We’re used to seeing people post incredible amounts of personal information on platforms like Facebook, LinkedIn, Instagram, Strava, Twitter, etc. But now, another platform must be added to that list: TikTok.
TikTok has seen phenomenal growth and engagement over the last couple of years. Moreover, its open “anyone-can-view” nature means that it is one of the most accessible and useful platforms for OSINT/SOCMINT investigators.
In this article, I will discuss the importance of TikTok in the field of OSINT/SOCMINT investigations and discuss several methods for collecting information from the platform.
However, before I start, let me provide some more background information on the platform itself.
What Is TikTok?
TikTok is a popular social media platform designed to create and share video content. It is designed primarily for use on mobile devices, but you can also access it via a desktop application or web browser.
It was first launched in 2016 under the name Douyin but quickly spread beyond the Chinese market to develop a global user base. TikTok now operates in 154 countries and is the fastest-growing social media platform in the world. Its users are primarily in the 15 – 35 age bracket.
According to Demandsage, TikTok had over one billion monthly active users at the start of 2022 and is projected to reach 1.5 billion users by the end of the year. TikTok’s engagement is also far above that of Facebook or Instagram—the two biggest social media platforms. According to a recent report, the average TikTok user spends 25.7 hours a month on the platform, more than the average Facebook user (16 hours) and Instagram user (7.9 hours) combined.
Given how popular TikTok now is—and how much time its users spend on the platform—its value for those conducting online investigations is obvious.
What Sort of Content Is on TikTok?
According to Statista, the most-viewed TikTok content categories (by hashtags used) are:
- Entertainment
- Dance
- Pranks
- Fitness/sports
- Home renovation
- Beauty/skincare
- Fashion
TikTok is primarily a video-based social media platform, although other types of content like photos and audio clips can also be found on it. The maximum allowed length for TikTok videos was initially set to 15-seconds. This was increased to 30-seconds, and then increased again to three minutes in July of 2021. In March 2022, it was increased yet again to 10 minutes.
TikTok was developed primarily for smartphones, so the default video orientation is vertical. That said, users can also upload horizontal videos. The allowed video file types are mp4 and .mov files, although it also supports .avi and .gif files for ads. Video file sizes on TikTok vary by the mobile device used to upload a file: Android users can upload files of up to 72 MB, while iOS users can upload files up to 287.6 MB. For video ads, the maximum size allowed is 500 MB.
The Importance Of TikTok In Modern Online Investigations
From an OSINT perspective, the most valuable content on TikTok is undoubtedly the videos posted by users. However, other valuable information exists, such as sound clips, photos, TikTok LIVE (which allow users and creators to interact in real-time), and the social interactions between users (likes, shares, and comments).
The information gathered from TikTok can be used in different investigative scenarios, such as:
- Understanding the political, social, and economic interests of a particular group of people located in a geographic area or country
- Gathering intelligence about a specific individual, such as their political interests, circle of acquaintances, social activities, location and habits, work and study information, etc.
- Predicting future events—such as war and political unrest—based on social media activity and content
An Example of TikTok In Modern Investigations
The beginning of 2022 saw war break out as Russian troops entered Ukraine. Long before the fight officially began, news networks across the globe were broadcasting reports regarding Russia’s intention to invade Ukraine, but still, few people seemingly believed that this war would come to pass.
That all changed when people traveling near the Russian/Ukrainian border started to post videos on TikTok (see Figure 1) showing Russian military equipment and vehicles approaching the Ukrainian border. People began to take the media reports more seriously and a substantial number of politicians began expressing concern over Russia’s military activities—all due in large part to videos posted on TikTok.
Figure 1 - A video posted on TikTok showing Russian Military vehicles heading towards the Ukrainian border
Law enforcement and private investigators can also use TikTok to solve criminal cases. For example, by searching for a specific car used during the commission of a crime, TikTok can help reveal important locations, persons, and social relationships relevant to the crime.
Of course, TikTok is particularly suitable for online investigations because videos on the platform are posted publicly. Anyone can discover and view TikTok videos, which means investigators can gather them legally without violating privacy or data protection rules.
But how exactly do you conduct an investigation on TikTok? We’ll look at that in the following section.
Investigating TikTok Information
To begin your search on TikTok (I’ll be using the desktop version throughout these examples), locate the search function at the top of the homepage (see Figure 2), type out your search query, and hit Enter.
Figure 2 - Using TikTok's built-in search engine to search for contents
TikTok will now return all relevant results. Similar to Twitter, it will divide your search results into three tabs: “Top”, “Accounts”, and “Videos”. If you’re looking for a specific user, “Accounts” is the place to start.
That said, TikTok’s massive number of search results could be a bit overwhelming and make it difficult to identify a specific person amongst all the user accounts. Fortunately, Google indexes TikTok pages, so you can use the Google "site" search operator to find a specific person on TikTok. In Google, simply type:
site:tiktok.com “{first + last name}”
If you think you know your subject’s username—or have a handful of likely names—you can also use Google to search for this target username throughout the TikTok site. The previous Google query can be updated to become:
site:tiktok.com “{first + last name}” OR “{username}”
That said, perhaps you don’t know your target username on TikTok—but you know your target username on other social media websites like Facebook or Twitter. In that case, your target may use the same username on TikTok. Many online services can help you find all social media sites linked to a specific username. Instant Username search is a particularly notable service that searches more than 1,000 social media sites (see Figure 3) for you.
Figure 3 - Search where a particular Username appears on other social media sites
Let’s now return to TikTok. To access a specific TikTok profile, all you need to do is to type the username after the TikTok address into the top of your web browser (See Figure 4):
tiktok.com/@USERNAME
Figure 4 - Access any TikTok profile by typing it directly in the address bar after the "@" character
Now that we are inside a target TikTok profile, we can begin extracting information. The first thing we can inspect is the profile picture. TikTok allows one profile picture per account. This means that when a user changes their profile pictures, the old version is discarded and lost forever.
To save the profile picture, right-click on the image and select "Open image in new tab", when the profile full image version opens, you can save it to your computer as you would any file.
To locate previous profile images, you can use the Internet Archive service. This method is not guaranteed, since the Wayback Machine website can not keep a copy of all TikTok profiles across all periods, it is still worth a try.
Go to Wayback Machine, enter the target TikTok profile, and the internet archive will return lists of all previously captured profile information during different periods (see Figure 5).
Figure 5 - view maps of the number of times https://www.tiktok.com/@therock was crawled by the Wayback Machine
Once we have the target user's TikTok profile image, we can use reverse image search to see where else this image has been used. For example, our target may use their TikTok profile image on other social media websites as well. There are multiple reverse image search engines. Using more than one search engine is advisable as the quality of the results can vary by query. The following are four popular reverse image search engines:
- TinEye (https://tineye.com)
- Google Images (https://images.google.com)
- Yandex (https://yandex.ru/images)
- Bing Visual Search (https://www.bing.com/images)
Next, we can move to inspect the target profile manually by looking at:
- Content (videos) that the user has posted
- Number of followers, following, and likes
- Profile description
- Connected social media sites (Facebook, Twitter, and Instagram)
- Uploaded videos to see who leaves comments or uses the "Like" and "Share" functions. For instance, when the profile owner replies to specific users' comments, this often indicates they know each other in real life or have some type of relationship.
Each user account on TikTok has three distinct identifiers, which are:
1. User ID: This is created by TikTok when the account is first created. We can get any TikTok user ID by going to the target user profile on TikTok, right-clicking on the page, and selecting “View Page Source”. Search for “userid” (see Figure 6).
Figure 6 - Viewing any TikTok user ID through page source
2. Username: This is created by the user and can be changed every 30 days. It is worth noting that the username usually appears in the TikTok web address (see Figure 7).
3. Alias Name: This is created by the user and can be changed at any time, without restriction (see Figure 7). Sometimes, a TikTok user may use the same name for both their “Alias” and “Username”. When creating your TikTok account for the first time, TikTok will suggest an Alias and Username.
Figure 7 - TikTok username
Using a Forensic Capture Tool to Collect Tiktok Evidence
In this article, I have mentioned a few manual methods to search TikTok profiles and collect information about them. However, for official investigations, it is preferable to use a dedicated forensic social media tool to harvest TikTok data—especially if you’re looking to collect videos in a defensible manner.
Pagefreezer offers an automated forensic tool, called WebPreserver, for gathering OSINT intelligence from TikTok and other popular social media sites like Facebook, Instagram, LinkedIn, and Twitter. As with those platforms, WebPreserver allows investigators to do the following on TikTok:
- Reliably capture TikTok videos and video descriptions
- Capture entire TikTok timelines with a few clicks
- Automatically open and capture TikTok comments and replies
- Perform bulk captures of TikTok videos
- Capture TikTok videos by date range
- Generate a collection report with relevant metadata
To learn more about WebPreserver, visit the Product Page, or read the WebPreserver TikTok support announcement by clicking the button below.
