Prerequisites
CZ1: Building a clean research environment: VPN, proxy and browser isolation.
01
Your subject will search for you before you publish
The subject of every investigation will eventually look up the byline. So will their lawyers, their PR firm, and anyone they pay to respond. This tutorial inverts the standard OSINT workflow: you are the target. The exercise maps what is already out before the work begins.
The controls established in CZ1 (browser isolation, VPN, persona hygiene) protect the work you do from this point forward. They cannot retract data already in circulation. Before those controls have any value, you need to know what is already out: the addresses, handles, associations, breach records and archived pages that an adversary will find in the first twenty minutes of looking.
This tutorial runs a structured pass through the same tools, sources and reasoning patterns you use against subjects, applied to your own name, handles, addresses, family, employers and assets. The output is three artefacts: an adversary summary (what someone with a search bar will find first), a remediation list (what to remove, suppress or accept as permanent), and a six-month re-run cadence to keep the audit current as new exposures accumulate. Done once, it is a baseline. Done on schedule, it is a discipline.
Learning outcomes
By the end of this tutorial you will be able to:
Map your own digital footprint across search engines, data brokers and breach databases using the same tools applied to investigation subjects
Classify each exposure as recoverable or unrecoverable and prioritise remediation accordingly
Produce an adversary summary and a remediation list to documented, auditable standard
Run a six-month follow-up audit against your own baseline to detect new exposures
