4 videos 📅 2025-04-01 09:00:00 America/Bahia_Banderas
Watch Video
2:13:03
2025-04-01 11:45:10
6:17:04
2025-04-02 09:08:44
2:11:58
2025-04-03 09:02:54
1:55:54
2025-04-03 09:20:23

Course recordings on DaDesktop for Training platform

Visit NobleProg websites for related course

Summary

Overview

This course provides a comprehensive introduction to Open Source Intelligence (OSINT) techniques for digital investigations across major social media platforms (Facebook, Instagram, Telegram, TikTok, Twitter), tools for geolocation and metadata analysis, and the setup of a secure, isolated OSINT investigation environment. The session covers practical methodologies for extracting and verifying information from public digital footprints, including the use of specialized tools, Dorks, archive services, and virtual machines. It concludes with a hands-on case study on geolocating a subject’s residence from video metadata and guidance on configuring a dedicated OSINT workstation.

Topic (Timeline)

1. Social Media Investigation Techniques [00:00:36 - 00:08:19]

  • Introduction to OSINT workflows using Facebook and Instagram: searching via username, cross-referencing profiles, and identifying linked accounts.
  • Tools for Instagram: downloadgram.org for image extraction, ID tracking for username changes, and location-based photo searches to infer unlisted venues.
  • Instagram limitations: no direct user interaction beyond comments/likes; reliance on indirect connections (e.g., partners’ profiles) to identify targets with common names or nicknames.
  • Telegram investigation: use of telemeter.io to search indexed public channels for sensitive data (e.g., databases, brand misuse); example search: “México database” targeting Telcel.
  • Archive.org for historical Telegram channel indexing: searching for keywords like “Telcel” to uncover leaked data (phone numbers, credentials, card details).
  • TikTok: public profiles are the norm; use of Apify to back up full profiles for preservation; cross-referencing likes/comments to find related accounts.
  • Twitter: three key tools introduced — hunintel.io for geolocated tweets, Botometer for bot detection (0–5 risk score), and OneMillionTweetMap for visualizing tweet geography by hashtag (e.g., “Narcopresidente”).
  • Twitter advanced Dorks: “from:username” to filter tweets by account; “from:username palabra” to filter by keyword (e.g., “economía”); “from:username (to:otrousuario)” to find bidirectional interactions.

2. Account Recovery & Identity Verification [00:27:23 - 00:29:09]

  • Leveraging password recovery flows on Apple, Facebook, and Yahoo to validate personal data: recovery email prefixes and phone number endings displayed during “forgot password” process.
  • Use case: confirming whether a collected phone number or email matches the target’s registered recovery options without triggering alerts (no actual password reset initiated).
  • Value: indirect validation of collected data without direct contact or suspicion.

3. Geolocation Case Study: Video Analysis [00:30:17 - 00:40:58]

  • Case objective: determine the residential address of influencer “Fofo Márquez” from a video.
  • Key video evidence: pixelated street sign, house number “71”, vehicle license plates, and visible postal code “53283”.
  • Discovery of “Onix” street name from frame analysis; cross-referenced with postal code in Google Maps.
  • Google Earth used to overcome outdated Street View (2009 imagery); enabled 3D view to confirm building features (e.g., pool) visible in other videos.
  • Final identification: confirmed residence via visual match of architectural features and pool location across video and satellite imagery.
  • Emphasis: meticulous frame-by-frame analysis and multi-source verification (video, maps, satellite) as core OSINT practice.

4. OSINT Environment Setup & Virtualization [00:44:09 - 00:50:16]

  • Importance of isolated environments: use of virtual machines (VMs) to prevent digital contamination, ensure privacy, and enable rapid recovery.
  • Recommended VM tools: VirtualBox or VMware; network configuration must use “Bridge Mode” for independent IP.
  • Minimum hardware: 8 GB RAM, 120 GB HDD; more recommended for performance.
  • Recommended OSINT VMs: Osintux (Spanish, preloaded tools), Kali Linux, Honeynet, CSI Linux; Osintux is preferred for Spanish documentation and ease of use.
  • Tool installation demo: TheHarvester (Python-based OSINT tool) — downloaded as ZIP, extracted, installed via pip in Windows PowerShell from target directory.

5. Tool Installation & Practical Query [00:50:32 - 01:00:10]

  • Step-by-step installation of TheHarvester: extract ZIP → open PowerShell in directory → run pip install -r requirements.txt → run python3 theharvester.py -d gobierno.mx -b all.
  • Successful execution confirmed by help output; query against “gobierno.mx” retrieves emails, subdomains, and URLs from public sources.
  • Emphasis: understanding installation commands enables adaptation to new tools found in blogs or research.

6. Advanced OSINT Workflows & Tools [01:01:06 - 02:11:58]

  • Continued use of Dorks, archive.org, and telemeter.io for deep web and historical data.
  • Reiteration of Twitter Dorks: filtering by “from:”, “near:”, “has:media”, and “lang:es” for precision.
  • Use of Archive.org’s “Collection Shared Telegram” to find historical channel content.
  • Discussion on investigation timelines: 2–3 hours for urgent cases, days for comprehensive reports; contrast between government (paid tools) and civilian access.
  • Final emphasis: OSINT success relies on methodical data correlation, not tool quantity; privacy, isolation, and verification are foundational.

Appendix

Key Principles

  • Verification over collection: Always cross-reference data from multiple sources (e.g., video metadata + Google Maps + satellite imagery).
  • No alerting: Use recovery flows and Dorks to gather data without triggering notifications to targets.
  • Preservation: Use tools like Apify and TheHarvester to archive public data before it’s deleted.

Tools Used

  • Social Media: downloadgram.org, telemeter.io, Apify, hunintel.io, Botometer, OneMillionTweetMap, social door (paid)
  • Archives: Archive.org (Telegram, web snapshots)
  • Geolocation: Google Maps, Google Earth (3D view)
  • OSINT Frameworks: Osintux VM, TheHarvester
  • Infrastructure: VirtualBox/VMware, Bridge Network Mode

Common Pitfalls

  • Relying on outdated Street View imagery without verifying with satellite or newer video evidence.
  • Assuming private profiles are unsearchable — indirect methods (likes, comments, linked accounts) often reveal targets.
  • Installing tools without understanding dependencies; always follow official installation guides.

Practice Suggestions

  • Replicate the Fofo Márquez case using any public video with visible addresses, license plates, or landmarks.
  • Install TheHarvester and run queries against public organizations (e.g., “gob.mx”, “sre.gob.mx”).
  • Use Botometer to analyze high-profile political accounts and interpret the 0–5 bot score.
  • Create a bookmark library of all tools used, organized by platform (Twitter, Telegram, Instagram).