WEBVTT 00:00.240 --> 00:06.210 In this video, we're going to be taking a look at OS Iot, which stands for Open Source Intranet Research 00:06.210 --> 00:06.600 Tool. 00:07.680 --> 00:13.410 Now, this is a Windows only program and we normally don't recommend using Windows for Ocean Research. 00:14.220 --> 00:21.030 You may be in a situation where you don't have a choice either your you have to work on a Windows machine 00:21.030 --> 00:24.540 or there are certain programs that you want to use or some other case. 00:26.070 --> 00:31.500 So os iot can be found at os iot browser dot com. 00:32.880 --> 00:38.610 And it said before this is a windows only program, so it runs on Windows seven, eight, 8.1 and ten. 00:38.610 --> 00:44.190 It's designed for law enforcement officials, but it is open source, so it's available to everyone. 00:46.260 --> 00:48.090 Now, if we take a quick look at the page here. 00:50.240 --> 00:58.370 We could see that enhanced web browsing is able to capture screenshots on the web, generate reports, 00:58.370 --> 01:00.530 which makes things really easy. 01:02.190 --> 01:06.150 So it'll basically audit everything you're doing on when you're doing your research. 01:06.720 --> 01:12.690 It has a built in screen recording web page downloading, which is currently in beta as Tor, built 01:12.690 --> 01:19.190 in automate logging case notes to help keep track of everything you're doing. 01:19.680 --> 01:22.800 And you could add attachments to the. 01:24.030 --> 01:25.320 To your investigation. 01:26.940 --> 01:28.440 So I'm going to launch it right here. 01:33.850 --> 01:36.450 And in here we have create a new case. 01:36.460 --> 01:38.980 You can load existing case or you can view the audit log. 01:39.820 --> 01:48.250 Now, down in here, you could restore extract a case in the other corner here you can set your tor 01:48.250 --> 01:48.670 settings. 01:48.670 --> 01:56.320 So if you go the dark web or you need to said run through Tor for whatever reason you need, obfuscate, 01:56.740 --> 02:02.650 you know your point of origin or whatever you can set your settings and here. 02:04.020 --> 02:05.370 So I'm going to cancel it real quick. 02:05.370 --> 02:06.840 I'm just going to create a new case. 02:08.520 --> 02:14.940 And here you said you're investigating, officer, and it's going to put my name down here and the agency. 02:17.540 --> 02:19.280 And operator name. 02:22.160 --> 02:28.370 You know, case reference only contains letters and numbers, hyphens and underscores. 02:28.370 --> 02:29.660 So I'm going to do. 02:31.400 --> 02:32.380 Test. 02:33.590 --> 02:35.180 One one. 02:36.430 --> 02:37.750 Evidence reference. 02:37.750 --> 02:40.330 I don't believe you need to set one here. 02:40.330 --> 02:41.350 You could set a password. 02:41.950 --> 02:45.130 So if you want to try to keep make sure the state secured, you could set that. 02:46.270 --> 02:47.970 You enter your save location. 02:47.980 --> 02:50.920 I'm just going to throw it on the desktop here. 02:52.430 --> 03:00.800 And you have hashing functions here sha256 md5 sha one shot three four sha 512. 03:02.000 --> 03:05.720 Now if you set the hash function, I recommend at least SHA256. 03:07.060 --> 03:10.280 And if you want more information, you could actually just click here. 03:12.830 --> 03:20.180 So it helps verify that your original file hasn't been modified in any way. 03:22.260 --> 03:24.220 Now in here, you can have whatever notes you want. 03:24.720 --> 03:26.310 I'm just going to click next. 03:27.240 --> 03:28.050 And. 03:29.020 --> 03:32.680 I need to make sure I put down the evidence for evidence reference. 03:36.670 --> 03:38.380 And I have to put down roots. 03:40.690 --> 03:41.560 Ryan it. 03:48.300 --> 03:48.720 Okay. 03:48.840 --> 03:50.190 So now we're in our browser. 03:50.580 --> 03:52.590 This is actually based off of Chrome. 03:53.460 --> 03:56.670 So an upper corner, just like any other browser you have at home. 03:57.240 --> 04:01.200 Go back, go for reload your page and here we can capture a screenshot. 04:02.940 --> 04:03.900 And see it here. 04:03.900 --> 04:05.070 It takes a screenshot. 04:05.070 --> 04:08.880 It's because you can see this peer and g pdf jpeg. 04:09.990 --> 04:14.100 It creates a file, automatic file name, date time. 04:14.400 --> 04:18.450 There's your SHA256 hash again. 04:18.450 --> 04:22.560 You could use that to make sure that no one modified your entire evidence there. 04:24.560 --> 04:29.690 What Sandy also is it tells you the URL you grabbed that from and you can put your notes there. 04:30.440 --> 04:32.810 So I'm just going to cancel that since I really don't need it. 04:34.100 --> 04:35.870 Now in here, you can sort of video capture it. 04:35.870 --> 04:37.100 This is fantastic. 04:37.100 --> 04:43.070 So if you need to prove the methods, methods that you used during your investigation, you can click 04:43.070 --> 04:48.170 this button here and it'll start recording everything you do on here. 04:48.170 --> 04:50.240 So if I do this. 04:52.770 --> 04:53.790 I put down. 04:58.980 --> 05:00.300 Looking for criminal. 05:02.040 --> 05:05.280 I clicked start and in here you can see it. 05:06.220 --> 05:10.270 On the screen here that everything I'm doing is being recorded. 05:12.730 --> 05:21.130 And again in here it has a file name, the date, the shot if we refer to 56 hash and your notes. 05:21.140 --> 05:30.540 So again, if you if you want to record the steps you're taking or if it's required, it's fantastic. 05:30.550 --> 05:34.150 Just click that and just start your own investigation. 05:36.060 --> 05:42.300 And here you could touch on in your case, if you have whatever evidence, like you pull down certain 05:42.300 --> 05:49.320 files, pictures, videos, PDF, files, pastebin docs, you could attach it there and with your notes. 05:52.400 --> 05:54.350 And here you can add a note to your case. 05:54.350 --> 06:01.100 And right here you could you could type in your URL just like any other browser here. 06:01.100 --> 06:05.840 We could click the audit log and it's actually keeping a log of everything that we're doing here. 06:06.170 --> 06:14.570 Websites, we loaded action, so we took OSHA t actions and here you can see my loaded case attachments, 06:14.570 --> 06:18.400 videos and completed tasks. 06:18.410 --> 06:25.300 And if your investigation is pretty large, you could type in a search for whatever you're looking for 06:25.310 --> 06:26.990 to help make things easier. 06:30.760 --> 06:31.330 And. 06:32.400 --> 06:36.750 Bookmarks, search engines, Google, Bing, DuckDuckGo, Yahoo! 06:36.750 --> 06:37.800 And usual ones. 06:39.580 --> 06:43.330 You could set up your network tool central of who is mind. 06:45.360 --> 06:47.910 So you can put up domain information. 06:48.690 --> 06:52.490 It has a couple of people search sites already bookmarked in here. 06:53.780 --> 06:57.440 Purple is a really good morning to use Norm's excellent one. 06:57.440 --> 07:01.880 Also in here you have your air in it archives. 07:01.880 --> 07:04.790 So the your wayback machine, your archive is. 07:04.790 --> 07:11.750 So if you're looking for something like a social media site where whoever you're investigating potentially 07:11.750 --> 07:19.910 deleted a incriminating post, you could see if the Wayback Machine or or if the. 07:21.000 --> 07:21.620 Archive. 07:21.630 --> 07:26.450 IRS has a cache copy of that and potentially get them that way. 07:27.920 --> 07:28.520 And here. 07:30.110 --> 07:37.100 These are also excellent sites until techniques is one of the best sites to go to for ocean work. 07:37.160 --> 07:47.030 Then you have the ocean framework on Strat and this quick guide here can help you with your online investigation. 07:48.140 --> 07:50.180 Keywords Details. 07:50.180 --> 07:53.990 Google Search operate geo locations. 07:54.590 --> 07:55.370 You know, just a. 07:56.580 --> 07:57.390 Really handy. 07:57.390 --> 07:58.800 Quick guide if you need it. 08:03.940 --> 08:04.440 Okay. 08:04.450 --> 08:10.510 So although again, this is an excellent tool, if you if you have to use a Windows investigation, 08:11.380 --> 08:13.300 it just makes things a lot easier. 08:13.930 --> 08:14.800 Attachments. 08:15.880 --> 08:18.760 Archiving everything, logging everything on here. 08:18.760 --> 08:23.380 Again, this was an os i r t browser. 08:24.900 --> 08:28.680 And it can be found at OS Iot browser dot com. 08:28.680 --> 08:30.540 And again, this is a Windows only tool.