Genealogy – Find a Grave

Find A Grave (findagrave.com) is the world’s largest repository of grave site information. The site is free and easy to use.

The site’s records are primarily from individuals uploading information. As a result, there may be different kinds of information available in different records.

Furthermore, any search that you run in FamilySearch.org will also check if that information is available on Find A Grave, thereby saving you the second step of searching in a second website. See bleow for a screenshot showing how a record from Find A Grave may appear in your search results in FamilySearch.org:

The Find A Grave Website

Nonetheless, the search function within the actual findagrave.com website is pretty thorough and gives a lot of different options for different ways to search for a record. Therefore, you may decide to try using the website itself.

For example, as you see in the findagrave.com search function below, you can even choose to search by burial plot information. That might seem like an obscure bit of information, but many records will identify the specific plot or cemetery section. Based on that information, you can search for relatives by looking for grave sites next to the first one, or for grave sites within the same section of the cemetery, possibly filtered for people with the same last name.

Below you see an example of the kinds of information that might be available in a particular record.

Your record may not always have identified family members, memorials, or photos, but you can generally count on four pieces of information being available:

1 – Name

2 – Date of Birth (and maybe location)

3 – Date of Death (and maybe location)

4 – The cemetery where they were buried

The first 3 pieces of information are very valuable because they provide unique details about a person that can help you find more records about them in different data sources. Maybe before you were searching for James Richard in familysearch.org but there were too many results. With this new information you can return to familysearch.org and filter your results to look for the James Richard that was born on June 19th, 1930.

The Cemetery Itself

The next step is to take the fourth piece of information (the cemetery) and go to the source. You want to go to the source of the information because there is often a bit more information there. You can either look the cemetery up online or consider contacting them to ask if they have additional records about the specific burial you are researching.

In one example, (see below) we see the name of the cemtery and a link to another page within Find A Grave that gives additional details about the cemetery.

The individual was buried at the Long Island National Cemetery and by clicking on the link for the cemetery, we are brought to this page below. In this case, the descriptor explains that the cemetery is for veterans and is run by the UD Department of Veterans Affairs. Notice that the description page provides a website for the cemetery, where we can find more information.

In this case, clicking on the cemetery’s website brings us to the VA’s National Cemeteries Administration, which has a “grave locator” function. See below:

In this case, looking up the record for the same burial site yielded new information, specifically the burial plot location, a link to a map of the graveyard revealing the location of the burial plot, and the rank and branch of the military where the individual served.

That’s all, good luck!

Genealogy Basics – FamilySearch.org

This post will identify free genealogy resources and how a beginner can use them. Over time, this post will grow to include additional resources with periodic updates. For now (November 11th, 2021) only one resource, FamilySearch.org, will be discussed. Future updates will include, but not be limited to:

Find a Grave – (findagrave.com)

Civil War Soldiers and Sailors Database – (https://www.nps.gov/civilwar/soldiers-and-sailors-database.htmhttps://www.nps.gov/civilwar/soldiers-and-sailors-database.htm)

Legacy.com/search – (a database of obituaries)

Heritage Quest – (a paid resource accessible via local libraries, including the Montgomery County Public Library)

FamilyTreeNow – (available at familytreenow.com) This is a free genealogy site that is akin to people-searching websites but focused on genealogy. There is an interesting Washington Post article about this site.

SIDE NOTE: If you are primarily interested in researching “the living,” Family Tree Now is a good resource for finding if a specific person (who is still alive) has deceased relatives. From there, you will be able to make use of genealogy resources.

FamilySearch.org

Family Search (FamilySearch.org) is a free resource, though it requires that you sign up for a free account, and a good starting point for genealogy research.

There are three key features worth noting, the basic search function, a wiki catalogue of regional databases, and a database of family trees that were built by individual account-holders.

To reach the basic search function, click on “Search” from the menu bar and then click on “Records” from the drop down menu.

Later on, you can return to this drop down menu and click on “Genealogies” or “Research Wiki.” Clicking on “Genealogies” will let you search family trees that were uploaded by users. “Research Wiki” is a wiki of different local genealogy-related databases that are specific to different locations.

You’ll want to start with the search records functions. The following search window will appear. If you submit a search here, the website will also search for results that are similar but not exactly what you typed (such as names there are spelt similarly to what you typed). If this give you too many results, then before getting started, it might be worth clicking on “More Options,” so you can choose to search for an exact spelling of a name.

The following window will appear and you will notice that there are options for search for exactly what you typed.

Data Sources

You can also browse the data sources available on Family Search by going to (https://www.familysearch.org/search/collection/listhttps://www.familysearch.org/search/collection/list)

This will help you know what to expect (for example, the Alabama State Marriage Licenses from 1816-1957 or Casualties from the Vietnam War). If you expect your ancestor is listed in one of these databases, you can click on it to search only records within that database. This is especially useful when your ancestor has a common name.

Two of the most important data sources to make note of in Family Search are the Social Security Death Index and U.S. National Censuses from 1790 to 1940 (Census data is only available if it is more than 70 years old), more on those data sources in upcoming posts.

That’s all for now.

Use Emulator to Research Someone’s TikTok Friends

One issue with TikTok is that you can only view an account’s followers and friends if you are using the app, which is problematic if you need or want to be using a web browser because it means you can’t view an account’s connections.

This post will address how you can use a phone emulator via your browser to get around this problem.

Free, Web-Based Emulators

There are several free (or at least, they offer a free trial) web-based emulators. For a list of emulators go to this article.

The article names a number of emulators, but for this post we will use BrowserStack.

Steps For Using Emulator

Here are the steps to use the emulator to view TikTok friends and followers.

1 – After signing up with a google account for a free trial on browserstack, I get this page below:

2 – After choosing one of the device options I get an emulator set up and appears as below:

3 – For the android device, I click on Play Store so that I can download TikTok. After opening Play Store, I log into my google account so I can access Play Store.

4 – I search and find TikTok and then hit install.

5 – From here, it is a simple process of finding and opening a TikTok page of choice, then click on “Following” or “Followers”.

6 – Finally, here we see the friends.

That’s it, you’re done!

Tips for Researching TikTok

There are a few tricks that can help a researcher looking at a TikTok account. We can look up archived versions of a TikTok account and we kind find what kind of phone and what kind of social media account was used when signing up for TikTok. There is also a tool that helps to search TikTok.

Web Archives

Archived versions of TikTok pages are actually saved in web archives. Archive.is has better data (saves full page and includes saved versions of the videos) but Archive.org is more likely to have saved versions of a given TikTok page. So it is worth checking both.

Archive.org

Here we see that Archive.org has 79 versions of the Tik Tok page we are researching.

Here is what the page normally looks like in TikTok

Here is one version in Archive.org, it only shows the bio information from the page. There were occasional examples of the page that showed the videos, but it was not possible to play any of them.

More often, I got this:

Archive.is

By contrast, when searching for the same page in Archive.is, there was only one captured version of the page available, but it had the full page and contents available, this includes ALL videos and they could be played too.

In addition, we I click on one of the videos, the following page opens up in Archive.is and the video itself is actually playing.

What Type of Social Media (and Phone) They Used To Sign Up

We can find a TikTok user’s what kind of phone the user has, another type of social media account they use (which they used to log into their TikTok account), and their unique account ID number all thanks to a method discovered by Jake Creps (@jakecreps, jakecreps.com).

This works by opening up a TikTok page, right-click on the screen and select view page source, then do a word search for “user/profile”, and you will find a line of code that looks like this:

<meta property=”al:ios:url” content=”snssdk1233://user/profile/6746264168812659717?refer=facebook“>

Note that:

1 – “meta property” identifies the user’s device as “iOS” or “android”

2 – “content” will provide the unique profile ID number, it is not entirely clear how much a profile ID is valuable, but it does not change and you can google the number with “tiktok” to pull up the account in question.

3 – “refer” will identify the social media type that the user was logged into when signing up for or logging in to TikTok. The most important aspect is that it shows another account.

Walkthrough With A Bit More Detail

Ok so here is a walkthrough for finding the social media type that was used to sign up/in, but with a bit more detail:

First, open a TikTok account’s page (you don’t need to have a TikTok account for this to work)

Right-click and choose “view page source”

Do a word search for “user/profile”

We see the profile ID number

If we wanted, we could google the number and we pull up the acccount.

Returning to the data we found, we see further along the same line that the “refer” section shows that the user has a Facebook account and the “meta” section shows that the user uses an Android phone.

And further to the right we see that the user also uses an iOS phone.

Search Tool

Finally, Osint Combine has a tool for searching TikTok. It is not a game-changer but it does make searching TikTok easier.

https://www.osintcombine.com/tiktok-quick-search

Interested in More?

BeenVerified has a very interested research guide with more tips. See  How to Find Someone on Tiktok: 6 Simple Tips 

Okay, that’s it!

What You Can Learn From a Phone Number

This posts addresses some of the tools that have become available for obtaining information about a given phone number. The prevalence of app-based caller ID has made it possible to identify the owners of unlisted numbers and even identify how they are casually referred to by associates.

WA Tools provide a resource that lets you know if a phone number has downloaded WhatsApp, whether they are active on WhatsApp at that moment, and most importantly it can even (usually) download their profile photo.

Though this is only indirectly related to the phone number, there is also a tool that lets you search (based on name / username) for and view skype profiles.

HLR (home location registry) lookups can potentially reveal general location data about the phone user.

Finally, this post summarizes previously discussed sites and information for researching phones with data breaches, Python, and people-search tools.

App-based Caller ID

True Caller – (truecaller.com) & Sync.me (sync.me) are two widely used apps with over a billion numbers combined. The apps access the contacts lists of their users and will identify a given number based on how people identify it in their contacts list, (i.e. “john – computer guy”). This is especially useful for phone numbers that are not listed in more established sources.

WhatsApp

WA Tools (https://watools.io/) can be used to search on any phone number and then find if it has WhatsApp, if the user is on WhatsApp at that moment, and download the user’s WhatsApp profile photo

Skype

The tool Skypli (https://www.skypli.com/) (recently discovered thanks to @OsintTechniques) lets you search for a Skype user by name and, if you find them, open their profile which can reveal name, location, profile photo, username and/or possibly other information.

HLR Lookups

HLR-Lookups.com will want you to sign up for a free account but it is worth it as it shows you the following information that, in theory, includes whether the number is actively roaming. However, Roaming means you are out of your network provider’s territory and is often a sign that the phone, and its owner, are traveling abroad.

Hlrlookup.com will identify a general region where the phone number was issued (see bottom portion of the table below), even if the area code is from a different location. This gives a better feel for the current actual home base of the phone number’s owner. In other words, they may have gotten the phone number and then moved to a different part of the country.

Intelx Phone Search Tool – (https://intelx.io/tools?tab=telephone)

Intelx.io has two great tool-aggregators for searching phone numbers. The first is for international phone numbers and the second is for US Phone numbers.

US-Focused Phone Search Tools

Previous posts addressed that there are several US-focused phone number lookup tools. For convenience here is a list:

truepeoplesearch.com, fastpeoplesearch.com, and freepeoplesearch.com – People search tools (all three seem to have access to the same data) –

thatsthem.com and searchpeoplefree.com – Similar to the people search tools but these two seem to have access to different data

calleridservice.com – Caller ID-based information

Data Breach Websites

There are several data breach websites that let you lookup phone numbers, but anecdotal evidence suggests it is not as likely to find results compared to email addresses.

breachdirectory.tk/ 

dehashed.com 

haveibeenpwned.com 

leak-lookup.com

Python Phone Lookup for Instagram, Snapchat

A previous post explained how to use a Python script named Ignorant to find if a phone number had been used to register accounts on Instagram or Snapchat.

If you believe you have then found the correct Instagram account, another post described how to use a Python code named Toutatis to see a partially obfuscated phone number used for the account. You can use that to confirm if you found the correct account.

Ghost Codes – There is a website called Ghost Codes, associated with an app with the same name. The website is a databases of Snapchat-users, limited to those who also have the Ghost Codes app, and for each user in the database there is info on their snapchat profile and other social media accounts.. The database only includes the users who have Ghost Codes and Snapchat.

How to Search Pastebin Websites for Data Breaches

What are Pastes?

According to HaveIBeenPwned.com, “Often when online services are compromised, the first signs of it appear on “paste” sites like Pastebin. Attackers frequently publish either samples or complete dumps of compromised data on these services. ” (click here for more information)

What is Pastebin Specifically?

According to a post on Echoshare.net,:

  • Pastebin is a website that allows users to share plain text through public posts called ‘pastes'”
  • “There are many similar web applications, known as ‘paste sites'”
  • “Paste sites are commonly used for sharing code.”
  • “Pastebin specifically is user-friendly, supports large text files, doesn’t require user registration, and allows for anonymous posting if the user has a VPN. “
  • “This allows black hat hackers to easily and anonymously breach data in an accessible place.”
  • Finally, per the Pastebin FAQ, search engines will only index the public pastes

How to Search Pastes?

The following are two good tools for searching pastes. Keep in mind that data breaches are often taken down after discovery on pastebin sites so you have a limited window of opportunity to find the raw data. Eventually, the info will filter down to the data breach sites mentioned in a previous post.

Pastebin Search Engine – (https://pastebinsearchengine.blogspot.com/?m=1&amp;s=03) as its name says, this is a search engine for pastebin websites.

PSBDMP – (https://psbdmp.ws/) this site vaguely describes its data as follows, “Psbdmp collects data automatically from different sources and is not responsible for the data’s content,”

Identify a Company’s Employees

This post explains how to find a company’s employees by using publicly available OSINT tools.

A previous post explained how to find employees’ work email addresses for any company. That process simply required that you search for the company’s website domain in the tools Phonebooks.cz, Snov.io, and Hunter.io to look for email addresses that have the same domain as the company’s website. This process gave a list of work email addresses used by employees.

This current post will address how to identify the users of those email addresses in addition to other company employees as well.

Who Owns the Email?

Using the list of work email addresses that we gained from the aforementioned tools, we can identify the person that uses the email address. We start with the email username which will be a partial identification of the person’s name. Usually there will be an established pattern where “John Smith” working at “Fake Company” will be something like “jsmith@Fake_Company.com”.

From here we go to the website aihitdata.com.

AIHIT identifies company employees from corporate registrations, domain registrations, social media, company websites, and other sources. It logs each name and title and even continues to monitor its sources in case a new name appears on a registration and replaces an old one. For any company in a country with public corporate registries (like the United States) you can assume it will appear in this database.

We search for our company by name in the search bar and then in the results page we click on “people” and we receive a list of employee names, titles, and sometimes their work email addresses.

From here we can take an educated guess about who owns which email address. For example, you can see on the right that an employee named Alexander has the username “al” for their email address. From here we can search for the personal contact information for each employee using professional recruitment websites like Apollo.io, Contactout.com, and Rocketreach.co.

Professional Recruitment Websites

These websites have databases full of the names, titles, and contact information for employees of various companies large and small. The sources of their data are not clear. Rocketreach.co vaguely states that their information comes from “publicly sourced data,” and their leads are  “generated by tying together 100s of pieces of data using learning algorithms”. What IS for certain, is that there are a lot of complaints by people on sites like Reddit and Trustpilot (see here and here) claiming that these sites are publishing personal contact information that was not intended to be public.

Professional recruitment websites have databases that are specifically built so that you cannot find someone by their name. Instead, you have to search using someone’s employer and title. Now that we have linked a number of work email addresses to a name, title, and employer, we can search for them in these websites. Note that these websites will require that you sign up for a free account if you want to see the person’s contact information.

Here we see the same employee on Apollo.io and the site offers to give you their work email and personal phone number if you get a free account.

And here on ContactOut.com we see the employee’s Gmail address is available

You can find more information about the employee by searching for their email address in Breach Data websites, which were explained in a previous post.

That’s it, you’re done!

What To Look For When Researching a Twitter Account

Here are some key features to look for while:

Views on primary topics – First, look at the main topics they discuss and then click on one of the bubbles to find all the tweets on the topic. Read through a few tweets to get the account user’s view on the matter. So for example if one of the main topics is “President”, you can read through the tweets to see if they are pro or against the president

Specific details of their life – look for topics in the small bubbles to find the errant tweets that reveal details about their life, so maybe the bubble that says “wife” will link to a tweet saying “…my ex wife….”

Find closest associates – look at main usernames that are in primary topics and (unless they are a celebrity), look at 5 of them in a row to find common features that can reflect the original account user.

Find relatives – use All My Tweets to list all followers and do a quick word search for the original account owner’s last name

The account’s first follower – this is often someone close to the user. Use All My Tweets to get a full list of the account’s followers. Scroll all the way to the bottom and you will see the first follower there.

Assess relationships – use Tweet Beaver to display “conversations” between the primary twitter account and its close associates. Do they interact or just retweet?

Location – If you cannot find the account owner’s location directly, consider looking for locations of close friends and family in their bios or Geo Social Footprint. Try to identify time zone based on Sleeping Time.

Are staff members tweeting – for famous / powerful individuals, the tweets sometimes come from the actual person or staff members. Often, tweets from the person come from a phone and at any hour while tweets from staff come from a computer during the day. Use Twitonomy to identify the platform used for individual or all tweets. If the tweet came from a phone (it will say “Twitter for Android” or “…Iphone” etc.) or a computer (“Twitter Web App”).

Short NEW List of Good Tools to Research a Twitter Account

Truth Nest

TurthNest (https://www.truthnest.com) look under “Activity” and there’s an option for “Mentioned Users” that shows you which users the targeted account mentioned the most times. You can click on “view latest” under each account to look at the specific tweets of the targeted account mentioning this user. You can also click on the account names to open their Twitter accounts and see their bio pages. This doesn’t sound useful but if you click on an account name in most tools it will merely search for the account in the tools itself. It is useful to right-click on 5 of these accounts in a row and choose to “open in new tab” so you can look at them all at once and find common features.

Tweet Topic Explorer

Tweet Topic Explorer (http://tweettopicexplorer.neoformix.com/) identifies the most common words tweeted from the account (excluding useless words like “the”) and allows you to click on any of them to immediately see a list of the tweets with that word. Scan the map for words that might reflect important things about the account user like political views or profession.

See this post here for how to find an account’s closest friends.

Or, see this post, for how to manipulate data and view original posts, most important topics in content, or rank other accounts mentioned in tweets.

Tweet Beaver

Tweet Beaver (https://tweetbeaver.com/) has a variety of tools that are especially useful for assessing a relationship between two accounts (common followers, what have they tweeted at each other, etc.)

Geo Social Footprint

Geo Social Footprint (http://geosocialfootprint.com/) should show a twitter account’s geotagged tweets on a map and link to the tweets themselves. If you get an error message when you run a twitter account, like “map cannot display”, that often just means that there are no geotagged tweets. Based on the twitter api limitations, it is reasonable to guess that the tool looks at the last 4 thousand tweets.

For geo context, you can find what people nearby are tweeting about by using (https://www.omnisci.com/demos/tweetmap) or (https://onemilliontweetmap.com/).

All My Tweets (https://www.allmytweets.net/) is a great tool to find an account’s first follower. Just select the account to search, click in “Followers” and it will give you a list of followers in chronological order, so scroll to the bottom. A number of investigative reporting guides suggest that the first follower is often a person that has a close relationship with the account holder.

This tool will also list all of an accounts tweets in a list that can be copied and pasted into a CSV file.

Other useful tools include:

AccountAnalysis (https://accountanalysis.app/) this tool categorizes an account’s content to assess relationships and interests. It is similar to Tweet Topic Explorer in that in that it will analyze content of tweets and click on one thing (like a username) and the tool will identify the tweets that reference the account.

Below you see that for the analyzed account, the tool identifies the accounts that it replied to, retweeted, or quoted the most. This is a great way to quickly identify accounts that reflect your subject’s interests or associates. Tweet Topic Explorer takes more of a broad brush approach. But in this tool we can choose to focus on accounts that the subject account replied to rather than retweeted.

The tool lists Hashtags and URLs, which are a great way to figure out the account’s interests.

If you do not understand anything on the page, there is a very useful help section that details all of the analysis fields.

The only drawback of this tool is that you need to specifically request at the top if you want to analyze more than the last 200 tweets., Likewise at the bottom where it lists the tweets that reference the topic you clicked on, it will default to showing you 12 tweets and you have to click for it to load more. This presumably allows the tool to run faster and crash less.

.

Python for OSINT: Find Google Accounts with GHunt

This post will walk through how to use the Python script GHunt via gitpod.io, which lets you search an email address to find the associated Google Account and pulls relevant information from it. Google account

GHunt is located at https://github.com/mxrch/GHunt , and was developed by mxrch on Github.

Running GHunt

1 – Go to:

https://gitpod.io/#https://github.com/mxrch/GHunt

2 – type the following command and then hit enter:

docker pull mxrch/ghunt

3 – copy and paste in this next command and then hit enter:

docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt check_and_gen.py
docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py email
docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py doc

4 – The file will ask you one at a time to input your google cookies, you only have to do this once.

You get the following prompt to find your google cookie “SID”

Find Google Cookies (using Firefox or Chrome)

a.) Log in to accounts.google.com

b.) After that, open the Dev Tools window and navigate to the Storage tab (Shift + F9 on Firefox)
If you don’t know how to open it, just right-click anywhere and click “Inspect Element”.

c.) For Google Chrome (sorry, not sure about Firefox) you click on application

d.) Then on the left side click the triangle next to Cookies so it is directed down. Then click on

https://myaccount.google.com

e.) Now your cookies appear in the menu to the right.

f.) For each cookie that you need, the script will identify its by the cookie name, which you can find in the Name column.

g.) So the first cookie that was asked for was SID:

So we go to the menu and under Name we find SID

h.) Then we copy the Value and paste it in where the file asked in gitpod

j.) You will be prompted to find and input the cookies named SID, SSID, APISID, SAPISID, and HSID.

Now lets return to step 5 in the process of running GHunt.

5 – Now in order to search for the Google Account of an email address, type in the following command (but with the email address where it says “<email_address>” (also remove the carrots)) and hit enter:

docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt check_and_gen.py
docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py email
docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py doc

SIDENOTE: GHunt can also research a Google Doc. To do so, get the document link and run the following command:

docker run -v ghunt-resources:/usr/src/app/resources -ti mxrch/ghunt ghunt.py doc

And here is the kind of results you may receive (name, location, photos, etc.):

When I click on the Google Maps link (gitpod requires you to hold down Ctrl while you click on the link), I get the account’s profile photo and a review on Google Maps at a specific location.

Don’t forget to hit Save within the Gitpod workspace so that you do not need to input your cookies in the future!