WEBVTT 00:00:00.000 --> 00:00:06.950 align:middle line:90% 00:00:06.950 --> 00:00:09.630 align:middle line:84% In this video, we're going to take a look at the Trace Labs 00:00:09.630 --> 00:00:13.170 align:middle line:90% OSINT virtual machine. 00:00:13.170 --> 00:00:14.670 align:middle line:84% Now in the previous video, we talked 00:00:14.670 --> 00:00:17.820 align:middle line:84% about there being a lot of different tools for OSINT, 00:00:17.820 --> 00:00:20.970 align:middle line:84% and this is another tool that we could use as freely 00:00:20.970 --> 00:00:25.040 align:middle line:90% available from Trace Labs. 00:00:25.040 --> 00:00:30.140 align:middle line:84% Now despite the Hollywood idea of how a computer hacker 00:00:30.140 --> 00:00:32.180 align:middle line:84% or OSINT investigator is, it's not 00:00:32.180 --> 00:00:36.080 align:middle line:84% some overly complex machine with a bunch of monitors everywhere. 00:00:36.080 --> 00:00:38.210 align:middle line:84% Truth is, we could use pretty much anything 00:00:38.210 --> 00:00:39.800 align:middle line:84% to run an OSINT investigation, as 00:00:39.800 --> 00:00:42.110 align:middle line:84% long as it's a internet connected device 00:00:42.110 --> 00:00:44.140 align:middle line:90% with a browser. 00:00:44.140 --> 00:00:49.520 align:middle line:84% Though, using certain tools will make things a lot easier. 00:00:49.520 --> 00:00:53.620 align:middle line:84% So we can pretty much do OSINT on desktop computers, laptops, 00:00:53.620 --> 00:00:56.440 align:middle line:84% mobile phones, and, again, anything with a browser 00:00:56.440 --> 00:00:58.085 align:middle line:90% and an internet connection. 00:00:58.085 --> 00:01:00.760 align:middle line:90% 00:01:00.760 --> 00:01:03.490 align:middle line:84% For this, we're actually going to be using the Trace Labs 00:01:03.490 --> 00:01:06.420 align:middle line:90% OSINT virtual machine. 00:01:06.420 --> 00:01:10.720 align:middle line:84% So this virtual machine is, again, freely available. 00:01:10.720 --> 00:01:13.450 align:middle line:90% It's based off of Kali Linux. 00:01:13.450 --> 00:01:15.490 align:middle line:84% And if you're not familiar with Trace Labs, 00:01:15.490 --> 00:01:20.020 align:middle line:84% it's a nonprofit organization that 00:01:20.020 --> 00:01:23.410 align:middle line:84% will help law enforcement look for missing people, 00:01:23.410 --> 00:01:25.020 align:middle line:90% and they crowd source. 00:01:25.020 --> 00:01:31.780 align:middle line:84% So OSINT investigators, hackers, and whatnot will get together 00:01:31.780 --> 00:01:36.400 align:middle line:84% and they'll go help in a very controlled environment 00:01:36.400 --> 00:01:39.920 align:middle line:84% look for missing people, again, helping law enforcement. 00:01:39.920 --> 00:01:41.360 align:middle line:84% So if you haven't checked it out, 00:01:41.360 --> 00:01:44.260 align:middle line:84% this is a great way to actually practise OSINT and do some 00:01:44.260 --> 00:01:45.340 align:middle line:90% good. 00:01:45.340 --> 00:01:47.200 align:middle line:84% But for this video, we're actually 00:01:47.200 --> 00:01:48.700 align:middle line:84% taking a look at the virtual machine 00:01:48.700 --> 00:01:50.590 align:middle line:90% that they recently released. 00:01:50.590 --> 00:01:55.610 align:middle line:84% And it's in the - there is an updated version that came out. 00:01:55.610 --> 00:01:59.360 align:middle line:84% I want to say a couple of weeks ago from this video. 00:01:59.360 --> 00:02:03.280 align:middle line:84% So again, we're checking this out. 00:02:03.280 --> 00:02:07.900 align:middle line:84% It's going to be using - you could use VMware or VirtualBox. 00:02:07.900 --> 00:02:10.870 align:middle line:84% We're going to be running as a VirtualBox environment. 00:02:10.870 --> 00:02:14.110 align:middle line:84% And again, this is based off of Kali Linux, so pretty 00:02:14.110 --> 00:02:15.590 align:middle line:90% cool operating system. 00:02:15.590 --> 00:02:17.140 align:middle line:84% So why don't we take a look at this. 00:02:17.140 --> 00:02:20.750 align:middle line:90% 00:02:20.750 --> 00:02:23.100 align:middle line:84% So here I have my virtual machine. 00:02:23.100 --> 00:02:24.252 align:middle line:90% It's a VM. 00:02:24.252 --> 00:02:25.960 align:middle line:84% If we go into Settings, we can start kind 00:02:25.960 --> 00:02:27.430 align:middle line:90% of clicking around in here. 00:02:27.430 --> 00:02:31.390 align:middle line:84% We could see the system is only using 00:02:31.390 --> 00:02:35.410 align:middle line:90% about 2 gigs of memory, 2 CPU. 00:02:35.410 --> 00:02:37.540 align:middle line:84% So there's not a lot of system requirement 00:02:37.540 --> 00:02:41.200 align:middle line:84% to run this, which is nice it's a low footprint. 00:02:41.200 --> 00:02:43.690 align:middle line:84% Again, I'm running this out of Oracle VirtualBox, which 00:02:43.690 --> 00:02:45.478 align:middle line:90% is also free. 00:02:45.478 --> 00:02:47.020 align:middle line:84% And other thing you want to make sure 00:02:47.020 --> 00:02:48.898 align:middle line:90% is you want to take snapshots. 00:02:48.898 --> 00:02:50.440 align:middle line:84% If you click Snapshot, you can create 00:02:50.440 --> 00:02:52.450 align:middle line:90% a snapshot of the machine. 00:02:52.450 --> 00:02:55.410 align:middle line:84% And you can revert it back by clicking on it. 00:02:55.410 --> 00:02:56.980 align:middle line:84% So the nice thing about snapshots 00:02:56.980 --> 00:03:01.300 align:middle line:84% are that - when I set up a machine I will typically 00:03:01.300 --> 00:03:04.510 align:middle line:84% take a snapshot after I get it configured. 00:03:04.510 --> 00:03:06.910 align:middle line:84% Now what this allows me to do is, say, I'm 00:03:06.910 --> 00:03:08.830 align:middle line:84% doing an OSINT investigation, I run 00:03:08.830 --> 00:03:12.550 align:middle line:84% that Snapshot, I go through, I do my investigation, I finish. 00:03:12.550 --> 00:03:15.910 align:middle line:84% And when I'm done and I'm ready to do a new investigation, 00:03:15.910 --> 00:03:21.160 align:middle line:84% I revert Snapshot back to my clean pristine image, 00:03:21.160 --> 00:03:24.940 align:middle line:84% meaning that all the other stuff I did is all wiped out. 00:03:24.940 --> 00:03:26.500 align:middle line:90% It's completely clean again. 00:03:26.500 --> 00:03:29.650 align:middle line:84% I don't have to destroy the machine and set it up again. 00:03:29.650 --> 00:03:32.050 align:middle line:84% It just make things a lot more convenient. 00:03:32.050 --> 00:03:35.050 align:middle line:84% Likewise, if anything horrible happens, like I get a virus, 00:03:35.050 --> 00:03:37.570 align:middle line:84% it corrupts the system, something goes bad, 00:03:37.570 --> 00:03:41.450 align:middle line:84% I can revert the snapshot back to a clean state again. 00:03:41.450 --> 00:03:44.600 align:middle line:84% So again, really powerful tool, very handy. 00:03:44.600 --> 00:03:45.910 align:middle line:90% I do recommend using it. 00:03:45.910 --> 00:03:50.010 align:middle line:90% 00:03:50.010 --> 00:03:51.460 align:middle line:90% Now continuing on. 00:03:51.460 --> 00:03:58.890 align:middle line:84% So you can go to TraceLabs.org and grab the operating system, 00:03:58.890 --> 00:04:00.070 align:middle line:90% and it's freely available. 00:04:00.070 --> 00:04:03.600 align:middle line:84% So once you get your VM, if we go open a browser 00:04:03.600 --> 00:04:06.990 align:middle line:84% and go to the Bookmarks, you can see there's 00:04:06.990 --> 00:04:08.560 align:middle line:90% a lot of great tools in here. 00:04:08.560 --> 00:04:10.830 align:middle line:84% These are all web-based tools preloaded 00:04:10.830 --> 00:04:11.980 align:middle line:90% on the virtual machine. 00:04:11.980 --> 00:04:13.450 align:middle line:90% So it saves a lot a lot of time. 00:04:13.450 --> 00:04:16.470 align:middle line:84% So if we want to look at the Facebook ID or People 00:04:16.470 --> 00:04:18.010 align:middle line:90% Search or whatnot. 00:04:18.010 --> 00:04:19.649 align:middle line:90% we could take a look at that. 00:04:19.649 --> 00:04:23.010 align:middle line:84% And right here, this is Glassdoor, 00:04:23.010 --> 00:04:25.150 align:middle line:84% great for investigating companies. 00:04:25.150 --> 00:04:28.900 align:middle line:90% So in this case, we have Google. 00:04:28.900 --> 00:04:30.430 align:middle line:84% We can put in Google, and we could 00:04:30.430 --> 00:04:35.290 align:middle line:84% take a look at the company, how many views, salary, interviews, 00:04:35.290 --> 00:04:39.665 align:middle line:84% where they're located, the revenue, location, and whatnot. 00:04:39.665 --> 00:04:43.800 align:middle line:90% 00:04:43.800 --> 00:04:45.330 align:middle line:84% And again, that's in the bookmarks 00:04:45.330 --> 00:04:48.990 align:middle line:90% for this virtual machine. 00:04:48.990 --> 00:04:51.930 align:middle line:84% And likewise, again, you can - they have other tools in here 00:04:51.930 --> 00:04:56.282 align:middle line:84% like Check Usernames, which is handy 00:04:56.282 --> 00:04:58.740 align:middle line:84% if you want to type in username and see what other accounts 00:04:58.740 --> 00:04:59.700 align:middle line:90% they possibly have. 00:04:59.700 --> 00:05:03.220 align:middle line:90% 00:05:03.220 --> 00:05:06.350 align:middle line:84% And there's also a lot of tools built into the machine. 00:05:06.350 --> 00:05:09.850 align:middle line:84% So it's broken down by browsers, gate analysis, domains, 00:05:09.850 --> 00:05:10.480 align:middle line:90% and whatnot. 00:05:10.480 --> 00:05:12.820 align:middle line:84% Or you can click through all applications 00:05:12.820 --> 00:05:15.640 align:middle line:90% to find out what's on there. 00:05:15.640 --> 00:05:23.550 align:middle line:84% So we have Stegosuite, Exfil Data, Dumpster Diver, 00:05:23.550 --> 00:05:28.560 align:middle line:84% username checks, domain, sublisters. 00:05:28.560 --> 00:05:30.930 align:middle line:90% Metagoofil is another great one. 00:05:30.930 --> 00:05:33.390 align:middle line:84% HTTrack is great if you need a copy of website 00:05:33.390 --> 00:05:36.960 align:middle line:90% to investigate later. 00:05:36.960 --> 00:05:39.510 align:middle line:84% Email tools, different framework. 00:05:39.510 --> 00:05:42.870 align:middle line:84% Maltego is going to be a really powerful one to get into. 00:05:42.870 --> 00:05:47.020 align:middle line:84% Cherry Tree is great for notation taking. 00:05:47.020 --> 00:05:48.775 align:middle line:84% And we have more user name searches. 00:05:48.775 --> 00:05:51.560 align:middle line:90% 00:05:51.560 --> 00:05:56.060 align:middle line:84% So again, the Trace Labs VM is a great VM 00:05:56.060 --> 00:05:59.370 align:middle line:84% for OSINT investigation, especially if you - 00:05:59.370 --> 00:06:01.260 align:middle line:84% whether you're doing investigations or you 00:06:01.260 --> 00:06:04.440 align:middle line:84% haven't even started before, I highly 00:06:04.440 --> 00:06:07.440 align:middle line:84% recommend using the Trace Labs VM. 00:06:07.440 --> 00:06:09.155 align:middle line:84% So in wrapping up, OSINT can be done 00:06:09.155 --> 00:06:11.280 align:middle line:84% on pretty much anything with a browser and internet 00:06:11.280 --> 00:06:11.910 align:middle line:90% connection. 00:06:11.910 --> 00:06:15.720 align:middle line:84% Specialised tools such as Trace Labs OSINT OS 00:06:15.720 --> 00:06:18.435 align:middle line:90% can make OSINT much easier. 00:06:18.435 --> 00:06:20.880 align:middle line:84% It has a lot of great tools in there. 00:06:20.880 --> 00:06:23.970 align:middle line:84% These VMs should be ran for - VMs should be 00:06:23.970 --> 00:06:26.040 align:middle line:90% ran for investigations, rather. 00:06:26.040 --> 00:06:28.660 align:middle line:84% And you want to make sure that you take a snapshot, 00:06:28.660 --> 00:06:31.080 align:middle line:84% so that can always help with your integrity 00:06:31.080 --> 00:06:32.430 align:middle line:90% of your investigations. 00:06:32.430 --> 00:06:35.290 align:middle line:90% 00:06:35.290 --> 00:06:37.827 align:middle line:84% So this was about the Trace Labs VM. 00:06:37.827 --> 00:06:39.660 align:middle line:84% In the next video, we're going to be talking 00:06:39.660 --> 00:06:42.132 align:middle line:90% about tracking by IP address. 00:06:42.132 --> 00:06:43.090 align:middle line:90% Thank you for watching. 00:06:43.090 --> 00:06:45.140 align:middle line:90% I'll see you in the next video. 00:06:45.140 --> 00:06:47.000 align:middle line:90%