10 Top OSINT Tools Every Investigator Should Know in 2026

Modern OSINT platforms rely more on AI and automation, while older social tracking methods keep losing access due to privacy and API restrictions...

AI Agents Vs. Human Investigators: Balancing Automation, Security, and Expertise in Cyber Forensic Analysis

In an era where cyber threats are rapidly evolving, the reliability of cyber forensic analysis has become increasingly critical for effective digital investigations and cybersecurity responses. AI agents are being adopted across digital forensic practices due to their ability to automate processe...

US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case

A 25-year-old Bigfork, Montana man, Jeremiah Daniel Starr, used over 50 phone numbers and a VPN to harass a victim he called his "best friend," even staging a fake shooting. Learn more about the FBI investigation that traced 1,100 IP addresses to bring him to justice...

FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6

The 30-year-old Virginia resident evaded capture for years after authorities discovered pipe bombs planted near buildings in Washington, DC, the day before the January 6, 2021, Capitol attack...

How Private Investigators Handle Digital Forensics?

The world we live in is packed with data. Texts, emails, social media posts, deleted files, you name…...

Yogurt Heist Reveals a Rampant Form of Online Fraud

Plus: “MFA bombing” attacks target Apple users, Israel deploys face recognition tech on Gazans, AI gets trained to spot tent encampments, and OSINT investigators find fugitive Amond Bundy...

Microsoft: Iranian Nation-State Group Sanctioned by U.S. Behind Charlie Hebdo Hack

An Iranian nation-state group sanctioned by the U.S. government has been attributed to the hack of the French satirical magazine Charlie Hebdo in early January 2023. Microsoft, which disclosed details of the incident, is tracking the activity cluster under its chemical element-themed moniker...

The Fight to Cut Off the Crypto Fueling Russia's Ukraine Invasion

Blockchain investigators have uncovered at least $4 million—and counting—in cryptocurrency donations to Russia’s violent militia groups...

The art and science behind Microsoft threat hunting: Part 1

At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly or not so covertly penetrated an environment. This involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities. Why do incident...

The art and science behind Microsoft threat hunting: Part 1

At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly or not so covertly penetrated an environment. This involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities. Why do incident...

Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...

UK Cops Collar 7 Suspected Lapsus$ Gang Members

City of London Police have arrested seven people suspected of being connected to the Lapsus$ gang. The bust came within hours of Bloomberg having published a report about a teenage boy living at his mother’s house near Oxford, England who’s suspected of being the Lapsus$ mastermind. The police...

Msticpy - Microsoft Threat Intelligence Security Tools

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicator...

Law Firm to the Fortune 500 Breached with Ransomware

Campbell Conroy & O’Neil, P.C. – U.S. law firm to a dazzling array of huge companies – told its star-studded clientele that an intruder may have groped their data. It was hit with ransomware in February and is now suffering the data-breach fallout. That client list spans a slew of industries and...

Teen Behind Twitter Bit-Con Breach Cuts Plea Deal

Thanks to a new plea deal with the Florida State Attorney’s Office, the 18-year-old behind last summer’s breach of Twitter’s high-profile accounts will not be charged as an adult, and instead will serve his sentence in juvenile detention. Graham Ivan Clark was arrested seven months ago, and has...

How the Alleged Twitter Hackers Got Caught

Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks...

Ex-CIA Accused of Leaking Secret Hacking Tools to WikiLeaks Gets Mistrial

A federal judge in New York on Monday declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency's classified hacking and tools and leaking it to WikiLeaks whistleblower website. While the jury was unable to reach a verdict on eight...

The Missing LNK — Correlating User Search LNK files

Forensic investigators use LNK shortcut files to recover metadata about recently accessed files, including files deleted after the time of access. In a recent investigation, FireEye Mandiant encountered LNK files that indicated an attacker accessed files included in Windows Explorer search result...

How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown

Federal investigators focused not on offensive hacking efforts or surveilling communications, but on the transactions using cryptocurrency...

Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques

During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7’s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7’s new tools that we have called BOOSTWRITE and...