ZeroTrace OSINT
Tutorials
Five end-to-end walkthroughs that take a typical investigation from "I have one input" to "I have a sourced report."
The reference docs explain what every tool does. The tutorials show how the tools work together on real cases. Each walkthrough is a single investigation start to finish — open the toolkit, follow along, finish with an exported PDF.
Walkthroughs
| Tutorial | You start with | You end with |
|---|---|---|
| Investigate a suspicious domain | A domain from a phishing report | A sourced infrastructure profile of who runs it |
| Find a person across platforms | A name and an email | Cross-platform identity confirmation with profile-photo evidence |
| Geolocate a photo | An unknown photo | A candidate location with rationale |
| Triage an IP from your SIEM | An external IP that fired an alert | A "block / monitor / dismiss" decision in under 60 seconds |
| Map an org's external attack surface | A target's apex domain | A sourced subdomain + service inventory |
How to follow along
Each tutorial assumes:
- You have ZeroTrace OSINT installed and licensed.
- You have an investigation profile open (the tutorial tells you when to create one).
- You have permission to investigate the subject. Pick a subject that satisfies that condition. The tutorials use neutral examples — public companies, your own infrastructure, public-figure scenarios — but the technique is what matters; bring your own authorised target.
Read a tutorial through once before opening the toolkit. Then run through it the second time as you read. Trying to read and click at the same time is the most common reason a walkthrough feels rougher than it is.
After the tutorials
Once the five walkthroughs feel natural, the rest of the toolkit is recombination. Every investigation in the wild is some mix of the same patterns:
- Discover — find the entities your subject involves.
- Enrich — pivot from each entity into the tools that take it as input.
- Verify — confirm findings with second sources.
- Synthesise — write the argument the findings support.
- Deliver — export.
The reference docs cover every tool individually. The investigation workflow covers the loop. The tutorials make the loop concrete.