email account in 30 days, so this may not be best for long-term investigations. Personally, I possess a paid account which allows me 250 permanent alias email addresses acebook: This is by far the most difficult in tetms of new account creation. Formost new users, Facebook will require you to provide a cellular telephone number where a verification text can, be sent and confirmed. Providing VOIP numbers such as a Google Voice account will not work anymore, I have found only one solution. Turn off any VPN, Tor Browser, or other IP address masking service and connect from a residential or business internet connection. Make sure you have cleared out all of your internet cache and logged out of any accounts, Instead of creating a ‘new account on facebookcom, navigate directly to m.facebook.com. This is the mobile version Of their site which is more forgiving on new accounts. During account creation, provide the Fastmail email address that you created previously. In most situations, you should bypass the requirement to provide a cellular number. If this method failed, there ie something about your computer or connection that is making Facebook unhappy. Persistence will always equal success eventually. I find public brary Wi-Fi our best internet option during account creation, Instagram: Instagram is similar to (and owned by) Facebook. Expect the same scrutiny. ‘Twitter: Many of the Twitter techniques presented later will not require an account. However, the third-party solutions will mandate that you be logged in to Twitter when using them. T highly recommend possessing 2 covert account before proceeding. As long as you provide a legitimate email address from a residential of business internet connection, you should have no issues. You may get away with using a VPN to create an account, but not always, Google/Gmail/Voice: While Google has become more aggressive at refusing suspicious account registrations, they are still very achievable. As with the previous methods, Google will likely block any new accounts that are created over Tor or a VPN, Providing your Fastmail address at an alternative form of contact during the account creation process usually eatisfies their need to validate your request. Lhave also found that they seem more accommodating during account creation if you are connected through a standard Chrome browser versus a privacy- ‘customized Firefox browser. This makes senze, as Google owns Chrome. 198 Section i aaaIfyou are sul struggling to create and maintain covert accounts, I offer the following tips. Network: | always prefer to conduct online investigations behind a VPN, but this can be tricky. Creating accounts through a VPN often alerts the service of your suspicious behavior. Creating accounts from public Wi-Fi, such as a local library or coffee shop, ate typically less scrutinized. AA day after creation from open Wi-Fi, I attempt to access while behinda VPN. I then consistently select the same VPN company and general location upon every usage of the profile. This builds 1 pattern of my network and location, which helps maintain access to the account. Phone Number: The moment any service finds your new account to be suspicious, it will prompt you for a valid telephone number. Landlines and VOIP numbers are blocked, and they will demand a true cellular number. Today, I keep a supply of Mint Mobile SIM cards, which can be purchased for $0.99 from Amazon (https://amzn.to/2MRbGT)),. Each card includes a telephone number with a one-week free trial. I activate the SIM card through an old Android phone, select 2 phone number, and use that number to open accounts across all of the major networks, As soon as the account is active, I change the telephone number to a VOIP option and secure the account with two-factor authentication (2FA\). 2EA: Once I have an account created, I immediately activate any two-factor authentication ‘options. These are secondary security setings which require a text message or software token (Authy) in order to access the account. Typically, this behavior tells the service that you are a real person behind the account, and not an automated bot using the profile for malicious reasons. “Activity: After the account is created and secured, itis important to remain active. If you create ‘new account and allow it to sit dormant for months, itis likely to be suspended the moment you log back in to the account. If you access the account weekly, it creates a pattern of behavior and is less likely to be blocked. Some readers may assume that they can simply use their personal and accurate social network account to search for information. While this is indeed possible, i is risky. Some services, such as Instagram, may never indicate to the target that your specific profile was used for searching, (Others, such as Facebook, will indeed eventually notify the target that you have an interest in him oor her, This is usually in the form of friend recommendations. On any service, you are always fone accidental click away from sending a friend request from your real account to the suspect. For these reasons, I never use a personal social network profile during any investigation. I like to ‘maintain multiple accounts 2 all times in case one is suspended or deleted by the social newwork. ‘The topic of undercover operations quickly exceeds the scope of this book about search techniques. Volumes could be written about proper photo use and the psychology of posts in order to create an assumption that the person is real. For our purposes, we only need a basic covert account. We simply need to be logged in to real accounts in order to pacify the social networks, [ will assume that you have covert social network accounts created with no personal information about you, It is now time to dig into online data and extract valuable content. Section 179