OSINT to the rescue

OSINT to the rescue
2018-07-20 Paliscope

OSINT to the rescue


You may have read our article about the rising popularity of OSINT in which we talked to Toronto police officer Warren Bulmer. During our chat with him he also told us about some of the cases he’s worked on over the years, one of which involved a series of stabbings and social media posts.

Warren told us about the time he was assigned to another law enforcement agency to assist with an online investigation involving a local man suspected of stabbing two people to death as well as a series of other random stabbings. The agency handling the case needed an open source investigations expert with experience of social media research and computer forensic analysis to help them analyze the huge volume of data being collected, both from the internet and via other sources.

Piecing it all together

Warren explained that while one unit was investigating the double homicide, reports were coming in to other sections of the same law enforcement agency about random stabbings throughout the city. At this point, neither side was aware that the two cases might be connected.

Fortunately, an undercover officer who was investigating gang-related crimes in the district came across a possible gang member who was posting cryptic information on Facebook about both the murders and the stabbings. After a little more digging, the officer discovered that some of the information being published wasn’t actually public knowledge yet. In other words, information that only someone who’d been there could possibly know.

Once they had established a link between the two cases, the police were able to identify a suspect and put him under surveillance. They soon discovered that not only did he regularly visit a specific internet café, but he always used the same computer. It later transpired that he was using it to publish crime-related information on Facebook, hoping to provoke the police. It definitely worked, but those Facebook posts would turn out to be his downfall.

Once the police had gathered enough evidence, they arrested him while he was using that very computer and were granted all the necessary search warrants.

Months of investigation work

Warren was called in to further investigate the matter and figure out how the online activity could be traced back to the individual. At the time, Warren didn’t have an OSINT tool to help him so he ended up spending months researching the suspect’s digital life and social media presence, in addition to all of the data that had been found on the computer. Unsurprisingly the man had been using a lot of different accounts and pseudonyms, and had been posting stuff all over the internet. So there was a huge amount of information to organize and verify.

“All of the data I’d collected and been given was scattered about in different folders, and within those folders were dozens of other folders,” Warren recalls. “So every time I gathered information online or analyzed any of the data, I had to spend extra time locating the right folder. Which wasn’t always that straightforward with this case, due to the vast amount of data being collected.”

Enough to seize the computer

By the time Warren was finished he had plenty of relevant information on the suspect, as well as various social media posts and access to the man’s email accounts. He’d also found photographs and video clips, information about the suspect’s recent activities and, most importantly, his exact whereabouts and evidence of his participation in the crimes.

Among the photographs Warren found were images from one of the actual crime scenes. And Warren wasn’t just able to demonstrate that the photographs had been taken with the suspect’s cell phone. He also established that the images had been sent by text message to one of the suspect’s Hotmail accounts and then uploaded onto his Facebook account.

Converting data into evidence

Warren told us that gathering information isn’t the problem with this type of investigation. If there are details about a person or an event online, then you’re going to find them. Authenticating the information, on the other hand, and verifying that it relates to the person you’re researching is a whole different ballgame.

Which is why the final stage of the process was so time consuming with this case. Everything had to be thoroughly investigated and authenticated, and when verifying the information he’d analyzed, Warren had to be extremely methodical. Not only that, but he also had to demonstrate objectivity and traceability in his reports.

Nevertheless, all those months of research and investigation paid off. Using OSINT, Warren was able to link all of the digital information to the physical evidence that had been collected by the police. The man was convicted of first degree murder as well as four counts of attempted murder and sentenced to life in prison.

OSINT tools like Paliscope are designed specifically for this type of casework. Which means they help you create specific case files, gather online data and organize it into various categories.
Find out more here.