Trace Labs OSINT

In this video, we’re going to take a look at the Trace Labs OSINT virtual machine. Now in the previous video, we talked about there being a lot of different tools for OSINT, and this is another tool that we could use as freely available from Trace Labs. Now despite the Hollywood idea of how a computer hacker or OSINT investigator is, it’s not some overly complex machine with a bunch of monitors everywhere. Truth is, we could use pretty much anything to run an OSINT investigation, as long as it’s a internet connected device with a browser. Though, using certain tools will make things a lot easier.

So we can pretty much do OSINT on desktop computers, laptops, mobile phones, and, again, anything with a browser and an internet connection.

For this, we’re actually going to be using the Trace Labs OSINT virtual machine. So this virtual machine is, again, freely available. It’s based off of Kali Linux. And if you’re not familiar with Trace Labs, it’s a nonprofit organization that will help law enforcement look for missing people, and they crowd source. So OSINT investigators, hackers, and whatnot will get together and they’ll go help in a very controlled environment look for missing people, again, helping law enforcement. So if you haven’t checked it out, this is a great way to actually practise OSINT and do some good. But for this video, we’re actually taking a look at the virtual machine that they recently released.

And it’s in the - there is an updated version that came out. I want to say a couple of weeks ago from this video. So again, we’re checking this out. It’s going to be using - you could use VMware or VirtualBox. We’re going to be running as a VirtualBox environment. And again, this is based off of Kali Linux, so pretty cool operating system. So why don’t we take a look at this.

So here I have my virtual machine. It’s a VM. If we go into Settings, we can start kind of clicking around in here. We could see the system is only using about 2 gigs of memory, 2 CPU. So there’s not a lot of system requirement to run this, which is nice it’s a low footprint. Again, I’m running this out of Oracle VirtualBox, which is also free. And other thing you want to make sure is you want to take snapshots. If you click Snapshot, you can create a snapshot of the machine. And you can revert it back by clicking on it.

So the nice thing about snapshots are that - when I set up a machine I will typically take a snapshot after I get it configured. Now what this allows me to do is, say, I’m doing an OSINT investigation, I run that Snapshot, I go through, I do my investigation, I finish. And when I’m done and I’m ready to do a new investigation, I revert Snapshot back to my clean pristine image, meaning that all the other stuff I did is all wiped out. It’s completely clean again. I don’t have to destroy the machine and set it up again. It just make things a lot more convenient.

Likewise, if anything horrible happens, like I get a virus, it corrupts the system, something goes bad, I can revert the snapshot back to a clean state again. So again, really powerful tool, very handy. I do recommend using it.

Now continuing on. So you can go to TraceLabs.org and grab the operating system, and it’s freely available. So once you get your VM, if we go open a browser and go to the Bookmarks, you can see there’s a lot of great tools in here. These are all web-based tools preloaded on the virtual machine. So it saves a lot a lot of time. So if we want to look at the Facebook ID or People Search or whatnot. we could take a look at that. And right here, this is Glassdoor, great for investigating companies. So in this case, we have Google.

We can put in Google, and we could take a look at the company, how many views, salary, interviews, where they’re located, the revenue, location, and whatnot.

And again, that’s in the bookmarks for this virtual machine. And likewise, again, you can - they have other tools in here like Check Usernames, which is handy if you want to type in username and see what other accounts they possibly have.

And there’s also a lot of tools built into the machine. So it’s broken down by browsers, gate analysis, domains, and whatnot. Or you can click through all applications to find out what’s on there. So we have Stegosuite, Exfil Data, Dumpster Diver, username checks, domain, sublisters. Metagoofil is another great one. HTTrack is great if you need a copy of website to investigate later. Email tools, different framework. Maltego is going to be a really powerful one to get into. Cherry Tree is great for notation taking. And we have more user name searches.

So again, the Trace Labs VM is a great VM for OSINT investigation, especially if you - whether you’re doing investigations or you haven’t even started before, I highly recommend using the Trace Labs VM. So in wrapping up, OSINT can be done on pretty much anything with a browser and internet connection. Specialised tools such as Trace Labs OSINT OS can make OSINT much easier. It has a lot of great tools in there. These VMs should be ran for - VMs should be ran for investigations, rather. And you want to make sure that you take a snapshot, so that can always help with your integrity of your investigations.

So this was about the Trace Labs VM. In the next video, we’re going to be talking about tracking by IP address. Thank you for watching. I’ll see you in the next video.