Of course, it is not the perfect guide no guide isbut I hope it will help beginners to learn, and experienced OSINT hackers to discover new tricks. This methodology is pretty intuitive and may not help much, but I think it is still important to go back to it regularly, and take the time to make an interation of the loop. Very often during investigations, we get lost into the amount of data gathered, and it is hard to have a view of what direction should the investigation take.
In that case, I think it is helpful to take a break and go back to step 3 and 4: analyze and summarize what you have found, list what could help you pivoting and define new or more precise questions that still need answers. Then there are two other methods I find useful. The first one are flowcharts to describe the workflow to search for more information based on a type of data like an email. For instance here is Michael Bazzell workflow when researching information on an email address:.
After some time, I think it is a good idea to start developing your own investigation workflow and slowly improve it over time with new tricks you find. The last methodology I would recommend for long investigations is the Analysis of Competing Hypotheses. Bear in mind that it is a heavy and time-consuming tool, but if you are lost into a year long investigation, sometimes it is good to have a process helping you carefully evaluate your hypotheses. Before jumping into the investigation, there are a couple of operational security aspects you should consider in order to avoid alerting the people you are researching about.
Visiting an obscure personal website could give your IP address and hence your location to your target, using your personal social media account could lead to a click on a like by mistake. With all this done, you can now investigate as late in the night as you want, it is pretty unlikely that people will be able to identify who is looking for them.
The question of tool is always a curious one in infosec, nothing bother me more than people listing endless list of tools in their CV and not skills they have. So let me say it clearly: tools does not matter, it is what you do with tools that matter.
Test tools, read their code, create your own tools etc, but be sure that you understand what they do. The corollary of that is that there is not perfect toolkit. The best toolkit is the one you know, like and master. But let me tell you what I use and what other tools may be of interest to you. I use Chrome as my investigation browser, mostly because Hunchly is only available for Chrome see after.
I add to it some helpful plugins:. I recently started to use Hunchly and it is a great tool.
Hunchly is a Chrome extensions that allows to save, tag and search all the web data you find during investigation. Maltego is more a threat intelligence tool than an OSINT tool and has many limitations, but a graph is often the best way to represent and analyze investigation data and Maltego is good for that.
You can also use the Maltego Community Edition which limit the utilization of transform and the size of graph, but it should be largely enough for small investigations. I have developed a command-line tool called Harpoon see the blog post here for more details.
There is a long list of pluginsfeel free to suggest or develop more or to create issues for new interesting features. Very often, you will end up with specific data gathering and visualization tasks that cannot be done easily with any tool.
In that case, you will have to write your own code. I use python for that, any modern programming language would work equaly, but I like the flexibility of python and the huge number of libraries available. Here are some tools you may want to check still, they are interesting and well done but do not really fit into my habits:.It is used every day in our company and is constantly optimized. There will also be a separate post about this comprehensive topic in this series. For example:.
Then you are optimally prepared for research using search engines. This information also now serves as preparation to create professional queries with Google. The following image shows you an overview of the current workflow.
This search plan will now be processed, while the scope and depth of focus will be adjusted as needed. In the past, we manually recorded search results in Word or in a text editor.
Luckily, we were able to optimize this significantly and save a lot of time. Here we see, for example, all case-related queries in the search engines. I use this to write my first statements for the report summary. Typora offers the advantage of fast formatting and makes the information clearer. I have already discussed the first points, in the following post of this small series I will show you the next steps. Want to discuss a confidential matter in more detail?
Need a private investigator in Germany or Europe? English Deutsch. Series iResearch 3 : Workflow Internet Research 2 of 3. Of course, it is also part of our training courses on the subject of Internet investigations. In the first posts I have dealt with the topics:. After I created my overview of the available information, there is another short search for additional keywords. And with this topic we continue in the workflow:.
Conduct a short brainstorming session and choose the new keywords from the results. Or create a checklist with the terms that are typical for your area of research.
Create and Use the Search Plan. We have created a search plan for each entity of our research. The Search Protocol Hunchly in Action. Here we see, for example, all case-related queries in the search engines All visited sites are still available to view in the database and export. Tip: The graphic can be enlarged by clicking on it. You can always use the chat function on this site bottom right corner of the page. If we are not online at the moment, you can leave a message there.
How can we help you? Email us! Call us! Other articles in this series. Internet Investigations — Cyber Investigations. Corporate Investigation Services in Germany. Facebook-f Linkedin-in Rss Twitter Xing.Online research usually starts with the "search engine shotgun approach" — and before you know it, you've got dozens of tabs open and no idea how you got from A to Z.
But interrupting your flow to endlessly copy and paste URLs or take screenshots slows you down. Hunchly runs quietly in your browser to capture each page as you go — so you never forget to capture a link again. The support from Justin and the team alone is worth the price ten-fold. Easily search for new terms within your files — without having to revisit the sites online.
2. The MHTML File Format
Single user license for Hunchly. Install on as many machines as you like! Do you have a small team that wants to use Hunchly? Do you have a bigger team you want to outfit with Hunchly?
Its functionality is extremely useful in the kind of open source investigations that are becoming particularly common, and increasingly core to the work of open source investigators.
Sadly Firefox does not support the necessary bits and pieces to make Hunchly work. We are actively lobbying to get this support in place so stay tuned! Hunchly requires the following minimum system specifications: Windows 7 or higher - bit required Mac OSX Hunchly licenses are billed yearly, and makes you eligible for support and updates. If there are multiple users, then you need multiple licenses.
You bet it does in fact, we are big fans of dark web research. You can sign up for a daily dark web email here or download our dark web setup guide here. Visit our knowledgebase here or send us an email: support hunch. Other questions? Email us! Try It Free. Great at finding cookies Hunchly is Perfect for. Hunchly is the only tool that automatically creates a transparent audit trail for your online investigations. Use it to collect full-page captures of Files are only stored on your computer and can be revisited offline anytime.
Automatic documentation means you can create reports faster than ever. Take Me to the Downloads.This format is very similar to how emails are structured, they contain headers with information describing the page itself, the timestamp of when Chrome itself captured the page and it also includes all of the text, CSS styles and images that are contained on the page. All in a single file. This is superior to PDF or screenshots as all links are maintained, the layout is generally more accurate and all metadata is preserved including the metadata in the captured images.
The beginning of the MHTML file has a header that has some high-level metadata that may be useful when doing disclosure or validation:. From: this is just mentions that it was the Chrome Blink engine that captured the page. Subject: the HTML title of the page. There are two explanations for this that you can communicate:.
Hunchly timestamps the data in your local time zone. There is a slight delay between when Chrome captures the page and when it forwards it to Hunchly for processing. This delay is dependent on how large the page is, how many pages Hunchly has queued up for storage or the overall performance of your computer.
This may result in timestamps that are not the same between the MHTML file and what Hunchly shows, but is easily explained as other parts of the evidence such as the SHA hash and GPG signature will still match the content to ensure that the evidence stands up to scrutiny. When submitting evidence to the court or a third party you may be questioned why there are non-continuous Page IDs in the submitted evidence, some explanations you can provide:.
You work multiple cases that are separate but the Page ID is universal across the entire system. The number increments regardless of what case you are working on but the cases themselves are logically separated on the investigators hard drive and in the Hunchly database. You have deleted a page which creates a "gap" in the Page IDs submitted.
If you have additional questions, require clarification or have experienced evidentiary challenges of Hunchly data please email us: support hunch. Still need help? Contact Us Contact Us. There are two explanations for this that you can communicate: 1. Non-Continuous Page IDs When submitting evidence to the court or a third party you may be questioned why there are non-continuous Page IDs in the submitted evidence, some explanations you can provide: 1.
Upload file.This section of the Hunchly knowledgebase is designed to help educate Hunchly users and consumers of Hunchly evidence.
The major areas of how Hunchly collects evidence are all covered including potential evidence challenges and attacks against evidence collected by Hunchly. It is important to note that Hunchly does everything within reason to make sure that evidence is hashed, GPG signed and preserved accurately in an attempt to do our best to ensure no tampering has occurred. This is no different than submitting PDF evidence manually, screenshots, or anything else.
Because YOU the investigator are in charge of your own data, you will always have the ability to mess with that data. We believe in security and transparency at Hunchly, which means we are not afraid to disclose what we feel are weaknesses in our own system or ways that the evidence can be challenged.
We would much prefer this than you hearing about it while in a witness box in court. We ask that if you see additional attacks or gaps in how we are handling evidence in Hunchly that you reach out to us so that we can, test, document and disclose those weaknesses. Still need help? Contact Us Contact Us. Upload file.It is a very versatile tool for a range of very different users.
For example, threat intelligence teams, analysts at the SOC, incident response teams, investigators, cyber investigators, prosecutors, and many others. But which Maltego transforms do they use?Hunchly Export and Import
Using Maltego and finding the best course of action for your own application is not difficult. In my courses, I rarely need longer than one day for this part of the training. However, it is much more important for users to know and understand the installed transformations. This is also the biggest hurdle in the workshops and takes the most time.
However, this leads to unclear results and frustration. See the image below as an example:. The goal is to use transformations in a structured way with knowledge of their fundamentals, and having good documentation from the transform providers would be a real help. Unfortunately however, the different providers have one thing in common: there is often no sufficient documentation of the offered Maltego transformations.
Of course, there are exceptions: Luckily, some transformations provide good documentation. For instance, the Paterva transforms are well documented. This explains, for example, why the user cannot compare the search engine results from the transformations with his own Google results. Patervas uses the Bing API. Farsight has also published very good documentation. I will also address these transformations in this post and a related article. I will also go into the current limitations in more detail.
These do not relate to Hong Kong Jockey ClubThe data, articles and other information on these pages is provided on an "as is" basis for information purposes only. None of The Hong Kong Jockey Club, its affiliates or any other person involved in or related to the compilation of such information guarantee its accuracy or reliability and accepts no liability (whether in tort or contract or otherwise) for any loss or damage arising from any inaccuracies or omissions.
The views expressed in this article are those of the author and do not represent the views of, and should not be attributed to, The Hong Kong Jockey Club, its affiliates, their management, employees or any other person involved in or related to the compilation of the same. The data, articles and other information on these pages is provided on an "as is" basis for information purposes only. Important Notice:The data, articles and other information on these pages is provided on an "as is" basis for information purposes only.
The Weebly editor provides a pretty good picture of how your site will look when published, but you can also get an actual preview of both mobile and desktop. Tap on Preview in the lower right, and then choose from Mobile or Desktop by tapping one of the two buttons. If everything looks good, tap Publish in the upper right to make your site live.
If you want to go back and make more changes, tap Done from the Preview screen to return to the editor. You're viewing an older version of this. For the best experience, please log into your Weebly account using the link in the upper right corner. Preview and Publish a Site The Weebly editor provides a pretty good picture of how your site will look when published, but you can also get an actual preview of both mobile and desktop.
In this Article Was this article helpful. All IE versions add extra space at the bottom without this. Chrome renders images pixelated when switching to GPU.
Since the lightbox can receive focus, IE also gives it an outline. It also prevents a bug that causes the document underneath to scroll. Remove default margin set by user-agent on the element. Set default font family to sans-serif. Correct color not being inherited.
Correct font properties not being inherited. Avoid the WebKit bug in Android 4. Remove padding so people aren't caught out if they zero out fieldsets. GuideThe Box Content Preview UI Element allows developers to easily embed high quality and interactive previews of Box files in their desktop or mobile web application.
The library fetches information about the file and its converted representations through the Box API, chooses the appropriate viewer for the file type, dynamically loads the necessary static assets and file representations, and finally renders the file. This UI Element also allows previews of multiple files to be loaded in the same container and exposes arrows to navigate between those files. This UI Element powers Preview in the main Box web application as well as the 'expiring embed' Box API endpoint.
This UI Element uses Promises. If your application supports Internet Explorer 11, please include your favorite polyfill library or a service like polyfill. Source code for the Preview Element is hosted on GitHub.
The repository contains detailed documentation for usage and development. Please file any bugs you encounter under the 'Issues' tab with clear steps to reproduce. For example, CodePen's domain is whitelisted for the demo application below. The UI Elements are designed in an authentication-type agnostic way so whether you are using UI Elements for users who have Box accounts (Managed Users) or non-Box accounts (App Users), UI Elements should just work out of the box.