Investigating Military Deployments With Maltego And ShadowDragon SocialNet » Chargebackpros

Executive Summary 🔗︎

Analysis of social media by Law Enforcement and Government institutions is nothing new. With a great portion of our lives constantly documented online, it’s hard to deny the usefulness of the information they harbor.

Recently, TikTok users posted volumes of videos of the advancements of Russian forces across the Ukrainian border, documenting the escalation of the conflict and providing intelligence to the rest of the world. This material represents a valuable foundation for OSINT analysts’ investigations, providing a unique perspective on Russian military deployments in specific regions and during certain periods.

However, browser-based TikTok investigations are difficult and require a great amount of time, which is precisely what government agencies do not have during crisis situations. Amongst the biggest drawbacks is the basic search bar, which lacks advanced search options available on other social media platforms like Twitter. This makes result-filtering options according to time fencing or geolocation non-existent, leaving analysts constantly looking for needles in a haystack.

This is where Maltego comes in, as its data mining and data analysis features make up for limited querying possibilities while speeding up data gathering for a deeper analysis.

The following example shows how with Maltego, analysts can go from the general to the specifics of monitoring and analysis activities faster and more efficiently. To do so, we will broadly collect social media publications based on specific parameters, which will then be further filtered using time frames, specific text strings and geolocations to allow for initial authentication of specific posts.

The goal of the following workflow is to use Maltego to gather TikTok posts related to the current Russia-Ukraine conflict within a specific window of time and to verify them via geolocation data, when available.

Hub Items that will be of use for this investigation are SocialNet from ShadowDragon and Google Maps Geocoding. We will also use a series of custom-written Local Transforms to, for example, separate SocialNet’s results into two groups. The Hub Items are packed with out-of-the-box Transforms that serve standard investigative workflows. For everything else that may need to be customized, Local Transforms can be easily written using Python and the Maltego TRX Library.

Don’t forget to follow us on Twitter and LinkedIn and sign up to our email newsletter, so you don’t miss out on updates and news!

Happy investigating!

Leave a Reply

Your email address will not be published. Required fields are marked *