The 10 most important things for successful OSINT investigations
The essence of OSINT is to know what information to collect, where to find it and how to document it. While developing Paliscope, we have had the opportunity to work with some highly experienced and talented online investigators. Here, we’ve collected some of their best advice on how to conduct successful online investigations.
1. Act fast
Document the information when you see it! Don’t wait until the afternoon or the next day, vital information may be gone in the next minutes, hours or days. For example, a relevant Facebook posting may disappear within minutes because the person who posted it may suddenly realize that it gave away information they didn’t want. And this happens more than you might imagine.
2. Develop a workflow and plan your work
If you’re new to online investigations, start to build a To-Do list of what to look for in each case, and which actions to take. Plan each step to make sure you remember to collect all relevant data. Make sure you answer the classic questions of “what, when, where, who, why and how”.
3. Prioritize your actions
What is most important? Where are you most likely to find the information you are looking for, and what is most time-sensitive? Make sure you start at the right end of your investigation, to save time and effort, and achieve better results. And make sure that the data that you collect is relevant for the case.
4. Document your actions
Take notes! There is always a possibility that someone will come and ask, or question, how and where the information was found. Make sure you know where and when the information was found, and that you can show the original source. This can be written down manually or use a tool that gives you an automatic audit trail.
5. Use the developer tools in your browser
Useful intelligence may not be visible on the default view of a web page, but hidden in the source code. For example, names of images, alt-texts of images, names of links, information in HTML tags or site meta information.
6. Be careful about your browser profile
Don’t unintentionally alert the owner of a site that it’s you who is visiting. Be aware of the data you might be sending out from your browser profile, such as your IP address, location, operating system or device. The easiest measure to take to avoid being traced is to use a VPN. Another measure is to use prepaid mobile internet access.
7. Keep it simple when writing reports
Translate the information into “normal” language. Don’t assume that those who receive and read your reports have the same technical knowledge as you. Spend some time making sure you write your reports in a way that makes them easily understandable to other people.
8. Educate yourself
There is always more to learn about what information you can get from websites, emails, servers and so on, not to mention learn about how to find it. And there are always new social media platforms developing that you need to keep track of. Stay curious and stay updated.
9. Keep updated on new tools
The landscape of online tools and tricks is constantly evolving. Keep on adding tools to your toolbox and developing your process. Also make sure the tools that you use are updated. Follow blogs and forums to pick up new tips and tricks.
10. Have perseverance and patience
Most investigators will only go to the first page of results and then they will quit. To succeed you cannot give up. You have to keep going, long after you have got bored. And you have to keep digging, even when there doesn’t appear to be anything of relevance. It’s worth it because you often find something new – and even if you don’t, you can be more confident with your existing findings.
Paliscope is a new online investigation tool that provides a structured, secure and auditable way to conduct online investigations and produce professional reports. Try it for free here!