Telegram is undoubtedly a popular instant messaging application which offers enhanced privacy and Voice Over IP (VOIP) capabilities for users. In a survey we conducted across several businesses engaged in an ongoing rail infrastructure project in the UK, several businesses indicated that they used Telegram to communicate with staff members spread across multiple construction sites in London, Buckinghamshire, Birmingham and Staffordshire. When asked as to why Telegram is the preferred instant messaging application for their business, the majority pointed out Telegram’s focus on ensuring effective privacy in addition to the lack of privacy offered by other applications such as WhatsApp.

Whilst Telegram is considered to be the most popular instant messaging application for many businesses and individuals, the platforms continues to attract nefarious activity in the form of groups used to offer counterfeit official documents (driving licenses and passports) in addition to child sexual abuse (CSA) content.  That aside, it should be pointed out that these groups are normally disabled and deleted by Telegram within less of a day after they are reported – indicating a very responsive and effective capability within Telegram to remove illegal content and combat CSA material.

Telegram offers users with easy access to its API, this enables us as Digital Investigators and OSINT Analysts to explore and deploy several tools that we can use to investigate Telegram users and groups. In this OSINT Tool Review, we will look closely at Telescan, a lightweight Python-based script, that allows us to search for users within specific groups and to also discover what groups a user is a member of. However, these features require several conditions, the first is that the target username or phone number must be within your contact list. Additionally, to search through the groups, you will be required to be a member of that group too. The only prerequisite required to use this tool is the Telegram API which can be accessed from your individual Telegram account.

Deploying installing and deploying Telescan is very straightforward through the Command Line Interface. When the tool is executed, it provides three basic options: chat lookup, user lookup and search user in groups. The outputs from each of the three options is effective provides results in relation to each search through the Command Line Interface. Admittedly, the tool could benefit from outputting its results externally, either in a JSON or CSV format. Also, the tool could also benefit from the capability to search across visible Telegram groups without the need for the Digital Investigator to become a member of that group. That aside, for what the tool is and what it provides, it is quite effective and does exactly what it is intended to do.