Supercharge Your OSINT Skills: 10 Essential Techniques For New Investigators

New to OSINT and overwhelmed by the information available? We get it. 

We all started as OSINT beginners, so we know it can be overwhelming. But don’t worry—we overcame the overwhelm to build exciting OSINT careers, and you can too!

To help you get started, we’ve compiled a guide of 10 essential OSINT techniques every beginner should master:

1. Google Dorking

Google Dorking is a technique that refines your search on Google. Through this technique, you can find hidden information that isn’t easily accessible through a standard query.

You do this by including advanced search operators in your query, like:

• Site:
• Filetype:
• Inurl:
• Intitle:
• Intext:
• Link:

For example, if you’re looking for a pdf file from a specific domain, you would put “filetype:pdf example.com.”

2. Reverse Image Search

If you’ve ever watched the MTV show Catfish, you’re probably familiar with this technique. If not, a reverse image search involves uploading a photo into a search engine to gather more information about it.

Some information you can get by doing a reverse image search:

• Find an image’s origin
• Track where the image has been used across the web
• Find similar images

This technique is helpful to verify the authenticity of visual content, uncover fakes, and identify individuals or locations depicted in photos.

3. Social Media Profiling

Social media profiling is more than just casual scrolling; it’s a skill that can uncover a wealth of personal and professional information.

Here’s what you can do while analyzing social media:

• Identify social media accounts
• Analyze profile information
• Examine posts and interactions
• Map users’ network
• Monitor activity patterns
• Look for cross-platform behavior 

This helps create a detailed picture of who someone is, what they’re involved in, and how they might be connected to others.

4. Metadata Analysis

Put simply, metadata analysis is data about data, and it can reveal more than you think.

You can get all kinds of information from digital files (e.g., images, documents, emails, etc.) without needing the original source of the data. 

By analyzing metadata, you can:

• Verify information
• Track origins
• Discover patterns or connections between different pieces of information

5. Domain and WHOIS Lookup

In an investigation, you might find yourself needing to know who’s behind a website’s domain. 

Every website has a digital footprint, and you can trace that footprint by domain and WHOIS lookups.

Domain and WHOIS lookups are useful to:

• Get detailed information about websites and their owners
• Uncover hidden connections
• Trace activities
• Verify authenticity of online entities

Want more info? Check out this great article from our friends at Authentic8. It explains why domain and WHOIS lookups are important and how to do them yourself.

6. Public Records Search

Public records searches are a goldmine for authoritative, detailed, and legally accessible information. 

You can use public records to: 

• Verify identities and backgrounds
• Trace assets
• Uncover legal histories
• Map relationships
• Determine legal status
• Look into business dealings 

The information from public records is official, reliable, and can be used to build a comprehensive picture of individuals and entities. 

Want to know where to access public records? Here is a site that includes various resources. 

7. IP Address Tracking

If a device is connected to the internet, it has an IP (internet protocol) address. IP addresses are the digital equivalent of physical addresses, and as OSINT analysts, these are incredibly useful.  

You can use IP addresses to:

• Trace online activities
• Geolocate suspects
• Identify and monitor threats
• Connect digital footprints
• Investigate anonymous online behavior
• Track email origins
• Verify information

Tracking IP addresses play a huge role in OSINT, so mastering this skill will help you tremendously in your investigations. 

8. Website Analysis

While domain and WHOIS lookups focus on who owns and controls website domains, website analysis is about exploring the content and technical structure of the website.

Through website analysis, you can examine:

• Website structure
• Hidden directories 
• Server information
• Software and plugins used
• Analytics and tracking codes
• Potential security vulnerabilities 

Website analyses are important for identifying vulnerabilities, understanding a site’s functionality, or finding resources or information that’s not easily accessible. 

9. Geolocation

Geolocation establishes physical locations based on digital footprints like photos, videos, or social media posts. By analyzing clues like landmarks, weather conditions, or metadata, you can pinpoint locations with great accuracy. 

To practice this technique, try Sinister Obsession, our training scenario where you must find a pop star’s stalker before it’s too late. 

10. Data Breach Search

As the world is becoming increasingly digital, data breaches are becoming increasingly common. 

In a case, you might have to assess risk, identify exposed information, trace digital footprints, or take proactive steps to secure accounts. 

Whether you’re a civilian or OSINT analyst, knowing how to search for compromised information is crucial. 

One of our favorite tools to see if personal information has been exposed is Have I Been Pwned?. 

Bottom Line

As you continue your OSINT journey, mastering these 10 techniques will prepare you with the foundational skills to uncover, analyze, and verify information from open sources. 

The key to becoming proficient in OSINT is curiosity and practice. At Kase Scenarios, we want to reward your curiosity by giving you opportunities to practice your skills. 

Our training scenarios equip students with real-world, employable expertise—it’s the closest thing to real-world OSINT work you can get.  

If you’re ready to level up your OSINT skills, check out our scenarios.

Further Learning: 

• 10 Free OSINT Tools – Check out this post from Kase Scenarios Co-Founder, Rae Baker for a list of 10 free OSINT tools. 
• Deep Dive: Exploring the Real-world Value of Open Source Intelligence – Discover Rae Baker’s book where you’ll learn tradecraft utilized by specialists in OSINT. 
• Want to use your OSINT skills for good? Check out our friends at Trace Labs, who host Search Parties CTFs (capture the flag) to crowdsource OSINT operations and help find missing persons. #osint4good

Disclaimer: Use your OSINT skills ethically and legally. Always respect privacy and operate within the boundaries of the law.