DEV Community

Kyle Brennan
Kyle Brennan

Posted on

How to Investigate Anyone's Social Media (Legally)

#privacy #security #beginners #tutorial

Social media is an OSINT goldmine. People voluntarily share their location, relationships, daily routines, and opinions — often without realizing how much they're revealing.

Here's how investigators extract intelligence from social platforms, and how you can audit your own exposure.

The Fundamentals

Before diving into tools, understand the principles:

  1. People are creatures of habit — same usernames, same profile photos, same posting times
  2. Metadata tells stories — timestamps, locations, tagged accounts
  3. Deleted doesn't mean gone — archives, screenshots, cached versions exist
  4. Connections reveal networks — who someone follows matters as much as what they post

Platform-Specific Techniques

Twitter/X

What you can find:

  • Historical tweets (even deleted ones via archives)
  • Follower/following networks
  • Engagement patterns
  • Location data from geotagged posts

Tools:

  • Advanced Search: from:username since:2023-01-01 until:2023-12-31
  • Wayback Machine: Historical snapshots of profiles
  • TweetDeck: Monitor multiple accounts/keywords in real-time
  • Twint (GitHub): Scrape tweets without API limits

Pro tip: Check who someone replies to most frequently — it reveals their real network, not just their public follows.

Instagram

What you can find:

  • Location history (tagged locations, geotags)
  • Close relationships (tagged photos, story mentions)
  • Daily routines (posting times, recurring locations)
  • Interests and lifestyle

Tools:

  • Picuki.com: View profiles without an account
  • StorySaver: Archive stories before they disappear
  • InstaLoader (GitHub): Download posts, stories, metadata

Pro tip: Instagram stories often reveal more than posts — people are less careful with "temporary" content.

Facebook

What you can find:

  • Full relationship maps (family, coworkers, classmates)
  • Life timeline (education, jobs, locations)
  • Group memberships (interests, communities)
  • Check-ins and events

Tools:

  • Facebook Graph Search: Photos liked by [name], Places visited by [name]
  • StalkFace.com: Alternative interface for searching
  • WhoPostedWhat.com: Search public posts by keyword/date

Pro tip: Friends lists are often public even when profiles are private. Map the network.

LinkedIn

What you can find:

  • Employment history
  • Professional connections
  • Skills and endorsements
  • Educational background

Tools:

  • LinkedIn Sales Navigator: Advanced search (paid)
  • Phantombuster: Automate profile scraping
  • Google Dorks: site:linkedin.com/in "target name" "company"

Pro tip: People are surprisingly honest on LinkedIn. Job changes, relocations, and professional struggles all get posted.

TikTok

What you can find:

  • Content interests
  • Engagement patterns
  • Sometimes location from backgrounds
  • Voice/face for identity correlation

Tools:

  • TikTok's search: Surprisingly powerful
  • Snaptik.app: Download videos without watermarks
  • Manual EXIF check: Downloaded videos may contain metadata

Cross-Platform Correlation

The real power comes from connecting dots across platforms:

  1. Username pivoting: Same handle on multiple platforms
  2. Profile photo matching: Reverse image search across networks
  3. Email correlation: Use tools like Epieos to find connected accounts
  4. Writing style analysis: Similar phrases, emoji usage, typos
  5. Timing analysis: Posts at similar times suggest same timezone

Archive Everything

Content disappears. Always archive what you find:

  • Archive.today: Instant webpage snapshots
  • Wayback Machine: Submit URLs for archiving
  • Screenshots with timestamps: Document everything
  • Hunchly: Browser extension for automatic archiving (paid)

Privacy Implications

Everything in this guide can be done to YOU. Consider:

  • Audit your own profiles — search yourself like an investigator would
  • Review tagged photos — others expose your location
  • Check privacy settings — but assume they're broken
  • Limit cross-platform links — don't make correlation easy

⚠️ Legal & Ethical Boundaries

  • Only access public information — don't create fake accounts to bypass privacy settings
  • Don't harass or stalk — observation isn't interaction
  • Document your methods — maintain a clear audit trail
  • Know jurisdiction rules — laws vary by country

🚀 Level Up Your Skills

Want to practice these techniques with other investigators?

Join CloudSINT Discord: https://discord.gg/8WP5VwSS

Live challenges, technique sharing, and a community that takes OPSEC seriously.

Part of the OSINT education series. Follow for more investigation techniques.

Top comments (0)