Social Media Investigation
Part1: Social Media Investigation — Using Maltego
Follow XIT on medium & UglyCompany on Telegram for more..
Hey there! Welcome to this blog, today we’re diving into the world of Social Media Investigation with the help of Maltego. Let’s rewind to 1997 when SixDegrees.com made its mark as the OG social media platform. It was the first to introduce real names, friend lists, and personal profiles, attracting a whopping 3.5 million users at its peak. Fast forward to today, and the social media scene has exploded, with billions of people sharing their lives online. What does this mean for investigations? 🤔 Well, it’s like having a treasure trove of data and clues right at our fingertips. 😈 So, Let’s explore the interesting world of Social Media Investigation. We’ll be using the cool tools in Maltego to find some really interesting information.
3 Easy Steps + Setup Guide 👇
[STEP 1]- Find A Profile To Investigate
Alright, let’s kick things off with the basics of social media investigation. When you’re looking into someone online, the first step is to locate their social media accounts. There are various ways to do this, and we’ll focus on at least six key points that can help us track down the individual’s social media presence.
- Name: Start with the person’s name. It often leads to Facebook, Myspace, or LinkedIn. But keep in mind, some folks avoid using their real name to stay hidden.
- Email and Phone: These are good clues because they’re usually shared between connected accounts. If two accounts share the same email or phone, they’re linked. But finding them is not always easy.
- Alias (Username): People often reuse aliases across platforms. It’s easy to search for them. However, unique aliases work better than common ones like “BlueDragon.”
- Profile Pictures: Like aliases, profile pictures can be searched, leading to accounts operated by the same person. Yet, it’s not foolproof, as different people may use the same image.
- Address and Bio: These are tricky. Addresses are rarely shared, but platforms like Pipl may help. Bios sometimes contain links to other social media accounts.
🧠 REMEMBER THIS BRO.. 👇
On social media, there are two types of info: stuff users willingly share and stuff they forgot to hide, either due to privacy oversight or not noticing. For instance, checking if two people are Facebook friends is the first type. But if you deduce they were at the same party through Instagram photos, that’s the second type.
The key difference? The first type is easily automated. Tools like ShadowDragon SocialNet can quickly pull common friends. The second type needs a human touch — careful scrutiny of a profile’s content. No one-click solution yet, and it’s time-consuming. Maltego and its SOCMINT data partners usually focus on the first type — automation-friendly info that we’ll be discussing in this blog.
[STEP 2]- Confirm You’re Investigating Right Profile
As this blog focuses into social media investigation, the first step is making sure you’ve got the right profile. Some platforms, like LinkedIn, often use real names and detailed profiles, making it easy to identify the person you’re looking for. If you start with a name, it’s straightforward. (Keeping own picture as a profile is common on platforms like LinkedIn & Facebook/Meta)
But if you start with an alias, things can get tricky. Profiles with less info might share the same alias but belong to different people. To clear this up, look for clues like location or other social media links in their bio. Check their posts and who they follow. Do they talk about things related to your person of interest? Do they follow accounts linked to a specific location? Maltego helps you organize this info into a graph to draw solid conclusions.
[STEP 3]- Using Maltego to Access The Information On A Profile
Maltego, along with its data partners, gives you Transforms — tools that fetch most of a profile’s data directly into your graph. This saves you time, avoiding the need to manually go through profiles, which might require an active account on certain platforms.
Yet, on some social media platforms, Maltego’s Transforms might not get all the info. For a thorough look, you may need to check the profile directly on the platform, either through an app or a web browser.
⚠️ A crucial tip: Never use your personal account for investigation. Create a separate account for research. Tools like this-person-does-not-exist.com can help you generate a realistic profile. Keep in mind, some platforms notify users when someone views their profile, like LinkedIn does.
In this blog series, we’ll walk through 6 standard investigative workflows using Maltego and SOCMINT, starting from various points.
Let’s Set up Maltego..
[1] Downloading Maltego
Download Maltego for Windows, Linux, or Mac machine from official website of Maltego. Remember to download the file with
.exe + Java (x64).exe if you dont have Jave preinstalled on your machine.
https://www.maltego.com/downloads/
[2] Activate Maltego
I’m poor so using FREE Community edition, you can use the same too ;) else rich guys can purchase Pro or Enterprise edition.
Free? So, Let’s register for a Maltego CE Account..
1.Go to https://www.maltego.com/pricing-plans/ and select Register.
2. Register with proper details & once done it will send you a confirmation email for account activation.
3. Install the setup that we downloaded in 1st step of setting up.
4. Now launch the Maltego from start menu & under Product Selection choose Maltego CE (Community Edition) as we are using Free for this blog. You can also Activate using Key if you have one purchased.
5. Then Configure Maltego using login credentials that we used while registration on website & you’re ready to start further.
Remember to choose ‘Chrome’ as web browser in Browser options while configuration.
6. Once its succefully configured, Install the Maltego Standard Transforms and other third-party Hub items and start investigating!
If you learnt anything from this blog, we’d appreciate your engagement — give it a clap and consider sharing to help spread the knowledge. Also Follow XIT on medium & UglyCompany on Telegram. Your support means a lot to us!
