Gathering information is something that we all embark in on a regular basis, whether it is to do some good ol’ Facebook creeping, or for a formal private investigation by a PI, most of us have taken advantage of OSINT - whether we knew what it was called, or not. Open Source Intelligence, better known by the acronym OSINT, refers to gathering data that is readily available as public information. As PIs can never have too many sources of information, it’s worth investing time into understanding and applying OSINT into your private investigation so that you can take advantage of the tools that are readily available at your fingerprints online.
What is OSINT?
Open Source Intelligence, refers to the vast amount of data that is available to view by the general public without the need to ask permission. This type of data could be found on any type of public domain such as social media profiles, published news or broadcasts or even information seen or heard by casual observers.
If any type of data is acquired by having to request special permission, paid access or a court order, then it does not qualify as OSINT. So, it’s important to remember that in order for data to be classified as OSINT, it must be part of a public domain or be accessible to all and any individuals regardless or the purpose that such data may be intended for.
Examples of Open Source Intelligence
Details found on a résumé.
Information found on social media posts.
Data found in public record databases.
Commercial imagery, text or details.
Information seen or heard by a casual observer.
Anything found in maps or geospatial information.
Data acquired by attending an event or visiting a location.
Business or company profiles, reports or documents, including press releases.
Data stored in government documents, reports or websites, whether it is in digital or print form.
Any information found on the IoT or the Dark Web, including blogs, videos, podcasts, forums, etc.
Information that has been published or broadcasted for public viewing by any media sources.
Any type of data that can be accessed by the general public by making a purchase or acquiring a subscription, whether it is paid or free.
All academic publications, such as journals, thesis, dissertations, conferences or public speaking endeavors.
Any type of data that can be received by anyone upon placing a request, whether it is in a government facility or otherwise.
OSINT Tools & Techniques
Although it may seem like most of Open Source Intelligence is accessed by a means of manual search endeavors, there are actually several tools that can be used depending on the type of data you are looking for. There are tools to search for very specific types of data, such as images, documents, assets or data collection of an entity. Due to the high efficiency and reliability of the information found on certain websites, hackers often use the same tools to access information and find unsuspecting victims.
Below you can find a few of the most well-known tools that can help facilitate your process to obtain Open Source Intelligence:
- Google Dork Query | Technique used to obtain better search results
- Maltego | Tool to track online movements
- Shodan | Tool used to track digital assets and location
- theHarvester | Tool to gather domain-related or email data
- Metagoofil | Tool that gathers the metadata of public documents
Although there are many different tools available to help with data gathering on the public domain, Justin Nordine, a security expert, created something called The OSINT Framework, which provides a clear path on what tools to use in order to obtain the type of data that you are looking for.
On the OSINT Framework website created by Nordine, you can find an intricate diagram that displays the various types of data categories one could look for through Open Source Intelligence, along with the tools that will help one to retrieve that information. This Framework could easily pass as The Holy Grail of OSINT sources for a private investigator.
The Dangers of OSINT
As you can see, the various tools and techniques that return OSINT are highly useful in a private investigation, however, because it is precisely open source information, many people who are knowledgeable about OSINT use the tools and techniques mentioned above for wrongdoing. So, as a rule of thumb, remember that if you could access certain information, someone else could also certainly obtain it to use it against your client. This is relevant especially when as a private investigator your role is to protect your client and you need to inform them on how to better protect themselves against what others may find in public records. If you’d like to learn more tips for better surveillance, check out this article with 10 Tips & Tricks New PIs Need to Achieve Better Surveillance.