Out for one week - Training in Linux and Virtualization

When I saw a new training opportunity published by the Federal Criminal Police Office Germany (Bundeskriminalamt), I didn’t think twice before applying. Getting in felt like winning a small lottery.

These specialized trainings are rare. Only 25 spots across all of Germany, for every state and the BKA itself. My state started with a single seat. Fortunately, they expanded it to two.

What a relief…

That meant I got to meet and exchange ideas with colleagues from across the country. Swapping stories about how we tackle difficult investigations? That’s pure gold.

The workshops had to work for everyone though participants ranged from beginners to genuine experts in Linux and virtualization. Honestly? The mix was refreshing. New perspectives floated around the room constantly, and everyone left with something valuable.

The tools that almost made the cut

Some experts showcased tools still in development, designed to support complex OSINT investigations. Promising work. But I noticed a critical gap: none of them could export entities, generate requests for subscriber or content data, import various formats, or feed gathered information back into the investigation workflow.

Why does this matter? Because OSINT gives you hunches and leads not court-ready evidence. Without a proper export and processing pipeline, those leads lose their punch.

Another missing piece: hash values (SHA256 or MD5) for every file and piece of information in the report. This isn’t optional, it’s the foundation of chain of custody.

My key takeaways

• Keep your investigation standards as high as possible
• Establish strict workflows for OSINT work especially around OPSEC
• Standardize how you deploy virtual environments
• Do OSINT challenges regularly, even as a team exercise
• Stay organized with every file your research generates
• Automate where you can, and get comfortable with your ~/.bashrc