October Theme: OSINT

Open-source intelligence, or OSINT, refers to intelligence that’s been developed from data that is publicly available and legal to access. This public information comes from many categories of sources, including (but not limited to):

Print and online media
Internet sources such as social media, blogs, message boards, and YouTube
Public records, including birth and death records, voter registration lists, campaign finance filings, court proceedings, criminal histories, public lists of license-holders, property information, vehicle and aircraft registrations, institutional financial filings, minutes from public meetings, laws and regulations, and much more.
Academic papers, journal articles, dissertations, and a wealth of published studies

Here’s how open-source investigator Brian Willingham defined OSINT in our 2018 webinar:

“Anything I can find open and freely without any restrictions. It doesn’t require me to have a special license. So we’re talking about anything that’s available on the internet, anything at the public library. And public records would be any government-issued document—court records, or corporate records, litigation judgments, liens, registration documents for certain professions. Social media has become a big part of open-source intelligence. So it’s basically anything I could sit behind my computer and get, or resources that might NOT be digitized: historical newspaper clippings, historical property records, anything that might be valuable.”

For the open-source investigator, the problem isn’t access to information; it’s finding what’s important in a vast sea of noise. Or, as Willingham points out, “Anybody can get this stuff. It’s just a matter of knowing where to get it.”

Even pros like Willingham begin with a simple Google search. But from there, the tools get a whole lot fancier: The Wayback Machine internet archive. Domain searchers like DomainTools. And of course, proprietary databases play an important role, too.

Here’s the part where we notify you, in the interest of full transparency, that one of those databases is sponsoring us for the month of October. idiCORE is a relatively new player in this space, and we’re excited to collaborate with them this month. We’ll test-drive the service and let you know what we think of it. Check out Hal’s weekly briefings for those tech reviews. And our October 22 webinar will offer you a deep dive into how idiCORE’s service works. Our guest, Emmanuelle Welch, CFE, has used it extensively and will walk us through what she’s learned. Scroll down for the link to join that free webinar on Thursday, October 22 (11:30am CDT). If you miss it, that same link will take you to the recorded version.

One topic we’ll cover in the webinar is how database tools can play vital roles in any investigations — from getting you started to double-verifying information you found elsewhere. On Twitter, we asked you how you think about databases in your investigative work. Here’s the poll and a few replies:

Seems like there’s a consensus: Databases are a valuable starting point for many investigations, are crucial for others, and the data you glean from them needs more sourcing.

We’ll talk more about that this month. In the meantime, happy open-source hunting!