Guest Blogger: Vladislav Hamppu

Many people think that online investigation is just a Google search. In reality, it’s about working with digital footprints and automation. Using my recent case as an example, here is how it works in practice:

First Environment Setup

I don’t work from a standard Windows OS. For security and speed, I use Lubuntu via VirtualBox. This is an isolated environment where all my scripts and tools are pre-configured. This is the foundation of my investigation.

Second My Tech Stack

When I need to find out who is behind a shell website (e.g., csspg.com), I don’t guess — I initiate a process:

Maigret: I run nicknames and emails through 2,500+ services. This immediately gives me all associated accounts across social media and messengers.

Maltego: I connect the dots. If we have a phone number or an IP, I build a relationship graph. It instantly shows how one admin is linked to multiple different firms.

Blockchain Explorers: If funds move into crypto, I “follow” them to the exact exchange where the fraudster intends to cash out.

Third Identifying Procedural Defects

My specialty is finding errors in documentation and registration. Fraudsters are often lazy — they copy-paste Terms of Service and use identical IP addresses for different scams. I identify these overlaps, which then serve as hard evidence in court.

Fourth The Deliverable

Ultimately, the client receives a Technical Investigation Report, not just an “opinion.” It clearly outlines:
● Specific bank accounts (e.g., Intesa Sanpaolo) where the funds were transferred.
● Real identities of “front men” (nominees).
● Tool-generated screenshots as forensic proof.

The Bottom Line: OSINT is not magic; it’s a proper set of tools and a methodical approach. Fewer words, more data.