Open Source Intelligence for Private Investigators
Whether or not you realized it at the time, you have probably collected Open Source Intelligence, (OSINT) at some point in your investigative career. True to its name, OSINT is open-source, meaning that all its information is available to the general public. Since OSINT is accessible to everyone, it might not seem like a valuable tool private investigators can add to their kit. However, one of the notable characteristics of open-source information is just how much data it encompasses and, as Joseph Jones, a licensed private investigator and the Vice President of Bosco Legal Services, says, “Information is power.” But wading through all the data to get to the useful information takes skill and the right resources. Learn more about this skill and how you can harness it for your investigations in the article below.
What is it?
Open-source intelligence is a variety of data encompassing countless topics and subjects. If you need a specialist to access information then it does not qualify as open-source.
OSINT is not limited to what you can find via popular search engines. There are sites on the deep web that are not indexed/found by your regular search engine though the information is still legal to obtain by the general public. This creates a lot of data that qualifies as OSINT. Access to such a vast source of information is both a blessing and a curse in that you can find a lot of what you need, but you have to sort through a lot of useless data to get it. Even with all this information, chances are you will not find everything you need to make or break a case. These OSINT limitations make this information most useful alongside other forms of intelligence.
What makes information open source?
Information is typically considered open source if it fits into any of these descriptions:
- Published or broadcast for public viewing. This includes news, radio, podcasts, TV, etc.
- Available to the public by request, such as census data.
- Available to the public by subscription or purchase. This could include industry journals, academic publications, dissertations, conference proceedings, etc.
- Seen or heard by a casual observer.
- Obtained by visiting a certain location or attending a public event.
- Stored in public records databases.
- Government reports, documents, and websites.
- Social networks and social media sites.
- The Internet at large which includes blogs, forums, video and image sharing sites, metadata and digital files, dark web resources, etc.
- Company profiles, annual reports, company news, employee profiles, and résumés.
- Geospatial information or maps and commercial imagery products.
Since there is so much information to sort through in order to achieve your investigation goals, tools are essential to comb through and organize OSINT effectively. But there are a couple of things to keep in mind before you start filling your toolbox. First and foremost, have a strategy and set of goals laid out before starting your search. Even with the best tools at your fingertips, you need a clear purpose in order to use them properly. You also need to know how to use them. Many people used Facebook’s Graph Search function to gather OSINT but were at a loss when the company decided to shut down that particular function. But those who understood the tool’s role and the theory behind it found ways to work around the inconvenience. So before you go out and equip yourself with a bunch of tools, understand what they accomplish and how they accomplish it so that you don’t become reliant on them.
Commonly Used Tools
There are a great number of tools you can use and learn more about by taking in-depth courses and training, but here are just a couple to introduce you to the basics of OSINT:
While simple search queries do not always get you the information you need, Google dork queries specify your search and index the results more efficiently. For example, you can use “Ext:” to search for a particular extension, “Inurl:” to search for a specific string in a URL, or “Intext:” to search for certain text in a page.
This tool is perfect for tracking the online movements of a single entity. It collects information from various sources, analyzes the relationships between pieces of information, and uses transforms to generate results into a graph format that’s easier to understand.
Shodan is commonly known as the “search engine for hackers.” It provides information about various kinds of digital assets and networks that connect to the internet. It can help you find servers, routers, webcams, and more while also giving you their location and who’s using them.
This tool is ideal for gathering email accounts and domain-related information from public sources. It is also useful for those who want to know what a hacker or bad actor can see about their organization.
Similar to Maltego, this tool is effective for collecting information about a certain target, but it uses the power of modular tools. It contains numerous modules including DNS and email and web application reconnaissance.
If you need information about an online image, this tool is the way to go. You can use it to perform any image-related search on the web including whether an image is available online and where that image has appeared.
Metagoofil is a command-line tool that you can use to gather the metadata of public documents. Those who use this tool can scan for a specific type of document on a specific domain.
How PIs can use OSINT
OSINT has a variety of uses in different situations, from uncovering information for security reasons to gathering marketing data, but it is especially useful to private investigators as they filter information for various cases. According to Joseph Jones, “There’s so much information you can gather online; there are very few investigators that OSINT won’t help.” More specifically, OSINT allows PIs to locate targets, their assets such as phones and cars, their coworkers, and even their habits and frequented locations. As Jones pointed out, OSINT also keeps investigators from going into cases blind. It provides the information needed to create a solid surveillance plan. And for Valerie McGilvrey, a skip tracer, author, and speaker, OSINT helps her navigate social media platforms. She says, “Even if someone is deliberately hiding and not doing things to create a record in a professional database, they'll be found using OSINT because people are just not willing to give up their instant audience.” Just remember that in order to use any online information as evidence in court, it must be forensically preserved to be considered valid.
Bottom line, if people aren't found in databases, they can be found with OSINT.” - Valerie McGilvrey