Tracehunters
Get Started
T

Tracehunters Team

10 min
Case Study
osint
case-study
workflow
visualization
investigation
Behind the Scenes: A Case Study in Visualized Investigation
Take a walk through a complete OSINT workflow. From the first scrap of data to the final report, see how visualization turns a mess of links into a clear evidence chain.

The Setup: Connecting the Dots Between Vendors

This case study is a composite based on several real-world investigations. We wanted to tackle a question that analysts face every day: Are these 'independent' vendors actually acting in coordination? When multiple companies bid for the same tenders, it’s rarely a coincidence if they share more than just a market. We set out to find if there was a hidden layer of shared ownership and coordinated activity.

The Raw Materials: Collection Without the Clutter

We started by casting a wide net across registries, vendor websites, tender notices, and archived news. The trap here is hoarding data for the sake of it. Instead, we treated every piece of information as a 'claim'-if we didn't have a date and a source link attached to it, it didn't go into the master file. We relied heavily on archival snapshots; when dealing with corporate networks, pages have a habit of disappearing once questions start being asked.

The Grunt Work: Cleaning and the 'Over-Normalization' Trap

If you’ve ever tried to merge three different databases, you know the pain: names are misspelled, addresses are formatted in a dozen different ways, and dates are a mess. We cleaned the data, but with a light touch.

One lesson we learned the hard way: over-normalizing can be dangerous. If you force two slightly different addresses into one perfect format, you might accidentally hide a discrepancy that proves they are actually two different locations. We kept the original "messy" data accessible just in case.

Choosing the Right View for the Right Question

We didn't just dump everything into one giant "hairball" graph. We used specific views for specific problems:

  • The Graph: To map ownership and find that one shared contact person hidden in the fine print.
  • The Timeline: To see if these companies were submitting bids within minutes of each other.
  • The Comparison Table: To actively look for "false matches"-proving that two people with the same name were actually different individuals.

From Patterns to Proof

The graph immediately flagged a recurring shared contact across three different vendors. Then, the timeline showed synchronized activity windows that were too perfect to be random.

But a pattern isn't a conclusion. We treated these as leads and went back to independent registries to verify those specific links. A visualization shows you where to look; your verification proves what you found.

The Final Report: Clarity Over Volume

When it came time to report, we avoided the "data dump." Nobody wants to see a spreadsheet of 5,000 rows. Instead, we focused on the evidence chains. We separated what we knew for sure from the remaining open questions. By keeping the sources directly attached to the visual relationships, the report became a map that anyone-from a lawyer to a journalist-could follow.

Lessons from the Trenches

The biggest takeaway? The timeline often surfaces coordination much faster than a relationship graph ever will. Also, the most time-consuming part of the job was verifying a few high-impact "edges" (the links between nodes). It felt slow at the time, but it’s the only thing that made the final report bulletproof.

How Tracehunters Tied it Together

The biggest challenge in a long investigation is "context switching"-losing track of why a link was made three weeks ago. Tracehunters kept our entities, relationships, and sources tied together in a single environment. This meant we could present a coherent report without having to rebuild our entire analysis from scratch on the final day.