A Beginners Guide to OSINT

OSINT - Open Source Intelligence that refers to a collection of data/information by exploiting publicly available resources. It is used for digital intelligence and investigation process that uses cyber tools to find strategic information in open sources that are obtained legally and ethically. 

Cybersecurity Key words and a magnifying glass

Author Daina McFarlane

OSINT has been around since the beginning of time and no one can pinpoint when it started. Numerous research states that “OSINT was introduced during World War II as an intelligence tool used mostly by nations security agencies”. The Internet started January 1, 1983, and ever since, the Internet has revolutionized and turned the world into a massive village of information.

The importance of OSINT gathering has become a necessity due to the explosive growth of the Internet and the huge volume of valuable digital data that is produced at a constant rate for organizations to use such as government departments, non-government departments and business corporations at their disposal. Since OSINT is publicly accessible sources of information found online or offline, anyone can conduct information gathering using available tools and techniques.

Is OSINT Valuable for an Investigation? Yes, OSINT is valuable because of its less rigorous processing and exploitation processes and timeline to gather information than more technical intelligence disciplines such as HUMINT – Human intelligence , SIGINT – Signal intelligence , MASINT – Measurement and signature intelligence and GEOINT – Geospatial intelligence.

Everyone leaves digital traces of their information; you just need to know how to find them. Three main method of collecting OSINT sources of information are passive, semi-passive and active. The usage of either one depends on the scenario and how deep the data need to be collected. Passive is the most used type as it targets only publicly available resources. Another name used by us security professionals for passive information gathering is reconnaissance. Semi-passive gathers information by sending limited traffic to target servers, investigating lightly without launching any alarm on the target’s side. Active gathers information by interacting directly with the system. Five steps of the OSINT cycle consists of Planning, Gathering, Analysis, Dissemination and Feedback. Due to the overwhelming sea of information, reconnaissance is broken down into 5 sub-phases refer to the OSINT process:

  1. Source Information – the initial phase where the individual identifies potential sources from which information may be gathered from. Sources are documented and detailed notes are written down for later use.

  2. Data Harvesting – information is collected and harvested from the selected sources and other sources that are discovered throughout this phase.

  3. Data Processing and Integration – harvested information is processed for actionable intelligence by searching for information that may assist in the investigation.

  4. Data Analysis – the individual performs data analysis of the processed information using OSINT analysis tools.

  5. Results Delivery – the final stage in which OSINT analysis is completed, and the findings are presented/reported to other members of the team.

OSINT Tools and Techniques

A plethora of OSINT tools are available, both free, and commercial. The focus will be on the most popular tools that are used in the OSINT process. The key thing to know is that OSINT process is about using bits and pieces of information and running that information through a particular tool to discover more information about a person or entity.

Google Searching and Dorking

Google Searching or simply Google, as you know is a web search engine and its main purpose is to search for text in publicly accessible documents offered by web servers. The first investigation tool is the search operators and other advanced operators are located here: Search Operators

Google Dorking is known as Google hacking which are advanced search strings used within a web browser. Checkout the Google hacking database here: Google Hacking Database

Common operators are:

  • Intitle