In this tutorial I will show you how to use Facebook for investigative purposes.
Facebook is not only the largest social network, it is the largest database of people in the world.
Facebook is one of the biggest sources of OSINT.
If you are an investigator or an analyst and spend your day collecting data on events, people and deep analysis, you are in the right place.
Make yourself comfortable and fasten your seatbelt!
Why investigate on Facebook
Almost two and a half billion people use Facebook every day. Considering that we are almost 8 billion people, there is a good chance that the target you are investigating can be registered on Facebook. If we consider your target's family, friends, acquaintances and colleagues, the possibility of finding useful information increases exponentially.
It's no coincidence that Trump and Obama won the election thanks to massive advertising campaigns on social networks. Some governments spend millions of euros to influence public opinion (including disinformation campaigns) and it seems that recently the FBI is recruiting spies around Washington.
But now I'm banning ciance.
Let's see what kind of information you can find on the social network.
What you can find on Facebook
The quality and type of information you can find depends mainly on the level of privacy and security of the person you are investigating.
The use has the possibility to restrict access to your content from your privacy settings.
Many users do not have a real interest in protecting their privacy (unless you have something to hide) and most of the content is public or visible to friends of friends.
So, even if you are not in a position to request friendship from the investigated subject you can still access various contents that, most of the time, the user thinks are visible only to his close circle of friends.
But what content can be of investigative interest?
- Post. Posts are text content typical of all social media.
- Comments . This is content responding to a person's post
- People . We can see a person's friends, i.e. those who are in direct contact and have full access to profile content.
- Photos and videos . The social network offers the possibility to publish multimedia content such as photos and videos. You can also integrate your profile with other social media. For example, a user posts a new photo on Instagram, automatically the photo will also appear on the facebook profile.
- Pages. The pages are completely public and followers can see new content of the following pages on their news feed. This option is very interested when investigating a known person, industry leaders, organizations or businesses. We will see later how to check if the page in question has advertising campaigns in progress.
- Places. The social network offers the possibility to share where you are, what you are doing and with whom. I am always surprised to see that thousands of people share the details of their daily lives online. It is also possible to make a targeted search by place. Very useful when you want to monitor an event.
- Events. Facebook also allows the creation of events (private and not) and invite other users. Guests have the option of accepting or rejecting the invitation. I confess that I use this function to participate in interesting events in the city but it is useful in many investigative cases.
How to investigate safely: create your own false identity
Before moving on to advanced investigation techniques, let's talk about the most important thing about an online investigation: your own security.
Never investigate from your personal profile.
I'll say it again.
NEVER INVESTIGATE FROM YOUR PERSONAL PROFILE.
It may seem obvious but I still see investigators collecting evidence using their personal email or social media profile.
What is the point of this rigidity?
If the purpose of your investigation is to find out who your neighbor's lover is, the risks of the operation are rather limited.
If you're investigating a terrorist organization and by mistake the mouse pointer ends up on "Like" a photo of a suspect and the latter goes to peek at your profile and notices your best photo in uniform... I wouldn't want to be in your place. As you may have deduced, this would compromise the whole operation.
So, what's the solution?
A cover profile.
Yes, exactly a fake profile.
Your profile should look as true as possible and show no doubt about authenticity.
If you have little imagination, don't worry.
Know that I don't have a lot of it either, you're a good company!
1. Create a fake identity
First, go to the fakenamegenerator. Select the gender and nationality of your avatar and create your own false identity.
The application will create more details than we usually need.
Note down the details we need and let's get on with it.
2. Create a real email address for your fake identity.
Fakenamegenerator offers some options but I recommend to use other better and especially real email providers.
If you are tempted to use popular services such as Gmail or Outlook you should know that the security controls are very high and often banned your account if you do not prove your identity. I recommend using smaller providers that have less controls.
3. Generate a true photo for your false identity
Use thispersondoesnotexist to create a photo of your avatar. The application is built on an artificial intelligence system. Merge thousands of real photos to generate the photo of a person who does not exist. Exactly what we need.
Let me introduce you to Aurora Toscano
4. Now you're finally ready to sign up on facebook.
For my investigations I often use a VPN but I noticed that sometimes facebook bans my coverage accounts. Over time I have created several profiles that I use for my investigations. Some of them are completely dormant, however the more active and dated the profile, the lower the chances that it will be banned..
How to do specific searches
In the past, the entire process of searching for and acquiring a profile was quite simple and automated thanks to the use of some tools. Unfortunately, Facebook continues to release updates that block most of the automations that worked.
That I'm about to show you is the only method still working.
Extract the ID of a profile, page or location
The ID is an essential element that allows you to identify a profile, a page or a place. There can be two profiles with identical names and photos but no profile has two identical IDs.
Use Chrome for this operation.
Open the profile or page you are interested in and right-click on an empty space. Click on view the source of the page
Press CTRL+F on the keyboard and type in the text box "entity_ID".
The sequence of numbers in grey is the unique identification code of a facebook profile
The best investigation tool
I have a collection of thousands of investigative tools but my favorite for facebook is undoubtedly Intelligence X . The tool is divided into two parts.
The first part is Facebook Graph Searcher that you could actually use directly within the Facebook search function. However, starting a search Intelligence X allow for more customization.
In particular, you can search for a keyword with the ability to select the day, month, time interval or a certain user profile or page by entering the ID.
In the second part of the tool, called Alternative Facebook Graph Searcher, there are the most interesting investigative options.
Here you can search by post, person, page, place, video and event by filtering or combining multiple searches with a time frame
Let's analyze a potential investigative scenario in which this fairy tale tool can be useful to you.
You have been on an investigation for a long time. Your only clue is a certain Matteo. You don't know his last name but you know he works at Fiat.
Unfortunately, you are not in a position to ask the company for a list of names.
Can Facebook help you in this scenario?
Of course it can!
First of all, we need to identify the ID of the Fiat facebook page.
Now that we have the ID, we can use Intelligence X.
Select the people search function and paste the ID into the Employer box.
Add the filter by clicking on add filter, type Matteo in Filter by keywords and finally launch the search by clicking on Open a URL in a new window.
And here are all the Matteo's who work for Fiat:
How to acquire digital data from a Facebook profile
Now you have everything you need to find your suspect's profile on the social network.
Once you have found the person you are interested in, all you have to do is acquire and save the digital content to deepen your investigation.
If for reasons of investigation, and within the limits of the law, you can access the social with your username and password you can download all the information on the profile held by Facebook at this link:
Otherwise, a tool called Extract Face helps us.
Extract Face is a free windows tool that allows you to download:
- profile photo albums;
- some details of users who have interacted with a page or a profile;
- download the list of friends of a profile (common friends included);
- download some reports on the comments of a post
- download the list of members of a group
Verificare campagne di advertising attive
Advertising on Facebook has become one of the most popular marketing methods in the world. On the other hand, it is the business model of the social network.
But how do you see if someone has active campaigns?
The social network has a database not only with active campaigns but also with past ones and we can even see the individual ADS used at the following link:
Just write and select the pages of your interest, possibly the country, and you can see all the active and not active ADS of a facebook page.
As you can see from the screenshoot below it seems that the Donald Trump has already started the election campaign:
However, if like me you use plugins and tools to block ADS and tracking I suggest you to disable them otherwise you will not see any ADS.
Shortcuts for lawyers and law enforcement agencies
Finally, all we had to do was talk about the formalities, that is, how to interact with Facebook for everything related to the legal and judicial aspects.
If you work with law enforcement or some state institution and you're in the middle of an emergency, you can submit official requests to Facebook at the following link:
For lawyers and jurists instead, guidelines on how to interact in case of some violation are here:
We've finally come to what is the most comprehensive Facebook guide for investigators.
At this point, if you've read through it, you can safely consider yourself one of the top experts in online investigations on Facebook.
However, Facebook is just one of many social media and represents a small part of the information it can find in cyberspace.
All these strategies and techniques are just a glimpse of what you'll find in our Investigation Masterclass course.
Investigation Masterclass is the most advanced and comprehensive course to master Open Source Intelligence and online investigations.
There are more than 30 lessons, dozens of hours of video content and worksheets to optimize your investigative work.
If you want to become a cutting-edge digital investigator now is the time.
You can sign up for the course by clicking here.
If you liked the guide, don't hesitate to share it with your colleagues and collaborators, I spent days putting together these words to help investigators and security professionals.
Until the next tutorial,