Accessibility Settings

color options

monochrome muted color dark

reading tools

isolation ruler

Photo: Travis Warren (Flickr CC)

Stories

Topics

How to Use TweetDeck for Open Source Investigations

Русский | العربية

Photo: Travis Warren / Flickr

Editor’s Note (Nov 2023): TweetDeck is no longer free. 

If you’re an OSINT (open source intelligence) investigator or use OSINT in any of your work, it’s impossible to ignore Twitter as a collection source. With data privacy concerns being a hot topic, many other social networks are cracking down on their API, making it harder for people to collect OSINT on social platforms. Twitter remains my go-to for investigations on social media.

I use TweetDeck, a dashboard that allows you to view tweet streams based on parameters you select such as user names, hashtags, keywords and a variety of other built-in features. Here’s a guide on how to get started using TweetDeck.

0. Go to TweetDeck

If you are reading this, I assume you already have a Twitter account. If so, there’s good news – that’s all you need! If you visit the TweetDeck website, it’ll take you straight to the dashboard. You’re ready to get started.

1. Build Up Your Homepage

One of the built-in columns for TweetDeck is your homepage. This will do essentially what the normal Twitter app does, show you content published by the people you follow. Many people delete this column and go straight to customization; I choose to keep it and customize the people I follow as an early warning radar for breaking news and other useful content. I suggest you do the same. If you are following people who don’t provide useful content, unfollow them. If you’re worried about unfollowing friends and family, create a separate account only for OSINT collection.

2. #Breaking

The hashtag #breaking is something I’ve always used to spot breaking news events. Events like active shooters, natural disasters and other newsworthy events usually appear on social media before they air on news broadcasts. You can likely get 10-20 minutes of investigation done before you even see it live! Warning: Most of the content that comes through on #breaking is garbage, but it’s a useful tool for passive monitoring.

3. Searching for Keywords Using Boolean Operators

When entering in a new search term, you’ll quickly learn that if you search for anything that is longer than one word you will get content that has either/or. For example, if you search for active shooter, you will get results that list active and/or shooter. This will often create undesired results, forcing you to manually filter through the content.

You can fix this by using boolean operators. If you change your query to “active shooter” (in quotes) instead of active shooter, Twitter knows to group those words together. If you want to search for multiple instances of the same word, you could query “active shooter” OR “activeshooter.

Be mindful of the OR. This will show results of either instance.

While on the subject, here’s a quick tip. A lot of people will misspell things on Twitter. Remember to query for misspellings of your target keywords to get the whole picture.

4. Using Filters

If you click on the blue icon just to the right of the target keyword in a column, you’ll find a list of adjustable filters. You’ll see content, location, users, engagement and preferences. These will help you fine-tune your stream.

However, I caution you to not apply these filters right away. The reasons I recommend waiting is that you could unintentionally filter content out that might be useful due to a lack of experience monitoring that keyword. For example, you could filter quality content because it doesn’t have any engagement such as likes or retweets. This content might be an initial report of an active shooter at a school. Keep that in mind.

Back on topic. The main filters I use are content and engagement. The reason I don’t use location is that specifying a certain location significantly lowers the amount of content you receive. If you are targeting a very specific area and only want to find information within that area, it is very useful. The same goes for users.

I like the content filter because you can remove words or phrases that come up often that aren’t useful. This goes back to knowing your stream and knowing the history of that keyword or hashtag query.

You can also filter out content from a certain user and only monitor the content they publish that relates to your investigation. For example, you could filter out all tweets about Donald Trump that mention Hillary. Lastly, I use the engagement filter when monitoring a trending hashtag that has a ridiculous amount of content. A good example would be Hurricane Harvey. I didn’t want to see 100 posts a second, only the ones people engaged with.

5. Other Useful Tips

We’ve pretty much covered the basics of using TweetDeck for OSINT. A lot of learning will take place by using the platform and customizing it to your liking. With that in mind, here are a few more tips.

  • You can clear your stream by clicking the blue icon next to your search term (the same one for filters) and click the “clear” button with the water drop. This will wipe out the column, allowing you to focus on new content only.
  • You can share the stream you’re analyzing by clicking the “share” button next to the “clear” button. Then you can embed the stream on your website or share it with friends. Here’s an example:
  • Avoid generic terms like “shooting” or “bomb” because you will mostly get irrelevant content. “Shooting” will mostly feature camera shoots and “bomb” will often be something like “That was the bomb.” Be specific.
  • Don’t get too hung up on one column. If it’s not working for you, just delete it or customize it further to yield better results.
  • Don’t forget to check out law enforcement Twitter accounts. They will provide you information you can trust on breaking news events.
  • Mute spammy accounts so you don’t see their crap all the time.
  • Turn off media previews if you are at work (lots of porn).

This article first appeared on Jake Creps’ blog and is reproduced here with permission.

Jake Creps is an open source intelligence (OSINT) analyst with experience in the public and private sector. He is the creator and host of The OSINT Podcast. Check out @osintpodcast on Twitter or osintpodcast.com for more details.

Republish our articles for free, online or in print, under a Creative Commons license.

Republish this article


Material from GIJN’s website is generally available for republication under a Creative Commons Attribution-NonCommercial 4.0 International license. Images usually are published under a different license, so we advise you to use alternatives or contact us regarding permission. Here are our full terms for republication. You must credit the author, link to the original story, and name GIJN as the first publisher. For any queries or to send us a courtesy republication note, write to hello@gijn.org.

Read Next

Reporting Tools & Tips

New Investigative Tools for Monitoring Social Media Platforms

Social media platforms are among the most difficult sites to scrape for data across the internet. A recent session at NICAR23 unveiled several dynamic new tools — including Junkipedia, a possible CrowdTangle replacement — that can perform a wealth of social media monitoring tasks, from tracking down who is behind harmful ads to identifying conspiracy groups or influencers spreading disinformation.