Tutorial — Find a person across platforms

A name and an email arrive in front of you. Your job is to confirm whether they belong to the same person, find the person's footprint across the open web, and produce a sourced summary.

This walkthrough is the standard pattern for due-diligence and investigative-reporting people-cases.

What you need

• The toolkit installed and licensed.
• A subject you have a lawful reason to investigate. Use a clearly public figure for practice (CEO of a public company, a journalist, a prominent academic).
• Twenty minutes.

Step 1 — Open a profile (1 minute)

Create a new profile named after the subject. Write the question in the notes:

Confirm identity match between <name> and <email>. Map the subject's footprint across major platforms.

Step 2 — Open the Person Composer (3 minutes)

Ctrl+K, type person, pick Person Investigation Composer. Fill in:

• First / last name.
• Email.
• Country (improves the per-locale public-records deep links).
• Optional: any known username, phone, or city.

Run.

The composer auto-creates findings across:

• Email analyzer (parts, MX, deliverability, free-provider flag).
• Username sweep (the email's local part across thirty-plus platforms).
• Breach lookup (domain-level).
• Phone lookup (if you provided one).
• Public-records deep links per locale.

Each finding lands in the profile automatically. The Composer is the closest thing the toolkit has to a one-click investigation — the rest of this walkthrough is verifying and deepening what it surfaced.

Step 3 — Verify the email (3 minutes)

Open the Email Analyzer finding. Look at:

• Domain. Personal vanity domain → strong identity signal. Free-mail provider (Gmail, Outlook) → weaker.
• MX records exist. The address can receive mail.
• Catch-all flag. If the domain is catch-all, the existence of name@domain does not confirm the address is real (every local part exists by configuration).
• Gravatar URL. If a Gravatar is registered, click through — the avatar is a strong cross-platform identity signal.

Pin the Gravatar URL if present; you'll feed it into photo clustering later.

Step 4 — Confirm cross-platform handles (4 minutes)

Open the Username Sweep finding from the composer. The sweep ran against the email's local part. Look at:

• Confirmed hits. Platforms where a profile exists for that handle.
• Last-active hints. Profiles that have been active recently are more likely to be the same person.
• Profile photos. The toolkit captured them where the platform exposed them.

For each confirmed hit, ask: does the display name / bio fragment / photo match the subject as you understand them? If yes, pin as confirmed. If unclear, pin as pending.

Step 5 — Generate handle variants (3 minutes)

Pivot from the email or use the Username Permutator directly. Input:

• First name.
• Last name.
• Optional birth year (if known).
• Known handles from step 4.

The permutator generates ~80 candidate handles, sorted by similarity to your knowns. One-click auto-compose into Username Sweep runs the entire candidate list against thirty-plus platforms.

Repeat the per-platform confirmation step for any newly-discovered hits.

Step 6 — Photo cluster (3 minutes)

If you collected two or more profile photos in steps 4 and 5, paste the URLs into Photo Clustering. The tool computes perceptual hashes and groups visually-similar images.

Cross-source clusters (a photo from Instagram and a photo from a personal blog hashing close to each other) are the strongest cross-platform identity confirmations the toolkit can produce without face recognition. The same photo reused across platforms tells you the platforms share an operator.

Pin clusters as confirmed. Alternative photos that don't cluster are weaker evidence — the same person, different photo.

Step 7 — Public-records pivot (3 minutes)

The composer's auto-generated public-records deep links open per-locale engines (TruePeopleSearch / 192.com / Pages Blanches / etc.) with the subject pre-filled.

Click through to the engines that match the subject's locale. Capture relevant findings into the profile manually (the toolkit cannot scrape these engines for you).

For higher-stakes cases, the composer also generates deep links to court-records databases (Justia, CourtListener, BAILII), academic profiles (Google Scholar, ORCID), and corporate filings (SEC EDGAR, OpenCorporates).

Step 8 — Synthesise (2 minutes)

Open the profile's notes. Write:

• The headline identity confirmation. ("<name> confirmed as the operator of accounts on Twitter, GitHub, Mastodon, and a personal domain at example.com.")
• The strongest evidence. (Profile-photo cluster across three platforms, same Gravatar across two platforms, vanity-domain ownership confirmed via WHOIS.)
• Footprint summary. (Active on platforms X, Y, Z; abandoned platforms A, B; not present on platforms C, D.)
• Limitations. (Could not confirm presence on TikTok / Instagram due to platform-side restrictions.)

Tag findings appropriately. Severity high or critical for the headline confirmation; info for footprint context.

Step 9 — Export (1 minute)

Profile → Export → PDF. The deliverable shows the identity confirmation, the cross-platform footprint, and the sources for each step.

Done.

Variations

Depending on case:

• Breach lookup for the email (if available beyond the domain-level check).
• Email permutator against the name plus a vanity domain — generate variant addresses the subject might use.
• Reverse-image composer on each profile photo to find where else the photo has appeared.
• Person investigation composer rerun every few months — the saved profile re-runs and surfaces what changed.

What you learned

The person-finding pattern is one composer, two enrichment passes, one cluster check, one synthesis. Every variation is a deeper enrichment on the same shape.