Methodology tips for analyst teams

Methodology Tips (2)

Curious about how well-prepared your platform is to address issues in the digital landscape? Want to ensure stronger compliance with regulations and avoid potential penalties? Seeking valuable tips and best practices from industry experts to strengthen your approach?

Look no further! We recently held a webinar and gathered some tips for you from our T&S Representative, Alexandra Koptyaeva, and Child Safety Intelligence Analyst & Consultant, Sergio Zaragoza.

We also released an e-book where we share best practices, trends, statistics, and pose some open-ended questions when it comes to Child Safety and your platform’s readiness to tackle any issues.

Our tips can be implemented both in theory and in practice. They can be applied by Trust & Safety, and any investigative teams or intelligence agencies. We hope you find them useful!


1. Improve your team's basic investigation skills & Open-Source Intelligence (OSINT) capabilities

Do the specialists in your team know how to recognize emerging platform trends when they are detected? Or how to identify suspicious profiles, like catfishing or scamming? What requires special attention?
Some ways to do this:

  • Improve each analyst’s investigation skills, and let them easily stay up-to-date with the ins and outs of online investigation.

Our tips: Conduct training; do internal calibration on current workflows and policies; invest in soft skills; keep the team updated and engaged - it will help to improve communication and maintain high productivity.  
Here are a few good articles for beginners:
  1. Medium: OSINT — Beginner’s Guide
  2. LifeRaft: The Beginner’s Guide to OSINT
  3. OSINT Jobs: The Ultimate Beginner’s Guide to OSINT
  4. The Cyber Mentor on YouTube: Full 5 hours course on OSINT
  6. The OSINT Newsletter
  7. Bellingcat
  8. Irina Tech Tips
Be sure to stay updated not only on new tools, but also to constantly expand your team’s horizons: delving into financial investigations, learning about online infrastructure and more. Spending time on Twitter and Reddit and following relevant OSINT and investigation-oriented accounts can pay serious dividends. Investing in specialized training can also be a gamechanger for teams.

  • Conduct monthly internal reviews of escalated and reported cases.

Our tips: Discuss what went right or wrong; what could have done better, how the response speed could be improved. Define what the insightful report means (e.g. escalated to Law Enforcement in X minutes with X amount of details).
Formulate detailed and specific workflows for specialized investigations, while also allowing for creativity and unconventional approaches from analysts. Standardizing the investigation process can help onboard new analysts, speed up investigations and create a common language.

  • Create quantitative and qualitative KPIs (key performance indicators) for your analysts and managers.

Did your team receive any feedback from Law Enforcement officials on the cases you shared? That’s amazing! Share it with your specialists - it always serves as an extra validation and greatly motivates to keep thoroughly moderating and escalating suspicious content.

  • Organize a training about bias and how to avoid it.

We all tend to have our personal opinion about the things happening around us, and that bias can interfere in our analytical processes. That’s why it’s  important to use our best judgement when it comes to edge cases, while also following internal workflows and policies. The number of grey areas should be minimized, so that everyone enforces guidelines and applies restrictions the same way as others in the team.
Our tips: We wrote an article and created a presentation about recognizing and avoiding bias in investigations. Check them out!

Other leading resources include:

- Richard Heuer’s guide to the psychology of intelligence analysis

- Phenyo Sekati’s article on importance of local nuance in online content moderation

- Watch an interview with Matt Halprin, YouTube’s Head of T&S on addressing bias and consistency


2. Keep up with current and emerging trends

Subscribe to daily and weekly newsletters both about your area and global updates; attend webinars and conferences; follow other professionals in your field; become a member of relevant online collectives; review white papers; proactively research what similar platforms (i.e., potential competitors) are doing. Don’t focus only on your area of expertise - expand your horizons by joining virtual or in-person classes. It will make you well-versed and will add-on to your current knowledge, as well as help to expand your professional network.  

Here are some of our favorite sources:

  • Newsletters:

  • Professional collectives:

  • Podcasts:

Moderated Content by Alex Stamos
Trust in Tech by Integrity Institute Members
Fraudology by Karisse Hendrick
The Sunday Show by Tech Policy Press

  • Platform Transparency Reports - keep track of what Trust and Safety and investigation teams are doing at other platforms - keeping in mind that many platforms have both transparency reports as well as threat actor reports, such as Meta and Google.

3. Maintain internal knowledge base of platform trends and user behavior

Did your team notice something unusual on the platform? How did you tackle this issue? Document it for future reference (i.e., new hires, the same trend might repeat after some time) so you remember what was done, how, and why. Read our article about knowledge management

Recommended apps:
Falkor’s platform:
  • Notes with screenshots and attached data items
  • Activity log of who did what and when in each case
  • A dynamic database of all the data your team uploads, creates, and analyzes


4. Increase your proactiveness in detecting threats

Don’t fully rely on the AI detection or user reports; use additional methods, too.
Our tip: conducting stress testing or red teaming might greatly help you to stay on top of attackers and bad actors. (We’ve elaborated on this below)

5. Dive deep into the data

What are the available data your platform has on user behavior and their patterns? Don’t focus only on one suspicious user at a time - keep in mind that they might have several accounts under different names, or are connected with others who spread violating content.
Our tip: Use link analysis graphs to visualize connections between bad actors. If you’re unsure about if and how two entities are connected, always add a possible/tentative connection until you find a way to prove/disprove it.

6. Collaborate with stakeholders

A platform’s safety can’t be achieved only on a team level - it involves cross-collaboration with other relevant stakeholders, both internal and external. Identify all relevant people and teams you need to work with; keep everyone updated about anything new happening within your department; and create a communication loop.
Our tip: Keep a shared contact list of relevant contacts in all stakeholder teams and organizations. Add a column for classification - how much can we share with them.

7. Increase transparency & data accessibility

Your platform users will stay longer if they can read and understand why their content might be removed and what the rationale behind it is. It’s not about revealing all internal processes to everyone - but about explaining the why.
Our tip: Nobody likes reading long documents. In any long text including your platform’s policies, add a short summary at the top explaining in a few sentences what’s the bottom line of that policy.

Deeper look: why taking a proactive approach is important

A proactive approach is defined as leading investigations on the platform, so a team can detect new threats and bad actors ahead of time.

We can follow leads that will help us understand bad actors' behavior with anticipation and act more efficiently independently of AI detection and human moderation.

  • Depending on the company, this can be an internal process or outsourced;
  • It provides the opportunity to detect new trends and threat actors if appropriate tools and resources are available;
  • By following different trails, we are able to detect future harms and behaviors before they occur;
  • Platform-independent investigations can give a broader perspective on where threats may originate;
  • An out-of-the-box approach allows to gain a deeper understanding of today's landscape.




Your analyst team is only a few methodological steps away from doing a much better job. The importance of investing time and resources in developing specialists' investigation skills has never been more pressing. Falkor is software for analysts. It helps them to gather, analyze, keep records of, and collaborate around any case.
Supercharge your analysis with us - reach out to schedule a demo.

More resources