️♂️ Training Sample: Tracking Online Identities (Using Free Tools Only!)
Objective:
By the end of this training, you’ll be able to identify, research, and connect online identity breadcrumbs without spending a penny—just using open-source techniques and free tools.
Step 1: Start with Search Engines
Tools Used: Google, DuckDuckGo
Goal: Locate names, usernames, emails, and online activity using search syntax.
✅ Try These in Google:
| Technique | Syntax Example |
|---|---|
| Exact phrase search | "Samantha Reed" London |
| Search within a website | site:linkedin.com "Samantha Reed" |
| Exclude words | "Samantha Reed" -twitter |
️ Trainer Tip: Google hides gems if you don’t know how to ask! Try combining site searches with quotation marks for laser-targeted results.
Try This Now:
Search for:site:instagram.com “@sammie_reed”
What did you find? Is it a personal or business account?
Step 2: Dive Into Social Media
Tools Used: Facebook, LinkedIn, Twitter, Social Searcher, Twint
Check:
Profile photos – are they reused?
Comments & likes – who are they interacting with?
Locations tagged – any patterns?
Free Tools:
Social Searcher: Real-time public post search.
Twint: Twitter scraping without needing an API.
Investigator Insight: Even deleted Twitter accounts can leave echoes—check replies and mentions via Twint!
️ Step 3: Reverse Image Search
Tools Used: Google Images, Yandex, TinEye, ExifTool
Upload or paste the image URL into:
Yandex Images – especially useful for facial recognition!
Metadata Clues:
Use ExifTool on original photos to uncover:
GPS location
Date/Time
Camera device
Test It! Drop a profile image into Google Images. Any LinkedIn matches?
Step 4: Investigate Email Addresses
Tools Used: Have I Been Pwned, Hunter.io, EmailHippo
✅ Checklist:
️♂️ Breaches? → haveibeenpwned.com
Professional usage? → Hunter.io (Free tier)
Is it real? → EmailHippo
Hot Tip: A breached email often reveals usernames, passwords, or associated sites—a goldmine for pivoting!
Step 5: Domain and Website Lookup
Tools Used: WHOIS, Wayback Machine
️♀️ Find Out:
Who registered the domain?
Where are they hosted?
What did the website look like 3 years ago?
✅ Try:
Activity: Look up the domain from an email (e.g.
@bobsbarber.biz). Is the registrant name public? Any old versions of the site?
Step 6: Cross-Reference and Connect the Dots
Tools Used: Namechk, Sherlock (optional), Your spreadsheet
People often reuse usernames and emails. Link them together!
Try:
namechk.com: See where a username is registered
Manually compare usernames, handles, avatars, and bios
️ Connect:
| Clue | Found On |
|---|---|
@sammie_reed | Twitter, Instagram, Pinterest |
samantha.r@edu.com | Email, LinkedIn |
| Profile image match | Facebook + TikTok |
Note: Always record connections. Visual tools like Maltego (community edition) or even a mind map help build a solid case.
⚖️ Step 7: Keep It Legal & Ethical
Do:
Stick to publicly available information
Use VPN or anonymised browsers when needed
Document your methodology
Don’t:
Attempt to hack, phish, or access private databases
Impersonate others to gain access
Post findings without considering data protection laws
Pro Tip: Ethical OSINT = sustainable OSINT. Respect privacy, even when investigating it.
Wrap-Up Quiz: Test Your Skills!
✅ Match the tool to its use:
| Tool | Use |
|---|---|
| Hunter.io | a. Check data breaches |
| Twint | b. Find professional emails |
| ExifTool | c. Scan tweets & mentions |
| Have I Been Pwned | d. Read image metadata |
Answers at the bottom of the page
Share Your Toolkit!
What’s YOUR favourite free OSINT tool or trick?
Drop it below and let’s learn from each other.
Answers to Quiz:
Hunter.io → b
Twint → c
ExifTool → d
Have I Been Pwned → a