What inspired you and Paul Wright to create The Coalition of Cyber Investigators?
Paul and I initially established The Coalition of Cyber Investigations as an OSINT, Investigations and Digital Forensics think-tank to provide a platform to collaborate, share our 80+ combined years of professional experience and provide analysis of topical issues in the converging domains of investigations, digital forensics and OSINT. That convergence has created grey areas around admissibility, process integrity, ethics, context, and validation. The Coalition is our way of advancing the conversation so OSINT-derived evidence can be used properly and effectively.
However, very quickly we started getting asked to take on commercial work – training, OSINT, forensic product assessments, and investigations – and the Coalition has grown from there.
What is the Coalition’s mission and what types of cases do you take on?
Our mission was originally to help OSINT become standardised as a profession, with globally agreed methodologies, standards and training. However, as we are both investigators, we were increasingly being asked to conduct investigations – frequently in the investment fraud space, which led to Lajos Antal (Hungary) joining the Coalition and helping us establish a dedicated boiler room investment fraud practice.
How do you approach boiler room investment fraud investigations, and what makes them so complex?
We combine a comprehensive OSINT toolkit/approach with advanced cybercrime investigation and digital forensic procedures, underpinned by decades of casework. That lets us assess – with a high degree of confidence – whether an investment scheme is legitimate or a scam and gather more details on the criminals behind it. We apply the same methods for proactive validation so clients can avoid scams in the first place. These scams are becoming increasingly complex as they are now totally technology driven – for example, they have real trading platforms, CRM systems, professional marketing operations, and personas and websites which are AI generated, so it’s increasingly difficult for the untrained eye to spot the warning signs.
You also publish research and thought leadership—what topics have you been focusing on lately, and why?
We’ve recently been focusing on a series of articles centered on the “OSINT cowboys” – these are the types of people that do not understand the importance of evidential integrity, ethics, safeguards and operational security measures. Our aim is to highlight the need to professionalise the domain of OSINT by shining a light on the bad behaviours and methods that cowboy practitioners use, especially where evidence needs to withstand legal scrutiny.
Are there any tools or platforms—commercial or open-source—you rely on regularly and recommend?
We are very wary about tools which label themselves “forensic” as often they are the very opposite, creating a risk that inexperienced practitioners could use them in the belief they are doing the right thing, but in reality, they are not adhering to the basic requirements of handling digital evidence which could ultimately jeopardise any formal proceedings. As a baseline, we tend to look for capabilities including (but not limited to) hashing, robust audit trails, preservation of metadata, repeatability, clear chain‑of‑custody support, and ownership transparency – regardless of whether the tool is commercial or open‑source.
What’s next for you and the Coalition—any new projects, training, or research in the works?
We are currently developing some bespoke OSINT training for law enforcement and also for regulators. And of course, we are constantly refining our methodology for Boiler Room Investment Fraud investigations as this is a really hot area for us right now.
And finally, what do you enjoy in your spare time?
My passion is motorcycles – it’s how I clear my head and do some real thinking. I currently ride a Triumph Tiger 1200 and a Ducati Scrambler 1100 (not at the same time :)).
