Investigations

OSINT Investigation & Case Management

An investigation board with 18 OSINT sources for cross-platform identity resolution, plus full case management with evidence boards, hypothesis testing, and AI-powered analysis.

Operation Nightfall

OSINT Investigation

Sessions

alex_mercer

Username · 12 results

↳

a.mercer@proton.me

Email · 5 results

Same person 87%

Username

alex_mercer

2 data breaches

Found in leaked databases

12 repos

47 commits

842 posts

5 leaked credentials

OSINT sources

Query types

AI actions

Export formats

OSINT board

18 integrated sources

Query across social, technical, identity, and archive platforms from a single investigation canvas. Results link together with probability-based identity correlation.

Source	Category	Description
Twitter/X	Social	Profile data, posts, and network analysis via Nitter
Reddit	Social	User profiles, post history, and subreddit activity
Mastodon	Social	Fediverse profile discovery and post analysis
Telegram	Social	Channel monitoring and user correlation
YouTube	Social	Channel analysis and video metadata
TikTok	Social	Profile and content discovery
Shodan	Technical	Internet-connected device and service discovery
Censys	Technical	Certificate and host scanning intelligence
VirusTotal	Technical	Malware analysis and file/URL reputation
CRT.SH	Technical	Certificate transparency log search
WHOIS	Technical	Domain registration and ownership data
HIBP	Identity	Have I Been Pwned breach exposure check
Gravatar	Identity	Email-to-profile correlation
Hunter.io	Identity	Email discovery and verification
Wayback Machine	Archives	Historical website snapshots and changes
4Chan	Archives	Anonymous board monitoring
Calendar	Archives	Public calendar and event discovery
Combined Search	Combined	Multi-platform search across all sources simultaneously

Query types

UsernameEmailDomainIP AddressPhoneNameHashWallet AddressPhrase

Case management

Full investigation lifecycle

Create investigations with mission structure, track evidence, test hypotheses, analyze entity networks, and generate intelligence products — all in one workspace.

Evidence Board

Organized evidence cards with drag-drop management and source attribution

Hypothesis Testing

Alternative Competing Hypotheses (ACH) matrix for structured analytic technique

Entity Graph

Network visualization of relationships between people, organizations, locations, and events

Intelligence Gaps

Track missing information requirements with automated recommendations

Task Board

Assignment and tracking for investigation team members

AI Assistant

Context-aware queries about the investigation with full evidence access

Product Generator

Export findings as formatted intelligence reports (PDF with watermarks)

Timeline View

Chronological event log with evidence linkage and source tracking

Investigation views

Structured analytic tools

Each investigation provides specialized views for evidence management, entity analysis, hypothesis testing, and intelligence product generation.

Case Overview

Investigation Case

ACTIVE

67%Complete

Operation Nightfall

Cross-platform identity investigation targeting threat actor "alex_mercer" across social and technical platforms.

3 analysts assigned

Evidence

Entities

Hypotheses

Tasks

Recent Activity

14:32New evidence added from Reddit profile scan

13:15Entity "a.mercer@proton.me" linked to GitHub profile

11:48Hypothesis H2 updated — confidence raised to 0.82

Evidence Board

6 items

E-001Reddit

Reddit Profile Match

Confidence92%

Identity→ E-002

E-002GitHub

GitHub Commit History

Confidence87%

Technical→ E-001, E-004

E-003HIBP

Breach Database Hit

Confidence95%

Identity

E-004Telegram

Telegram Channel Posts

Confidence68%

Content→ E-002

E-005WHOIS

Domain WHOIS Record

Confidence98%

Technical

E-006Twitter/X

Twitter Post Archive

Confidence74%

Content→ E-001

Entity Relationship Graph

personorglocation

Hypothesis Matrix (ACH)

Analysis of Competing Hypotheses

ConsistentInconsistentNeutral

Evidence	H1 Same individual	H2 Coordinated group	H3 Unrelated accounts
E-001Username match (Reddit)	C	I	N
E-002Email domain overlap	C	C	N
E-003GitHub commit timing	C	C	I
E-004Telegram geo mismatch	I	C	C
E-005Writing style analysis	C	N	I
E-006Breach data overlap	C	I	I
Confidence	82%	45%	12%

SITREP Product

SECRET // NOFORN

DTG: 101432ZMAR2026

SITREP — Middle East Theater

Classification: SECRET // Period: 0600Z–1400Z 10MAR2026

1. SITUATION

a.Iran launched coordinated drone-missile strike on Golan Heights military installations at 0417L
b.120+ projectiles engaged; 85% intercept rate by Iron Dome / Arrow-3
c.No civilian casualties confirmed; 3 IDF personnel WIA

2. ENEMY ACTIVITY

a.IRGC Aerospace Force confirmed as launch authority; Shaheed-136 drones + Fateh-110 SRBMs
b.Hezbollah forces placed on REDCON-2 but did not participate
c.Houthi maritime disruption operations continue in Red Sea AOR

3. INTELLIGENCE

a.SIGINT indicates pre-planned operation with 72hr preparation cycle
b.OSINT: social media activity spike in Tehran 6hrs prior to strike
c.14 HUMINT sources corroborate retaliatory motivation

4. ASSESSMENT

a.Threat Level: CRITICAL — escalation to direct state conflict confirmed
b.Israeli retaliatory strike assessed as 78% probability within 7-14 days
c.Recommend: elevate CENTCOM force protection posture to FPCON DELTA

SECRET // NOFORN

AI-powered

8 AI-powered investigation actions

Profile synthesis across platforms

Alias and duplicate detection

Cross-platform entity linking

Behavioral pattern analysis

Risk scoring

Network analysis

Anomaly detection

Intelligence gap recommendations

Related features

Intelligence Monitors

Persistent tracking feeds into investigations

World Theaters

Strategic context for investigation targets

World Events

Event data for evidence correlation

Get started

See CLERINT in action

Schedule a personalized demo to see how CLERINT transforms raw open-source data into structured, actionable intelligence.