PDF Open Source Intelligence Techniques Resources For Searching and Analyzing Online Information 6Th Edition Michael Bazzell Ebook Full Chapter

Open Source Intelligence Techniques:
Resources For Searching And

Analyzing Online Information 6th
Edition Michael Bazzell
Visit to download the full and correct content document:
https://textbookfull.com/product/open-source-intelligence-techniques-resources-for-se
arching-and-analyzing-online-information-6th-edition-michael-bazzell/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Open Source Intelligence Techniques: Resources for

Searching and Analyzing Online Information 7th Edition
Michael Bazzell
https://textbookfull.com/product/open-source-intelligence-
techniques-resources-for-searching-and-analyzing-online-
information-7th-edition-michael-bazzell/
Open Source Intelligence Techniques Resources for

Searching and Analyzing Online Information 7th Edition
Michael Bazzell
information-7th-edition-michael-bazzell-2/
Open Source Intelligence Techniques: Resources For

Searching And Analyzing Online Information, 8e 8th
Edition Michael Bazzell
information-8e-8th-edition-michael-bazzell/
Open Source Intelligence Methods and Tools: A Practical

Guide to Online Intelligence 1st Edition Nihad A.
Hassan
methods-and-tools-a-practical-guide-to-online-intelligence-1st-
edition-nihad-a-hassan/
Data simplification taming information with open source
tools First Edition (Online-Ausg.) Berman
https://textbookfull.com/product/data-simplification-taming-
information-with-open-source-tools-first-edition-online-ausg-
berman/
Network performance and security : testing and

analyzing using open source and low-cost tools 1st
Edition Chapman
https://textbookfull.com/product/network-performance-and-
security-testing-and-analyzing-using-open-source-and-low-cost-
tools-1st-edition-chapman/
Data simplification : taming information with open

source tools 1st Edition Berman
https://textbookfull.com/product/data-simplification-taming-
information-with-open-source-tools-1st-edition-berman/
How Open Source Ate Software: Understand the Open

Source Movement and So Much More Gordon Haff
https://textbookfull.com/product/how-open-source-ate-software-
understand-the-open-source-movement-and-so-much-more-gordon-haff/
How Open Source Ate Software: Understand The Open

Source Movement And So Much More Gordon Haff
https://textbookfull.com/product/how-open-source-ate-software-
understand-the-open-source-movement-and-so-much-more-gordon-
haff-2/
Open Source
INTELLIGENCE
Techniques
RESOURCES FOR SEARCHING AND
Analyzing Online Information
Sixth Edition
MICHAEL BAZZELL
Open Source
Intelligence Techniques
Resources for Searching and Analyzing
Online Information
Sixth Edition
Michael Bazzell
Open Source intelligence techniques:
Resources for searching and analyzing online information
Sixth Edition
Copyright © 2018 by Michael Bazzell
All rights reserved. No part of this book may be reproduced in any form or by any electronic or
mechanical means including information storage and retrieval systems without permission in writing
from the author.
Sixth Edition First Published: February, 2018
Project Editor: Y. Varallo
The information in this book is distributed on an “As Is” basis, without warranty. The author has
taken great care in preparation of this book, but assumes no responsibility for errors or omissions.
No liability is assumed for incidental or consequential damages in connection with or arising out of
the use of the information or programs contained herein.
Rather than use a trademark symbol with every occurrence of a trademarked name, this book uses
the names only in an editorial fashion and to the benefit of the trademark owner, with no intention
of infringement of the trademark.
Due to the use of quotation marks to identify specific text to be used as search queries and data
entry, the author has chosen to display the British rule of punctuation outside of quotes. This ensures
that the quoted content is accurate for replication. To maintain consistency, this format is continued
throughout the entire book.
Library of Congress Cataloging-in-Publication Data:

Application submitted
ISBN-13: 978-1984201577
ISBN-10: 1984201573
Contents
About the Author................................................................................................................... I
Introduction........................................................................................................................... II
CHAPTER 1: Prepare Your Computer............................................................................... 1
Antivirus......................................................................................................................................................... 1
Malicious Software........................................................................ ...............................................................3
System Cleaner.......................................................................................................................... .................... 3
Firefox............................................................................................................................................................. 5
Firefox Settings............................................................................................................................................. 6
Firefox Add-Ons.......................................................................................................................................... 8
Script Blocking.............................................................................................................................................. 13
Firefox Profile........................................... t...................... 23
JavaScript Bookmarklets............................................................................................................................ 24
Chrome........................................................................................................................................................... 25
Chrome Extensions.....................................................................................................................................26
Tor Browser.................................................................................................................................................. 29
Virtual Private Network............................................................................................................................. 30
CHAPTER 2: Buscador Linux Virtual Machine .............................................................. 33
Virtual Machines.......................................................................................................................................... 34
VirtualBox...................................................................................................................................................... 35
Buscador Download....................................................................................................................................35
Buscador Installation.................................................................................................................................. 36
Snapshots........................................................................................................................................................ 37
Buscador Browsers......................................................................................................................................40
Buscador Video Utilities............................................................................................................................ 40
Buscador Applications................................................................................................................................ 43
Bootable USB Devices............................................................................................................................... 51
CHAPTER 3: Search Engines............................................................................................. 57
Google............................................................................................................................................................ 57
Google Operators........................................................................................................................................57
Google Search Tools....................................................................................................................... ........... 63
Google Custom Search Engines.............................................................................................................. 65
Alerts............................................................................................................................................................... 69
Bing................................................................................................................................................................. 70
Bing Operators............................................................................................................................................. 70
Images............................................................................................................................................................. 71
Archives..........................................................................................................................................................71
Translators..................................................................................................................................................... 76
Groups............................................................................................................................................................78
News................................................................................................................................................................ 79
Newspapers................................................................................................................................................... 79
Tor Search Engines.................................................................................................................................... 85
International Search Engines.................................................................................................................. 86
Yandex.......................................................................................................................................................... 87
Yandex Operators...................................................................................................................................... 88
Private Search Engines.............................................................................................................................. 89
FTP Search................................................................................................................................................... 89
IntelTechniques Search Engine Tool............................................................................... .................... 93
CHAPTER 4: Social Networks: Facebook........................................................................ 95
Account Creation....................................................................................................................................... 95
Facebook Search: Standard.......................................................................................................................97
Facebook Search: People........................................................................................................................... 98
Facebook Search: Posts.................................................................................. :........................................... 102
Facebook Search: User ID......................................................................................................................... 104
Facebook Search: Friends.......................................................................................................................... 108
Facebook Search: Common Results....................................................................................................... Ill
Facebook Search: ID Creation Date....................................................................................................... 114
Facebook Search: Businesses.................................................................................................................... 114
Facebook Search: Events........................................................................................................................... 116
Facebook Search: Live Video.................................................................................................................... 118
IntelTechniques Facebook Search Tool............................................................................................... 124
Facebook Search: Email............................................................................................................................. 127
Facebook Search: Telephone Number................................................................................................... 127
CHAPTER 5: Social Networks: Twitter............................................................................. 135
Twitter Search..........<.................................................................................................................................... 135
Twitter Search Operators.......................................................................................................................... 138
Deleted Twitter Posts................................................................................................................................. 141
Twitter Biographies.................................................................................................................................... 144
IntelTechniques Twitter Search Tool..................................................................................................... 145
TweetBeaver................................................................................................................................................. 147
Twitter Location Information.................................................................................................................. 150
Tweet Deck................................................................................................................................................... 156
Twitter Analytics..........................................................................................................................................157
CHAPTER 6: Social Networks: Others............................................................................. 165
Instagram....................................................................................................................................................... 165
Instagram Private Accounts......................................................................................................................167
IntelTechniques Instagram Search Tool............................................................................................... 169
Linkedln........................................................................................................................................................ 171
IntelTechniques Linkedln Search Tool................................................................................................. 173
Contact Exploitation.................................................................................................................................. 175
Account Export Options........................................................................................................................... 178
CHAPTER 7: Online Communities............................................................................ 183
Reddit............................................................................................................................................................. 183
Deleted Content.......................................................................................................................................... 184
Reddit Alternatives......................................................................................................................................... 189
Dating Websites............................................................................................................................................. 191
Forums.............................................................................................................................................................. 194
Online Prostitution........................................................................................................................................ 196
Craigslist 198
eBay........ 200
Amazon.. 202
IntelTechniques Communities Search Tool........................................................................................ 204
CHAPTER 8: Email Addresses........................... 207
Email Verification..........................................................................................................................................207
Email Assumptions....................................................................................................................................... 208
Compromised Email Databases................................................................................................................ 211
Email Searching....................................... 212
IntelTechniques Email Search Tool......................................................................................................... 214
CHAPTER 9: User Names.................................................................................................... 217
User Name Search Engines........................................................................................................................ 217
IntelTechniques User Name Search Tool...............................................................................................221
User Name Assumptions............................................................................................................................. 221
CHAPTER 10: People Search Engines............................................................. 227
People Search Engines................................................................................................................................. 227
IntelTechniques Person Search Tool....................................................................................................... 233
People Search Combination........................................................................................................................234
Resumes............................................................................................................................................................ 236
Gift Registries................................................................................................................................................. 238
CHAPTER 11: Telephone Numbers.................................................................................... 243
Carrier Identification.................................................................................................................................... 243
Caller ID Databases.......................................................................................................................................244
Telephone Search Databases....................................................................................... 250
Search Engines............................................................................................................................................... 253
IntelTechniques Telephone Search Tool................................................................................................ 255
Voicemail Retrieval........................................................................................................................................258
Loyalty Cards.................................................................................................................................................. 259
CHAPTER 12: Online Maps....................................................................................... 261
Google Maps................................................................................................................................................... 261
Bing Maps.........................................................................................................................................................263
Additional Maps............................................................................................................................................. 263
Crowd-Sourced Street Views..................................................................................................................... 264
Historic Imagery............................................................................................................................................ 266
IntelTechniques Maps Search Tool.......................................................................................................... 267
Maps Manipulation....................................................................................................................................... 273
CHAPTER 13: Documents................................................................................................... 275
Google Searching.......................................................................................................................................... 275
Google Docs................................................................................................................................................... 276
Amazon Data............................................................................................................................................ 277
Presentation Repositories....................................................................................................................... 278
IntelTechniques Documents Search Tool............................................................................................ 279
Metadata........................................................................................................................................................ 281
Rental Vehicle Records.............................................................................................................................. 282
Paste Sites...................................................................................................................................................... 283
IntelTechniques Paste Sites Search TooL.............................................................................................. 283
CHAPTER 14: Photographs................................................................................................ 285
Reverse Image Searches......................................................................................................... 285
IntelTechniques Reverse Image Search Tool.......................................................... 289
Twitter Images.............................................................................................................................................. 291
Metadata............................................................................................................. 293
Image Manipulation.....................................................................................................................................297
Image Forensics........................................................................................................................................... 298
CHAPTER 15: Videos......................................................................................................... 303
YouTube......................................................................................................................................................... 303
YouTube Restrictions Bypass...................................................................................................................304
IntelTechniques YouTube Search Tool................................................................................................ 308
Reverse Video Searching.......................................................................................................... 308
IntelTechniques Reverse Video Search Tool....................................................................................... 312
Video Search Options................................................................................................................................ 313
Video Search Archives............................................................................................................................... 315
Video Closed Captions............................................................................................................................... 316
Live Video Streams..................................................................................................................................... 317
Periscope....................................................................................................................................................... 318
CHAPTER 16: Domain Names........................................................................................... 321
Domain Registration.................................................................................................................................. 321
Domain Search Tools................................................................................................................................. 322
Historical Registration Data......................................................................................................................323
Visual Depictions................................. 326
Website Monitoring........................................... 327
Domain Analytics........................................................................................................................................ 328
Robots.txt...................................................................................................................................................... 330
Search Engine Marketing Tools.............................................................................................................. 332
Shortened URLs.......................................................................................................................................... 336
IntelTechniques Domain Search Tool................................................................................................... 337
CHAPTER 17: IP Addresses............................................................................................... 339
IP Address Location................................................................................................................................... 339
IP Address Search.................................................................. 340
Wigle.............................................................................................................................................................. 342
Shodan........................................................................................................................................................... 343
IntelTechniques IP Address Search Tool............................................................................................. 345
IP Logging....................................................................................................................... 346
CHAPTER 18: Government Records 353
County General Records............................................................................................................................ 353
County Court Records................................................................................................................................ 353
State Business Records................................................................................................................................ 354
Date of Birth Records................................................................................................................................. 355
Social Security Records............................................................................................................................... 355
Vehicle Identification Number Search................................................................................................... 356
Vehicle Registration Search....................................................................................................................... 357
Campaign Contributions................................................ ............................................................................ 358
Criminal Information.................................................................................................................................. 358
Voter Registration Records....................................................................................................................... 361
Virtual Currency Records.......................................................................................................................... 362
CHAPTER 19: Software Applications................. ............................................................... 363
Video Utilities............................................................................................................................................... 364
Video Download.......................................................................................................................................... 367
Video Metadata.............................................................................................................................................. 369
Google Earth................................................................................................................................................. 370
Creepy.............................................................................................................................................................. 372
Exif Tool................................................................................................................................... ..................... 373
HTTrack........................................................................................................................................................... 374
4K Stogram...................................................................................................................................................... 374
CamStudio........................................................................................................................................................ 375
Lightshot Capture.......................................................................................................................................... 376
SmartDeblur..................................................................................................................................................... 377
FOCA................................................................................................................................................................ 378
ExtractFace...................................................................................................................................................... 380
SEO Spider...................................................................................................................................................... 381
Domain Hosting View................................................................................................................................. 381
IP Net Info....................................................................................................................................................... 382
CCleaner........................................................................................................................................................... 382
BleachBit........................................................................................................................................................... 382
VeraCrypt......................................................................................................................................................... 383
KeePassXC.......................................................................................................................................... 385
Recuva............................................................................................................................................................... 385
CHAPTER 20: Application Programming Interfaces (APIs)........................................... 387
Pipl..................................................................................................................................................................... 389
Full Contact..................................................................................................................................................... 392
Flickr................................................................................................................................................................. 396
Reverse Caller ID.......................................................................................................................................... 397
Service Objects...............................................................................................................................................398
TowerData...................................................................................................................................................... 399
Have I Been Pwned...................................................................................................................................... 401
Hacked-Emails............................................................................................................................................... 402
CHAPTER 21: Android Emulation...................................... 405
Genymotion........................................... 406
Genymotion Configuration.................................................................................................. 406
Google Apps Installation........................................................................................................................... 409
Android Apps............................................................................................................................................... 412
Contact Exploitation........................................................................................................... -..................... 415
Virtual Device Cloning......................................................................................................... 416
Virtual Device Export................................................................................................................................ 417
Additional Android Emulation Options............................................................................................... 418
CHAPTER 22: Recon-ng.................................................................................................... 419
Recon-ng Commands................................................................................................................................. 419
Recon-ng Workspaces.................................................................................... 421
Recon-ng Modules................................................................................................................ 422
Recon-ng Reports........................................................................................................................................ 424
CHAPTER 23: Radio Frequency Monitoring................................................ 431
Hardware....................................................................................................................................................... 431
Software to Find Radio.............................................................................................................................. 431
Public Frequencies.......................................................................................................................................432
Wireless Monitors........................................................................................................................................ 435
Wireless Microphones................................................................................................................. -............. 436
Online Databases......................................................................................................................................... 437
Online Streaming Frequencies................................................................................................................. 440
CHAPTER 24: OSINT Workflow Processes..................................................................... 443
Email Addresses..... <....................................................................................................................................445
User Names................................................................................................................................................... 446
Real Names................................................................................................................................................... 447
Telephone Numbers................................................................................................................................... 448
Domain Names............................................................................................................................................449
Locations....................................................................................................................................................... 450
CONCLUSION:.................................................................................................................. 457
INDEX: ................................................................................................................................ 458
About the Author
Michael bazzell
Michael Bazzell spent 18 years as a government computer crime investigator. During the majority
of that time, he was assigned to the FBI’s Cyber Crimes Task Force where he focused on open
source intelligence, cyber-crime cases, and personal data removal methods. As an active
investigator for multiple organizations, he has been involved in numerous high-tech criminal
investigations including online child solicitation, child abduction, kidnapping, cold-case
homicide, terrorist threats, and high-level computer intrusions. He has trained thousands of
individuals in the use of his investigative techniques and privacy control strategies.
Michael currendy works and resides in Washington, D.C. He also served as the technical advisor
for the first season of the television hacker drama Mr. Robot. His books Open Source
Intelligence Techniques and Hidingfrom the Internet have been best sellers in both the United
States and Europe. They are used by several government agencies as training manuals for
intelligence gathering and securing personal information.
INTRODUCTION
Sixth Edition
The previous (fifth) edition of this book was originally released in May of 2016.1 assumed that it
would be the final version, and stated in a few communication channels that it would be the last
book I would write on the topic. In that book, I focused more on global techniques instead of
specific resources in an attempt to get some extra mileage out of it Since the first edition was
released in 2012,1 had been pushing out an updated version every year. The fifth edition seemed
like the proper exit for the series. It was not because I was tired of online investigations. I may
be more passionate now about collecting online evidence than I ever was before. I simply wanted
to focus more energy toward other interests and opportunities, and I began spending a large
amount of my time researching advanced privacy techniques.
In that down-time, I co-wrote The Complete Privacy & Security Desk Reference, and started a
weekly podcast titled The Complete Privacy Security Podcast. I also launched a new company
dedicated to assisting other people in disappearing completely when bad situations arose.
Whether conducting online data-mining removals for privacy; facilitating property purchases
through the use of anonymous land trusts and LLCs for asset protection; or complete relocations
to safe houses in the middle of the night for protection, it was a fascinating two years of research
and execution.
In late 2017, I had the itch to begin writing about online research methods again. Earlier that
year, I co-created a Linux virtual machine targeted toward research professionals that included
numerous utilities never mentioned in my previous books. This pre-configured operating system
gained a lot of public interest and we continue to update it twice yearly. Over the past two years,
I updated my online research tools every month in order to continue to provide functional
resources. I kept a running log of all of the changes that might need more explanation. In eariy
2018,1 started documenting all of this, plus some of my favorite new Linux tools, in written form
with anticipation of creating a supplement to the fifth edition of this book. Within a couple of
weeks, I realized that the entire book should be re-written and released as a new edition. I have
always self-imposed a “rule” in reference to my book revisions. The potential release must include
at least 25% brand new material, 25% updated content, and 25% untouched stable and beneficial
techniques. I believe that this sixth edition meets this criteria.
Keeping a book up to date about ways to access information on the internet is a difficult task.
Websites are constandy changing or disappearing, and the techniques for collecting all possible
public information from them are affected. While the fifth edition of this book is still highly
applicable, a lot has changed over the past two years. Much of this book contains new techniques
that were previously not available. The Facebook Graph search options continue to grow
considerably. I have also created several new online search tools to help with the investigative
process. While Twitter and Instagram took away a few features, there is an abundance of new
techniques available to all of us. Finally, a surge of Python tools has bombarded us with new
capabilities never available before. It is a very exciting time for internet investigations.
The first chapter helps you properly configure your online investigation computer. It briefly
discusses proper security protocols and free software. Great emphasis is placed on proper use of
secure web browsers. A major change since the previous edition was the launch of Firefox version
57. In this update, all legacy add-ons were eliminated. If the add-ons were not upgraded to
Firefox’s new requirements, the tools no longer work. We lost some great resources, but this
chapter will outline some new benefits.
A brand-new chapter explains the importance of virtual machines and instructs you on making
your own or using a pre-configured option called Buscador. This virtual machine, co-created by
David Westcott and myself, takes away the technical difficulties of installing custom Python
applications, and leaves the user with a point-and-click environment ready for any type of
investigation. Users of any skill level can now take advantage of Linux-based applications once
restricted to those that understood programming and terminal prompts. With proper use of this
system, you will no longer need to worry about viruses or malware. Dozens of applications, all
included in Buscador, are explained in great detail in Chapter Two.
The remaining chapters are structured a bit differently from previous editions. Instead of trying
to combine related topics into a single chapter, such as “Telephone Numbers & Addresses” or
“Domains & IP Addresses”, each category now has its own chapter. This allowed me to really
delve into each topic and isolate the various techniques.
Fortunately, knowing methods for accessing data on one website often carries over nicely to
other websites. This entire sixth edition was accurate as of February 2018. If, or more likely when,
you find techniques that no longer work, use the overall lessons from the entire book to push
through the changes and locate your content. Once you develop an understanding of the data,
you will be ready to adapt with it. As always, I will publish updates to my online blog and free
newsletter.
I will also post new video tutorials for the members of my online training program. You can
access all of this, including my current investigation tools and links, on my website located at
IntelTechniques.com. More importantly, please consider joining my free online forum at that
address. This is where you will hear about all of the amazing OSINT techniques and methods
that are being discovered every day from some of the brightest minds in online research. There
are currently over 4,000 registered users, some of whom are active daily.
Ill
Open Source Intelligence (OSINT)
Open Source Intelligence, often referred to as OSINT, can mean many things to many people.
Officially, it is defined as any intelligence produced from publicly available information that is
collected, exploited, and disseminated in a timely manner to an appropriate audience for the
purpose of addressing a specific intelligence requirement For the CIA, it may mean information
obtained from foreign news broadcasts. For an attorney, it may mean data obtained from official
government documents that are available to the public. For most people, it is publicly available
content obtained from the internet.
What is this book?

Overall, this book includes several hundred sources of free and open data which could identify
personal information about anyone. All of the resources are 100% free and open to the public.
Each resource is explained, and any creative search techniques involving the resource are detailed.
When applicable, actual case examples are provided to demonstrate the possibilities within the
methods. The book can be read in any order and referenced when a specific need arises. It is a
guidebook of techniques that I have found successful in my investigations.
Locating this free online information is not the final step of OSINT analysis. Appropriate
collection methods will be detailed and referenced. Whether the data you obtain is for an
investigation, a background check, or identifying problem employees, you must document all of
your findings. You cannot rely on the information being available online forever. A website may
shut down or the data may be removed. You must preserve anything of interest when you find
it. The free software solutions presented here will help you with that.
OSINT search techniques do not apply only to websites. There are many free programs that
automate the search and collection of data. These programs, as well as appEcation programming
interfaces, will be explained to assist the advanced investigator of open source intelligence.
In summary, this book is to serve as a reference guide to assist you with conducting more accurate
and efficient searches of open source intelligence.
What the book is not...

This is not a debate about the ethics or pohtics of online reconnaissance for personal information.
It is not a historical look at OSINT or a discussion of administrative poEcy. There are better
books that tackle these subjects. Furthermore, it is not a how-to guide for criminals to steal your
identity. Nothing in this book discusses illegal methods of obtaining information.
Book Audience
When I first considered documenting my OSINT techniques, the plan was to post them on my
website in a private area for my co-workers. This documentation quickly turned into over 250
pages of content including screen shots. It had grown too big to place on my site in a manner
that was easy to digest. I changed course and began putting together this book as a manual to
accompany my multiple-day training sessions. I now hope that a wider investigation community
can gain something from these techniques.
Many readers are in some form of law enforcement. Police officers can use these techniques to
help locate missing children or investigate human trafficking. Intelligence analysts can apply these
methods to a large part of their daily work as they tackle social media posts. Detectives can use
the search techniques to re-investigate cases that have gone unsolved.
I now offer my online and Eve OSINT training to the private sector, especially global security
divisions of large corporations. This book can help these teams locate more concise and
appropriate information relative to their companies. These methods have been proven successful
for employees that monitor any type of threat to their company, from physical violence to
counterfeit products. I encourage the use of these techniques to institutions that are responsible
for finding and eliminating “bad apples”. This may be the human resources department, appEcant
processing employees, or “head hunters” looking for the best people. The information about a
subject found online can provide more intelEgence than any interview or reference check.
Parents and teachers are encouraged to use this book as a guide to locating social media content
posted by children. In many households, the children know more about the internet than the
adults. The children use this to their advantage and often hide content online. They know that it
will not be located by their parents and teachers, and often post inappropriate content. This book
can empower the adults and assist with identifying important personal information.
A large portion of my intended audience is private investigators. They can use this book to find
information without possessing a deep understanding of computers or the internet. ExpEcit
descriptions and occasional screen captures wiU ensure that the techniques can be recreated on
any computer. Several universities have adopted this book as required reading, and I am honored
to play a small role in some amazing courses related to network security.
I realize that people who use these techniques for devious purposes will read this book as weU.
Colleagues have expressed their concern about this possibibty. My decision to document these
techniques came down to two thoughts. First, anyone that reaUy wants to use this information in
maEcious ways will do so without this book. There is nothing in here that could not be dupEcated
with some serious searching and time. The second thought is that getting this information out to
those that will use it appropriately is worth the risk of a few people using it for the wrong reasons.
Please act responsibly with this information.
Custom Search Tool
Throughout this book, I reference several custom search tools that I created to assist with
automated queries. I have made available a single repository of every resource discussed in this
guide, including the multiple custom search tools. This is presented in an easy to use format with
search topics on the left and dedicated query tools within the main area. It can be found at the
“Tools” tab of my website IntelTechniques.com. This complete archive may be useful as you
complete the tutorials within this book. The image below displays the current state of the tool
using the custom Facebook search options.
IntelTechniques fl Michael Bazzell

OSINT Trainer &
Search Tool Privacy Consultant
Online Training Live Training Services Toots Forum Blog Podcast Books Bto Contact
Custom Facebook Tools

OSINT LINKS
SEARCH ENGINES Search Target Profile: Locate Target Profile:
FACEBOOK GO (Account by Email)

GO (Account by Cell)
TWITTER GO (Displays User Number)
INSTAGRAM
GO (Populate All)
USER NAME
GO (Places Visited)
REAL NAME GO (Recent Races Visited)
GO (Places Checked In)
EMAIL ADDRESS GO (Places Liked)
GO (Pages Liked)
TELEPHONE NUMBER
GO (Photos By User)
GO (Photos Liked)
DOMAIN NAME
GO (Photos Of 'Tagged)
GO (Photos Comments)
IP ADDRESS
GO (Photos Interacted)
YOUTUBE GO (Photos 1 nteresied)

(Photos Recommended For)
REVERSE IMAGE (Apos Used) Multiple Variable:
(Videos)
REVERSE VIDEO (Videos Of User) Name AND
(Videos Tagged)
DOCUMENTS (Videos By User) Search
_
The IntelTechniques Custom Search Tools page.
Finally, a parting thought before you begin your journey through OSINT analysis and collection.
This book was written as a reference guide. It does not need to be read straight-through. I
encourage you to skip around when needed or if you feel overwhelmed. The second chapter
about Linux may make you want to abandon the teachings before ever utilising an online resource
or website. When you encounter material that seems too technical or not applicable, please move
on to the next topic. The book is suitable for all skill levels, and there is something here for
everyone. You can always return to advanced topics later.
Chapter One
Prepare your computer
The first four editions of this book began with search engine techniques. Right away, I offered
my methods for collecting online information from various popular and lesser known search
websites. This may have been due to my own impatience and desire to “jump in” and start finding
information. This edition will begin much differendy. Before you attempt any of the search
methods within this book, I believe you should prepare your computing environment.
I was motivated to begin with this topic after teaching a multiple-day OSJNT class. On day two,
several attendees brought laptop computers in order to attempt the techniques I was teaching
during the course. During a break, I observed police officers searching Facebook on patrol
vehicle laptops; private investigators using Windows XP while browsing suspects’ blogs; and
global security professionals looking at hacker websites without possessing any antivirus software
or script blockers.
I have also been guilty of all of this. Early in my career of researching OSINT, I did not pay any
attention to computer security or proper browsing habits. While I was aware of malicious
software, I knew I could re-install Windows if something really bad happened. This was reactive
thinking. I believe that we must all proactively attack vulnerabilities in our privacy and security
while conducting online research. This chapter is not meant to be a complete guide to computer
security or a manual for total privacy. Instead, I hope to quickly and efficiently propose the most
beneficial strategies that will protect you from the majority of attacks. Applying the changes
mentioned in this chapter will provide a valuable layer of security to your online investigations
and overall computing habits. In the next chapter, I present my solutions for guaranteed
protection during online investigations.
The most basic place to start is your antivirus. It is likely that most readers already have an
antivirus solution and are insulted at the mention of it in a book like this. I will keep my thoughts
very brief. If you are using Microsoft Windows, you absolutely need antivirus software. If you
are using an Apple computer, you might not Antivirus applications only protect against known
variants of viruses. They do not stop everything. A new virus can often bypass the best software
detection solutions. A better defense is applying better browsing habits instead of relying on an
application.
There are a dozen popular antivirus companies that will provide a free solution. For most
Windows users, I simply recommend to use Microsoft’s products. Users of Windows 7 should
use Microsoft Security Essentials while Windows 8 and 10 users should use the default Windows
Defender included with their installation. Privacy enthusiasts will disagree with this advice, and I
understand their stance. Microsoft products tend to collect your computer usage history and
analyze the data. Unfortunately, their core operating systems also do this, and it is difficult to
disable long term. Therefore, I believe that Windows users are already disclosing sensitive
information to Microsoft Using their antivirus solutions will not likely enhance the data being
collected.
Mac users do not have any built-in antivirus protection, and most do not need any. The software
architecture of Mac computers is much more secure, and viruses are rare (but they do still occur).
I no longer recommend the free commercial products such as Avast, Kaspersky, and others. They
tend to be more of an annoyance than helpful, and their business practices can be questionable.
However, I do believe that it is irresponsible to have absolutely no protection whatsoever. When
I conduct investigations from a Mac computer, I possess an open-source antivirus solution called
ClamAV.
ClamAV (not to be confused with the unnecessary paid option of ClamXAV), is a community-
driven antivirus database, which is freely available to anyone. It usually does not score very high
on “Top 10 Antivirus” websites, which are usually paid advertisements. However, it is completely
free, does not run on your system non-stop, only executes when you desire, and can be completely
removed easily. Unfortunately, there is no easy software installation process, and no point-and-
click application. You will need to manually update the database through a Terminal command,
then scan your system from the same prompt. ClamAV does not remove any viruses, it only
discloses the presence and location of suspicious files. In my use, ClamAV has never found a
virus that impacted a Mac computer. Instead, it has identified numerous malicious files that target
Windows machines, but were present on my system (mostly as email attachments). This
notification allowed me to manually remove those files, which could prevent future infection of
my Windows virtual machines. If you have concerns about having a “naked” Mac with no
antivirus, the following instructions will configure your Mac to be better protected.
First, you must install a package manager called Brew. This program is very beneficial when there
is a need to install programs that would usually already be present on a Linux computer. It also
happens to have a pre-configured version of ClamAV ready to go. The easiest way to install Brew
is to visit the website brew.sh and copy and paste the following command into the Terminal
application (Applications > Utilities > Terminal).
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/niaster/install )"
After Brew is installed, type the following commands, hitting “Return” after each line, into the
same Terminal application used previously.
brew install clamav

cd /usr/local/etc/clamav/
cp freshclam.conf.sample freshclam.conf
sed -ie 's/AExample/#Example/g’ freshclam.conf
These steps will install ClamAV, switch to the installation directory, make a copy of the
configuration file, and then modify the configuration file to allow ClamAV to function. You are
now ready to update your antivirus database and conduct a scan. Type the following commands
into Terminal.
ffeshclam -v
clamscan -r -i /
The first option will download all virus definition updates, and should be executed before each
scan. The second option conducts a scan of the entire computer, and will only prompt you with
details of found viruses. While it may appear to be dormant, it is working, and will notify you
upon completion. All of these commands must be exact. In order to assist with this, I have
created a web page with all of these commands at IntelTechniques.com/clamav. On a final note
about ClamAV, you may occasionally receive a false-positive report of a virus. Do not panic.
Research the file on the internet and identify the issues. If you receive reports of malicious files
within email, simply delete those messages. The use of ClamAV on Mac computers is more about
preventing the spread of bad files to Windows users instead of protecting your own machine.
Whether on Windows or Mac computers, protection from malicious software, otherwise known
as malware, is vital. Again, there are numerous free options from which to choose. I recommend
Malware Bytes for both Windows and Apple users. It is completely free and thorough. I suggest
executing, updating, and scanning at least once a week on every device that you use.
• Navigate to http://www.malwarebytes.org/ and select the “Free Download” option.

• Conduct a default installation.
• On a weekly basis, launch the program, update the database, and conduct a full scan.
• Malware Bytes will remove any issues it finds.
Your computer should also be cleaned weekly. As you browse the internet and use applications,
unnecessary files accumulate and slow the operating system. I recommend CCleaner for all
Windows and Apple users. It is free and easy to use. It provides a simple interface and is used to
clean potentially unwanted files and invalid Windows Registry entries from your computer. The
following steps will download and install the free version of the application.
• Navigate to http://www.piriform.com/ccleaner/download.
• In the “Free” column, click on “download”.
• Execute the program and accept the default installation settings.
After the installation completes, launch the program. You have several options under the Cleaner
tab that will allow you to choose the data to eliminate. The default options are safe, but I like to
enable additional selections. Clicking on the “Analyze” button will allow the program to identify
files to delete without committing to the removal. This will allow you to view the files before
clicking ‘Kun Cleaner” to remove them. If you are running this program on a computer with
heavy internet usage, you may be surprised at the amount of unnecessary files present The first
time you use this program, the removal process can take several minutes and possibly an hour. If
you run the program weekly, it will finish the process much quicker.
The Registry tab of CCleaner will eliminate unnecessary and missing registry entries. This can
help your computer operate more efficiently. The default options on this menu are most
appropriate. Click on “Scan for Issues” and allow it to identify any problems. This process should
go quickly. When complete, click on “Fix Selected Issues” to complete the process.
The Tools tab provides an easy way to disable specific programs from launching when your
computer starts. These programs can slow your computer down when they are running
unnecessarily. These can be found by clicking the “Startup” button in the left column. I once
selected the Adobe and Java programs and applied the “Disable” button. They were then marked
as “No” and would not launch the next time my computer started. If I wanted to reverse this, I
could select the entries again and choose “Enable”.
Proper antivirus, malware protection, and cleaning solutions will gready enhance your overall
computing experience. It will help your computer to run smoothly and may prevent malicious
files from infecting your operating system. It will help protect the integrity of any online
investigations. I refer to these steps as the “staples”. They are the minimum requirements before
proceeding and apply to any computer user.
Those that want to conduct advanced searches on the internet must progress to another level.
You must upgrade your web browser and stop relying on Microsoft’s Internet Explorer or Edge
browsers. I believe that you should only use one of two web browsers: Firefox or Chrome. Many
of the techniques in this book, especially in the Application Programming Interfaces (APIs)
chapter, will fail when used in conjunction with Microsoft’s browsers. They require a more
sophisticated solution with proper add-ons. I will focus on Firefox first, as it is my preferred
browser for every investigation.
Many readers find that security restrictions on their computers prohibit them from installing any
software, including web browsers. While I have found that downloading portable versions of
Firefox and Chrome eliminate this restriction, my experience is that this action will upset the
computer support personnel that originally enabled the rules. Please research your organization’s
computer use policies before placing any software on company owned machines.
Those in law enforcement should be more cautious than others. Not only could installing
unauthorized software on a government computer violate internal policies, but it could also
jeopardize your case in court If a defense attorney can prove that you violated your own rules
and regulations, regardless of how minor or inconsequential, it leaves an opening to request a
judge to dismiss your entire findings. Please make sure that you always have the proper
authorization to conduct any techniques mentioned in this book.
Firefox (mozilla.org)
The most vital application in this chapter is the Firefox web browser. Most of the search methods
that you will learn throughout this book must be conducted within a web browser. Most people
setde for Internet Explorer or Edge, which is included with Windows. I do not recommend using
those browsers for OSINT analysis. The Firefox browser has enhanced security and a feature
called “add-ons” or “extensions”. These are small applications that work within the browser that
perform a specific function. They will make searching and documentation much easier. I also use,
and encourage others to use, the Chrome web browser when necessary. However, many of the
extensions that I need are only compatible with Firefox. The following instructions apply to any
versions of Firefox, including Windows, Mac, and Linux.
Downloading and installing Firefox is no, different than any other application. Detailed directions
are readily available on their website. The browser will not look much different from the browser
you were previously using. When installing and executing, choose not to import any settings from
other browsers. This will keep your browser clean from unwanted data. The next step is to ensure
your browser is up-to-date. You can check your version of Firefox by clicking on the Menu
button in the upper right (three horizontal lines), then the Help button (?), and finally the option
labeled About Firefox. This will open a new window that will display the version of Firefox you
are running, or a warning that the version you have is out-of-date.
In November 2017, Firefox released version 57 of their browser. These updates usually go
unnoticed by most users, as the changes are minimal. However, this was not the case with 57.
This completely new version of Firefox included major speed improvements, a cosmetic face
lift, and most importandy the elimination of legacy extensions (also called add-ons). In the
previous edition of this book, I spoke of various Firefox add-ons that would enhance your
collection of online information. The majority of these extensions were disabled with this new
release. Some developers updated their software to make these options work with the newest
version of Firefox while others decided to abandon their projects. At the time of this writing,
Firefox is offering an Extended Support Release (ESR) that will safely allow the execution of an
older browser which allows legacy extensions. However, this is a temporary solution, and may
not be an option by the time that you read this. Therefore, I will only focus on long-term options
that should be valid throughout the life cycle of this book.
Before identifying Firefox resources that will aid in our OSINT research, we must first secure
our browser to the best of our ability. While the default Firefox installation is much more secure
than other browsers, we should still consider some modifications. I personally use Firefox for all
of my OSINT investigations, and as my personal web browser. I no longer possess multiple
browsers for various tasks. I believe that Firefox is the most robust, secure, and appropriate
option for almost any scenario. However, I recommend changing the following settings from the
Options (Windows) or Preferences (Apple) menu within Firefox.
General: When Firefox Starts: I choose “Show a blank page’* at this prompt This will make
your browser open faster, and eliminate the unnecessary loading of a default web page.
Privacy & Security: Browser Privacy: Deselect the “Remember passwords for sites” and “Use
a master password” options. When browsers store a password, they usually do not do so in a
secure manner.
Privacy & Security: History: Under the “Firefox will:” option, select “Use custom settings for
history” from the pull-down menu. This will allow you to choose everything that is stored or
forgotten when you close your browser. Next, uncheck “Remember my browsing and download
history” and “Remember search and form history”. This will prevent Firefox from remembering
any history after your browsing session has closed. Next, check the box that says “Accept cookies
from sites”. This will allow cookies from the sites you visit. Without cookies, it is very difficult
to use social networks, online streaming services, or some search engines. Next, under the
“Accept cookies from third party sites” drop-down, select “Never”. Under “Keep until”, which
refers to how long cookies are retained, select “I close Firefox”. This option will ensure they are
not saved after your browsing session has ended. Finally, check the box that says “Clear history
when Firefox closes”.
Privacy & Security: Firefox Data Collection and Use: Uncheck both of these options This
prevents Firefox from sending data about your session to their servers.
about:config Settings
Firefox allows users to modify many configuration settings, and some of these deal with privacy
and security concerns. Though some of these changes can be made in the preferences menu of
Firefox's preferences, changes made through about: config tend to be more durable and granular.
To access the list of configuration settings, open Firefox and type "aboufcconfig" into the URL
bar. You will receive a warning about making changes within this area, but the modifications we
make will be safe. Choose to accept the risks.
Some of these about:config settings may already be on the "correct" setting, but most probably
will not. To change most of these settings you can simply double-click the setting to toggle it
between "True" and "False". Some may require additional input, such as a number. Because the
list of about:config settings contains hundreds of entries, you will probably wish to search for all
of these through the search bar in the about:config interface.
privacy.trackingprotection.enabled: TRUE: This blocks website tracking.
geo.enabled: FALSE: This disables Firefox from sharing your location.

browser.safebrowsing.phishing.enabled: FALSE: This setting disables Google’s ’’Safe
Browsing’’ and phishing protection. If this setting is "true’’ Google will be able to scan (and store)
the sights that you visit for the presence of malware.
browser.safebrowsing.malware.enabled: FALSE: Again, this disables Google’s ability to

monitor your web traffic for malware, storing the sites you visit.
dom.event.clipboardevents.enabled: FALSE: Many websites will request a notification if you

copy text or images from their website. They may also be notified if you select part of a page.
This setting disables the ability of websites to access this information. Note that this change may
cause issues with copying and pasting text within websites.
media.navigator.enabled: FALSE: Website operators will identify your computer as unique to

enable tracking around the web. One such tactic is to track the status of your webcam and
microphone (ON/OFF). This disables the ability to website operators to see this information.
dom.battery.enabled: FALSE: Another technique used by website operators to track you is to

view your exact battery levels. This setting prevents this information from being shared.
extensions.pocket.enabled: FALSE: This disables the proprietary Pocket service.
WebRTC (Web Real-Time Communications): The next few settings in about:config deal with
the WebRTC vulnerability that can allow your IP address to be leaked, even if using a VPN.
media.peerconnection.enabled: FALSE
media.peerconnection.tum.disable: TRUE
media.peerconnection.use_document_iceservers: FALSE
media.peerconnection.video.enabled: FALSE
It is not vital that all of these security settings be applied to your systems. Firefox natively respects
your privacy and security more than other browsers. These recommendations are for those that
truly want to tweak additional settings that may provide a layer of protection, even if minimal.
Next, I will discuss the biggest benefit of Firefox, which is the abundance of helpful browser
extensions called add-ons.
Firefox Add-ons (Extensions)
There are thousands of extensions available for Firefox. Some are helpful, some are worthless,
and some are just fun. This chapter will discuss thirteen of them. The Firefox add-ons, sometimes
called extensions, detailed here will include a website for each option. You can either visit the
website and download the add-on or search for it from within Firefox. The former is usually the
best way. While Firefox is open, click on the menu in the upper right and then “Add-ons”. This
will present a page with a search field in the upper right comer. Enter the name of the extension
and install from there. The following are my recommendations, in order of importance.
VideoDownloadHelper: Download media from a page with click of a button

Bulk Media Downloader: Download bulk media automatically
FireShot Generate screenshots of partial and entire web pages
Nimbus: Alternative screen capture for large web pages
uBlock Origin: Block undesired scripts from loading
HTTPS Everywhere: Ensure that you are accessing sites through a secure connection
Exif Viewer. Identify Metadata embedded inside a photograph
MJSONViewer View API JSON and XML results properly in a browser
User Agent Switcher: Emulate various browsers and devices
Google Translator Right-click language translation
Image Search Options: Conduct automatic reverse image searches
Resurrect Pages: Enable historical search on deleted websites
Copy All Links: Quickly copy all hyperlinks from a website
The following pages will provide explicit instructions for installing and configuring each of these
add-ons. Alternatively, I have configured each of these into a new Firefox browser and exported
the settings. If desired, import these configurations into your own Firefox browser for a turn-key
solution. This technique will be explained at the end of this section, but I encourage you to
consider customizing your own version of Firefox. If you plan to use the Buscador Virtual
Machine explained in the next chapter, all of these configurations have already been conducted
and are the default option upon boot.
Video Download Helper (downloadhelper.net)
This extension will assist with downloading media that is located during your search. It works
well with videos such as those found on YouTube. When this extension is enabled, an icon will
appear within your browser that looks like three grey circles. Any time you open a website that
includes media content, such as a video, these circles will turn to full color. This is an indication
that the media on the page can be extracted. While this add-on will work immediately after
installation, I have found specific configuration changes to be helpful to OSINT investigators.
• Click on the icon placed in your menu bar and select the icon for “Settings”
• Click the Behavior tab and change the Max concurrent downloads to 20
• Change the Max Variants to 99
• Select the Hide ADP Variants option
When downloading videos, especially from YouTube, the ADP format requires secondary
conversion software to be installed. I do not like this option as it introduces unnecessary software
to my machine. Furthermore, I never want to convert video evidence. I simply want to extract
the options available directly from the source. Therefore, eliminating the ADP options from our
view as explained above reduces the chance of downloading undesired content. In Figure 1.01
(left), the ADP options are present and would not be ideal download choices. In the example on
the right, I have eliminated these choices and I am presented with more appropriate options.
You can now extract embedded media files from websites by clicking the icon and selecting the
appropriate file. If your desired media is going to be used in court, I recommend downloading
all sizes available. If you only want a personal archive, the largest size should be downloaded.
You will now have a pure digital extraction of the target video. This is better than a screen capture
or recording of the video because there is no loss of data or analog conversion. If downloading
a large number of videos, consider the custom script that will be explained in the next chapter.
519 Open Source Intelligence What I tear...

O ; 280x720 - HD720 - MP4
O 480x360 •* Metiu'n - MP4
I O 480x360 ■ Medium - WEBM
o
O '78x144 - la* - 3GPP
Figure 1.01: Menu options from Video Download Helper.

This add-on can make downloading a large amount of media files easy. If you locate a page of
several audio or video files, it can be time consuming to save them all manually. Additionally, you
run the risk of accidentally skipping a file. Bulk Media Downloader provides a solution. As an
example, I navigated to Twitter and searched the word Video. This presented hundreds of
embedded videos within a single page. I launched Bulk Media Downloader, which displayed a
pop-up option over my browser. In this pop-up, I can select specific file types such as Video or
Audio. I chose only the Video option and reloaded the Twitter page in the background. The Bulk
Media Downloader tool began populating video links as I scrolled down the Twitter page. Figure
1.02 displays the result. Clicking the Download button retrieved all of the videos in MP4 format
as seen in Figure 1.03. This utility works well on sites that have a large number of embedded
audio or video files, as well as those that contain numerous documents. You can easily select or
deselect entries individually, or select categories at the bottom that fit your needs.
Type (video) • Size (100k)* ■ Link
a viceo/mp4 371,3 KB https:rfvkjeo.twi/ng. com/extjw.,.,video/939263i 26792482817/pu/'viC/360x64Q/"KQjiEBR6DvfRueWA mt
3 video/mp2t 120.4 KB httpsrfvtoeo.twimg.con'VexlJw video/93926274095011840G>'pu/vid'Q'3000/'l80x320/DoGvoT8AZTZ
3 viceo/mp2t 348.5 KB https27video.twimg.conVext_tw._video,'93926274095011840G-puMd.'0,'3000/360x640.',rxBcaB'’J''-4F LM
© viceo/mp2t 324 2 KB httpsJ/video.twlmg.com/exi_tw_viceo/9392627409501184 0C7pa/vid/3000/60(Xy360x64a'EeoOSqPOa
a videa'mpZt 309.5 KB httpsrfvideo.twimg.com/exl_tw_video/93926274095011 &400.ipu/vid.‘6000Ii9000/360x640.'xQz 1 l8mG(D
a video/mp2t 362.6 KB https :/Mdeo.twimg.conVext_tw_video/93926274C950’1840C/pu.,'vid.(9C00/1200G’'360x6407RnSz6Tt5c
3 video.’mp2t 372.9 KB https://Video.twimg.com/ext_tw_video/'93926274C9S0i1840G/pu/vid.'12000;15000.'’36Cx64G/Yes2a9!«. t
a video/mp2t 405,4 KB httpsrfMdeo.twimg.com/ext_tw_video,,93926274C95C'1840Gi'pu.''vid/1500C/T8000/36Cx64C/C9829P\V
s video,'mp2t 365 .7 KB https:/,'‘vicea.twiing.corr>j'exltv.viceo/'93926J74C950i 18400/pui’vic'180O0Z2i000/36Cx64O'lh95gO-N
a video/mp2t 376.4 KB https2/video.twmg.com/exl_twvideo/9392627409K}11840C/tMi/vtd/21000724(XX)/360x64C.'VP21cWa;
video,'mp2t 305.3 KB https://video.twimg.com/ext_tw _viceo/93926274C950i18400/pu/Vid/2400Q/27000.'‘36G<64(VgnZ,aAbE
video/mp2t 272.8 KB https:/A4deo.twimg.com/ex!_.tw_viceo/93926274C950'1840Gipu.'vid/2700G'30000/36Cx64G'SB34EoGt
□ All files O Application □ Image Pt Video O Audio O Archive □ Document □ Tab
Pause Downioad (browser; Copy Links
Figure 1.02: A Bulk Media Downloader window.
Nam : Size Kind * DsteAddmf

1 jTBYZGep3yZ50Oje.mp4 490 KB MPEG-4 movie Today at 2/54 PM
Bl kglhE8R6DvtRuaWA.mp4 380 KB MPEG-4 movie Today at 2-44 PM
H kglhEBR6DvfRuaWA(1).mp4 380 KB MPEG-4 movie Today at 2:45 PM
II KglhE8R6Dv(RtjaWA(2).mp4 380 KB MPEG-4 movie Today at 2/54 RM
Ml K!dRNeShw04rpStT.rnp4 174 KB MPEG-4 movie Today at 2:54 PM
. RLHhavXykOkySwILmpA 271 KB MPEG-4 movie Today at 2:54 pm
1$ si6UlkTQNocfGGs.mp4 . 388 KB MPEG-4 movie Today at 2:45 PM
si6UlkTQNocfGGs(1).mp4 388 KB MPEG-4 movie Today at 2 64 PM
Figure 1.03: Files extracted from Twitter with Bulk Media Downloader.
Documenting and archiving your progress with an OSINT investigation is as important as the
intelligence discovered. The general rule is that if you do not have proof of your findings, then
they never existed. FireShot provides you with an easy solution to capturing all of your results.
When enabled, this extension is a button in the upper right portion of your browser. It appears
as a blue square containing the letter “S”. Clicking the icon presents a menu with options. The
best option is to select “Capture entire page” and then “Save to PDF”. This will then create a
PDF document of the entire page exactly as it appears in your browser and save it to anywhere
you choose. The file can later be archived to a removable storage device. The title of the
document will match the title of the web page and it will include the URL of the selected page.
This method is preferred over a standard screen capture for several reasons. A typical screen
capture only captures the visible area and not the entire page. You must then open a program
into which you “paste” the data and then save the file. The FireShot extension automates this
and saves it in a format that is difficult to edit This can be beneficial during testimony.
By accessing the “Options” area of the menu, you can assign customized naming features. Click
“Show filename template settings” in the options page and change the default value to the
following.
%n-%u-%t-%y-%m-%d-%H-%M-%S
Be sure to “Apply” and then “Save”. This setting will change the default name of each page
capture. Each file will be named a numerical value, followed by the website URL, followed by
title, and followed by the date and time of capture. Changing the %n value to 0 and the Pad
option to 3 will ensure that your captures always start with a numerical value of 0 and ascend
chronologically. This can help determine the order of the evidence that you retrieved. Figure 1.04
displays a typical series of results. Notice that you can quickly see the order captured (first three
digits), target website, description, and date & time.
OOO-https.__ OSthlT TraWng by Mtcha^~20l7*12-08-14~2l- ,16.pdf

® 001-https„_privacy-trainlng.conv.-Privacy Training created by Michael Bazzell-2017-12-08-14-21-48.pdf
W 002-https_twittercorrL,^telTechniques-Michaei Bazzell (^IntelTechniques) I Tw_-2017-12-08-14-22-10.pdf
Figure 1.04: Results from FireShot screen captures.

While FireShot is my preferred screen capture utility within Firefox, there are some instances
where it does not perform well. If you have a target’s Facebook page that has a lot of activity
present, this may create a screen capture too large for FireShot The rendering process will likely
expend all of the computer’s video memory and fail to create the file. When this happens, I use
Nimbus as my first backup. Nimbus allows you to specify whether you want to capture only the
visible portion of the page, the entire page, or a custom selection from the page. Hie drop-down
menu presents these choices and the result is saved as a PNG file. This is not optimal for online
investigations, but is better than no capture at all. Another feature of Nimbus is the ability to
manipulate captures. I believe that this is bad practice as we usually want to provide the most
authentic and accurate evidence as possible. I do not want to manipulate any potential evidence.
Therefore, I recommend the following configurations.
• Click on the Nimbus icon and choose the “gear” icon in the lower-right
• In the Filename Template, insert {uH}-{tide}-{date}-{time}. This will name every

capture with the URL and tide of the target website along with date and time of capture.
• Check the Enable Quick Capture option and select the Entire Page option in the first
row and Download option in the second row.
After these changes, clicking the Nimbus icon in the menu bar will no longer present a menu
with options. Instead, it will automatically select the entire page, apply the proper file naming,
and download the capture as a maximum quality PNG file to your Desktop. While a PDF file
created with FireShot is the preferred file format, a PNG file has other advantages. The PNG file
is more universal and does not require PDF viewing software such as Acrobat Reader. However,
PNG files are easy to edit, and establishing the integrity of the file may be difficult I believe that
Nimbus should be used as a supplement to FireShot.
One common failure of both FireShot and Nimbus is the capture of extremely large Facebook
and Twitter pages. While this is rare on computers that have ample resources such as processing
power and RAM, it can be quite common on older machines with low specifications. Surprisingly,
I have found FireShot to work better on large Twitter profiles and Nimbus to be best for large
Facebook pages. I have no logic to offer for this discovery. Again, having both at our disposal
will make us better prepared for online evidence collection.
uBlock Origin
In the previous edition of this book, I recommended NoScript as my choice of script blocker. I
no longer use NoScript at all. During the transition to Firefox 57, NoScript changed drastically.
It became much more convenient to use, at a cost of functionality. We were no longer given
granular control of the data that is passed through our browser, and lost several features required
for private and secure browsing. I also previously recommended Adblock Plus and Disconnect
as privacy add-ons that would help stop unwanted ads, tracking, and analytics. These are no
longer present on my systems. I now only use uBlock Origin, as it replaces all three of the
previous options. This section may seem a bit overwhelming, but experimenting with the
advanced settings should help you understand the functionality. Let’s start with the basics.
Install uBlock Origin from the Firefox add-ons page or direcdy by navigating to the application’s
website at https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/. You are now
protected on a basic level. By default, most known invasive advertisements, tracking code, and
malicious content is blocked. This step alone would provide much needed protection from the
internet. However, we can take it a step further.
Click on the uBlock Origin icon in the menu and select the Dashboard icon to the right This will
open a new tab with the program’s configuration page. On the Settings tab, click the option of
“I am an advanced user”. This will present an expanded menu from the uBlock Origin icon from
now forward. Click on the 3ld-Party Filter tab and consider enabling additional data sets that will
protect your computer. I select all options within the Ads, Privacy, Malware Domains, and
Annoyances categories. After you have made your selection, click the Update Now button at the
top of the page. This will refresh all of the data and apply your new settings. You now have
extended protection that will be applied to all visited websites without any interaction from you.
When you encounter a web page with a lot of advertisements, such as a news media website, it
should load much faster. It will block many of the pop-ups and auto-play media that can be quite
annoying when conducting research. This protection will suffice for most users, but dedicated
OSINT analysts may choose to take a more advanced approach.
After you have enabled the Advanced settings as explained above, clicking on the uBlock Origin
icon should now present an expanded menu that will change as you visit different sites. In order
to explain the function of this menu, I will conduct a demonstration using the website cnn.com.
Figure 1.05 displays the default view. While this book is printed in black and white, your view
will be in color, and likely all options will appear grey. Scrolling down this list of scripts that have
either been loaded or blocked, you can see several questionable scripts such as Facebook,
Sharethrough, and Turner. These scripts allow tracking across multiple websites and are the
technology responsible for monitoring your interests, web history, and shopping habits.
This menu is split into three columns. The first simply identifies the type of code or domain name
of the script The second column is global settings. Anything changed here will apply to all
website visits. The third column contains settings for the current website. A single plus sign (+)
Another random document with
no related content on Scribd:
“You have certainly been misinformed,” said she; “you are
welcome to search the house, but be assured you will find no such
men here.”
“Come, come, my little fair un, that is all in my eye and Betty
Martin. Here they are, this is certain, and we are determined to make
our quarters good till we find them out;” and away they went to
search the other apartments of the house.
Meanwhile our charming little protectress, alarmed at the
threatened siege, and fearing that we would be starved into a
surrender, took the opportunity, while the gang were rummaging the
parlour and some other bedrooms, to supply our garrison with
provisions. A basket with boiled ham, a couple of capons, a
household loaf of ample dimensions, half-a-dozen of brown stout,
the family bottle of excellent stingo, and a can of water, were
expeditiously handed up the vent. This supply set our minds quite at
ease, as we knew it would enable us to stand a week’s close siege. Our
patience, however, was not put to this trial, for the gang, after a two
hours’ vigilant search, abandoned their pursuit in despair, and
departed.
We could not, of course, think of venturing up to Bristol to look
after our wages, so we employed our landlord to perform this duty.
After a good many vexatious delays, we succeeded in getting our
money, paid off all scores, and began to think how we were to
dispose of ourselves. My companion Lindsay was so deeply smitten
with the charms of one of the youthful sirens, that he found it
impossible to depart; and I had to concert all my future projects
alone, and leave him bound in Cupid’s silken chain.
My blue jacket and fringed dimity trousers, my check shirt and
scarlet vest, were at once discarded, and their places supplied by
articles of a more landward appearance. I knew that it would be
impossible to travel the country safely in seaman’s dress, so I
determined to try my fortune as a beau. The body of Bill Bobstay
incased in a ruffled shirt, silk vest, white stockings, breeches
buttoned at the knees, and a swallow-tailed coat, presented such a
curious spectacle, that he himself could scarcely help laughing at it,
and it seemed to produce the same effects on the landlord’s
daughter, as she with a witching smile chucked up my chin, until she
arranged the bights and ends of my white neckcloth, according to the
most approved form. She took as long to perform this little office as I
could have rigged in toto, and seamen are never backward in acts of
courtesy, when the ladies are concerned. Her ruby lips were all the
while within marlingspike’s length of my own, and how could I avoid
saluting them?
Thus equipped, I set out on foot for Bath, but as I had no business
to perform in that city of invalided nabobs, I immediately took coach
for London, and after travelling all night, I, on awaking from a short
nap, found myself rattling over the stones at Hyde Park corner.
My object was to procure a passage to the northward, in one of the
Leith or Berwick smacks, and I expected in eight or ten days, after an
absence of as many years, to set foot once more on my native soil. As
soon therefore as the coach stopped in Piccadilly, I alighted, and
knowing the bearing by compass of London Bridge, I, without
waiting to breakfast, winded my way through the Haymarket, past
Charing Cross, along the Strand, Fleet Street, and Ludgate Hill, till I
arrived at St Paul’s. From this point I took a fresh departure, and
holding as nearly as cross streets would admit, a south-easterly
course, gained Thames Street, and soon found myself in the vicinity
of the Tower.
Smartly as I had moved my body along, my imagination, as is
usual with me, had got a long way a-head. It had obtained a passage,
secured a fair wind, landed me on the pier of Leith, and was
arranging my introductory visit to my friends, so as to produce the
greatest sum of agreeable surprise. But there is much, says the old
proverb, between the cup and the lip. In the midst of this agreeable
reverie, as I was crossing Tower Hill, I found myself tapped on the
shoulder, and on looking round, was accosted by a man in seaman’s
dress in the words, “What ship?” I assumed an air of gravity and
surprise, and told him I apprehended he was under some mistake, as
my business did not lie among shipping. But the fellow was too well
acquainted with his business to be thus easily put off. He gave a
whistle, the sound of which still vibrates in my ear, and in a moment
I was surrounded by half-a-dozen ruffians, whom I immediately
suspected, and soon found out to be the press-gang. They dragged
me hurriedly through several lanes and alleys, amid the mingled
sympathy and execrations of a numerous crowd, which had collected
to witness my fate, and soon landed me in the rendezvous. I was
immediately ushered into the presence of the lieutenant of the gang,
who questioned me as to my name, country, profession, and what
business had led me to Tower Hill. Totally unexpecting any such
interruption, I had not thought of concocting any plausible story, and
my answers were evasive and contradictory. I did not acknowledge
having been at sea; but my hands were examined, found hard with
work, and discoloured with tar. This circumstance condemned me,
and I was remanded for further examination.
Some of the gang then offered me spirits, affected to pity me, and
pretended to comfort me under my misfortune, but like the
comforters of Job, miserable comforters were they all. The very
scoundrel who first seized me put on a sympathising look, and
observed what a pity it was to be disappointed when so near the
object of my wishes. Such sympathy from such a source was truly
provoking; but having no way of showing my resentment, I was
constrained to smother it.
In a short time I was reconducted into the presence of the
lieutenant, who told me, as I was already in his hands, and would
assuredly be kept, I might as well make a frank confession of my
circumstances. It would save time, and insure me better treatment.
What could I do? I might indeed have continued silent and sullen,
but of what service could this prove? It might, or might not, have
procured me worse treatment, but one thing I knew well, it would
not restore me to liberty. I therefore acknowledged that I had been a
voyage to the West Indies, and had come home carpenter of a ship.
His eye brightened at this intelligence.
“I am glad of this, my lad. We are very much in want of carpenters.
Step along with these lads, and they will give you a passage aboard.”
The same fellows who had first seized me led me along the way we
came, handed me into a pinnace lying at Tower Wharf, and before
mid-day I was safely handed on board the Enterprize.
What crosses and vexations, and reverses and disappointments,
are we mortals destined to meet with in life’s tempestuous voyage! At
eight in the morning I entered London a free agent, elated with joy,
and buoyed up with hope. At noon I entered a prison ship, a
miserable slave, oppressed with sorrow, and ready to despair.
Despair, did I say? No. I will have nothing to do with that disturber
of human peace. When misfortune befalls us, we are not to sit down
in despondency and sigh. Up and be doing, is the wise man’s maxim,
and it was the maxim I was resolved to observe. What befell me on
my arrival on board the Enterprize, what reception I met with, and
what mirth I excited as I was lowered into the press-room, with my
short breeches and swallow-tailed coat—what measures I exerted to
regain my liberty, and what success attended these measures—the
space at my disposal prevents me setting forth.—Paisley Magazine.
THE LAIRD OF COOL’S GHOST.
Upon the 3d day of February 1722 at seven o’clock in the evening,

after I had parted with Thurston, and coming up the burial road, one
came up riding after me. Upon hearing the noise of the horse’s feet, I
took it to be Thurston; but looking back, and seeing the horse of a
gray colour, I called, “Who’s there?” The answer was, “The Laird of
Cool; be not afraid.” Looking to him with the little light the moon
afforded, I took him to be Collector Castlelaw, who had a mind to put
a trick upon me, and immediately I struck with all my force with my
cane, thinking I would leave a mark upon him that would make him
remember his presumption; but although sensible I aimed as well as
ever I did in my life, yet my cane finding no resistance, but flying out
of my hand to the distance of sixty feet, and observing it by its white
head, I dismounted and took it up, but had some difficulty in
mounting again, partly by reason of a certain sort of trembling
throughout my whole joints, something also of anger had its share in
my confusion; for though he laughed when my staff flew out of my
hand, coming up with him again (who halted all the time I was
seeking my staff), I asked him once more who he was? He answered,
“The Laird of Cool.” I inquired, first, if he was the Laird of Cool;
secondly, what brought him thither? and thirdly, what was his
business with me? He answered, “The reason that I want you is, that
I know you are disposed to do for me what none of your brethren in
Nithsdale will so much as attempt, though it serve never so good a
purpose.” I told him I would never refuse to do anything to serve a
good purpose, if I thought I was obliged to do it as my duty. He
answered, that I had undertaken what few in Nithsdale would, for he
had tried several persons on that subject, who were more obliged to
him than I was to any person living. Upon this I drew my bridle
reins, and asked in surprise, what I had undertaken? He answered,
“That on Sabbath last, I heard you condemned Mr Paton, and the
other ministers of Dumfries, for dissuading Mr Menzies from
keeping his appointment with me; and if you had been in their place,
would have persuaded the lad to do as I desired, and that you would
have gone with him yourself, if he had been afraid; and if you had
been in Mr Paton’s place, you would have delivered my commissions
yourself, as they tended to do several persons justice.” I asked him,
“Pray, Cool, who informed you that I talked at that rate?” to which he
answered, “You must know that we are acquainted with many things
that the living know nothing about; these things you did say, and
much more to that purpose, and deliver my commissions to my
loving wife.” Upon this I said, “’Tis a pity, Cool, that you who know so
many things should not know the difference between an absolute and
conditional promise; I did, indeed, at the time you mention, blame
Mr Paton, for I thought him justly blamable, in hindering the lad to
meet with you, and if I had been in his place, I would have acted
quite the reverse; but I did never say, that if you would come to
Innerwick and employ me, that I would go all the way to Dumfries on
such an errand; that is what never so much as entered into my
thoughts.” He answered, “What were your thoughts I don’t pretend
to know, but I can depend on my information these were your words.
But I see you are in some disorder; I will wait upon you when you
have more presence of mind.”
By this time we were at James Dickson’s enclosure, below the
churchyard; and when I was recollecting in my mind, if ever I had
spoken these words he alleged, he broke off from me through the
churchyard, with greater violence than any man on horseback is
capable of, with such a singing and buzzing noise, as put me in
greater disorder than I was in all the time I was with him. I came to
my house, and my wife observed more than ordinary paleness in my
countenance, and alleged that something ailed me. I called for a
dram, and told her I was a little uneasy. After I found myself a little
refreshed, I went to my closet to meditate on this most astonishing
adventure.
Upon the 5th of March 1722, being at Harehead, baptizing the
shepherd’s child, I came off about sunsetting, and near William
White’s march, the Laird of Cool came up with me as formerly; and
after his first salutation bade me not be afraid. I told him I was not in
the least afraid, in the name of God and Christ my Saviour, that he
would do me the least harm; for I knew that He in whom I trusted
was stronger than all they put together; and if any of them should
attempt to do, even to the horse that I ride upon, as you have done to
Doctor Menzies’ man, I have free access to complain to my Lord and
Master, to the lash to whose resentment you are as liable now as
before.
Cool. You need not multiply words on that head, for you are safe
with me; and safer, if safer can be, than when I was alive.
Ogil. Well then, Cool, let me have a peaceable and easy
conversation with you for the time we ride together, and give me
some information concerning the affairs of the other world, for no
man inclines to lose his time in conversing with the dead, without
hearing or learning something useful.
Cool. Well, sir, I will satisfy you as far as I think proper and
convenient. Let me know what information you want.
Ogil. May I then ask you, if you be in a state of happiness or not?
Cool. There are a great many things I can answer that the living are
ignorant of; there are a great many things that, notwithstanding the
additional knowledge I have acquired since my death, I cannot
answer; and there are a great many questions you may start, of which
the last is one that I will not answer.
Ogil. Then I know how to manage our conversation; whatever I
inquire of you, I see you can easily shift me; to that I might profit
more by conversing with myself.
Cool. You may try.
Ogil. Well, then, what sort of a body is that you appear in; and
what sort of a horse is that you ride upon, which appears to be so full
of mettle?
Cool. You may depend upon it, it is not the same body that I was
witness to your marriage in, nor in which I died, for that is in the
grave rotting; but it is such a body as serves me in a moment, for I
can fly as fleet with it as my soul can do without it; so that I can go to
Dumfries, and return again, before you can ride twice the length of
your horse; nay, if I have a mind to go to London, or Jerusalem, or to
the moon, if you please, I can perform all these journeys equally
soon, for it costs me nothing but a thought or wish: for this body is as
fleet as your thought, for in the moment of time you can turn your
thoughts on Rome, I can go there in person; and as for my horse, he
is much like myself, for he is Andrew Johnston, my tenant, who died
forty-eight hours before me.
Ogil. So it seems when Andrew Johnston inclines to ride, you must
serve him in the quality of a horse, as he does you now.
Cool. You are mistaken.
Ogil. I thought that all distinctions between mistresses and maids,
lairds and tenants, had been done away at death.
Cool. True it is, but you do not take up the matter.
Ogil. This is one of the questions you won’t answer.
Cool. You are mistaken, for the question I can answer, and after
you may understand it.
Ogil. Well then, Cool, have you never yet appeared before God, nor
received any sentence from Him as a Judge?
Cool. Never yet.
Ogil. I know you was a scholar, Cool, and ’tis generally believed
there is a private judgment, besides the general at the great day, the
former immediately after death. Upon this he interrupted me,
arguing.
Cool. No such thing, no such thing! No trial; no trial till the great
day! The heaven which good men enjoy after death consists only in
the serenity of their minds, and the satisfaction of a good conscience;
and the certain hopes they have of eternal joy, when that day shall
come. The punishment or hell of the wicked, immediately after
death, consists in the stings of an awakened conscience, and the
terrors of facing the great Judge, and the sensible apprehensions of
eternal torments ensuing! And this bears still a due proportion to the
evils they did when living. So indeed the state of some good folks
differ but little in happiness from what they enjoyed in the world,
save only that they are free from the body, and the sins and sorrows
that attended it. On the other hand, there are some who may be said
rather not to have been good, than that they are wicked; while living,
their state is not easily distinguished from that of the former; and
under that class comes a great herd of souls—a vast number of
ignorant people, who have not much minded the affairs of eternity,
but at the same time have lived in much indolence, ignorance, and
innocence.
Ogil. I thought that their rejecting the terms of salvation offered
was sufficient ground for God to punish them with eternal
displeasure; and as to their ignorance, that could never excuse them,
since they live in a place of the world where the true knowledge of
these things might have been easily attained.
Cool. They never properly rejected the terms of salvation; they
never, strictly speaking, rejected Christ; poor souls, they had as great
a liking both to Him and heaven, as their gross imaginations were
capable of. Impartial reason must make many allowances, as the
stupidity of their parents, want of education, distance from people of
good sense and knowledge, and the uninterrupted applications they
were obliged to give to their secular affairs for their daily bread, the
impious treachery of their pastors, who persuaded them, that if they
were of such a party all was well; and many other considerations
which God, who is pure and perfect reason itself, will not overlook.
These are not so much under the load of Divine displeasure, as they
are out of His grace and favour; and you know it is one thing to be
discouraged, and quite another thing to be persecuted with all the
power and rage of an incensed earthly king. I assure you, men’s faces
are not more various and different in the world, than their
circumstances are after death.
Ogil. I am loath to believe all that you have said at this time, Cool
(but I will not dispute those matters with you), because some things
you have advanced seem to contradict the Scriptures, which I shall
always look upon as the infallible truth of God. For I find, in the
parable of Dives and Lazarus, that the one was immediately after
death carried up by the angels into Abraham’s bosom, and the other
immediately thrust down to hell.
Cool. Excuse me, sir, that does not contradict one word that I have
said; but you seem not to understand the parable, whose only end is
to illustrate the truth, that a man may be very happy and flourishing
in this world, and wretched and miserable in the next; and that a
man maybe miserable in this world, and happy and glorious in the
next.
Ogil. Be it so, Cool, I shall yield that point to you, and pass to
another, which has afforded me much speculation since our last
encounter; and that is, How you came to know that I talked after the
manner that I did concerning Mr Paton, on the first Sabbath of
February last? Was you present with me, but invisible? He answered
very haughtily, No, sir, I was not present myself. I answered, I would
not have you angry, Cool. I proposed this question for my own
satisfaction; but if you don’t think proper to answer, let it pass. After
he had paused, with his eyes on the ground, for three or four minutes
of time at most, with some haste and seeming cheerfulness, he says—
Cool. Well, sir, I will satisfy you in that point. You must know that
there are sent from heaven angels to guard and comfort, and to do
other good services to good people, and even the spirits of good men
departed are employed in that errand.
Ogil. And do you not think that every man has a good angel?
Cool. No, but a great many particular men have: there are but few
houses of distinction especially, but what have at least one attending
them; and from what you have already heard of spirits, it is no
difficult matter to understand how they may be serviceable to each
particular member, though at different places at a great distance.
Many are the good offices which the good angels do to them that fear
God, though many times they are not sensible of it: and I know
assuredly, that one powerful angel, or even an active clever soul
departed, may be sufficient for some villages; but for your great
cities, such as London, Edinburgh, or the like, there is one great
angel that has the superintendence of the whole; and there are
inferior angels, or souls departed, to whose particular care such a
man, of such a particular weight or business, is committed. Now, sir,
the kingdom of Satan does ape the kingdom of Christ as much in
matters of politics as can be, well knowing that the court of wisdom
is from above; so that from thence are sent out missionaries in the
same order. But because the kingdom of Satan is much better
replenished than the other, instead of one devil there are in many
instances two or three commissioned to attend a particular family of
influence and distinction.
Ogil. I read that there are ten thousand times ten thousand of
angels that wait upon God, and sing His praise and do His will; and I
cannot understand how the good angels can be inferior in number to
the evil.
Cool. Did not I say, that whatever the number be, the spirits
departed are employed in the same business; so that as to the
number of original deities, whereof Satan is chief, I cannot
determine, but you need not doubt but there are more souls departed
in that place, which in a loose sense you call hell, by almost an
infinity, than what are gone to that place, which, in a like sense, you
call heaven, which likewise are employed in the same purpose; and I
can assure you that there is as great a difference between angels,
both good and bad, as there is among men, with respect to their
sense, knowledge, cunning, cleverness, and action; nay, which is
more, the departed souls on both sides outdo severals, from their
very first departure, of the original angels. This you will perhaps
think a paradox, but is true.
Ogil. I do not doubt it; but what is that to my question, about
which I am solicitous?
Cool. Take a little patience, sir; from what I have said you might
have understood me, if you had your thoughts about you; but I shall
explain myself to you. Both the good and the bad angels have stated
times of rendezvous, and the principal angels, who have the charge
either of towns, cities, or kingdoms, not to mention particular
persons, villages, and families, and all that is transacted in these
several parts of the country, are there made open; and at their re-
encounter on each side, every thing is told, as in your parish, in
milns, kilns, and smithies, with this difference, that many things
false are talked at the living re-encounters, but nothing but what is
exact truth is said or told among the dead; only I must observe to
you, that, as I am credibly informed, several of the inferior bad
angels, and souls of wicked men departed, have told many things
that they have done, and then when a more intelligent spirit is sent
out upon inquiry, and the report of the former seeming doubtful, he
brings in a contrary report, and makes it appear truth, the former
fares very ill: nevertheless their regard to truth prevents it; for while
they observe the truth, they do their business and keep their station,
for God is truth.
Ogil. So much truth being among the good angels, I am apt to
think that lies and falsehood will be as much in vogue among the
bad.
Cool. A gross mistake, and it is not alone the mistake which the
living folks fall under with respect to the other world; for the case
plainly is this: an ill man will not stick at a falsehood to promote his
design; as little will an evil soul departed stop at anything that can
make himself successful; but in admitting report he must tell the
truth, or woe be to him. But besides their monthly, quarterly, or
yearly meetings, or whatever they be, departed souls acquainted may
take a trip to see one another yearly, weekly, daily, or oftener, if they
please. Thus, then, I answer your question that you was so much
concerned about; for my information was from no less than three
persons, viz., Aikman, who attends Thurston’s family; James Corbet,
who waits upon Mr Paton; for at that time he was then looking after
Mrs Sarah Paton, who was at your house, and an original emissary
appointed to wait upon yours.
At this I was much surprised, and after a little thinking, I asked
him, And is their really, Cool, an emissary from hell, in whatever
sense you take it, that attends my family?
Cool. You may depend upon it.
Ogil. And what do you think is his business?
Cool. To divert you from your duty, and cause you to do as many ill
things as he can; for much depends on having the minister on their
side.
Upon this I was struck with a sort of terror, which I cannot account
for. In the meantime he said several things I did not understand. But
after coming to my former presence of mind, said—
Ogil. But, Cool, tell me, in earnest, if there be a devil that attends
my family, though invisible.
Cool. Just as sure as you are breathing; but be not so much
dejected upon this information, for I tell you likewise that there is a
good angel who attends you, who is stronger than the other.
Ogil. Are you sure of that, Cool?
Cool. Yes; there is one riding on your right hand, who might as
well have been elsewhere, for I meant you no harm.
Ogil. And how long has he been with me?
Cool. Only since we passed Brand’s Lee, but now he is gone.
Ogil. We are just upon Elenscleugh, and I desire to part with you,
though perhaps I have gained more by conversation than I could
have otherwise done in a twelvemonth. I choose rather to see you
another time, when you’re at leisure, and I wish it were at as great a
distance from Innerwick as you can.
Cool. Be it so, sir; but I hope you will be as obliging to me next re-
encounter, as I have been to you this.
Ogil. I promise you I will, as far as is consistent with my duty to
my Lord and Master Christ Jesus; and since you have obliged me so
much by information, I will answer all the questions you propose, as
far as consists with my knowledge; but I believe you want no
information from me.
Cool. I came not here to be instructed by you, but I want your help
of another kind.
Upon the 5th of April 1722, as I was returning from Old
Hamstocks, Cool came up with me on horseback at the foot of the
ruinous enclosure, before we came to Dod. I told him his last
conversation had proved so acceptable to me, that I was well pleased
to see him again; that there was a number of things that I wanted to
inform myself further of, if he would be so good as satisfy me.
Cool. Last time we met, I refused you nothing you asked; and now
I expect that you shall refuse me nothing that I shall ask.
Ogil. Nothing, sir, that is in my power, or that I can do with safety
to my reputation and character. What, then, are your demands?
Cool. All that I desire of you is, that as you promised that on a
Sabbath-day you would go to my wife, who now possesses all my
effects, and tell her the following particulars—tell her in my name to
rectify these matters:—First, That I was owing justly to Provost
Crosby £50 Scots, and three years’ interest, but on hearing of his
death, my good-brother the Laird of C—l and I forged a discharge,
narrated the bond, the sum, and other particulars, with this
honourable clause, “And at the time it had fallen by, and could not be
found;” with an obligation on the provost’s part to deliver up this
bond as soon as he could hit upon it. And this discharge was dated
three months before the provost’s death. And when his son and
successor, Andrew Crosby, wrote to me concerning this bond, I came
to him and showed him the forged discharge, which silenced him; so
that I got up my bond without more ado. And when I heard of Robert
Kennedy’s death, with the same help of C—l, I got a bill upon him for
£190, of which I got full and complete payment. C—l got the half.
When I was at Dumfries, the same day that Robert Grier died, to
whom I was owing an account of £36, C—l, my good-brother, was
then at London; and not being able of myself, being but a bad writer,
to make out a discharge of the account, which I wanted, I met
accidently with one Robert Boyd, a poor writer lad in Dumfries; I
took him to Mrs Carnock’s, and gave him a bottle of wine, and told
him I had paid Thomas Grier’s account, but had neglected to get a
discharge, and if he would help me to one I would reward him. He
flew away from me in a great passion, saying, he would rather be
hanged; but if I had a mind for these things, I had better wait till C—l
came home. This gave me great trouble, fearing what C—l and I had
done formerly was no secret. I followed Boyd to the street, and made
an apology, saying, I was jesting, commending him for his honesty,
and got his promise never to repeat what had passed. I sent for my
Cousin B—m H—rie, your good-brother, who, with no difficulty, for a
guinea and a half, undertook and performed all that I wanted; and
for a guinea more made me up a discharge for £200 Scots that I was
owing to your father-in-law and his friend Mr Muirhead, which
discharge I gave to John Ewart, when he desired the money; and he,
at my desire, produced it to you, which you sustained.
A great many of the like instances were told, of which I cannot
remember the persons, names, and things; but, says he, what vexes
me more than all these, is the injustice I did Homer Maxwell, tenant
to my Lord Nithsdale, for whom I was factor. I borrowed £2000
from him, £500 of which he borrowed from another hand: I gave
him my bond, and, for reasons I contrived, I obliged him to secrecy.
He died within the year, and left nine children, his wife being dead
before himself. I came to seal up his papers for my lord’s security; his
eldest daughter entreated me to look through them all, and to give
her an account of what was their stock and what was their debt. I
very willingly undertook it; and in going through the papers, I put
my own bond in my pocket. His circumstances proving bad, his nine
children are now starving. These things I desire you to represent to
my wife, and take her brother with you, and let them be immediately
rectified, for she has a sufficient fund to do it upon; and if it were
done, I think I would be easy, and therefore I hope you will make no
delay.
After a short pause, I answered, ’Tis a good errand, Cool, you are
sending me to do justice to the oppressed and injured; but
notwithstanding I see myself come in for £200 Scots, yet I beg a little
time to consider the matter. And since I find you are as much master
of reason now as ever, and more than ever, I will reason upon the
matter in its general view, and then with respect to the expediency of
my being the messenger; and this I will do with all manner of
frankness. From what you have said, I see clearly what your present
condition is, so that I need not ask any more questions on that head;
and you need not bid me take courage, for at this moment I am no
more afraid of you than a new-born child.
Cool. Well, say on.
Ogil. Tell me, then, since such is your ability that you can fly a
thousand miles in the twinkling of an eye, if your desire to do the
oppressed justice be as great as you pretend, what’s the reason you
don’t fly to the coffers of some rich Jew or banker, where are
thousands of gold and silver, invisibly lift, and invisibly return it to
the coffers of the injured? And since your wife has sufficient funds,
and more, why cannot you empty her purse invisibly, to make these
people amends?
Cool. Because I cannot.
Ogil. You have satisfied me entirely upon that head. But pray,
Cool, what is the reason that you cannot go to your wife yourself, and
tell her what you have a mind? I should think this a more sure way to
gain your point.
Cool. Because I will not.
Ogil. That is not an answer to me, Cool.
Cool. That is one of the questions that I told you long ago I would
not answer: but if you go as I desire, I promise to give you full
satisfaction after you have done your business. Trust me for once,
and believe me I will not disappoint you.
Upon the 10th of April 1722, coming from Old Cambus, upon the
post-road, I met with Cool on the head of the heath called the Pees.
He asked me, if I had considered the matter he had recommended? I
told him I had, and was in the same opinion I was in when we
parted; that I would not possibly undertake his commissions, unless
he could give me them in writing under his hand. I told him that the
list of his grievances were so great that I could not possibly
remember them without being put in writing; and that I wanted
nothing but reason to determine me in that, and all other affairs of
my life.
“I know,” says he, “this is a mere evasion: but tell me if the Laird of
Thurston will do it?”
“I am sure,” said I, “he will not; and if he should, I would do all
that I could to hinder him; for I think he has as little to do in these
matters as myself. But tell me, Cool, is it not as easy to write your
story as tell it, or ride on what-do-ye-call-him? for I have forgot your
horse’s name.”
Cool. No, sir, it is not; and perhaps I may convince you of the
reasonableness of it afterwards.
Ogil. I would be glad to hear a reason that is solid for not speaking
to your wife yourself; but, however, any rational creature may see
what a fool I would make of myself, if I would go to Dumfries, and
tell your wife you had appeared to me, and told so many forgeries
and villanies that you had committed, and that she behoved to make
reparation; the consequence might perhaps be, that she would scold
me; for she would be loath to part with any money she possesses, and
therefore tell me I was mad, or possibly pursue me for calumny. How
would I vindicate myself; how could I prove that you ever spoke with
me? Mr Paton and other ministers in Dumfries would tell me the
devil had spoken with me; and why should I repeat these things for
truth which he, that was a liar from the beginning, had told me? C—p
—l and B—r— H—rie would be upon me, and pursue me before the
commissary; everybody would look upon me as brain-sick or mad:
therefore, I entreat you, do not insist upon sending me so ridiculous
an errand. The reasonableness of my demands I leave to your own
consideration, as you did your former to mine. But dropping the
matter till our next interview, give me leave to enter upon some more
diverting subject. I do not know, Cool, but the information you have
given may do as much service to mankind, as the redress of all these
grievances I would amount to. Mr Ogilvie died very soon after.—Old
Chap Book.
ALLAN-A-SOP.
By Sir Walter Scott.
The MacLeans, a bold and hardy race, who, originally followers of

the Lords of the Isles, had assumed independence, seized upon great
part both of the Isle of Mull and the still more valuable island of
Islay, and made war on the MacDonalds with various success. There
is a story belonging to this clan, which I may tell you, as giving
another striking picture of the manners of the Hebrideans.
The chief of the clan, MacLean of Duart, in the Isle of Mull, had an
intrigue with a beautiful young woman of his own clan, who bore a
son to him. In consequence of the child’s being, by some accident,
born on a heap of straw, he received the name of Allan-a-Sop, or
Allan of the Straw, by which he was distinguished from others of his
clan. As his father and mother were not married, Allan was, of
course, a bastard, or natural son, and had no inheritance to look for,
save that which he might win for himself.
But the beauty of the boy’s mother having captivated a man of rank
in the clan, called MacLean of Torloisk, he married her, and took her
to reside with him at his castle of Torloisk, situated on the shores of
the sound, or small strait of the sea, which divides the smaller island
of Ulva from that of Mull. Allan-a-Sop paid his mother frequent visits
at her new residence, and she was naturally glad to see the poor boy,
both from affection, and on account of his personal strength and
beauty, which distinguished him above other youths of his age. But
she was obliged to confer marks of her attachment on him as
privately as she could, for Allan’s visits were by no means so
acceptable to her husband as to herself. Indeed, Torloisk liked so
little to see the lad, that he determined to put some affront on him,
which should prevent his returning to the castle for some time. An
opportunity for executing his purpose soon occurred.
The lady one morning, looking from the window, saw her son
coming wandering down the hill, and hastened to put a girdle cake
upon the fire, that he might have hot bread for breakfast. Something
called her out of the apartment after making this preparation, and
her husband, entering at the same time, saw at once what she had
been about, and determined to give the boy such a reception as
should disgust him for the future. He snatched the cake from the
girdle, thrust it into his stepson’s hands, which he forcibly closed on
the scalding bread, saying, “Here, Allan, here is a cake which your
mother has got ready for your breakfast.” Allan’s hands were severely
burnt; and, being a sharp-witted and proud boy, he resented this
mark of his step-father’s ill-will, and came not again to Torloisk.
At this time the western seas were covered with the vessels of
pirates, who, not unlike the sea-kings of Denmark at an early period,
sometimes settled and made conquests on the islands. Allan-a-Sop
was young, strong, and brave to desperation. He entered as a
mariner on board of one of these ships, and in process of time
obtained the command, first of one galley, then of a small flotilla,
with which he sailed round the seas and collected considerable
plunder, until his name became both feared and famous. At length he
proposed to himself to pay a visit to his mother, whom he had not
seen for many years; and setting sail for this purpose, he anchored
one morning in the sound of Ulva, and in front of the house of
Torloisk. His mother was dead, but his step-father, to whom he was
now as much an object of fear as he had been formerly of aversion,
hastened to the shore to receive his formidable stepson, with great
affectation of kindness and interest in his prosperity; while Allan-a-
Sop, who, though very rough and hasty, does not appear to have been
sullen or vindictive, seemed to take his kind reception in good part.
The crafty old man succeeded so well, as he thought, in securing
Allan’s friendship, and obliterating all recollections of the former
affront put on him, that he began to think it possible to employ his
stepson in executing his own private revenge upon MacQuarrie of
Ulva, with whom, as was usual between such neighbours, he had
some feud. With this purpose, he offered what he called the following
good advice to his stepson:—“My dear Allan, you have now wandered
over the seas long enough: it is time you should have some footing
upon land—a castle to protect yourself in winter, a village and cattle
for your men, and a harbour to lay up your galleys. Now, here is the
island of Ulva, near at hand, which lies ready for your occupation,
and it will cost you no trouble, save that of putting to death the
present proprietor, the Laird of MacQuarrie, a useless old carle, who
has cumbered the world long enough.”
Allan-a-Sop thanked his step-father for so happy a suggestion,
which he declared he would put in execution forthwith. Accordingly,
setting sail the next morning, he appeared before MacQuarrie’s
house an hour before noon. The old chief of Ulva was much alarmed
at the menacing apparition of so many galleys, and his anxiety was
not lessened by the news that they were commanded by the
redoubted Allan-a-Sop. Having no effectual means of resistance,
MacQuarrie, who was a man of shrewd sense, saw no alternative save
that of receiving the invaders, whatever might be their purpose, with
all outward demonstrations of joy and satisfaction; the more
especially as he recollected having taken some occasional notice of
Allan during his early youth, which he now resolved to make the
most of. Accordingly, MacQuarrie caused immediate preparations to
be made for a banquet, as splendid as circumstances admitted,
hastened down to the shore to meet the rover, and welcomed him to
Ulva with such an appearance of sincerity, that the pirate found it
impossible to pick any quarrel, which might afford a pretence for
executing the violent purpose which he had been led to meditate.
They feasted together the whole day; and, in the evening, as Allan-
a-Sop was about to retire to his ships, he thanked the laird for his
hospitality, but remarked, with a sigh, that it had cost him very dear.
“How can that be,” said MacQuarrie, “when I bestowed this
entertainment upon you in free goodwill?”
“It is true, my friend,” replied the pirate, “but then it has quite
disconcerted the purpose for which I came hither; which was to put
you to death, my good friend, and seize upon your house and island,
and so settle myself in the world. It would have been very convenient
for me, this island of Ulva; but your friendly reception has rendered
it impossible for me to execute my purpose, so that I must be a
wanderer on the seas for some time longer.”
Whatever MacQuarrie felt at learning he had been so near to
destruction, he took care to show no emotion save surprise, and
replied to his visitor: “My dear Allan, who was it that put into your
mind so unkind a purpose towards your old friend; for I am sure it
never arose from your own generous nature? It must have been old
Torloisk, who made such an indifferent husband to your mother, and
such an unfriendly step-father to you when you were a helpless boy;
but now, when he sees you a bold and powerful leader, he desires to
make a quarrel betwixt you and those who were the friends of your
youth. If you consider this matter rightly, Allan, you will see that the
estate and harbour of Torloisk lie to the full as conveniently for you
as those of Ulva, and that, if you are disposed (as is very natural) to
make a settlement by force, it is much better it should be at the
expense of the old churl, who never showed you kindness or
countenance, than at that of a friend like me, who always loved and
honoured you.”
Allan-a-Sop was struck with the justice of this reasoning; and the
old offence of his scalded fingers was suddenly recalled to his mind.
“It is very true what you say, MacQuarrie,” he replied, “and, besides,
I have not forgotten what a hot breakfast my step-father treated me
to one morning. Farewell for the present; you shall soon hear news of
me from the other side of the Sound.” Having said thus much, the
pirate got on board, and commanding his men to unmoor the galleys,
sailed back to Torloisk, and prepared to land in arms. MacLean
hastened to meet him, in expectation to hear of the death of his
enemy, MacQuarrie. But Allan greeted him in a very different
manner from what he expected.
“You hoary old traitor,” he said, “you instigated my simple good-
nature to murder a better man than yourself! But have you forgotten
how you scorched my fingers twenty years ago with a burning cake?
The day is come that that breakfast must be paid for.”
So saying, he dashed out the old man’s brains with a battle-axe,
took possession of his castle and property, and established there a
distinguished branch of the clan of MacLean.—From Tales of a
Grandfather.

PDF Open Source Intelligence Techniques Resources For Searching and Analyzing Online Information 6Th Edition Michael Bazzell Ebook Full Chapter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDF Open Source Intelligence Techniques Resources For Searching and Analyzing Online Information 6Th Edition Michael Bazzell Ebook Full Chapter

Uploaded by

Copyright:

Available Formats

Open Source Intelligence Techniques:

Resources For Searching And

Open Source Intelligence Techniques: Resources for

Open Source Intelligence Techniques Resources for

Open Source Intelligence Techniques: Resources For

Open Source Intelligence Methods and Tools: A Practical

Network performance and security : testing and

Data simplification : taming information with open

How Open Source Ate Software: Understand the Open

How Open Source Ate Software: Understand The Open

Copyright © 2018 by Michael Bazzell

Sixth Edition First Published: February, 2018

Project Editor: Y. Varallo

Library of Congress Cataloging-in-Publication Data:

What is this book?

What the book is not...

IntelTechniques fl Michael Bazzell

Custom Facebook Tools

SEARCH ENGINES Search Target Profile: Locate Target Profile:

FACEBOOK GO (Account by Email)

YOUTUBE GO (Photos 1 nteresied)

The IntelTechniques Custom Search Tools page.

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/niaster/install )"

brew install clamav

• Navigate to http://www.malwarebytes.org/ and select the “Free Download” option.

privacy.trackingprotection.enabled: TRUE: This blocks website tracking.

geo.enabled: FALSE: This disables Firefox from sharing your location.

browser.safebrowsing.malware.enabled: FALSE: Again, this disables Google’s ability to

dom.event.clipboardevents.enabled: FALSE: Many websites will request a notification if you

media.navigator.enabled: FALSE: Website operators will identify your computer as unique to

dom.battery.enabled: FALSE: Another technique used by website operators to track you is to

extensions.pocket.enabled: FALSE: This disables the proprietary Pocket service.

VideoDownloadHelper: Download media from a page with click of a button

519 Open Source Intelligence What I tear...

I O 480x360 ■ Medium - WEBM

Figure 1.01: Menu options from Video Download Helper.

Type (video) • Size (100k)* ■ Link

a viceo/mp4 371,3 KB https:rfvkjeo.twi/ng. com/extjw.,.,video/939263i 26792482817/pu/'viC/360x64Q/"KQjiEBR6DvfRueWA mt

3 video/mp2t 120.4 KB httpsrfvtoeo.twimg.con'VexlJw video/93926274095011840G>'pu/vid'Q'3000/'l80x320/DoGvoT8AZTZ

3 viceo/mp2t 348.5 KB https27video.twimg.conVext_tw._video,'93926274095011840G-puMd.'0,'3000/360x640.',rxBcaB'’J''-4F LM

© viceo/mp2t 324 2 KB httpsJ/video.twlmg.com/exi_tw_viceo/9392627409501184 0C7pa/vid/3000/60(Xy360x64a'EeoOSqPOa

a videa'mpZt 309.5 KB httpsrfvideo.twimg.com/exl_tw_video/93926274095011 &400.ipu/vid.‘6000Ii9000/360x640.'xQz 1 l8mG(D

a video/mp2t 362.6 KB https :/Mdeo.twimg.conVext_tw_video/93926274C950’1840C/pu.,'vid.(9C00/1200G’'360x6407RnSz6Tt5c

3 video.’mp2t 372.9 KB https://Video.twimg.com/ext_tw_video/'93926274C9S0i1840G/pu/vid.'12000;15000.'’36Cx64G/Yes2a9!«. t

a video/mp2t 405,4 KB httpsrfMdeo.twimg.com/ext_tw_video,,93926274C95C'1840Gi'pu.''vid/1500C/T8000/36Cx64C/C9829P\V

s video,'mp2t 365 .7 KB https:/,'‘vicea.twiing.corr>j'exltv.viceo/'93926J74C950i 18400/pui’vic'180O0Z2i000/36Cx64O'lh95gO-N

a video/mp2t 376.4 KB https2/video.twmg.com/exl_twvideo/9392627409K}11840C/tMi/vtd/21000724(XX)/360x64C.'VP21cWa;

video,'mp2t 305.3 KB https://video.twimg.com/ext_tw _viceo/93926274C950i18400/pu/Vid/2400Q/27000.'‘36G<64(VgnZ,aAbE

video/mp2t 272.8 KB https:/A4deo.twimg.com/ex!_.tw_viceo/93926274C950'1840Gipu.'vid/2700G'30000/36Cx64G'SB34EoGt

□ All files O Application □ Image Pt Video O Audio O Archive □ Document □ Tab

Pause Downioad (browser; Copy Links

Figure 1.02: A Bulk Media Downloader window.

Nam : Size Kind * DsteAddmf

OOO-https.__ OSthlT TraWng by Mtcha^~20l7*12-08-14~2l- ,16.pdf

Figure 1.04: Results from FireShot screen captures.

• In the Filename Template, insert {uH}-{tide}-{date}-{time}. This will name every

Upon the 3d day of February 1722 at seven o’clock in the evening,

By Sir Walter Scott.

The MacLeans, a bold and hardy race, who, originally followers of

You might also like