There are a lot of resources out there to help researchers. Here are Authentic8’s 3 online investigation best practices to stay productive, secure and effective.

Every day, millions of online investigations take place throughout various industries. And whether it be OSINT research, or security/cyberthreat investigations or uncovering trust and safety issues, the goal is the same: conducting thorough investigations in a safe and secure way.

There are plenty of research resources available to online investigators that help them find what they’re looking for. These can include social media profiles, commercial databases, news media websites, public records or dark web forums. But accessing any of these can introduce cyber and real-world risks to the individual investigator as well as their organization. The challenge is:

  1. Obtaining accurate information regarding the topic or subject of interest
  2. Protecting research, investigations and analysis from discovery
  3. Protecting the researcher and their organizations 

Seems simple enough, right? Without the proper tools and tradecraft, nothing could be further from the truth.

What can stop an investigation in its tracks?

Various threats and roadblocks can harm or even halt investigations completely. Challenges include: 

  • Access being blocked due to investigators’ regional location or other factors
  • Having to document and record chain of custody
  • Obtaining information without alerting suspects 
  • Encountering untrusted content risk of disinformation or retaliation by investigative targets

But with these online investigation best practices, each of these challenges can be overcome.

Online investigation best practice #1: Use the right resource

Our first piece of advice is to take advantage of the information available to you. While this might seem straightforward, it can sometimes be difficult to know where to begin. There is a plethora of open source intelligence available on the surface web, but some also exists on the dark web. If you’re not prepared to take on the additional risks of dark web access or it’s not necessary for the purpose of your particular investigation, stay on the surface. 

Learn more: 3 things to consider before you start your dark web investigation >

Additionally, there are a number of helpful resources and tools out there to make use of available information. Here’s some that Authentic8 open source intelligence (OSINT) experts have compiled:

It's imperative that online investigators utilize the information available to them in order to safely and securely access the web and complete their objectives.

Online investigation best practice #2: Neutralize tracking

Secondly, be aware of the tracking mechanisms and digital fingerprint you are leaving behind every time you access the web. This is incredibly important because not securing your digital fingerprint can lead to disastrous results for your investigation, especially if you are using the same computer and same browser that you utilize for other browsing. 

Every time you visit a website, your browser discloses details unique to you to that site — and its webmaster. For sites where the webmaster may be your adversary, they could use those details to understand who you are, who you’re working for and why you’re looking into them. As a result, they could choose to go into hiding, feed you disinformation or retaliate against you or your organization. 

These details are passed to websites via different sources and include:

  • Internet address and connection: registered owner, subscriber information
  • Browser and device type: OS, software/plugins installed, time zone, audio/video devices, cookies, HTML5 local storage, HMTL5 canvas fingerprinting, audio rendering 
  • Unique online behavior: social media connections, shopping interests, websites visited, account activity

As a best practice, you want to control — not eliminate — what these details are to blend in with the crowd of average site visitors. Showing up as completely anonymous could raise a red flag to webmasters and create similar problems as mentioned above. By managing attribution, you can conceal your true identity and avoid such problems. 

Learn more: Misattribution vs. managed attribution >

Online investigation best practice #3: Segregate research from everyday browsing

Our last tip is to separate personal browsing from work browsing and research. Fundamentally, this means using a dedicated browser for online investigations that is completely isolated from your device and network. 

Many investigators may be familiar with a “dirty” machine or connection. These are DIY parallel infrastructures run by IT departments that require a great deal of maintenance (managing virtual machine images, dirty lines/VPNs, isolated storage of collected information, exceptions, etc.) and are often cumbersome for analysts to access. 

A better approach is to use cloud-based web isolation. A cloud-based browser allows for safe browsing of the internet while providing users with a familiar experience and much-needed protection against cyberthreats. By isolating a user’s session on cloud infrastructure, clicking on a malicious link from a web search or visiting a malicious website doesn’t put their organization at risk — the code from that website is never executed on the computer being used.

By using segregated, single-use browsers, investigators can also ensure their browsing history doesn’t follow them into their investigation, avoiding the issues outlined in the previous section.

With all of these online investigation best practices in mind, you can better prepare for potential obstacles and threats while conducting your research.

To learn more about online investigation best practices, watch our on-demand webinar, Naked and Exposed: Stop Investigating Online Without Managed Attribution. To see how Silo for Research can help you implement them in your organization, visit our website or request a demo.

About the Author

A8 Team
A8 Team
Contribution Team U.S.A.

Authentic8 Team is a group of cybersecurity enthusiasts, investigation sleuths, top-notch engineers, news junkies, policy wonks and all-around fervent writers hell-bent on bringing you the best darn blog in the industry. 

Related resources

On-Demand Webinar
On-Demand Webinar

Naked & Exposed, Part 1: Stop Investigating Online Without Managed Attribution

Managed attribution is essential to keeping online investigations secure and anonymous

White Paper
White Paper

Why Online Investigators Need Managed Attribution

Without the ability to control details of your digital fingerprint, investigative targets could uncover your identity and intent — and spoil your investigation or put you at personal risk.

Product Information
Product Information

Silo for Research

Silo for Research (Toolbox) is a secure and anonymous web browsing solution that enables users to conduct research across the open, deep and dark web.

Close
Close