October 26, 2022
An investigator's guide to OBE
An investigator's guide to OBE

Mass scale IP infringement is rarely random. Links between datapoints are overlooked. Patterns remain undetected. Trends are not reported. Each infringement is treated as a discreet case. Large networks of illicit activity are often missed in the constant stream of issues which are ‘resolved’ in a never-ending game of whack-a-mole. Success is measured in terms of removal rates of infringements, meanwhile, infringers simply relist with impunity.

Approaching online brand enforcement through an investigative framework flips this thinking, positioning long-term growth of brand value as the guiding light. To put it another way, an OBE programme which begins by understanding the brand’s objectives.

However, cyber-investigations are not easy. With the future of WHOIS data still up in the air, pseudonymous Web3 technologies breaking into the mainstream, increasing use of ephemeral means of communication, and large datasets existing in formats non-indexable by search engines, cyber-investigators face more challenges than ever.

It is the investigator charged with going beneath the surface-level, with removing the veil of anonymity. It is the investigator who takes a ‘surgical approach’ in understanding piratic practices. It is the investigator who sits in the digital crow’s nest: observing online brand abuse, analysing illicit networks, capturing evidence, connecting datapoints, charting geographic coverage, and understanding the demand and supply of counterfeiting. Therefore, an effective enforcement programme must be underpinned by an investigative framework in order to identify the most egregious offenders and stubborn infringements for escalation measures.

Strategic decision-making depends upon understanding the landscape. To gather and prioritise data an approach which blends the human touch with tools and automation is needed. The two parties (human and non-human) work in unison, performing different functions based on their points of difference. Automation is efficient in raw data collection. Then it is through the investigative framework data is augmented, transformed into intelligence. And it is by building intelligence over the long-term an enforcement programme adds value.

The below framework is flexible, as each area must be researched with its own nuances. Investigators are better equipped by understanding the framework, rather than by following a prescriptive checklist.


Investigative Framework



It’s always best to start from the beginning. It is far too easy to fall down the rabbit hole with investigations. Plan ahead, don’t fall behind. An investigator must identify from where they received the lead i.e. a repeat infringer, referred from an internal client, complaint from a customer defrauded by the infringer etc. This will help assess the priority level of the target. Once categorised, the target can be reviewed within the broader strategy. For example, if the target is a repeat infringer a brand owner wants to take escalation measures against, specific points-to-prove and evidential requirements must be considered.



A reasonable estimate of the search area is required at this stage. If relying solely on text-based searches, then a list of keywords should be drawn up. A keyword list will be led by the platforms to be searched: whether a platform facilitates advanced searches, the languages to be searched, how the platform handles multiple word phrases, filter options available, and known tactics infringers deploy to avoid detection.

Even the best made plan cannot account for all the unknowns. However, staying in-line with the plan is the best approach, even though it can be tempting to jump straight into emerging juicy lines of enquiry. Follow the plan, search the planned keywords and images at the planned places, keeping accurate records along the way. Evidence should be preserved as detected with screenshots and a case log; webpages can be saved to the Internet Archive for use in evidence.



This is the process of conducting further searches on the data gather in the search phase. That being, the juicy lines of enquiry detected above, which were logged but put aside to stay on track with the original plan. Each pivot must be just as thoroughly researched as the original searches above.

Systematic pivoting relies on systematic recording of new lines of enquiry. Without a systematic approach datapoints get overlooked, causing missed trends and under-investigated leads. This is also the best method to mitigate against ‘investigation fatigue’ – when an investigator’s awareness decreases due to the length of time researching a single target or case.



All information throughout the investigation should be constantly analysed in the context of relevance and veracity. An investigator must be mindful of relevance when assessing data and not resort to capturing all information with vague purposes being used as justification. The focus must remain on extracting purposeful clean data. The corollary is recognising non-relevant information. Purging non-relevant data reduces overheads and eliminates distractors from the research which facilitates effective decision-making.  To be clear, an investigator’s aim is not to provide an information dump of everything on the internet which vaguely relates to the target. Clean data trumps sexy analytics every time.

Relevant data is not sufficient. It must also be verified for accuracy. An investigator must consider whether the data is reliable: whether it is backed up by evidence. Information on the internet is inherently unreliable, unless gathered from an official source or a trusted curated source.



Knowing the audience is vital at this stage. An investigator must communicate findings in a format which helps the relevant decision-maker understand the parameters of the investigation and any weaknesses. Evidential gaps should never be glossed over, in fact, a confident investigator highlights any weaknesses. This creates the space to conduct a thorough risk assessment.

Accurate reporting is dependent upon evidence being logged and captured. To be clear, evidence not recorded – or incorrectly recorded – may not even count as evidence at all. Watertight cases quickly unravel when supposed evidence turns out to be unusable or tainted. For example, there must be integrity within the continuity of evidence. This concerns the handling and storing of evidence from the point of capture until the point of being presented in court as evidence.   

Using secure servers for evidence storage, or hashing evidence to prove the data has not been tampered with secures the integrity of continuity. Likewise, correctly using evidence bags preserves the continuity of evidence for physical evidence, such as the item received when conducting a test. Done correctly, the preservation of evidence protects a case from collateral attacks based on tainted evidence.


Strategic OBE

An effective online brand enforcement programme requires a blend of legal expertise and state of the art technologies underpinned by an investigative framework to implement robust enforcement against infringements and infringers in order to defend the brand, prevent dilution, and protect revenue.

Online Brand Enforcement /  Domains /  Anti-Counterfeiting /  IP basics

Found this article interesting today?
Send us your thoughts: