5 Day OSINT Course

Key elements of the training:


Tracking duplicates, sources uploading, meta data and exif data interrogation and identifiers to establish device, location, source and tracking. Hashing and searching for sharing and uploading significant images. Providing sufficient data and intel to support dissemination to active teams and support warrants, Production orders, and Surveillance authorities.


Provision and access to over 200 OSINT tools on my dedicated investigator training site which is a library of tools collected over the last 15 years in LEA. These cover everything. Delegates will be given access forever. Historic and specific searchingAlso a usb with over 1000 tool links for every delegate.

Website analysis

Deep searching of links and connections into a website; common or accessed sites sharing the same server space. Identifying IP and owners of sites and upload location. Possible server vulnerabilities and exploits (via RIPA and PO)


A headache for most prosecutors and investigators. We can put a device at a location but how do we show who was there with the device.
What other clues are there to prove ownership and use? Let us look at them all.

Human anthropology Versus digital foot printing

How we live, move and react with the real world is reflected in the digit footprint we leave in the virtual world. This session will look at where to look for clues in the data and footprint, to profile and help identify the person leaving it

Social engineering tricks and exploits

This session gives the delegate an understanding of the origins, impact and harm that the modern criminal social engineer plays in crime and intelligence security in the modern day internet. It covers both attack and defence. Can we identify, exploit and copy their tactics?

Geo location

Tracking and identifying devices on the internet and their speed direction and use by the target. Includes vehicle telematics, association, speed, data sources and non visual surveillance . Identifying buildings/ locations ( public and private ) that the device uses and frequents.

lifestyle analysis

Identifying targets by their device movement and location. Identifying public wifi spots used and interrogation.



Covers all aspects of relevant legislation in respect of paint research - pitfalls and considerations regarding interception, property interference, production orders and warrants.   Also cover the transition to evidence from intel online , Business data without applying for it, and identifying company interests and ownership which were not available or known.

Social Networking

Identifying which sites are used by the target quickly , then interrogation of the sites by searching the data not by using the site. Links between targets on the same and different SN sites. Direct and historic chats between multiple profiles to prove association and analysis. Analysis online of a subjects location when uploading / tweeting/ blogging AND the identity and location of the people in their online group.


Covert (non attrib) and non identifying search methods. Deep searching and analysis. Alternative tool and site searching. footprint reduction and incognito browsing. Non identifying profile creation using virtual mobiles and emails to allow registration.

Vehicle Telematics 



New investigative exploits. Enhanced investigative opportunities and attribution. 21st century policing.

What tech are people driving around with? What can we get? How can we get it? What electronic footprint are they leaving? What will the car tell us about an accident? 

E-cars and telematics, Geolocation, nav and wifi , Crash Investigation, Surveillance and tracking, Additional network support and monitoring systems

Let us laterally think out opportunities and New investigative exploits. Consider Enhanced investigative opportunities and attribution, and get ahead of the curve. 


Safe, covert and extensive searching on TOR, MIRC, and other dark sites. Interaction and tracking users using temporal analysis. Real examples given of tracked TOR users and how I did it.

OSINT legend building

Non attributable SN profile and legend building, tradecraft and good digital hygiene around this area.

Other identifiers of value

Mac IMSI and IMEI, SSID and BSSID identifiers that will be of significant value to the investigation. Their anomalies, values, and potential. Port scanning and network analysis

Live, real and historic examples throughout to prove worth, capability and depth of the tools and training.

The Environment Course structure

Delegates will need access to computers and the internet for the course. The environment will be practical heavy with an emphasis on them doing the searches and learning the craft practically.
Powerpoint will be only for structure, aide memoir and time management.


  • Legislation - what can we/ cant we do? Where is that virtual line in the sand

  • Tradecraft - lets get it evidentially right from the start

  • Awareness - where can we go and what can we use instead of the

    usual favourites

  • Tool practice and awareness - practice and process

  • Practicals and exercises - searching and laterally thinking problems.

  • Just because you cant find it, doesn't mean its not there.


Subjects Areas for practicals/ scenarios



There are 2 main areas of subject matter I use


1. Real data on real subjects I have found deep within the internet and deep web involved in criminality which are difficult to find using traditional methods of OSINT.



2. I have my own virtual OCG which I manage and hide deep on the internet. Delegates will be provided with a small piece of information at the start of the course and they will uncover the links, criminality, intelligence and evidence around this OCG in order to provide sufficient data to support an application to take the matter further.( surveillance/ warrants etc.)





During the exercises, the delegates discover the need to ask for data from ISP, council, banks etc, during the normal course of an investigation. I will act as Data comms applicant and provide them with the data in the correct format from the PO applications, which will allow them to further search/ find intel/evidence against the OCG. These are all factually correct but not real. 

© Trace Tools 2014. No unauthorised reproduction or use for training without express permission of Tracetools