Lab – Information Gathering Using CSI Linux

Overview

In this lab, we will see how we go about creating a case number and conducting an Open-
source intelligence (OSINT) investigation. Open-source intelligence (OSINT) is information
gathered from publicly available sources used in an intelligence-gathering context. In the
intelligence community, the term “open” refers to overt, publicly available sources (as
opposed to covert or clandestine sources).

In this lab, we will be using the CSI Social Media Search Tool and Little Brother to perform a
passive information scan about a person or company using information quickly pulled from a
variety of Internet sources.

Begin the Lab!

Begin by logging on to your virtual install of CSI Linux. Ensure you have an Internet
connection. Since this is a passive scan, we do not need to use the CSI Linux Gateway.

Once the desktop has loaded, from the bottom taskbar, left-click once to launch the Social
Media search tool.

This tool is linked to the case folder located on your desktop, where all your cases or built and
stored for easy organization and access.

Once the search Media tool is launched, you are prompted to create a case number. If you
look inside the case folder shortcut located on your CSI Linux desktop, you will note the
folder has only two subfolders. In some cases, the folder will be empty.

In the Case Name screen, type in a case name or number. For this exercise, I have named the
case, Case101. Make sure there are no blank spaces in the title. Click OK.

1
© 2018 syberoffense.com All Rights Reserved
Now, if you open the Cases folder located on your desktop, you will see a new case folder has
been built.

If you open the Case101 subfolder, you will see several additional subfolders all designed to
help organize and manage your investigation. Feel free to reorganize and rename the folders
as you see fit.

2
© 2018 syberoffense.com All Rights Reserved
From our terminal, we have several search criteria to search with. In this example, we will
accept the default to search for a username. Click OK to accept the default. You are free to
search for any username you wish to use. In this example, I will conduct a media search using
my username.

On the next screen, type in the username you wish to search for. Click OK.

The search begins! Your results will vary. As you can see, I live a very social media-free life.

3
© 2018 syberoffense.com All Rights Reserved
Once the search completes, a browser will open, loading a large number of tabs. These search
results are what you can use to verify or not the information as being accurate.

You Can have all the positive hits loaded into a browser, after which you can save the results
as a text file to a subfolder inside your Case101folder. Over to the right of the taskbar is the
save button.

4
© 2018 syberoffense.com All Rights Reserved
Once you’re satisfied with the results, you can exit the social media app.

OSINT Using Little Brother

In this next lab, we will search for an individual using the OSINT information collection tool,
Little Brother.

5
© 2018 syberoffense.com All Rights Reserved
Little Brother is an information collection tool (OSINT) that aims to carry out research on a
French, Swiss, Luxembourgish, or Belgian person, but it will do US/English background
checks as well. It provides various modules that allow useful searches.

Open Applications and from the context menu, select OSINT / Online Investigations. From
the next content menu, click on Little Brother. Wait for it to load up.

From the menu, select number 1 to conduct a lookup.

available searches you choose.

On the next screen, select 2 for a username lookup. You’re free to conduct any of the

6
© 2018 syberoffense.com All Rights Reserved
At the next prompt, type in the username. Use your username or the username of your friend
or spouse. In this example, I am using my username — press enter.

The search begins!

You can see that the search results are very extensive but not always accurate. Each of the
entries is a hyperlink so you can visit the source to verify the information is valid or not.

7
© 2018 syberoffense.com All Rights Reserved
You would need to go through the results line by line. You can select any or all links, right-
click on any or all links and select to have it open in a browser or you can copy the links to a
text file.

Since the video was produced, CSI Linux has had a major upgrade. Strangely enough,
little brother is now only designed to carry out information gathering on a French, Swiss,
Luxembourgish, or Belgian person. There are no US or any other modules.
hackingarise20.home.blog/2019/07/03/little-brother-osint-scanner/
End of the lab!
© 2018 syberoffense.com All Rights Reserved