Brent L.
March 11, 2026
When the Search Party CTF ends the platform closes and the scoreboard is final, but the investigative work for the Reporting Team continues.
The Trace Labs Reporting Team plays several roles in the CTF. We select the missing person cases, either by working with Law Enforcement (LE) or through our own internal process. During the CTF itself we help monitor the flood of incoming intel for red flags. This includes for example, if a person is found to be deceased, which unfortunately has happened. After the CTF ends, we receive the full data dump: all the intel and all the screenshots submitted by every team for every case. Our job then becomes turning all that raw data into reports that are sent to LE. From our vantage point we see the full picture of the intel, and here’s what we saw this time.
The diversity of intel collected for the cases was remarkable: faint digital signs of life from data breaches and infostealer leaks, username tracing across gaming platforms in cat-and-mouse fashion, Cyrillic-language social media analysis (serious competition for MVO in my opinion), and historical remnants from internet archive bots. And then there was walking the digital street...digging through social media comments for relevant posts or sightings, and using face recognition and geolocation to help develop leads. The intelligence gathered for this CTF seemed noisier than usual. On multiple occasions, the evidence for connecting the intel with the missing person just didn't hold up. Most of it was great though (shout-out to the analysts, coaches and staff).
Creating the reports can be highly involved. Some advice for participants: when submitting flags during the CTF, make it easy to understand and explain why they’re important (also don’t forget the screenshot). We want to include everything, but if the Reporting team struggles to grasp the intel it may not make it into the report. Also, if the intel is behind a paywall it won’t make it into the report because neither we nor LE will be able to verify the intel.
Reporting may sound boring but it’s definitely not. We have a unique perspective…we see all the intel and all the tradecraft. We apply critical thinking to make the reports as solid and useful as possible to LE. We’d like to continue developing the reports further: building timelines, maps, relationship diagrams, and other ways to connect the dots and add context. We’re open to ideas.
I heard some chatter that this CTF was harder than previous ones. But it’s becoming clear to me that LE is interested in longer-term or cold missing person cases, which can be harder to investigate. For OSINT purposes, cases from around 2010 onward are more likely to have some digital activity to analyze. In this CTF we pushed that limit: one individual had been missing for nearly two decades. I was astonished that LE was still interested. After the internet chatter had died down, the bloggers had finished writing, and the podcasts had stopped recording, LE was still there investigating…committed, steadfast, and keeping hope alive. For this CTF, that’s what ultimately made the biggest impression on me.
