Osint Me setup part 2 – software

In Osint Me setup part 1 I discussed hardware and operating systems necessary for creating a good working environment for open source intelligence gathering.

Equally important are some software solutions that will allow you to conduct online investigations in a safe and efficient manner.

So let’s dive straight in.

Virtual Machine

Although not essential, a virtual machine is the preferred and most recommended method of engaging in OSINT.

As I already explained, virtualisation is a process of using real hardware to create a virtual version of another computer’s operating system.

It allows a user to run simulated, multiple environments of virtual machines, which can access online resources or interact with other computers as if they were real hardware.

One very useful feature of a VM is the ability to create “snapshots” – the machine will create a virtual image of itself at a selected moment and the user can always revert to that snapshot moment in the event of a fatal error or a virus infection. This powerful feature is particularly useful when investigating malware or when downloading files from suspicious sources.

The only VM software that I currently rely on is Oracle Virtual Box – mainly because it’s free and intuitive to use.

Virtual Box running a Linux Ubuntu VM

Virtual Box supports Windows, Linux and Mac OS as host operating systems.

The full, exhaustive user manual for Virtual Box can be found here.

You can pick your virtual operating system, clone it and (provided your hardware allows this) run multiple instances of it at the same time. Or you can simultaneously run several different operating systems using one host OS.

Additionally, you can import another copy of a pre-configured virtual machine and set it up.

(NOTE: it needs to be an OVF or OVA file!)

What’s particularly important when conducting an OSINT investigation is configuring virtual storage space within your VM.

This will allow you to download files, create records and compile reports without leaving the virtual environment.

Android OS emulator

An Android emulator is a solution similar to a virtual machine.

Its goal is to create a simulated virtual environment on your PC, imitating an Android mobile phone or tablet.

Android emulators are primarily used for testing apps in various stages of development, but can be easily adapted for OSINT purposes.

The reality is that some platforms (apps in particular) are not accessible through a desktop browser or don’t work as well. While a dedicated OSINT mobile phone or a tablet is certainly a solution, an Android OS emulator is simply a superior solution.

The reasons include, among others:

  • the ability to customise emulators and to operate their multiple versions;
  • the convenience of recording tasks and documenting every step of your OSINT investigation;
  • protection from malicious software and apps from untrusted sources on a physical device;
  •  the option to spoof GPS coordinates.
There are several free Android OS emulators available on the market. I personally rely on Genymotion because it’s very simple to use.
Genymotion interface

Configuring and using an Android OS emulator probably deserves a standalone article. There are several other alternatives to Genymotion and I intend to introduce them here and run some tests on them in the near future.

Virtual Private Network (VPN)

A Virtual Private Network is nowadays considered a backbone of online privacy.

VPN is a service that creates an encrypted tunnel between your host machine and a VPN server, which can be located abroad, even on another continent.

Your Internet service provider normally sees the traffic from your host to any destination, but with a VPN it only sees the connection to the VPN server and cannot decipher any other user information.

For more detailed information about VPNs, I recommend this Wikipedia article.

For all intents and purposes, TOR (which I discussed here) is a VPN. 

However, there is one important caveat here regarding using TOR as a day-to-day VPN: this is not recommended, because:

  • TOR is generally slower than any VPN available on the market;
  • TOR usage (but not network traffic) is detectable by ISPs and by websites you visit – and sometimes blocked by default;
  • TOR service is not designed for browsing the clearnet on a routine basis and will be hampered by captcha and various security alerts.

There are dozens of commercial VPN services out there. There are some free alternatives, but I would not recommend using any free VPN. 

The old saying goes: “If you’re not paying for a product, you are the product”. This is very much the case with a free VPN. One, you can’t fully rely on its protection; two, free VPNs are usually much slower than their paid counterparts and three, the free ones are nearly always plagued by ads.

Additionally, some VPNs actually track your digital footprint and use this information to sell to third parties.

I have tested several VPN services, both for OSINT and for daily private usage and I could recommend any of the ones below:

  • Nord VPN
  • Proton VPN
  • Private Internet Access
  • Express VPN

This concludes part 2 of the Osint Me setup. Stay put for more.

In the upcoming articles I will discuss some practical OSINT tools.

Don’t forget to subscribe!

1 thought on “Osint Me setup part 2 – software”

Leave a Reply

Your email address will not be published.