DISCLAIMER: Please use the following techniques for good. Don’t be evil 🙂

Search Party CTF is an initiative by TraceLabs which is a gamified OSINT investigation involving real, active missing persons cases. Once the CTF begins you’re given a few different cases with the relevant background information and a short brief. You get points for finding things like e-mail addresses, home addresses, friends and family, etc. The point is to emulate what investigators actually do by casting a very wide net and going through the evidence piecemeal. I wanted to give a short write-up detailing one technique I was able to pull off which gave me the suspects vehicle information which includes; make, model, and year. While this technique is somewhat useless for professionals given the private records at their disposal, it is still very useful for the amateur sleuth.

PRE-REQUISITES

So, first things first, we need some basic information on our suspect before we can get their vehicle information. You didn’t think we could just type in someone’s name and get that information right? Err, actually, that’s pretty close to it. So the main mechanism we will be abusing utilizing is a simple auto insurance quote from Progressive.

We need a ZIP code first!

The zip code is easy enough since we already know the suspect is the victim’s parent and lived in the same city where the crime occurred. Next, we have a crucial piece of information leaked from a news article detailing where the victim was last seen.

Names, ages, and locations have been changed.

Now, we can pivot on this piece of information and use it against the results of some people search engines like whitepages.com or truepeoplesearch.com, which often have erroneous or outright wrong results.

So after some digging around on the people search sites and a few Google dorks later, we see an address matching the block number and neighborhood for the suspect. While this isn’t 100% accurate it’s still a pretty good indicator that the record in question may be accurate.

With this information we have all we need to pull down the vehicle records. After we enter the zip code on the Progressive page we visited earlier, it will prompt us for further information.

The name and birthdate literally do not matter at all – at least on Progressive’s website – the only thing that matters is the address being accurate. After we enter the correct information we finally get our payoff!

RESULTS

What do you think Batman drives when his car is in the shop?

And there we go! Police and other agencies are usually not too keen (for good reasons) on releasing this sort of information publicly but it can greatly aid investigators who lack the private resources that a LEO has. Cheers and happy hunting!