Guest Blogger: Vladislav Hamppu
Many people think that online investigation is just a Google search. In reality, it’s about working with digital footprints and automation. Using my recent case as an example, here is how it works in practice:
First Environment Setup
I don’t work from a standard Windows OS. For security and speed, I use Lubuntu via VirtualBox. This is an isolated environment where all my scripts and tools are pre-configured. This is the foundation of my investigation.
Second My Tech Stack
When I need to find out who is behind a shell website (e.g., csspg.com), I don’t guess — I initiate a process:
Maigret: I run nicknames and emails through 2,500+ services. This immediately gives me all associated accounts across social media and messengers.
Maltego: I connect the dots. If we have a phone number or an IP, I build a relationship graph. It instantly shows how one admin is linked to multiple different firms.
Blockchain Explorers: If funds move into crypto, I “follow” them to the exact exchange where the fraudster intends to cash out.
Third Identifying Procedural Defects
My specialty is finding errors in documentation and registration. Fraudsters are often lazy — they copy-paste Terms of Service and use identical IP addresses for different scams. I identify these overlaps, which then serve as hard evidence in court.
Fourth The Deliverable
Ultimately, the client receives a Technical Investigation Report, not just an “opinion.” It clearly outlines:
● Specific bank accounts (e.g., Intesa Sanpaolo) where the funds were transferred.
● Real identities of “front men” (nominees).
● Tool-generated screenshots as forensic proof.
The Bottom Line: OSINT is not magic; it’s a proper set of tools and a methodical approach. Fewer words, more data.
Forensic-Impact Articles
Investigating Fileless Malware Through Volatile Memory Forensics: Building an Open-Source DFIR Workflow
Guest Blogger: Anas Zahid Fileless malware has become one of the most challenging threats facing modern defenders. Unlike traditional malware, fileless attacks often operate entirely within memory, leveraging trusted operating system components such as PowerShell,...
Behind the Scenes of ClickFix: Blockchain-Based Dead Drop C2 Resolver
Guest Blogger: Manasi Joshi What if a malware’s C2 infrastructure wasn’t hardcoded—but resolved dynamically from a blockchain? I was recently analysing a ClickFix campaign. While analysing, I expected the usual—hardcoded domains, maybe some layered obfuscation. That’s...
Understanding the Risks of AI in Investigations
When data integrity is everything, hooking an AI tool directly into your investigation workflow is a major security gamble especially when dealing with sensitive evidence, login credentials, or PII. As AI becomes a standard feature in forensic tools and other digital...





