Brent L.
November 23, 2025
The November 2025 OSINT Search Party CTF was one of the highest-scoring events we’ve ever had at Trace Labs. Across four missing-persons cases, participants submitted 2,947 accepted data points covering nearly every CTF flag category. This CTF produced an unusually large number of high-value flags. But why was this CTF so high-scoring and what happens to those flags after the CTF? To answer the first question, well, it’s all about case selection.
How do we select cases for a CTF? It’s more art than science, but I’ll spill a bit of tea. We typically focus on cases within a certain age range (roughly 15–50 years old), where the person has been missing for less than two years. From there, we apply some exclusion criteria: Has the person been found (alive/dead), high CSAM risk, highly likely homicide, organized crime involvement, or a small digital footprint.
Good cases are still hard to identify using these criteria and browsing government databases like NamUs. A lot of cases there are either cold or have little online presence. I’ve found this with Interpol Yellow Notices as well. We’ve learned however that good CTF candidates can surface in Missing Persons Facebook (FB) groups. These groups tend to have more recent cases and people with a larger digital footprint (e.g. social media profiles).
However, when evaluating cases from FB groups(or anywhere) a critical requirement remains: the case must originate from law enforcement. That means the presence of an official LE request for public assistance, a case number, and a way to submit information. Sometimes this leads back to a NamUs entry—and that’s good. What we can’t use, for example, are “If seen, call 911” posts with no official case source.
All of this shapes the selection process. For one case in this CTF, I felt confident it would yield good data, but I didn’t expect it to absolutely blow up the way it did. You can never predict what will happen during a CTF, but it’s the unpredictability that makes them exciting.
So the CTF ends, and you have 3,000 OSINT datapoints across four cases. Now what? You want to report to LE, but how? This is the answer to the second question. The reporting team turns that raw data into a report—or an “investigative product,” to use an official term. Our reports focus on summarizing the highest-value findings, especially “Advancing the Timeline,” which can strongly indicate the missing person is alive. We also include as supporting information social media profiles, emails, new identifying marks like tattoos, and relevant social media accounts belonging to friends and family.
So how do you turn the OSINT data into a report? This is where AI helps out. I know some folks are wary (e.g.hallucinations), but OSINT from a Trace Labs CTF is an ideal use case for AI. Every data point has been vetted by a coach and labeled with a Trace Labs category and point value, each associated with its real-world value to law enforcement. So the AI is working with structured, high-quality, human-verified inputs which makes its task easier. We then ask the AI to deduplicate entries, organize them by category, summarize the key high-value information, and tabulate supporting details. We do need to keep analysts in the loop. During this CTF, analysts, including law enforcement officers who are part of our team, caught date-format confusion (DD-MM-YY vs. MM-DD-YY), which could have caused misinterpretation. Still, AI enabled report writing to be done in about 2–5 hours per case, which might be more than you expected but this was the first time any of us used this workflow. I expect it will get faster and more efficient. We were able to deliver all four reports within 2–3 days of the CTF. Without AI I’m sure it would have taken exponentially longer. Once each report is finished and vetted it is sent to the law enforcement agency of record.
I know reporting can sound intimidating with everything I just described, but it remains one of the most rewarding parts of Trace Labs for me. You get to see all the data gathered for a case. And it’s more than that—by analysing and summarizing it, you place yourself inside the narrative. You see context, motives, relationships, conflicts, and other patterns. Of course, the final product contains no speculation or conjecture, only facts go to law enforcement. But the process still allows you to connect with the human side of the case, even though we rarely hear about the outcome. You become part of their story, and it feels meaningful, even if only briefly.
