Hal speaks with Steven Mason about how he integrates OSINT techniques and databases like idiCORE into his investigative practice.
The guy who taught me to fly small planes always said that a GPS is a fantastic navigational aid, but should never be a flyer’s sole resource for navigation. The same goes for investigators and databases: a proprietary database is a search aid, one great tool in a varied kit that includes public records, social media, and a host of other OSINT sources and techniques.
I like how Steve Mason put it: A veteran OSINT researcher builds mental blueprints for different kinds of cases: a series of roadmaps for where to begin, what questions need answering, and what kinds of archives, sites, or sources might contain some of those answers.
When we tweeted earlier this month about OSINT, our October theme, and idiCORE, our sponsor, Steve replied that he’d had good experiences with the service. So we punished him for volunteering this information — by asking him to be a guest on our podcast. He’s got a great story to share about how idiCORE, in conjunction with other sources, played a vital role in helping him close a tragic hit-and-run case. And he shares great insights about how the fact puzzle-pieces come together to create a clearer picture of who, what, when, where, why — that thing we call “intelligence.”
Below, you’ll find the audio and a partial transcript of our interview. —HH
(note: This transcript has been edited. To avoid FOMO, you should probably listen.)
Audio:
Transcript (edited):
HAL HUMPHREYS: This month we’re sponsored by idiCORE. One of the things we’re trying to do is get together some stories from real private investigators out there doing the work and using not only open-source intelligence but also our database assets to superpower that OSINT search mindset. I understand you have a story where you used a combination of idiCORE and open-source intelligence and got a really good result for your client.
STEVEN MASON: Correct. Earlier this year we were working a hit-and-run case that involved the death of a small child who was riding a bicycle on the way to a first grade graduation with his parents. During the investigation we interviewed some of the witnesses, and we obtained a description of the vehicle — make, model, color — and some information that there was a unique bumper sticker on the back of the car. The other thing we learned from one of the witnesses was that they believed the vehicle was associated with the neighborhood because they had seen the vehicle several times in the past. Using that information, I went to the license plate reader system — we access it directly through Digital Recognition Network. But you can access it through TLO and others.
So we did a geographical search for that vehicle for a certain timeframe. Quite a list, but we were able to go through all the photos and found one that matched the description that the witness had given us. For those not familiar with the license plate reader system, it gives you a photograph of the vehicle and the registration plate. So I took that registration plate number and ran it through idiCORE as well as our state MVD system. Because with idiCORE sometimes not only do you get the registered owner, but you also get a list of individuals associated with that vehicle. Which in this case was important because the individual had borrowed the vehicle. So idiCORE gave us a list of people associated with the vehicle. We looked at the different addresses associated with that person, and then we used some real estate databases to look at the different addresses and match it up with the photo from the license plate reader system.
The last piece of that puzzle was we took the registered owner’s name, checked it through Facebook, and saw that her son was associated with her account. And the witness was able to identify the photo as being the individual driving the car.
HUMPHREYS: That is fantastic. How does idiCORE tell they’re associated with the car?
MASON: I don’t know exactly, but I think they’re individuals who may have been ticketed while driving that vehicle, I guess the court records.
HUMPHREYS: That makes sense. That’s a specific relationship diagram that really comes in handy on a case like this. If you’re able to tie a person to that car then locate them through old-school open-source research, that’s a mashing together of all the tools we’re talking about.
MASON: Open sources, you’re gathering pieces of data related to your investigation, then you’re building those pieces to formulate the overall picture. The important thing is not to run to the hills with a single source of information but to use it as a tool to help guide you. A good example is you’ll see criminal history on a lot of databases. That’s a good tool, but you still need to verify that that record is in fact your individual.
You start to build these blueprints in your mind. When you get a locate case or a criminal defense case, after awhile, you’re like, “I know exactly where I need to go, what do I need to check, what questions I need to answer.” —Steven Mason
MASON: We had a case with a law firm that was being sued for wrongful termination. They had done routine checks on an employee, and it came back from the databases as having a criminal conviction. And they separated the employee without checking the record. When we later looked, the name and birthdate matched, but the race didn’t. Whoever provided that information never verified that record.
HUMPHREYS: The databases are a starting point. It’s never the information. It’s the thing that points you at the information.
MASON: That’s correct. I think it depends on what your purpose is. I did an interview yesterday, and I kind of ran the person real quick through idiCORE, to get a feel for, did they have criminal history? I just wanted to know for safety purposes. I did see some convictions listed, nothing I was going to use in a report, but it was good for me to know, hey, heads up, the individual has a felony record. So if it’s an intelligence thing, maybe you don’t spend hours verifying the record, but definitely if you’re going to use it as evidence or in a report, verify.
HUMPHREYS: That’s a fantastic story, Steve. The thing I love about this business is you dig around and knock on doors and gather bits of information, and then it all starts to coalesce into a picture of the case or the person. This is a really good example of how to use databases like idiCORE in conjunction with publicly-available resources and open-source intelligence.
MASON: It’s kind of like a trifecta. If you can bring all those together, you can start formulating pictures really fast. It’s amazing — these databases are getting so good, it blows your mind the data you can get. I think it’s good for the public, too. You’re able to conduct a more thorough investigation in less time. Now when I go to the courthouse, I have a list of case numbers that I know I need. You’re saving so much time.
HUMPHREYS: When you’re looking at paper files, the file before and the file after are sometimes really good sources for stuff the database might not pick up. So again, using all of the tools to get to the real picture is a fantastic way to do it.
MASON: There’s so much information out there. Brian Willingham was sharing the other day that sources are changing all the time. But I would say to people, don’t be intimidated by that. You learn as you go. I was talking to a new investigator yesterday who said he almost didn’t get into the business because he was so overwhelmed by the amount of information he thought he had to learn to get started. But we’re learning as we go. That’s part of the business. It never stops.
HUMPHREYS: And those rabbit hole dives, maybe you don’t charge for all that time. But you learn something that expedites the next case. You start to figure it out — your eyeballs know where to go in the databases, in the social media searches, and that just comes with time.
MASON: You start to build these blueprints in your mind. When you get a locate case or a criminal defense case, after awhile, you’re like, “I know exactly where I need to go, what do I need to check, what questions I need to answer.” I make an outline at the start of each case. It helps keep you very focused. It’s just a good tool, especially if you have a case that’s going for weeks, you can check things off as you go, and when you dive back in, you know what you’ve done.
HUMPHREYS: And as most of us do, if you’ve got multiple cases and you have that outline, when you put that case down for two weeks to go work on some other ones, when you come back to it, you know where you are.
MASON: We’ve actually used it to increase sales. We do a lot of fatal trucking accidents. There’s a lot of things we recommend to attorneys that they don’t think of. We use the same general outline, and I give them the outline at the initial meeting, saying “Hey, I know you called me to interview these three witnesses. Here’s some other things to think about.” And I hand them these sample outlines. They look at it and they’re like, “Oh wow, I didn’t realize PIs could do this or could get this information.” And it’s that second sale almost. It’s great.
HUMPHREYS: Yeah. I love it. Steve Mason, thanks for doing this with us. It’s always a pleasure to chat with you.
MASON: Thanks for having me.
—–
About the guest:
Private investigator Steven Mason of Mason Investigative Solutions is a former federal criminal investigator and certified Federal Law Enforcement Training Center Adjunct Instructor. Mr. Mason’s curriculum vitae has been accepted by the United States District Court for the District of Arizona, approving him to conduct federal criminal defense investigations.