WEBVTT

00:01.240 --> 00:03.520
In this video we're going to talk about OSM steps.

00:03.560 --> 00:06.680
Now this is also I want to say a pre-recorded video.

00:07.720 --> 00:11.640
Some students have said that some of the audio quality was inconsistent.

00:12.120 --> 00:17.480
So I'm rerecording a number of videos to try to correct that problem.

00:18.120 --> 00:23.520
And a big shout out to Tony, one of the students that actually took the time to outline which videos

00:23.520 --> 00:29.040
were having issues because whatever reason, I, I don't see those issues on my end.

00:29.040 --> 00:34.600
But I do believe that, you know, I have several people said that they did have some problems with

00:34.600 --> 00:34.800
it.

00:34.800 --> 00:39.160
So that's why we're rerecording these videos that were outlined.

00:40.960 --> 00:51.240
Now Osint steps, when we start an investigation, we're going to take several steps in order to conduct

00:51.240 --> 00:52.440
our investigation.

00:52.960 --> 00:54.880
And we're always going to have a starting point.

00:55.560 --> 01:00.560
So the main thing is what's our goal and what's our starting evidence.

01:01.040 --> 01:07.000
So things like, are we doing an investigation on doing a background check on someone?

01:07.000 --> 01:09.160
Are we fact checking something?

01:09.160 --> 01:16.200
Are we trying to track down a, uh, someone that maybe, uh, is on the run, a criminal on the run,

01:16.240 --> 01:20.720
a missing person, uh, any number of things.

01:20.840 --> 01:24.360
So again, we want to find out what our goal is.

01:24.400 --> 01:27.440
We want that defined and also what our starting point is.

01:27.440 --> 01:28.440
Do we have a name?

01:28.640 --> 01:35.880
Is there a event that that we're starting with a username, a video, social media post ransomware attack,

01:35.880 --> 01:42.200
virus attack, missing person, email domain, phone number, photo, news story, email, potential

01:42.200 --> 01:45.400
threat, person of interest, uh, the list goes on and on.

01:45.400 --> 01:50.280
But these are some basic starting points, uh, that you that you may have.

01:51.800 --> 01:56.360
So say we have a social media post that we want to investigate.

01:56.720 --> 02:01.920
In this case, we have this, uh, This post here.

02:02.680 --> 02:03.120
Update.

02:03.120 --> 02:08.120
Many, many of you said that heard about TRB black checks we shared yesterday, this image of Donald

02:08.160 --> 02:13.560
Trump signing them, blah blah blah and say we want to investigate if this is legitimate or not.

02:13.600 --> 02:18.560
Well, our starting point is this social media post.

02:18.960 --> 02:23.880
So we'll go into this much more in depth throughout the course.

02:23.880 --> 02:30.840
But to give you kind of a brief overview, certain steps I would take, I would take down whose account

02:30.840 --> 02:32.240
is this, the logos on it.

02:32.280 --> 02:33.600
When did they create an account?

02:33.600 --> 02:35.000
When was this posted?

02:35.600 --> 02:38.120
Who were they friends with?

02:38.520 --> 02:39.600
Who are they following?

02:39.600 --> 02:40.880
Who's following them?

02:40.880 --> 02:42.120
What post did they make?

02:42.480 --> 02:44.080
Copy all this text here.

02:44.240 --> 02:46.320
Save a copy of this.

02:47.200 --> 02:48.360
Save the image.

02:48.840 --> 02:56.280
Take a look at the image and I could tell the image is pretty poorly photo manipulated, because the

02:56.280 --> 02:58.920
supposed checks that he's signing looks way off.

02:58.920 --> 03:01.600
This looks all cropped in that and whatnot.

03:01.600 --> 03:05.360
And again, we'll get into this more in depth throughout the course.

03:06.320 --> 03:09.360
So again, your steps.

03:09.720 --> 03:12.360
You want to start outlining the steps that you're going to take.

03:12.720 --> 03:15.680
And having those steps is going to help you with your investigation.

03:15.680 --> 03:22.760
Not only save you time, but it could also help you with your integrity of of your investigation.

03:22.760 --> 03:27.040
And integrity is absolutely important in any investigation.

03:27.440 --> 03:34.120
And having the ability to outline exactly what steps you took will go a long way, especially if that

03:34.120 --> 03:36.160
has to get entered in as evidence.

03:36.880 --> 03:39.120
Things like analyze the story for information.

03:39.120 --> 03:41.600
Can I verify the original poster's credibility?

03:41.840 --> 03:44.200
Research what the TRB Blackjacks are.

03:44.240 --> 03:46.360
Investigate the links given in the post.

03:47.080 --> 03:52.960
If there's a URL, do a domain lookup and see who owns those domains, do reverse image searches, and

03:52.960 --> 03:54.120
so on and so forth.

03:55.520 --> 04:02.230
Now another thing is, um, we may have these different steps in our head, but it is always good to

04:02.230 --> 04:09.310
have some sort of checklist, whether it's a checklist you go off of or you start drafting out a checklist,

04:09.310 --> 04:15.550
say we start checking off things one by one, and this will help not only organize your thoughts, but

04:15.550 --> 04:20.910
also make sure that you don't miss a step, because it is pretty easy to miss a step because we may

04:21.590 --> 04:26.670
start following a piece of evidence, and then we get so caught up in that we forget another step.

04:27.150 --> 04:32.630
So outlining your different steps that you're going to take is is a good idea.

04:32.750 --> 04:36.150
And we may even add stuff to that to our list.

04:36.150 --> 04:38.390
And we may remove things from that list.

04:38.390 --> 04:46.950
And that's fine because we need to remain fluid in in our investigation because things may change.

04:46.950 --> 04:50.670
The evidence that we have may not be what we thought it was going to be.

04:50.710 --> 04:53.590
It may take us in directions we never we didn't expect.

04:54.110 --> 04:55.590
So keep that in mind.

04:56.790 --> 05:00.670
And for investigations.

05:00.670 --> 05:06.350
I like using either CSI Linux because it has a great number of tools in there to use right off the bat,

05:06.830 --> 05:14.030
and we'll be using that during this course or I, I also use a custom Linux distro.

05:14.030 --> 05:21.390
I have a base install of Debian Linux and I, I modified it to what I need.

05:21.390 --> 05:23.870
So and you may end up doing that later on.

05:24.630 --> 05:27.430
Um, either way is totally acceptable.

05:27.430 --> 05:30.150
It's going to be a matter of what's going to work for you best.

05:31.950 --> 05:37.070
And again, going back, taking something like this, doing a reverse image search.

05:37.510 --> 05:41.950
This is the original image of what it what that picture came from.

05:41.950 --> 05:49.070
And you can see that the photo looks very different from from this versus that kind of weird images

05:49.070 --> 05:55.030
of those black checks where the edges didn't look quite right, the lighting was off, things like that.

05:55.030 --> 05:58.670
And that's that's what you're flying with, like reverse image searches.

05:59.630 --> 06:06.190
And towards the end of our investigation, we always want to make sure that we have a report to write,

06:06.550 --> 06:13.870
and a report is good, whether you're giving it to a lawyer, if it's being entered in a court, to

06:13.910 --> 06:19.270
an employer, whatnot, having a report is good because we can compile the information.

06:19.270 --> 06:25.630
We can put all that information into a readable, digestible report for people.

06:25.630 --> 06:31.750
And this is good for our records and also for, again, if we're doing a criminal investigation, things

06:31.750 --> 06:32.590
of that nature.

06:33.070 --> 06:35.710
It's good to have a report to be able to hand off to someone.

06:35.710 --> 06:41.830
And it's really good for management and upper management to be able to look at that, that if they want

06:41.830 --> 06:45.270
to get involved with it or something happens, do you have a report to hand over?

06:45.550 --> 06:49.750
And it's again, it's a much more professional way to go about it.

06:50.790 --> 06:52.470
So this was about OHS and steps.

06:52.470 --> 06:58.150
And again, we'll be diving into much more details about these individual steps as the course progresses.

06:58.270 --> 06:59.390
Thank you so much for watching.

06:59.390 --> 07:00.510
I'll see you in next video.