Information on the internet is not just about finding content on different websites. When you are doing investigative research, questions like “Who is providing the information?” or “How do I find out who the owner of this website is?” might become a crucial detail in your story. Accessing this “second layer” of the internet might seem tricky, but there are lots of tools that make it easier to access some of that information. This article is only an overview of the most important tools for investigative online research. Under the buzzword “open source intelligence” (or OSINT), you will be able to find countless more instructions that explain how open source intelligence tools can be used for online investigation.
What is Whois Information?
So-called “Whois Information” is legally mandated information about websites or domains on the internet. To register a domain on the internet, users have to provide certain data that is publicly available. Whois information is a widely used style of storing and listing this exact information about ownership and contact details for domains.
Whois information includes:
- Name and contact information of the registrant (person or user who owns the domain)
- Name and contact information of the registrar (person or company who has registered the domain)
- It also includes the registration dates, the names of the servers where the domain is hosted, the date of the most recent update, and the expiration date
Online services such as whoxy.com or ICANN lookup will provide you with this information if it is available (sometimes it is blocked or restricted). You just have to enter the domain you are interested in into the search field on their website. Whoisology provides a big historical Whois database that also lets you find connections between different websites.
Other Ways to Investigate a Website
If the Whois-search does not provide any useful information, this Git-Hub page has an excellent checklist with more things you can try to learn about a website’s owner. The Kit also provides a more detailed deep dive into investigative information behind a website.
Offensive Security Cheat Sheets also offers an overview of different workflows to extract information, depending on the information you’re starting with. It has not been updated since 2022 and a lot can change in the OSINT community in that time but is still offers a great starting point and a good overview.
How to Look Up Deleted or Old Websites
WayBack Machine is basically the archive of the internet. It comes in handy if a website is deleted or has been changed, and you want to look up a past version of it. For any given website, WayBack Machine tells you if it has archived the site and if so, for which dates archived versions exist. You can also use it to save websites in their current condition and later use WayBack Machine as a source. Here you can find a more detailed description of how to use this tool for journalistic purposes.
Monitor Website Changes
Distill.io: This is a tool that comes in handy when you want to monitor a website for changes. It is a Chrome extension that alerts you when a website is modified and you can get started for free. Visualping.io follows the same principle, but is not bound to the Chrome browser. It will send you an email when a previously defined part of a website changes.
Improve Your Google Results:
Did you know that Google gives up to 62 percent of the results on its first page to companies and websites that are either owned by Google or closely affiliated with the company? This clutter might push relevant information to the margins. Simple Search is a browser extension for Chrome and Firefox that works with Google and Bing. It filters out the search-engine affiliated results, thus providing you with an alternative list of sources that might be worth looking at.
Document Your Results:
When you are doing online investigation, it is just as important to document your results well. This thread provides a introduction and further resources on how to keep track of your results:
#OSINT Methods:#Documentation of leads, processes, and findings is an essential part of any investigation and involves methods such as notetaking and creating mind maps, network visualization, screen and page captures, site archiving, and content downloads…
— TRADECRAFT (@TRADECRAFT14) July 11, 2022
1/10 🧵👇 pic.twitter.com/s3bEP5agIp
More Resources for Online Investigation
The cosmos of tools that help you with investigation on the internet is big and ever-changing. Here are resources that provide you with a great overview of more available tools and their possibilities.
Bellingcat’s Online Investigation Toolkit is an extensive table with a great overview of online-investigative tools on a wide range of topics that is regularly updated when tools are discontinued.
OSINT Essentials and Offensive Security Cheatsheet are websites that provide a great overview of available OSINT tools: from Metadata extraction to web-monitoring.
Datajournalism.com is a great website for a lot of topics, but here are two especially useful articles on how to investigate a website and how to track actors across several platforms.