Howdy, fellow #OSINT #Journalist. I want to share with you my latest checklist for #OSINT #company investigations.

This way, you'll ensure you check all boxes when investigating... Links contain my go-to sources.... let's dive in (Version 1.0) - PDF at the end of 🧵

We start with a company name... First up, 1. Gain a general overview of what you are dealing with. Google dork the firm, use a corporate wiki, understand jurisdiction & company form -> then check with business registries, that might be responsible...

4. Check for leaked data on the company and owner/managers: If you are suspecting a shell company, check OCCRP and @ICIJ Offshore leaks. If personal company data, search for ransomware leaks or country specific DBs (e.g for Russia). A list of my favs ...

5. Company website: There is much to hunt for. Probably most noteworthy, check for connections to other entities (unfurl, or redirects); Domain registration (WHOIS data), and content (track changes with Webarchive), & archive data (s.a. video, old PR releases)...

6. Legal history/Court cases/allegation - has the entity or its founders smelled fishy in the past, e.g human rights breach allegation...?
Check country/region, and perform in platform searches or e.g. #bankruptcies with names () neu.insolvenzbekanntmachungen.de/ap/suche.jsf

7. Sanctioned or on a black list? That can be on an official (trading) sanction list, a blacklist for an industry (e.g for #shipping) or on the web (website scams or crypto scam abuse databases)...

8. check Intellectual property of company/owner. Country -> IP databases, in platform search or Google Dork for Patent/tech/trademark...

9. and 10. deals with import/export trading data - has the company done suspicious deals with abroad clients? Trace containers if needed.

Or If traded publicly, try #tradint (trading #OSIINT)

11. Identify traces of toxic lobbying of a company and its partners. There are various #lobbying registries I check, such as @ProPublica's, the one by the EU, Germany (latest added database)...

12. Check on corruption - there is a broader approach checking in various money laundering DBs, incl. the "Troika Laundromat", in Bird ind Bulgaria, and others, depending on what sort of jurisdiction the company is in.... In any case, worth signing up to aleph.occrp.org

13. Data on Environmental and social issues: check ESG data, Corp Resp. reports of companies and TCFD reports, or if the company purchased voluntary carbon credits from a questionable source...

14. Investment analysis: Can be done by #socint (does a company owner have a boat in the Canary Islands or the company has other investments that dont appear on paper, but on social media), has the company questionable investors (start up funding pages?)...

& last but not least : 17. Visualize connections!

Company networks can span pages. In the end, connect the most important dots.

Owners with business operations -> crimes/breaches.

Neo4J, Gephi, Spiderfoot results, Maltego, Miro - all can be useful in bringing it all together

2. Check the official registration details. Access details via transparency registers. If you know the region/country, check Gazettes, or industry. Check @OCCRP catalog for research databases. If a private company @opencorporates or national databases (SEC, NorthData, Drimble....