OSINT Analysis
An OSINT analysis starts with a subject, such as an individual, company, event, or location, and uses manual search, automated tools, or both to find additional information, sometimes very comprehensive information. For example, starting with an individual’s name, OSINT can find a person’s residence (often with value, mortgages, and street-view, interior, and satellite images), age, education, occupation (including employer, position, location, email, phone number, and time of employment), phone number, email address, social media accounts, detailed information about relatives, membership in organizations, hobbies, travel, and more. It’s always interesting to try an OSINT search of your own name.
Consider the example of an OSINT investigation by a private individual in the aftermath of the U.S. Capitol riot on January 6, 2021. A hacker downloaded data from the Parler social media app and used it to plot the locations of Parler users inside the U.S. Capitol during the attack. It showed a bird’s-eye view of its users swarming the Capitol grounds (Dell Cameron & Dhruv Mehrotra, Parler Users Breached Deep Inside U.S. Capitol Building, GPS Data Shows, Gizmodo (Jan. 12, 2021)). In another example, “Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6” (Andy Greenberg, This Site Published Every Face from Parler’s Capitol Riot Videos, Wired (Jan. 20, 2021)).
In yet another example, a study by the New York Times reported on the use of cell phone location technology to aggregate “more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities . . .” (Stuart A. Thompson & Charlie Warzel, Twelve Million Phones, One Dataset, Zero Privacy, N.Y. Times (Dec. 19, 2019)). This data is for sale by location aggregators for marketing and other purposes.
OSINT is a powerful tool for attorneys and law firms of all sizes in almost all practice areas, whether it’s used by attorneys, paralegals, staff, or a retained research professional. There are many potential uses, such as information on parties, opposing counsel, witnesses, judges, and jurors in litigation; due diligence for transactions; law firm marketing (both for targets and the law firm’s image); pre-employment screening; and more.
OSINT Information Resources
There is a wealth of available information resources on OSINT. This section discusses some leading ones.
Michael Bazzell’s OSINT Techniques: Resources for Uncovering Online Information (10th ed. 2023) is a comprehensive reference on OSINT that has been regularly updated. It provides detailed information on tools, techniques, and sources of information. It covers the following information sources: search engines, social networks, online communities, email addresses, usernames, people search engines, telephone numbers, online maps and aerial photos, documents, images, videos, broadcast streams, domain names, IP addresses, government records, virtual currencies, application programming interfaces (APIs), and advanced Linux tools. The author’s background is in law enforcement and training law enforcement personnel. He now focuses on speaking, writing, and teaching on OSINT and the privacy concerns that go with it. He maintains a website, IntelTehniques, that has a wealth of information.
The OSINT Framework is an online, interactive catalog of free OSINT tools and resources. It has a list of 32 information elements that are the starting point for a search (e.g., username, email address, domain name, IP address, image/video/document, and social networks). Clicking on People Search Engines shows General People Search and Registries. Selecting General People Search displays more than 40 search tools.
The OSINT Curious Project is an organization that provides great resources for OSINT for a broad range of uses. It includes a blog, tips, videos, podcasts, a YouTube channel, and a good 25-minute video introduction to OSINT (created in January 2020). In February 2023, the Project announced that it had closed, but it will continue to make its existing content available.
Micah Hoffman, a leader of the OSINT Curious Project, maintains the Web Breacher blog and offers OSINT training through My OSINT Training.
The SANS Institute, a highly regarded cybersecurity training and certification group, includes OSINT in its offerings and conducts an annual OSINT Summit. It maintains the SANS Cyber Security Blog and a page of “‘Must Have’ Free Open-Source Intelligence (OSINT) Resources.” SANS also offers two week-long courses: “SANS SEC497: Practical Open-Source Intelligence (OSINT)” and “SANS SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis.” SANS focuses on intelligence for cybersecurity, but its resources can also be helpful in other areas.
The DEFCON underground hacking conference has presented OSINT talks for several years. Videos of some of them are available free online and can be found by an Internet search for “DEFCON & OSINT.” The author’s introduction to OSINT was through DEFCON.
Trace Labs has published a specialized OSINT VM (virtual machine) that brings together what its members have found to be the most effective OSINT tools and customized scripts for crowdsourced searches for missing persons.
Columbia Journalism Review has published Michael Edison Hayden’s “A Guide to Open Source Intelligence” (June 7, 2019), which provides a good overview for reporters as well as others.
There is a wealth of information to help you get started and advance with OSINT, much of it free. Depending on your learning style, the videos may be a good start.
Conclusion
OSINT is a powerful investigative process to find, collect, and use a wealth of publicly available information. It is a valuable tool for attorneys in most, if not all, fields of practice. Attorneys should understand OSINT, the kinds of information it can discover, where to find accurate information on its use, and where to get professional resources. It is important to use OSINT appropriately, in compliance with applicable legal and ethical requirements.