How to Commission an OSINT Task

How to commission an OSINT investigation

Firstly – what is OSINT? OSINT stands for Open Source Intelligence, and typically means information that is collectible via the open Internet through a variety of methods, which can involve searching public code repositories, searching for public IP addresses and their Internet facing software or social media research of entities on-line activities, plus a whole lot more.

All this information can be collated and used to create intelligence reports for legal action such as; issuing cease and desist instructions, or just to become aware of adversaries and their methods and intentions.

Clients can often face various levels of Internet campaigns against them, ranging from basic trolling, to competitor commissioned defamation campaigns. When I have been commissioned to investigate these issues, I have had a high rate of success of providing actionable intelligence to the clients or their law firm.

My aim is to help you understand what can be achieved, how it is achieved and what can be done with the information. To help you understand what can be achieved through an OSINT tasking, I will first show you my three stages of an investigation, which in turn will make clearer what is in the art of the possible.

1. Phase one: What do we know?

2. Phase two: What do we want to know?

3. Phase three: How do we find that out?

As you can see, these three phases are very simplistic which I find helps us sift through the noise and focus on these three key objectives. However, as you can probably imagine, phase three is where it can get a lot more complicated.

Going back to phase one, this is where you will come in as the commissioner, here is your opportunity to provide to us all the information you have. The more information you can provide the better, do not be tempted to withhold information; that one clue could exponentially speed up the investigation. Similarly, do not be tempted to do too much research yourself, if the target(s) become aware of the investigation, they could start to destroy key evidence.

Once you have passed on this information you will need to provide some key deliverables to assist in our phase two, for instance, you may have a specific requirement to pursue legal action which may require us to capture evidence in a forensic state, making it admissible in court. Additionally, you or your client may wish to set a time frame in which they expect some results. Our approach is to always take an initial ‘first look’ and from here I will provide what I believe is achievable and in what time frames. Once I understand what you or your clients wants to achieve, I can progress onto stage three.

Here in phase three is where things will get interesting, now I have our objectives and some information to begin the investigation. I have access to a variety of enterprise tools as well as our my own tools and techniques that I have created in house or carried over from working with the UK Government. With these tools and methods put together I can carry out thorough investigations into individuals, organisations, and groups, including forums, social media groups and chat services. As the world of on-line information is forever growing, it would not be beneficial to list all the types of service I can review here.

Once I have completed the investigation our team will prearrange some dates and times to offer our findings via a conference call where I can show our data and planned next steps if any are required.

Hopefully, this has been of some benefit in helping you understand OSINT investigations.