OSINTRACKER V2

  • Warning: this article is the sole responsibility of its author.

Osintracker is a free application enabling investigators to optimize the management of an osint (Open Source Intelligence) investigation.
It’s a personal project of almost a year’s duration, initiated by Matthieu A.. Initial feedback has been very positive.

Indeed, the application, which could be improved upon, has been completely redesigned for V2, while retaining the basic idea that has won over many analysts: to offer them the possibility of tracking the progress of their research, according to the resources and tools already used or available, depending on the types of data collected.

As such, this application doesn’t appear as yet another osint information-gathering solution, but rather as an aid to manage the information collected during an investigation, in a simple and pragmatic project mode. V2 is naturally equipped with a relational graph for data visualization, built manually as the data is collected.

This development work, sometimes long and tedious, was above all very enriching, as Matthieu A. was able to exchange with the osint community, enthusiastic about the idea of helping out on an innovative, non-profit project.

Osintracker is the result of a need for an application that meets a number of specific points that differentiate it from what currently exists, and is not intended to compete with existing pay-per-use applications that have resources far beyond what a single person can produce in his or her spare time.

Osintracker puts the emphasis on craftsmanship, finesse and targeted information gathering, putting the user at the heart of the investigation and his or her ability to investigate and judge the relevance of the information collected.

This article aims to highlight some of the application’s original features, and is not intended to be an exhaustive presentation of how it works. Indeed, a wiki (wiki.osintracker.com) has been put online for this purpose.

Foundation and productivity research

Whether the application is used for an investigation, or during a CTF (Capture The Flag), Osintracker had to present a visual and intuitive interface.

This has now been achieved with an interface whose core is the relational graph.

The life cycle of an OSINT investigation is based on the fundamentals of the intelligence cycle, comprising the 5 phases of:

  1. Expression of needs to guide research

  2. Collection of raw data

  3. Information processing

  4. Analysis to form knowledge

  5. Intelligence dissemination (actionable for decision support)

Anyone who has ever carried out an open-source investigation on the Internet is well aware that the scope, volume and diversification of the information collected can quickly become problematic, and you tend to get lost in the data.

Naturally, a methodical approach to data management is essential. Matthieu A. approached Frédéric Lenfant, an expert in criminal analysis and digital investigations, who has formalized a visual relational analysis method (Marvadrisk) for information structure, which he applies in particular to OSINT investigations. Complementary skills and regular exchanges have enabled Matthieu A. to continue developing the tool, taking into account certain founding principles used in complex investigations, and contributing to the osint community…

Osintracker thus supports the process of phases 3 and 4 of the intelligence cycle, notably through the relational graph, which has become the cornerstone of the application.

How to start

First of all, it’s important to point out that Osintracker has been designed with data confidentiality in mind, a subject addressed at the end of this article.

The first step is to create an investigation and select an appropriate “resource set” for its investigation type. We’ll be coming back to the notion of resource set, which remains the primary idea behind osintracker.

Next, simply add a data item and select its entity type (family / type), so as to be able to associate the types of data collected and the tools listed in the resource set.

The importance of data relationships

Particular care has been taken to customize the relationships between the data, giving the interviewer the possibility of adding a certain amount of information that may prove crucial to the proper understanding of the survey.

Once at least 2 entities have been added to the graph, the “relationship” button appears, enabling you to link data by specifying :

  • The nature of the relationship (title)

  • Whether this information is important/critical (will appear in red)

  • Whether the relationship is bidirectional

  • The level of reliability (grade), which will be indicated by a continuous/discontinuous/thick line

  • The resource used (tool or script) to find this information

  • Reference to the source of the information

  • Possibly temporal notions

  • Comments

The relationship between data is the very essence of intelligence, and this approach makes it possible to associate information as you go along, and to obtain a global view of your investigation so as to control your scope and needs.

This interface is used to add data, create relationships between data, add descriptive information (attributes or properties) and track the use of the resources (tools) available in your “resource set”.
In this way, the number of clicks required to perform an action is limited. The addition of keyboard shortcuts also increases speed, and therefore user productivity.

As is often the case with this type of software, data is structured into families (internet, hardware, generic…), then into entity types (email, telephone, airplane, physical person, legal entity…), which not only enables visual identification using customized icons and colors, but also facilitates filtering and identification of useful tools to exploit for searches, by data type or category.

Search patterns

One of Osintracker’s strengths is that it offers users a list of useful resources (websites, scripts) for investigating each type of data (email, DNS, airplanes, etc.), to help them in their search capabilities and perimeters.

Indeed, every good osinteur is obliged to keep a constant watch on the collection tools to be used, and generally acquires the excellent “start.me” bookmark manager to store his resources. However, this is no more than an aide-memoire for managing knowledge of existing tools, but remains limited for follow-up and exploitation in one’s investigation.

This is where the Osintracker application comes in, offering a default “resource set” useful for collecting each type of data. This set, although limited for obvious reasons, is a good starting point for a novice, but will quickly become limited for a seasoned investigator, who is used to working with hundreds or even thousands of resources.

Indeed, all experienced investigators tend to have their own search patterns, which they have spent months putting in place in order to achieve maximum productivity.

Adding a resource (website or script), whether generic or not, is done via the interface above, and enables it to be associated with the data type(s) explained above.

In this way, you can create one or more “personal resource sets” listing your favorite websites and scripts, facilitating the research process, while keeping track of your investigation according to what has been done or what remains to be done for each type of data.

Tracking the progress of your investigation

As the investigation progresses, the user uses certain resources to try to gather more and more information and guide further research. And the more time goes by, the deeper the investigation, the faster the amount of data to be processed increases… Admittedly, this is a good thing, but it quickly becomes difficult to know which website, tool or script has been used on which data.

So, the investigator didn’t find anything related to this email address two weeks ago. But is he sure that he has exploited all the resources of his set?

Here again, Osintracker responds to the need for traceability by providing a checklist of progress indicators for each resource and each type of data.

This considerably reduces the investigator’s mental workload, and ensures that he can easily share the status of his research with a colleague.

Resource management

Osintracker offers a default set of resources for each data category.

It is thus planned to be able to add a specific resource or import a personal resource list, in a specific .csv format, an example of which is available. A procedure for creating your own resource set is explained in the wiki.

This gives the beginner the choice of selecting resources from the default list to quickly build up a personalized toolkit, and the more experienced user the option of building up their own toolkit in a format that they can update themselves.

All this to optimize the research process and the use of information gathered as the investigation progresses.

Data privacy

As already mentioned, data protection is generally of the utmost importance for an investigation.

With no cloud or third-party servers, all your survey data is stored locally in your browser’s database, guaranteeing total confidentiality.

Of course, the downside of this choice is that it is necessary to make recurring backups of your investigations, and a database import/export system is available in the drop-down menu, which can be activated by clicking on the 3 dashes at the top right of the application:

Community

Osintracker has been designed to help analysts, and is intended to be used in collaborative mode. The choice of not using a server is a constraint, but guarantees control over local data storage, which we feel is essential.

However, it is possible to : 

  • Share your investigation via export/import (.osintracker format),

  • Export your relational graph (.png image format),

  • Export and share resource sets,

  • Export a report (.html format)

The application is designed to facilitate exchange and sharing between users, and it could be interesting to set up community resource sets, according to different themes (geoint, socmint, compliance, fraud, conflict, CTF…). To be continued…

Coming soon

Numerous new features and enhancements are in the pipeline. Not least thanks to feedback from experienced users who had the opportunity to test Osintracker V2 exclusively.

Thanks

Advisor

Contributors

Others

Links

Contact