What to do when people ask ‘Can you do OSINT on this person’?
Imagine that you’re an OSINT analyst with a local law enforcement agency. A very serious armed robbery just occurred and the lead investigator on the case enters your office.
Detective Gordon: We may have a lead on the robber, I have a first and last name. Can you do OSINT on this person?
You: Ehm…yes, yes I can. Give me an hour.
Detective Gordon: Great. Let me know what you find.
Detective Gordon leaves your office and you are left staring at your screen with a puzzled look on your face: “Where do I even begin?”
In our role as analysts and information collectors we are often faced with the challenge of gathering information based on seemingly vague information requests. “Can you do OSINT on this person” is a common phrase I have heard a lot in my role as an OSINT analyst. What does that even mean and since when did OSINT become a verb?
There might be a few reasons why a stakeholder will give you vague information requests. One reason could be their lack of understanding of our field — do they have enough knowledge about OSINT to be able to know what can be found through open sources? And if so, are they able to put forward specific information requests based on that knowledge?
If that is the case, it is absolutely fair to ask your stakeholder to clarify their needs so you don’t waste a lot of time exploring someone’s digital footprint without knowing what exactly you’re looking for.
Detective Gordon: We may have a lead on the robber, I have a first and last name. Can you do OSINT on this person?
You: Absolutely. What am I looking for?
Detective Gordon: You know I think what you do is some type of cyber wizardry, just do your magic and as much OSINT on this person as you can.
You: Well let me ask you this — What are you hoping I find?
Detective Gordon: We’re trying to build a timeline of our suspects movement before and after the bank robbery. I would also be interested in any close relations they may have outside of their family. So I guess anything that can help us with that.
You: Great! I will get right on that.
Now that we have some specific information that we’re looking it’s our job to translate those requests into smaller, specific, questions.
Gordon said he’s working on a timeline of our suspects movement before and after the bank robbery. Before I start diving into open sources, I may want to ask myself “Where is it most likely that I’ll find traces of our suspects movement before and after the bank robbery from open sources?” or “what is the natural first step I need to take to increase the likelihood that I’ll find what I’m looking for?”
A crucial skill for an OSINT analyst is the ability to deconstruct large information requests into more manageable, smaller, investigative steps.
To find our bankers movements before and after the robbery we may want to start exploring our suspects digital footprint.
- Can we identify them in social media?
- Do they have digital assets or resources that we may want to go through, either to pivot further on their digital footprint or with the hopes of it holding the information we want
- Are we able to map their social circles, friends and family, colleagues and connections?
These tasks might be some of the steps we need to accomplish to move us closer to being able to answer the main question. The key here is to avoid any rabbit holes and any steps that will lead us away from our main objectives. In other words, there’s no need to go through our suspects Ibiza vacation from 2011 if we’re trying to map their movements over the last week or so.
Try to set clear objectives for the source you are working on; If you’re searching on social media, remind yourself that you are looking for our suspects account(s). If you looking through a resource, remind yourself why you’re there. Keep asking yourself: Am I collecting this information in the most effective way?
If we visualize the process it should look a bit like this. Depending on where you are in your investigation, you are either at a point where you have a tool, resource or method that you want to apply with the hope of finding the information you are looking for. If you don’t have any ideas, you may want to do some research to see if you can come up with your next step.
The overall point here is to try and always be aware of where you are in your information collection phase so that you can effectively collect information and work towards completing your main objectives.
Detective Gordon: Hey, we got a new case. I need you to do some more OSINT on a person…ehm, wait…I mean, can you help me figure out who’s behind this alias?
You: Of course, would be happy to!
Kase Scenarios provides hands-on, practical, online OSINT training where you can safely practice the concepts talked about in this article. Through our immersive OSINT scenarios you will get a feel for what it might be like to work on a real case and what it’s like working for a stakeholder, or case lead, who will give you information requests like the ones I’ve covered here. OSINT is more than just classroom training, it’s a practical field that require practical training. Start your OSINT training with Kase Scenarios today!
1 Comment
This is a great article and very true. Specific objectives save a lot of time and provide realistic goals. There is a lack of understanding on information gathering and evidence gathering. Those are two different things.