There are a lot of resources out there to help researchers. Here are Authentic8’s 3 online investigation best practices to stay productive, secure and effective.
Every day, millions of online investigations take place throughout various industries. And whether it be OSINT research, or security/cyberthreat investigations or uncovering trust and safety issues, the goal is the same: conducting thorough investigations in a safe and secure way.
There are plenty of research resources available to online investigators that help them find what they’re looking for. These can include social media profiles, commercial databases, news media websites, public records or dark web forums. But accessing any of these can introduce cyber and real-world risks to the individual investigator as well as their organization. The challenge is:
Seems simple enough, right? Without the proper tools and tradecraft, nothing could be further from the truth.
Various threats and roadblocks can harm or even halt investigations completely. Challenges include:
But with these online investigation best practices, each of these challenges can be overcome.
Our first piece of advice is to take advantage of the information available to you. While this might seem straightforward, it can sometimes be difficult to know where to begin. There is a plethora of open source intelligence available on the surface web, but some also exists on the dark web. If you’re not prepared to take on the additional risks of dark web access or it’s not necessary for the purpose of your particular investigation, stay on the surface.
Additionally, there are a number of helpful resources and tools out there to make use of available information. Here’s some that Authentic8 open source intelligence (OSINT) experts have compiled:
It's imperative that online investigators utilize the information available to them in order to safely and securely access the web and complete their objectives.
Secondly, be aware of the tracking mechanisms and digital fingerprint you are leaving behind every time you access the web. This is incredibly important because not securing your digital fingerprint can lead to disastrous results for your investigation, especially if you are using the same computer and same browser that you utilize for other browsing.
Every time you visit a website, your browser discloses details unique to you to that site — and its webmaster. For sites where the webmaster may be your adversary, they could use those details to understand who you are, who you’re working for and why you’re looking into them. As a result, they could choose to go into hiding, feed you disinformation or retaliate against you or your organization.
These details are passed to websites via different sources and include:
As a best practice, you want to control — not eliminate — what these details are to blend in with the crowd of average site visitors. Showing up as completely anonymous could raise a red flag to webmasters and create similar problems as mentioned above. By managing attribution, you can conceal your true identity and avoid such problems.
Learn more: Misattribution vs. managed attribution >
Our last tip is to separate personal browsing from work browsing and research. Fundamentally, this means using a dedicated browser for online investigations that is completely isolated from your device and network.
Many investigators may be familiar with a “dirty” machine or connection. These are DIY parallel infrastructures run by IT departments that require a great deal of maintenance (managing virtual machine images, dirty lines/VPNs, isolated storage of collected information, exceptions, etc.) and are often cumbersome for analysts to access.
A better approach is to use cloud-based web isolation. A cloud-based browser allows for safe browsing of the internet while providing users with a familiar experience and much-needed protection against cyberthreats. By isolating a user’s session on cloud infrastructure, clicking on a malicious link from a web search or visiting a malicious website doesn’t put their organization at risk — the code from that website is never executed on the computer being used.
By using segregated, single-use browsers, investigators can also ensure their browsing history doesn’t follow them into their investigation, avoiding the issues outlined in the previous section.
With all of these online investigation best practices in mind, you can better prepare for potential obstacles and threats while conducting your research. To learn more about online investigation best practices, watch our on-demand webinar, Naked and Exposed: Stop Investigating Online Without Managed Attribution.
Silo for Research can power secure, anonymous investigations on the surface, deep and dark web. Learn more about Silo for Research.