Discord is a treasure trove of real-time, contextually rich digital interactions, offering OSINT investigators unprecedented access to diverse community conversations, user networks, and the various digital file types shared through its interconnected server ecosystem. These insights can be pivotal for open-source intelligence (OSINT) investigations.

Social Media Intelligence (SOCMINT), a branch of OSINT, focuses specifically on collecting information from social media platforms. Every social media platform, however, is unique, necessitating tailored guidance for effective OSINT investigations.

(Check out our previous guides for OSINT on TikTok, Facebook and Reddit here.)

In this guide, we'll cover SOCMINT/OSINT techniques for Discord, the popular platform for text, voice, and video chat.

What is Discord? (And Why Is it Valuable for SOCMINT Investigations?)

Discord launched in 2015 to facilitate text, audio, and video communication between online gamers. Now, 10 years after its launch, 200 million monthly active users globally are using 28,400 different servers to privately communicate and share ideas on virtually any topic, not just gaming—making it a valuable tool in criminal investigations.

In fact, in 2021, U.S. investigators used Discord chat logs to track extremist groups involved in the January 6th Capitol riot. Discord server archives revealed key details about their planning, coordination, and real-time communications.

In terms of user experience, Discord is comparable to the popular enterprise collaboration platform, Slack.

What makes Discord popular among online gamers is its native support for all online gaming platforms. Players using one platform (like Xbox) can use Discord voice chat to talk with players on other gaming platforms (like PlayStation) without any issues. Its ability to integrate natively with popular online gaming consoles regardless of the hardware makes it very popular among gamers and boosts its credibility to support other communications needs, such as businesses or family communications.

With a large, growing user base and an incredibly wide-breadth of topics discussed, Discord has become a very important source for OSINT gatherers.

Discord Platform Architecture

Discord is composed of servers, which form a hierarchical communication structure. Each server is dedicated to discussing a specific topic or subject. Server topics can range from gaming, music, and entertainment to science & tech, education and student hubs.  

Each Discord server can contain multiple channels. Whether they are text, voice, or video channels, each has specific permission settings and user roles.

Here are the different channel types on the Discord platform: 

• Text channels: This is the most popular channel type on Discord. It allows users to communicate via text messages similar to Slack. Users can also share images and videos and react to messages with emojis. 
• Voice channels: These are very convenient for group calls. Users can also share their screen or application via this channel while talking.  
• Video channels: These allow conducting video calls similar to Zoom. Users can also share screens during video calls.
• Forum channels: This is for topic-based discussions, similar to Reddit’s subreddits or forums. Users can create threads and keep their conversation focused on a specific topic. 
• Announcement channel: This is used by server administrators to broadcast their messages or announcements to all server members.
• Rules channel: This is for displaying Discord server rules and guidelines. You can only have one Rule channel per server.
• Stage channel: A voice channel used to make presentations—audio only conversations where some people can talk and others listen as an audience.

Each server has one or more administrators who control access to the server and determine user interaction levels. 

Discord has official applications to support different operating systems, such as Windows, Linux, and Mac, and mobile phones like Apple iOS and Android. The web-based browser version allows running Discord on any device with a supported web browser.

Discord Users

There are two primary user categories on Discord:

1. Free Users — Can access basic features and join up to 100 servers, but have limited ability to customize their profile. 
2. Nitro Users (Paid users) — Can join up to 200 servers and get comprehensive customization options for their profile, such as custom and animated emojis, animated avatars, a banner image, and a profile theme, in addition to their ability to upload large files up to 500MB.   
   
   

Investigating Discord Servers

Before inspecting Discord servers, you need to log into the platform first. It's advised to use a sock puppet account (research account) to conceal your true identity on Discord during investigations. In this article, I‘m using the Discord web interface (by accessing it via my web browser).

To access Discord via web browser, go to Discord.com and log in.

As discussed, Discord is comprised of servers that constitute virtual communities, each dedicated to discussing a specific subject. Discord provides a discovery function (see Figure 1) for finding servers; however, not all servers are listed because they need to meet specific eligibility criteria to be included in the official Discord list of servers.

Figure 1 - Discord provides a Discovery feature for finding Discord servers 

To be eligible to be included in the Discord public server list, a Discord server needs to meet the following six conditions:

1. Has enabled safety requirements
2. Is at least 8 weeks old
3. Has at least 1000 members
4. Meets specific activity requirements 
5. Has clean names for the server, description, and channels
6. Has enabled two-factor authentication for the moderation settings 

If we want to search for a specific server or community, we can use the Discord built-in search feature. All we need to do is insert the search keyword in the Discovery Search bar and press the search button (see Figure 2).

Figure 2 - Search for Discord servers using the Discord Discovery search bar

Discord allows users to browse some information about any server before joining it. This “Preview” will enable us to fetch information about a specific  server, such as (see Figure 3):

• Server full name
• Server banner image and icon
• Server public channel names, including server Announcement and Rules channels
• Search within the server using the server's built-in search function
• Server member count and whether the server is Verified 

Figure 3 - Discord server preview mode 

Finding Undiscoverable Discord Servers

According to Statista, there were over 28,400 servers in August 2024. 

However, a large number of servers have a low number of members, which excludes them from being listed on the Discord official server discovery page. Since not all Discord servers are discoverable through the built-in search feature, we can use third-party services to find a broader range of public servers.

Here are some of the most prominent ones:

• Discadia (see Figure 4)
• Discordservers
• Discord.me    

Figure 4 - Discadia allows finding unlisted Discord servers 

We can also use Google Dorks to find unlisted Discord servers:

• site:x.com intext:"Discord" intext:"invite"  (Find tweets where people are sharing Discord invite links)
• site:pastebin.com intext:"Discord" intext:"invite" (Find leaked Discord invite links in the Pastebin website)
• site:reddit.com intitle:"subreddit_name" intext:"Discord" (Some subreddits have a Discord presence which could be unlisted officially)
• site:discord.com inurl:"invite" -intext:"public" (Find invite links to private Discord servers)

After landing in the target Discord server, we can begin inspecting the following areas to gain more information about the server’s intent and users:

Investigating Discord Server Name and Description

The Discord server name and description could provide a hit, revealing its purpose and target audience.

For example:

• A server named “Crypto Leaks” with a description like “Gain more insight into crypto trading” suggests it is directed to cryptocurrency enthusiasts, potentially discussing high-value financial strategies or could contain sensitive information leaked by insiders.
• A gaming community server like “Battlefield Tactics” may focus on team-based multiplayer games. However, it could also contain channels where gamers can discuss game exploits or share specific tips for cracking online games.

Investigating Discord Server Member Counts

The number of members within a Discord server can provide insight into its influence and activity level. For instance, a server with 3,000+ members geared to a specific niche might indicate a popular hub, which could attract malicious actors looking to exploit its members.

A smaller server with 20–100 members could be a private or focused group that discusses sensitive or specialized topics.

It is worth noting that when we encounter a Discord server with a large number of members, while there are few members online, it could indicate that bots are moderating/managing the server or there are large number of fake accounts created using bots to artificially inflate member count. 

Investigating Public Discord Channels

Next, it is time to review the public channel names and inspect what they discuss and share. 

For example, in a server for software developers, a channel titled “#code-share” could reveal technical chats about software coding techniques or may mention discovered software vulnerabilities. 

In the same vein, if we find a channel named “#download-links” it could contain download links to pirated content.  

Even Public Announcement channels could reveal connections with other entities or links to events. 

Discord Server Rules

Checking out the server’s rule channel can indicate the server's culture, focus, and community values. Beyond finding valuable information, OSINT gatherers should always read the server rules before participating in any discussion to avoid raising suspicions about their activities while interacting with other users on the server. 

Server Verification

A verified server indicates a higher level of trust and authenticity. Discord verifies its servers by adding a green icon next to the server name. When a server is verified, this means Discord recognizes it as belonging to a business, brand, a community or a public figure. 

OSINT gatherers should be suspicious when dealing with unverified servers, as they could be used to spread disinformation. Resources acquired from unverified sources should be cross-referenced with other sources to ensure authenticity. 

Investigating Discord Users

Next, we will inspect Discord user names (See Figure 5). A Discord user account will have two names linked to it:

• Display name — This is the primary name that appears across the Discord platform (e.g., when sending direct messages, this name appears in the chat). The display name can include characters, numbers, spaces, special characters, emojis, and non-Latin language. The display name can be changed as much as the user wants.
• Username — Discord used to give each user a random discriminator (e.g., #0000). However, new naming criteria removed discriminators and allowed Discord users to select their usernames. Each user's Discord username is unique, and no two users can share the same username. 

Figure 5 - Discord account has two names linked to it - a display name and a username 

Discord allows users to have a unique display name on each server. For example, if my nickname in the Discord "OSINT" server is "John Doe" while my display name across the Discord platform is "thunderweaver," then my display name on the "OSINT" server will appear as "John Doe" and not “thunderweaver” as it appears elsewhere.

Reverse Username Search

Many Discord users have the same username on multiple social media platforms. For example, a Discord user may use the same Discord username on Facebook, X, and Instagram. To locate where a particular Discord username appears online, we can use the following online services: 

• Instantusername
• Namevine 
• Usersearch
• WhatsMyName Web

Search for Discord Display Names

Next, search for Discord users’ display names to see where else they appear online. These search engines and Google dorks can help: 

• Google Social Search – Search for names on the following social media platforms: Facebook, Twitter, Instagram, TikTok, LinkedIn and Pinterest
• Programmable search engine for social media search – A custom Google search engine for searching within the following platforms: LinkedIn, Pinterest, Medium, Facebook, Twitter, Telegram, Instagram, Google, Telegram, YouTube, Reddit and Maps
• Google Dorks to search for display names using Google search engine:
  • intitle:"John Doe”
  • inurl:"John Doe”
  • intext:"John Doe”
  • “John Doe” site:facebook.com
  • “John Doe” site:twitter.com
  • “John Doe” site:linkedin.com
  • “John Doe” site:instagram.com
  • “John Doe” site:familysearch.org
  • “John Doe” site:ancestry.com
  • “John Doe” site:nytimes.com
  • “John Doe” site:washingtonpost.com
  • “John Doe” filetype:pdf
  • “John Doe” filetype:doc
  • “John Doe” filetype:docx

Investigating Discord Profile Information

Clicking a Discord user display name will open a new window containing more information about the account. 

To view the user's details in full, click on the three dots in the upper right corner of the window and click “View Full Profile” (see Figure 6).

Figure 6 - Access Discord user full profile details

The full profile details window shows more information about the subject user (see Figure 7), such as:

1. Display name
2. Discord username
3. Profile image and banner image
4. The “About me” section, contains a user bio, links to other social media profiles, and anything the user wishes to put there, such as a link to their personal website. This is a great place to find more leads for OSINT gatherers to follow. 
5. The date they joined the Discord platform and the date when they joined the Discord server you’re accessing their profile from.
6. Verified connections, such as a user being a PlayStation network member or having verified links to Spotify or Twitch. When a user has "verified connections" status on Discord, this means they've linked their account with specific third-party platforms via an official OAuth authentication process.
7. Mutual servers and friends.

Figure 7  - Full profile details window of a Discord user

Discord User Profile & Banner Reverse Image Search

Next, perform a reverse image search for the Discord user profile and banner images to see where else they appear online, as this could reveal other social media accounts linked to the same person under different names.

Before executing a reverse image search, we need to extract the target Discord user profile and banner image to view them in large size. Here’s how: 

Figure 8 - Each Discord user has a unique User ID associated with them

Figure 9 - Use the Discord avatar online service to download the target Discord user profile and banner image

Step 3 - After getting the images in full size, you can begin searching for them online. Here are the most popular reverse image search engines:

• Google reverse image search
• Microsoft Bing Visual Search
• Yandex Images
• TinEye Reverse Image Search
• PimEyes – Face search engine
• AI Face Search – Another face search engine

Investigating Discord Users’ Shared Media 

A Discord user can share media files such as images, videos, and links, which can point to externally hosted MS Office files and PDF documents. All these files should be inspected visually and their metadata should be extracted to discover hidden information. 

Here are some tools to reveal digital file metadata:

• ExifTool by Phil Harvey – For extracting EXIF metadata in supported images, videos, and audio files. 
• Metadata2go – Free online metadata viewer. 
• Exif Pilot – View and edit EXIF, EXIF GPS, IPTC, and XMP.
• IrfanView – Free graphics and metadata view. 
• GeoSetter – Free Windows tool for showing geo data and other metadata (IPTC/XMP/Exif) of image files. 

Investigating Discord Users’ Friend Lists

Check who the target user communicates frequently with online, and ensure that you also inspect their profiles using the techniques we've already discussed.

Discord does not allow viewing other users' friend lists, so to inspect a particular user's friends, you need to do the following: 

• Check their message history and interactions with other users
• Check who responds to or engages with them most frequently
• Check server member lists where the target Discord user is active 

Inspect User Activity on Discord

We can also use the Discord built-in search function to analyze a particular user’s activity associated with a particular Discord server. 

Here are some examples of using Discord's search function for OSINT and investigative purposes:

• Message content analysis - Search for specific keywords or phrases in text posts, track conversations around sensitive topics, and reveal potential hidden context or connections.
• Date/time investigation - Filter messages by date range, track user's activity during specific periods, correlate target Discord user messages with external events (such as those happening on other social media platforms) to help you understand user's historical engagement patterns.
• Interaction mapping - Search for mentions of specific users and reveal their relationship dynamics.
• Media and link tracking - Search for shared links, analyze types of external resources the user engages with, and identify potential information sources.

The Discord search feature is available at the top right corner of the Discord server. 

Placing your mouse in the search textbox will trigger the following search options: (see Figure 10).

Figure 10 - Discord built-in search options

• From: Limit return search results to a specific Discord user.
• Mentions: Find messages directly mentioning a particular user using the "@" symbol, such as @thunderweaver.
• Has: This search option allows you to filter search results to find messages that contain specific types of media, such as images, videos, links, embeds, sounds, or files (see Figure 11).

Figure 11 - The Has search operator options on Discord's built-in search

Before/During/After: Filter search results based on a specific date or time range.

Pinned (True or False): Search for messages pinned to the top of a channel.

Sentiment Analysis 

Sentiment analysis, a natural language processing technique, has emerged as a powerful tool for understanding digital communication, especially in online communities like Discord, where users tend to post large volumes of text content. 

Discord users' posts can be analyzed using sentiment analysis techniques to:

• Detect emotional tone in their text
• Group Discord communications as positive, negative, or neutral
• Provide insights into communication patterns and specific community dynamics 

There are different Artificial Intelligence (AI) powered tools to execute sentiment analysis; here are the most prominent ones:

• Free Sentiment Analyzer – Sentiment analysis on English text
• Free AI Sentiment Analysis Generator – Upload a file or list of text to generate the sentiment.
• Nyckel text sentiment analyzer – A free classifier that uses AI to analyze text sentiment. 

To analyze the sentiment of Discord videos accurately, we first need to extract the content in text form or a transcript. Here are some tools that can help with this process:

• IBM Watson Speech to Text – Convert speech into text using AI-powered speech recognition and transcription.
• Dictanote – A speech-to-text converter that can transcribe audio and video files.
• Otter.ai – Online transcription service. 
• Whisper from OpenAI – Whisper is an AI-powered speech recognition system trained on a massive dataset of 680,000 hours of diverse audio and text data.

Tools and Resources for Discord OSINT/SOCMINT Investigations

Here are some tools and resources to help you conduct OSINT investigations on Discord:

• Darvester – Provides safe Discord OSINT harvesting, abiding by sane rate limiting and providing automated processing. This tool automates the process of gathering Discord users public account information, such as: Profile creation date, Discord username and display name, User ID, Bio/about me section, connected social media accounts (Reddit, YouTube, Facebook, etc.), avatar URL, Nitro subscription tier, and public Discord flags.
• ip-hacker – Advanced OSINT tool tailored for Discord, enabling OSINT gatherers to gather in-depth data on target IP addresses. 
• Top.gg – Explore millions of Discord bots. Discover specialized bots used in specific communities to analyze bot purposes and identify automated tools used by target groups.
• Discordleaks – A database of leaked Discord messages. 
• Discord Id Searcher – Search Discord account by Discord ID.
• Discord_OSINT – A Discord Bot for running an OSINT investigation. It uses various OSINT tools to support its functions such as: Sherlock , virus total, whois, the harvester and hunter.io 
• WebPreserver – A automated website and social media evidence capture and production software that allows you to collect all evidence in native context with metadata. With custom scripts, you can auto scroll and expand threads, so you don't miss anything or waste countless hours on manual capture.

The 5 Major Challenges of Investigating Discord

Investigating each social media platform raises unique challenges for OSINT gatherers, and Discord is no different. These are the main difficulties OSINT analysts could face when inspecting Discord for information:

1. Ephemeral Evidence

Discord allows users to delete or update their messages without keeping logs to retrieve past messages. In addition, Discord servers can be deleted entirely or changed to private, which further complicates the investigation process. 

2. Anonymity Features

Discord users can change their display names as many times as they want. They can also access their Discord accounts via TOR, VPN, or proxy servers, making tracking their real identity difficult.

Discord also verifies accounts using just an email address. No phone verification is required, which makes identifying who is behind a Discord account very difficult.

3. Encryption Use

Discord leverages encryption to protect voice and video channels. Messages are also end-to-end encrypted, which prevents external observers from intercepting private communications.

4. Cross-Platform Integration

Discord integrates with other web services, allowing social media login and Oauth login connections. Cross-platform integration complicates OSINT investigations by creating a more complex digital identity scheme. This makes comprehensive tracking of users' activities more challenging as it requires investigators to correlate identities across different social media platforms.

5. Legal Issues

Some Discord servers may reside in a jurisdiction different from their users. This makes conducting a Discord investigation very complex, as it could span various countries and jurisdictions.

Defensible Evidence Collection from Discord

As we’ve demonstrated, Discord is a great source for collecting digital evidence to support various investigation needs. 

However, because Discord allows users to remain anonymous, OSINT investigators should follow specific procedures when collecting evidence from Discord to ensure the defensibility of their findings:

• Capture screenshots of relevant posts and comments, including timestamps and usernames, before they get deleted by the target user/s. 
  • NOTE: Screenshots may not be defensible in court unless they include proper metadata, context, hyperlinks and can be authenticated as genuine and  unaltered. To capture this data in an authenticated format, consider using a web evidence capture tool like WebPreserver or Social Discovery.
• Document the search process including the keywords used and the date/time when the evidence was captured to establish a transparent chain of custody.

WebPreserver for Discord Investigations

WebPreserver is a social media and web capture tool that allows you to capture long Discord discussion threads in just a couple of clicks. With custom scripts, the browser plug-in can automatically expand threads or previews, saving you time from manually expanding and capturing every post. Better yet – all evidence collected is complete with the appropriate metadata, digital signatures for authentication, and can be exported in native formatting, so you can present your evidence in context. 

Learn more about WebPreserver here. 

Discord OSINT Investigations: Final Thoughts

With over 200 million monthly active users, Discord offers rich intelligence-gathering opportunities through server discovery, user profile analysis, and advanced search techniques. By examining server structures, analyzing user profiles, performing reverse username searches, searching third-party server discovery platforms, using Google Dorks and sentiment analysis tools, and conducting image and metadata investigations, investigators can extract valuable information from the platform. 

Reading this guide has equipped you with sound strategies to explore user-generated content, analyze interactions, and unearth valuable intelligence while navigating the nuances and challenges that come with a vast data set of anonymized content.