Table of Contents
In a recent OSINT (Open Source Intelligence) workshop, our team of analysts worked with students to conduct a step-by-step investigation into a simulated criminal case. The focus was a corrupt police officer in Bahia, Brazil, suspected of involvement in drug smuggling. Using the ESPY OSINT Profiler and various AI-driven analysis tools, we mapped out the network surrounding this individual, searching for connections to other involved officers or associates.
This hands-on workshop allowed participants to gain practical experience in digital forensics, intelligence gathering, and criminal network analysis. Below, I’ll take you through each step, detailing the tools, techniques, and fascinating discoveries that emerged along the way.
Defining Objectives and Planning the Investigation
The workshop began with a discussion of the investigation’s objectives. Our main goal was to uncover connections between the targeted police officer and any associates involved in illegal activities. We aimed to map out his network and document each step of the process to provide a learning experience for both analysts and students.
Key Objectives:
- Identify the suspect’s network of contacts, including other law enforcement personnel.
- Reveal possible connections to drug trafficking groups.
- Teach attendees OSINT best practices and use of advanced AI tools.
With these objectives defined, we outlined our approach, dividing the investigation into three main phases:
- Initial data collection and profile setup.
- Social media and deep web analysis to gather connections.
- Mapping relationships and analyzing connections to create a comprehensive network.
This plan helped ensure that each stage built logically on the previous one, providing structure and direction throughout the investigation.
Step 1: Initial Data Collection Using OSINT Profiler
We started the investigation by creating a new case file in the OSINT Profiler, called “Bahia_Drug Case.” With only minimal information to begin, we set up the profile based on the suspect’s ID card photo. The ID provided essential details: full name, face image, ID number, mother’s name, birth date, and address.
Once we input these details, the Profiler began searching various online sources and databases. Establishing a solid profile early on was crucial for ensuring a comprehensive investigation as we moved forward.
Step 2: Discovering Deleted Accounts and Web1 Leads
After the initial setup, we launched a deep web search for hidden or deleted online profiles. This search revealed a deleted Instagram account linked to the suspect’s name and photo. Although the account was inactive, the Profiler retrieved a recent photo, which we downloaded to use for further image-based searches.
Simultaneously, the Web1 module performed a public web search, revealing an official page from a government site in Bahia. This page provided more information about the suspect, such as his rank, phone number, and supervisor’s name. This insight allowed us to broaden our investigation, expanding from the individual suspect to potential work connections within his department.
With this information, we updated the profile, adding the suspect’s phone number to enable further searches.
Step 3: Social Media and Phone Number Analysis
The photo downloaded from the deleted Instagram account was used to perform a reverse image search. This search brought up another deleted profile, this time on Facebook, with a similar picture. Although this Facebook profile was also inactive, its existence suggested that the suspect had made efforts to hide his online activities.
We then used the suspect’s phone number in additional searches, which uncovered eight more phone numbers linked to him on the deep web. Each of these numbers was entered as a new target within the OSINT Profiler.
Key Findings from Additional Phone Numbers
The search using these additional numbers revealed several valuable clues:
Family Connection: One phone number was linked to the suspect’s mother, verifying a family tie and giving us additional data for cross-referencing.
Suspicious Contact: Another number was labeled as belonging to an “Egyptian friend.” This raised flags, as it suggested connections with Middle Eastern networks that are often involved in drug trafficking in this region.
Alias and Hidden Profile: One number led to a hidden Facebook account where the suspect used an alternate name, indicating a deliberate attempt to keep certain activities concealed.
These phone numbers, along with their connections, helped us begin constructing a detailed map of the suspect’s social network.
Step 4: Analyzing Photos and Geolocation Data
A significant part of our investigation involved examining photographs found on the suspect’s profiles and those of his connections. In one photo, the suspect was seen with another police officer, both in uniform. In another, they appeared together in a casual setting, suggesting a close relationship outside of work.
We created a new target profile for this second officer in the OSINT Profiler and began analyzing his connections as well. Using geolocation data from various photos, we confirmed that the suspect and this officer frequently visited similar locations, strengthening the suspicion of shared involvement in illegal activities.
Social Media Analysis and Behavior Patterns
The Profiler enabled us to observe behavioral patterns in the suspect’s social media posts and interactions. Through pattern recognition and behavioral analysis, we identified recurring themes, such as the use of certain symbols and coded language, which suggested an affiliation with local drug networks.
The AI-powered tools flagged these patterns as potential risk factors, adding to the evidence that our suspect was connected to a criminal organization.
Step 5: Network Mapping and Link Analysis with AI
With all collected data in place, we used the OSINT Profiler’s AI-powered link analysis module to create a network map. This map connected the dots between the suspect, his contacts, and additional individuals associated with him.
The link analysis uncovered an unexpected lead: a middle-aged man who was a mutual connection between the suspect, the second officer, and the suspect’s mother. This individual’s profile indicated that he lived near the Paraguay border, a known drug trafficking route. This connection hinted that he might be a facilitator or middleman involved in smuggling activities.
The network map provided a clear, visual outline of the relationships involved, making it easier to understand the scope of the criminal network.
AI-Generated Report and Key Insights
In the final stage of the workshop, we used the OSINT Profiler’s AI module to generate a comprehensive report. This tool analyzed all gathered data and highlighted connections and behaviors that might not be immediately obvious to human analysts.
The AI-generated report flagged one additional police officer as a potential participant in the network and identified a likely link to a major drug-smuggling organization. These insights offered actionable intelligence, showing the power of AI in enhancing human-driven investigations by exposing hidden connections.
Takeaways from the Workshop
This workshop provided invaluable experience in OSINT investigations and digital forensics. By combining AI tools with traditional investigative methods, we were able to uncover significant connections and deepen our understanding of criminal networks.
Key lessons included:
- Structured Planning: Clear objectives and stages helped keep the investigation organized and focused.
- OSINT Profiler Capabilities: The profiler’s multi-source search capabilities and link analysis tools made it a powerful asset in mapping relationships.
- AI in Link Analysis: AI brought an additional layer of insight by revealing patterns and connections that human analysts might miss.
- Behavioral Analysis for Risk Assessment: Observing language and symbols in social media posts can uncover hidden affiliations and risks.
Overall, this workshop demonstrated the effectiveness of OSINT tools and AI-driven analysis in producing reliable, actionable intelligence. It was an invaluable learning experience, showcasing the potential of digital forensics to expose hidden criminal networks.