🧊 Socials 101 — OSINT Case Preview: What can you expect?

Ahead of the upcoming Socials 101 course, here’s a real-world example showing how open-source social analysis works when timing, aliases, and behaviour intersect. In the upcoming course I will be teaching you how to this and more, professionally.

📲 In a Signal group chat linked to a protester network in Minneapolis, analysts observed that at 8:47 CST, a user named “Alvin Q” replied to another participant (Salacious B. Crumb) stating that he “will update” on the location of a suspected ICE vehicle.

The vehicle was described as being approximately 8 blocks from where a shooting was reported about 15 minutes later.

That message became a pivot point.

🔎 Using only open-source techniques, the handle “Alvin Q” was correlated to the alias AlvinQPretti.

That alias appears in breach-derived username data linked to the email address [email protected], to a dormant X (Twitter) account created in 2016.

📍 The Signal user also displayed a medic emoji, which aligns with publicly reported biographical information about Alex Jeffrey Pretti.

Graduate of the University of Minnesota (2011), degree in biology, society and the environment
Employed as an ICU nurse
Worked for the U.S. Department of Veterans Affairs at the Minneapolis VA Health Care System

📉 After the reported shooting window, Alvin Q did not send any further messages in the Signal group.

What this OSINT pattern demonstrates

• Alias and username reuse across platforms

• Timestamp correlation between chat activity and real-world events

• Behavioral analysis (sudden silence as a data point)e

• Emoji and profile indicators as contextual signals

• The importance of what not to conclude

No hacking.

No private access.

No assumptions beyond the data.

This is exactly the type of structured social-media OSINT we’ll break down step-by-step in Socials 101:

✔ Mapping the social attack surface