In this article, you will find important information about using wallet analysis tools in the field of cybersecurity.
464 
In today’s digital world where information is critical, OSINT (Open Source Intelligence) is a key element in uncovering important data. In this article, we examine how gap analysis can be an important tool for continuing OSINT investigations, providing deeper understanding and uncovering hidden connections. Gap analysis is a method that focuses on identifying missing pieces of information that may be key to understanding the big picture. Applying this approach allows you to discover hidden relationships, unexpected connections and important details that often go unnoticed in traditional analysis. In this article you will find an in-depth understanding.
We will explain how the identification and analysis of information gaps can help to better understand the subject of the investigation. Detection of hidden connections. We reveal how gap analysis can reveal connections and relationships that remain invisible in conventional analysis. Improving the data collection strategy. We will discuss how analyzing missing pieces can optimize data collection approaches, making the process more efficient. Applying gap analysis to OSINT investigations can significantly improve the quality and depth of findings. This not only helps in identifying hidden connections and key information elements, but also promotes more effective use of existing data. Through gap analysis, researchers and analysts are able to dig deeper into context and find answers to complex questions that may arise during an investigation. This method allows not only to discover the unknown, but also to rethink the already known. It helps to identify weaknesses in the collected information and to determine where further efforts should be focused. The use of gap analysis in OSINT investigations contributes to a more objective and comprehensive analysis, allowing to obtain more accurate and reliable results.
With any type of OSINT investigation, it’s easy to collect massive amounts of data in a very short amount of time, but what do you do with it all? There are thousands of tools you can use to get information from all kinds of sources, but how do you prioritize it? What information is relevant and what is not? How to continue research and not waste time on pointless searches that lead nowhere?
Consider Mueller’s investigation into President Trump: More than 500 search warrants were executed, more than 2,800 subpoenas were issued, 230 telecommunications records requests were made, and nearly 500 witnesses were interviewed, all to produce a 448-page report. The Skripal poisoning investigation took more than 900 witness statements, seized 2,300 pieces of physical evidence and reviewed 4,000 hours of CCTV footage. All of these investigations were very different in their objectives, but they all had to collect and evaluate vast amounts of information to achieve their goals, but how did they avoid being overwhelmed? Of course, it helps that these inquiries are adequately resourced, but important investigative decisions about where to go next are still only made by a small number of senior investigators. How do they keep everything on track and not drown in data? How do they decide what is important and what is not? What determines where they will go next?
If you’re just starting out in OSINT investigations, or even if you’re very experienced, you’ll notice how easy it is to gather a lot of data and how easy it is to go off on many tangents. Of course, most OSINT investigations are not on the scale of the Mueller Report or the Skripal poisoning, but the same decision-making method used by experienced investigators in major cases can also be applied to smaller-scale investigations to help sort through the data, focus on what’s important, and then decide what to do next. The method is known as gap analysis.
Gap analysis is a simple but highly effective way to focus your investigation on what matters and avoid unnecessary and confusing tangents. The name comes from the fact that it is used to evaluate all known information and then identify gaps where further inquiries are needed. It is not specific to OSINT, but can easily be applied to online investigations. He uses four simple questions to review the information he’s gathered, evaluate it, and then decide what to focus on next.
1) What do we know?
2) What does it mean?
3) So what do you need to know?
4) How can we find out?
Rather than rushing ahead and jumping from one tool to another in the hope of a quick win, gap analysis ensures that the approach is more methodical and precise. You can be fast and accurate with OSINT, but it’s not often you can do both!
Even if you’re completely stuck at the beginning of an OSINT task, or perhaps just overwhelmed with information, applying these questions to the data in front of you will help you determine where to start. Also note that thinking about what tools or resources to use only applies to the fourth question: “How can we find out?” While knowledge of available OSINT tools is important, they will never get you very far unless used in conjunction with good investigative technique. The method will determine which tools to use.
The May 22 Quiztime task was quite difficult to begin with, but could be solved by using a gap analysis to determine what information was available and what needed to be done next to solve the task.
Tillman posted the image below and asked two questions: 1) Was there another flight between him and Easyjet? 2) Where was the Easyjet plane flying to?
He also told us that the image was taken on May 12, 2019, and that it was his outbound flight. Tillman often posts from Tirana, where he is based, but he was clear that this was an outbound flight and he was not heading to Tirana. The first thing to do was locate Tillman and work from there.
There was no way to solve this instantly, but through systematicity and gap analysis, there were several ways to find a location and start moving in the right direction.
This is May 12, 2019.
An Easyjet plane on the runway ahead of Tillman’s plane.
In the picture there is a plate with the inscription “BB 25”
Tillman’s plane was also at the airport from where Easyjet flies.
A sign can tell us something about a location.
Which airports does Easyjet fly from?
What does the BB25 sign next to the runway mean?
Get a list of destinations Easyjet flies from.
Find a guide that explains airport runway directions.
So the gap analysis gave me something to work on. Finding out where Easyjet flies from is very easy – their website and this Wiki page have all the destinations, but they fly from 136 different airports. I could look at every single airport in Google Earth and compare it to a photo, but that would take a long time and I would quickly become overwhelmed with information.
The runway sign was more promising. A quick Google tells us that “BB 25” means that this sign marks the BB taxiway for Runway 25 – a vital piece of information that will help solve the puzzle much faster.
Each individual runway has its own number, or rather two specific numbers. A runway takes its number from the compass to which it is pointed. For example, a runway facing west (with an angle of 270 degrees) would be called runway 27. However, sometimes planes use different ends of the runway to take off depending on the wind direction, so the runway gets a second number, when planes use the opposite end. Since runways are straight lines, the opposite end of the runway will have a compass direction that is 180 degrees opposite the other end. So if one end of the runway points 270 degrees, the other must point 90 degrees. This means the runway name will be 090/270 or 09/27 for short. If you are confused, here is a very simple guide.
Now we knew that the runway in the photo was runway 25. This means that the Easyjet plane was heading for take off at a 250 degree angle. With a little geometry, a little more could be learned, which would quickly lead to finding Thielman. If one end of the runway faces 250 degrees, the other end must face 70 degrees (since 250-180 = 70), so the name of the runway we’re looking for will be 25.07.
So maybe it’s time to use Google Earth and just check all the Easyjet airports that have a runway named 07/25? You could do that, but you could further narrow down the parameters by adding a bit more geometry.
If the Easyjet aircraft is oriented 250 degrees (roughly west west), then Tillman must have been facing north west when he took the photo. The image does not show any airport buildings, so the main airport infrastructure must be on the south side of the runway, not the north side.
Used by Easyjet
It has runway 07/25
The main terminal buildings are likely to be located on the southern side of the runway.
A quick look at Easyjet’s list of 136 destinations shows that only a tiny number (it was less than 15 but can’t remember exactly) had a runway on 07/25. Checking them on Google Maps, and there were even fewer main airport buildings on the south side of the runway. One of the few that met all three search criteria was Rome’s Leonardo da Vinci Airport. Then went to Google Earth to try and see if it was correct:
After comparing the original photo with the Google Earth image, it became clear that the red and white towers in the background are the same in both photos. Tillman was waiting to take off from Runway 25 at Rome’s Leonardo da Vinci Airport.
This latest Google Earth image shows two planes waiting to take off at the end of the runway. This suggested that it was at least possible that there was another plane between the Tillman plane and the Easyjet plane we were trying to find.
So, while Thielman was in Rome, it was time to decide what to do next by applying some additional gap analysis.
The image was taken on May 12.
The image was taken on Runway 25 at Rome’s Leonardo da Vinci Airport (FCO).
Tillman’s plane and the Easyjet flight will take off next to each other on May 12. In order to identify Tillman’s flight, we will also need to identify the Easyjet flight.
What time did the planes leave FCO on May 12.
Where does Easyjet fly from Rome?
Get FCO Dispatch Time List 12 May 2019.
Find out where Easyjet flies from FCO.
Now, you might think that you could just go to Flightradar, look at the historical departure information and solve the puzzle just like that, but that’s not the case. Tillman posted the challenge ten days after the flight, but Flightradar only keeps records for the last seven days unless you have a premium account. There are other aircraft datasets available, but most of them are for commercial use and cost a lot of money to access. So where do you get the data you need?
I used Airportia to get the data and found the departure records page for FCO here. Now it seems to be a problem again as Airportia only allows me to view information from the last seven days, but with a little manipulation of the URL I was able to access the data I needed. The standard URL format used by Aiportia is:
https://www.airportia.com/italy/leonardo-da-vinci/departures/YYYYMMDD/0000/2359/
So by changing my target date URL like this, it was possible to get the data for the date in question, even though there was no direct way to do this on the website:
https://www.airportia.com/italy/leonardo-da-vinci/departures/20190512/0000/2359/
A lot of data had to be reviewed, especially since there is a big difference between the scheduled departure time and the actual departure time. Airportia doesn’t allow you to sort flights by actual departure time, so it took some patience. It was disappointing at this point because in total there are 21 different Easyjet flights to thirteen different destinations: Geneva, Nice, Paris, Gatwick, Lyon, Berlin TXL, Paris Orly, Amsterdam, Nantes, Basel, Toulouse, Bristol and Luton. It would be difficult to find the exact flight without guessing. I assumed that maybe Tilman would fly to Dusseldorf based only on the fact that he travels to Germany a lot, so I looked for Easyjet flights next to the Dusseldorf flights, but I’m glad to say I was wrong. Logic beats guesswork every time. So how do I narrow my list of 21 possible flights down to one?
May 12 was the 21st Easyjet flight from Rome.
Flights operate in 13 different locations.
The flight pictured is one of them.
The flight is photographed during the day.
The flight was supposed to take place before sunset, since it was still light and no runway lights could be seen.
Any flights that took place after sunset may be excluded.
What time did the sun set on May 12?
Use Suncalc!
Suncalc said the sun set at 8:20 PM on May 12. This meant that any flight after that time could not take place during the day and could therefore be eliminated. In this way, 7 Easyjet flights were canceled, leaving only 14 possibilities.
I ran out of ways to identify a specific Easyjet flight. Couldn’t read the plane’s serial number accurately (it would have been too easy) and I needed more information. Tillman helpfully provided some:
Tillman said the image was taken shortly after takeoff when his plane turned about 90 degrees to the left. The geometry of the runway meant that he took off on a heading of 250 degrees, so a left turn of about 90 degrees meant that he was heading roughly due south. A quick search on Google Maps helped confirm the location in the photo:
Even if you didn’t get it from the runway perspective, Tillman’s second painting is of the city of Fiumicino. It also means it’s heading south. With the new information, it is time to apply additional gap analysis.
Tillman’s plane took off from runway 25, turned left and headed south.
An Easyjet flight left before him, destination unknown.
That the departure schedule would show a southbound flight around the same time as the Easyjet flight took off.
If the southbound flight and the Easyjet flight go together, this is probably the correct answer.
That if there is a flight between the Easyjet flight and the southbound flight, it will most likely contain the answer to Tillman’s second question.
Which flights on May 12 were bound for a destination south of FCO?
View flight departure data.
Check the destinations on the map – which ones are in the south?
So, looking at the flight data, the only flights going (roughly) south of FCO on May 12th were to Tunis, Palermo and Catania:
The only time a flight to one of these destinations departed shortly after an Easyjet flight was at 17:36 when the flight departed for Palermo, just after Easyjet departed for Nice at 17:32.
This also means that there was another flight between them to Pisa at 17:33. There is no other combination of an Easyjet flight followed by a southern flight to Palermo, so this should have been the correct answer. Fortunately, Tillman confirmed that it was!
Without a logical method like gap analysis, it would have been impossible to solve this problem, but it allowed me to make sense of the data I had and identify the next pieces of information I needed to find the answer. A typical terrorism or murder investigation is much more complex, of course, but the only real difference is the amount of data that needs to be analyzed and evaluated, not the decision-making process itself.
464 
425 
370