Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,060 --> 00:00:08,580 In this video, I want to give you kind of a walkthrough of how to do ocean search. 2 00:00:08,700 --> 00:00:11,280 If you have a first name, real name or alias. 3 00:00:11,940 --> 00:00:18,420 Now a lot of times if you do a ohlsson search or listen for the investigations they run, typically 4 00:00:18,420 --> 00:00:22,170 it'll either have an email address, a username or a handle to go by. 5 00:00:23,010 --> 00:00:27,030 And I think most of the time, that's generally where your starting point is going to be. 6 00:00:28,080 --> 00:00:33,570 So generally, the first step I will all take is if I have a real name or alias, I begin searching 7 00:00:33,570 --> 00:00:39,990 doing people searches so people are people spoko and whatnot. 8 00:00:40,290 --> 00:00:41,520 Start running through the name. 9 00:00:42,420 --> 00:00:43,590 Enter the whatever. 10 00:00:43,590 --> 00:00:47,850 If it's real name or alias, run it through those searches and start seeing when it pulls up. 11 00:00:48,840 --> 00:00:57,540 So what I'm looking for is things like verifying their name or handle, finding the real name or potential 12 00:00:57,540 --> 00:01:00,660 aliases places they lived. 13 00:01:01,200 --> 00:01:07,500 Phone numbers, addresses, family members, friends, jobs listed pretty much anything that's going 14 00:01:07,500 --> 00:01:13,680 to help me move forward and clicked up a bigger picture of whoever I'm investigating. 15 00:01:14,820 --> 00:01:18,030 So once I have that initial information, I'm going to do a deeper search. 16 00:01:18,780 --> 00:01:23,180 So people have started coming up on on the that particular count. 17 00:01:23,310 --> 00:01:26,610 Say, I have a real name search point family family members. 18 00:01:27,000 --> 00:01:30,960 I'm going to do the same search on their family members and friends that are listed. 19 00:01:31,380 --> 00:01:42,360 And the reason I'm doing that is if that person posts very little or maybe they they redacted some post 20 00:01:42,360 --> 00:01:43,950 or they're hiding certain things. 21 00:01:45,540 --> 00:01:52,320 Friends and family might not have the same security postures that the person investigating, so I'll 22 00:01:52,320 --> 00:01:55,500 take a look at that person's friends and family that I know about. 23 00:01:56,040 --> 00:01:59,520 Start searching their social media pages and whatnot and start building it. 24 00:01:59,880 --> 00:02:00,450 Much bigger. 25 00:02:00,450 --> 00:02:03,120 Picture that person start clicking more and more information. 26 00:02:03,660 --> 00:02:09,540 So that's why you want to take a look at friends and family that you know that your target is related 27 00:02:09,540 --> 00:02:09,870 to. 28 00:02:11,580 --> 00:02:14,880 I'm going to check out their LinkedIn page, so I'm going to go to LinkedIn, I'm going to put their 29 00:02:14,880 --> 00:02:21,660 name in there, and what I'm doing there is if they created a LinkedIn page, I'm going to take a look 30 00:02:21,660 --> 00:02:25,730 at who they work for, how long they worked there, what they are listening to. 31 00:02:25,730 --> 00:02:35,010 The LinkedIn page jobs experiences, biographical data, phone numbers, addresses, et cetera. 32 00:02:35,820 --> 00:02:42,870 Again, just collecting more information about this individual that I'm doing Olson search on, I'll 33 00:02:42,870 --> 00:02:44,640 check their social media page. 34 00:02:44,850 --> 00:02:46,950 So I'm going to do a deep dive in everything. 35 00:02:46,950 --> 00:02:53,880 So their Twitter, their Facebook, their Instagram whatnot, any social media account that they have 36 00:02:53,880 --> 00:02:56,580 that I know about, I'm going to start doing searches. 37 00:02:57,570 --> 00:03:04,500 So I'm going to take I'm going to copy down their username, their email address, their friends, people 38 00:03:04,500 --> 00:03:10,350 they're following and think that they like posts that they made photos, videos, everything we collect, 39 00:03:10,350 --> 00:03:12,270 everything that they've ever posted. 40 00:03:13,110 --> 00:03:15,260 And again, people that they're following. 41 00:03:15,270 --> 00:03:19,440 I'll take a look at who they're following and see how it links back to them. 42 00:03:19,620 --> 00:03:24,420 I'm going to take a look at their friends, and again, I'm going to go through their friends post because 43 00:03:24,420 --> 00:03:29,640 her friends who get me may not have the same security posture as that person, and they might post something 44 00:03:29,640 --> 00:03:32,430 that the other person didn't want out there. 45 00:03:34,260 --> 00:03:41,100 I'm going to do a deeper social dive again or take a look at their friends, their feeds, their social 46 00:03:41,100 --> 00:03:43,530 media pictures, videos, everything. 47 00:03:43,920 --> 00:03:45,450 I'm going to go to detached. 48 00:03:46,290 --> 00:03:52,740 So in detention, all the information I have on them, their real name, their aliases or email addresses, 49 00:03:52,740 --> 00:03:55,920 their addresses, their telephone numbers and whatnot. 50 00:03:56,370 --> 00:04:01,380 So what I'm looking and detached is I want to see if they're part of data breaches. 51 00:04:03,570 --> 00:04:08,640 If they're part of a data breach, I want to know what data breaches are part of, and the reason for 52 00:04:08,640 --> 00:04:11,430 this is if I know what part of it. 53 00:04:11,580 --> 00:04:15,730 More data breaches are part of it might help me find other accounts they have. 54 00:04:15,750 --> 00:04:17,390 Maybe they're part of a dopey breach. 55 00:04:17,400 --> 00:04:24,150 Maybe the report of a Dropbox breach, if they are now, I know they have most likely have those accounts 56 00:04:24,150 --> 00:04:26,250 when take a look at what their password is. 57 00:04:27,120 --> 00:04:28,350 Once they have their password. 58 00:04:30,590 --> 00:04:33,080 We're going to go to the next step, we're going to go through. 59 00:04:33,140 --> 00:04:35,360 We're going to rehash that password. 60 00:04:35,390 --> 00:04:40,070 We're going to take the hash password and the hash password, feed it back in the D Hashed again and 61 00:04:40,070 --> 00:04:40,310 again. 62 00:04:40,310 --> 00:04:42,290 See where that comes up again. 63 00:04:43,040 --> 00:04:49,220 And what that does is it gives me again a much, much bigger picture of, you know, what other email 64 00:04:49,220 --> 00:04:50,240 accounts we may have. 65 00:04:51,530 --> 00:04:54,350 People have a tendency of reusing passwords. 66 00:04:54,350 --> 00:05:04,070 So if they had a very unique password, enter back into the hashed, it may split up four or five different 67 00:05:04,070 --> 00:05:09,770 accounts I never knew about, so I could take those accounts again, feedback and hash and see where 68 00:05:09,770 --> 00:05:10,580 those take me. 69 00:05:11,150 --> 00:05:19,820 And if it takes me to something like Ashley Madison or a back page or any number of other sites like 70 00:05:19,820 --> 00:05:24,620 I saw taking a look at those sites for that account and again, sort of building a bigger picture. 71 00:05:25,580 --> 00:05:28,730 Finally, I'm going to compile my report after I collect everything. 72 00:05:29,540 --> 00:05:33,950 And once I have my findings, I'm going to try to clear out stuff that's all relevant. 73 00:05:34,460 --> 00:05:35,570 I'm going to go through. 74 00:05:35,570 --> 00:05:40,400 I'm going to verify the data I have is accurate or at least as accurate as I could. 75 00:05:40,940 --> 00:05:47,390 I can be assured within whatever time limit I have in, I'm going to start compiling two different reports. 76 00:05:48,140 --> 00:05:53,060 I'm going to get compiled exactly report, which is going to be a very non-technical report fiscal to 77 00:05:53,060 --> 00:05:54,290 get straight to the point. 78 00:05:54,320 --> 00:06:00,110 And that's going to be for people that are non-technical, general, your CEO, CFO and whatnot. 79 00:06:01,130 --> 00:06:04,220 And then I'm going to have the detailed report. 80 00:06:04,220 --> 00:06:11,990 The detailed report is going to be steps I've taken software, things like I. 81 00:06:12,620 --> 00:06:15,890 I used Bousquet order in a VM. 82 00:06:15,890 --> 00:06:17,690 I have the VM on a USB drive. 83 00:06:18,530 --> 00:06:23,140 These are the people that ask me to start are certain specifications. 84 00:06:23,180 --> 00:06:24,530 My start date, my end date. 85 00:06:24,530 --> 00:06:25,670 These are my contacts. 86 00:06:26,720 --> 00:06:29,330 These are the exact steps I took. 87 00:06:29,960 --> 00:06:32,540 Here's a bunch of screenshots. 88 00:06:32,540 --> 00:06:34,070 Here's media they found. 89 00:06:34,070 --> 00:06:37,700 Here's all the email accounts I found, et cetera, et cetera. 90 00:06:37,700 --> 00:06:41,330 It's going to be very detailed step almost step by step. 91 00:06:42,980 --> 00:06:51,470 That way, if someone comes back and they want to see what process I took, if they're going to try 92 00:06:51,470 --> 00:06:58,880 to verify if it goes to court in there and someone might try to discredit me, I'm going to try to make 93 00:06:58,880 --> 00:07:00,200 that as detailed as possible. 94 00:07:00,200 --> 00:07:07,850 That way, I can kind of cover myself and to prove that the course I took was a valid path to take. 95 00:07:08,360 --> 00:07:16,940 So again, this is a general outline of how I would search someone by their name or alias. 96 00:07:17,600 --> 00:07:23,420 And hopefully this works as kind of a template for you, or at least give you idea how to create your 97 00:07:23,420 --> 00:07:29,030 own kind of template for when you do use an investigation. 98 00:07:29,780 --> 00:07:30,560 Thank you for watching. 10260