Digital forensic investigative solutions and AI-powered open-source intelligence (OSINT) platforms are playing crucial roles in modernizing police investigations, helping to save lives and closing cases faster by developing solid leads.

Working together, these powerful technologies can increase the ability to locate missing persons, find victims of human trafficking and identify criminals in fraud and extortion cases, as well as assist in solving violent as well as property crimes.

This is the message Cobwebs Technologies conveyed to law enforcement and investigators at the recent Magnet User Conference 2023 Summit, held last month in Nashville, TN.  At the conference, we showed how agencies can marry digital forensic evidence with web intelligence research to provide a more comprehensive and complete investigation process. A strategic partnership with Magnet Forensics aligns our OSINT platform with Magnet Forensics’ digital investigations solutions, providing end-to-end investigation capabilities.

Today, the big challenge is OSINT analysts and forensic digital investigators are siloed. In fact, the two functions do not cross streams in 95 percent of the law enforcement agencies we work with. That must change. There must be synergy between the two types of tools and greater collaboration between OSINT analysts and digital forensic investigators.

Law enforcement agencies are not combining resources to create a more comprehensive investigative process because investigators often do not know they are operating in siloes. Analysts are primarily deriving tactical intelligence from online media, looking to go after gang crimes and other threatening activities.  They are often not aware of the possibilities of combining web intelligence with information from the forensics side.

When I was the project developer for the City of Hartford’s Capital City Command Center (C4), a Real Time Crime Center (RTCC), I made sure all my intelligence analysts were forensically certified. The RTCC provides real-time and investigative back support for local, state, and federal law enforcement partners utilizing multiple layers of forensic tools, coupled with data resources, and real-time intelligence. This kept our investigators and analysts from being siloed in their approach to investigations.

Investigations Can Start Anywhere

Law enforcement analysts can start investigations anywhere when web intelligence and forensics come together. An investigator can start with a name, location, or cell phone. They can start with whatever information they are able from initial reports. With Magnet they can extract information from a device, cell phone or computer. That information is important to intelligence analysts because it contains unique identifiers—names, emails, phone numbers with no identities attached to them, or even information about cryptocurrencies and wallets. We can take that information and send it to the Cobwebs Technologies platform to see if it matches up with account information or other attributable information from publicly available sources on the web.

On the other hand, information on the web might lead investigators to certain devices. For example, someone could be posting information on dark web channels that could aid law enforcement in forensic investigations. For instance, they might list different levels of encryption on certain devices. Magnet’s solutions can then find hidden pieces inside the actual physical device. The two technologies overlay each other and that reenforces the investigative story. If an investigator has tower data and geolocation data from inside a cell phone and it matches up with a online media post or other information on a website, then the investigator can tie these attributions to a case.

Moving the OSINT Needle

Attributions are all the identifiable details that websites collect each time a person visits. These details are passed to websites via different sources such as internet addresses and connections, browsers and device types, and/or online behavior that includes online media connections or other account activity.

OSINT isn’t used for attributions like it could be. If an investigator pulls email information out of a phone, where has it been posted and under what username? Is it the same username associated with a Twitter account? If so, it might be the target of your investigation.  At the Magnet User Summit, OSINT analysts and forensics investigators experienced the power of two separate tools coming together – one for recovery, analysis, and reporting of digital evidence from smartphones, computers and other connected devices, the other one for extracting critical, intelligent insights from surface and deep web data sources.

Many attendees did not know they were operating in siloed environments. They now realize that they are working on two separate pieces in the same case. This calls for synergy between the two disciplines and the need to collaborate instead of just passing information along to the next phase of the investigation. Both OSINT analysts and digital forensic investigators need to be cross-trained, so they know the right questions to ask as they extract information.

We need to keep moving the needle forward, educating agencies about the value of bringing all this information together.

For more information on the topic, tune into the following webinar:

Not Your Parents Lead Generator

OSINT: Not Your Parents’ Lead Generator