Note
Studied by 17 peopleLECTURE 15 Investigative OSINT
Open-Source Intelligence (OSINT)
What is OSINT?
Open-Source INTelligence.
Gathering actionable, valuable information from openly available sources.
Involves investigations using public information from the Internet or other sources.
Does not require search warrants.
It Must be authorized for legitimate and ethical purposes, varying by jurisdiction.
The boundary between lawful and unlawful is very thin
WHY OSINT can be USEFUL for Forensic Analysts:
OSINT plays an important role in:
Cyber warfare investigations.
Cybercrime investigations.
Terrorism investigations.
Journalistic investigations.
Criminal investigations.
Gathering suspect information for better intelligence (password recovery, social media accounts, psychological profiling).
OSINT vs. Digital Forensics (DF) Investigations
OSINT investigations can be standalone or embedded within DF investigations.
Principles and guidelines of DF apply to OSINT.
OSINT follows a similar methodology to DF but uses public data and specific tools/techniques.
OSINT Process Plan
1. Plan: Prepare environment/computer.
2. Identify: Identify sources.
3. Harvest: Gather data from identified sources.
4. Process: Process acquired data to extract meaningful information.
5. Analyse: Correlate collected information from different sources.
6. Report: Create report documenting the investigation.
Preparation of Environment/Computer
Use a virtual environment with stringent security.
Use VPN connections for protection.
Firefox and Chrome provide helpful add-ons for OSINT investigations.
Identify Sources
OSINT investigators need to be aware of new websites, social media, and mobile apps.
Continuously develop skills to identify and harvest data from new sources.
Identify sources relevant to specific targets under investigation.
Domain Registry (Whois)
Whois Uses the ICANN database of registered domain names.
Can check registration details:
time of creation,
last update,
sometimes contact details.
Does not provide info on site content.
IP Search
WHOIS can be used to find IP-address ownership.
Provides registry information like domain registry.
IP and domain info can be redacted at the owner's request.
Advanced Google Search (Google Dorking)
Can be used to Refine searches to reduce time spent on unrelated information.
Use operators like "site:" to search within a specific domain (e.g.,
site:forbes.com "Michael Bazzell").Asterisk (*) This represents a wildcard; Google treats it as a placeholder for
one or more words within a search string.
“osint * training”
Returns webpages containing the strings “osint video training” and
“osint live classroom training”
Google Search Tools
Timeframe menu for selecting a custom range. (This is helpful to analyse content posted within a known period)
Advanced search options for refining results by words, phrases, language, region, update time, etc.
this type of search can reveal archived expired posts, and reviews
from online marketplaces
Google Custom Search Engine
Requires a Google account.
Allows creating your own custom search engines.
Can refine searches by file type (pdf, doc, xls, ppt, txt).
Can specify sites to search (e.g., social media platforms).
Searching Web Archives
Web archives, also called caches, are Useful for searching sites that have been changed, removed, or amended.
Search engines often provide provide the ability for the user to see cached snapshots of websites at a certain date
The Wayback Machine (archive.org/web/) is another resource, useful site for search web archives
Cached Websites
Browsers store website data in a cache to reduce bandwidth consumption. The store is called the “cache”
Google's "cache:url.com" command has been deprecated.
Maltego Community Edition
Maltego Community Edition (CE) is a free version of the Maltego software used for open-source intelligence (OSINT) and link analysis.
It's commonly used in digital forensics, cybersecurity, and investigations to map relationships between people, devices, domains, social media profiles, and more.
Available in Kali Linux or via registration.
Maltego's website contains tutorials and documentation.
Conclusion
• OSINT was introduced as a topic and potential tool for forensic investigators
• We also explored the potential of Google advanced searches using public information for the purpose of OSINT investigations
• It also provided an insight into Maltego and its potential