OSINT 101

So you have decided to put your detective skills to use online and use Open Source Intelligence (OSINT) to research, verify and validate information, but don’t know where to begin?

You’ve come to the right place!

OSINT stands for Open Source Intelligence and simply means gathering information from available sources (online, public, legal, and other data sources) for a particular function.

Virtually anyone can use OSINT. Commonly journalists, scientists, hackers and activists use OSINT.

• Names
• Known Alias
• Personal Information
• Employer Information
• Education Information
• Family Information
• Address History
• Criminal Background
• Court Records
• Online Activities
• …And Far More!

Example: scraping publicly available websites, or retrieving data from open APIs.

Example: directing traffic to a target server to obtain information about that server.

Example: PenTesting a server to scan for active ports

• https://www.compass-security.com/fileadmin/Research/White_Papers/2017-01_osint_cheat_sheet.pdf
• https://github.com/Jieyab89/OSINT-Cheat-sheet
• https://www.cheatsheet.wtf/OSINT/

• Google Dorks - To search effectively. External link, merge eventually
• Reverse Planning Permission Search (UK) - To search for people and companies in the UK.
• Foller.me Analytics for Twitter - To find known connections and networks.
• LinkedIn - To find out about work and location history.
• Social Searcher - To crawl multiple social media sites for names and handle.
• Family Search - To search public records.

• Tin Eye
• Pimeyes
• Google Lens
• Yandex

There are many sites you can go to for copies of legal records, and oftentimes they are in PDF format. Lots of these sites cost money, but the following ones are free, or offer free trials:

• Casetext - Case and judgement summaries
• CourtListener's RECAP Archive - Largest repository of free PACER records. Mostly for federal cases and bankruptcies.
• FindLaw and FindLaw's Case Law subsite
• GovInfo - Bills, statutes and the like.
• judyrecords - Free public records search.
• Trellis - More case records and 14 day free trials. Caveat: Requires valid card, so use depleted prepaid cards for signup.
• Scribd - A pain in the ass to search, but a surprising amount of court filings & police reports find their way here.

Some news sites and blogs also specialize in coverage of legal cases, which can be great for digging up leads:

• Courthouse News Service

Many municipalities and district courts (cities, counties, states, etc) let you access these records directly. You will have to do some searching to find their official websites, but you can find all sorts of records that way. Many of these localities will publish dockets and schedules, and some of them even stream their proceedings online so you can watch them live remotely. Make sure to save copies of the recordings if you are able to tune in!

• People are creatures of habit, people often use the same handle or “@“ in multiple places.

• Looking at personal media on social media is a great place to gather more info about a person (EXIF/Meta will be covered in a later article)

• Don’t use your own personal social media, emails, or accounts when investigating, many sites will show you as “people you might know” to those you are investigating.

• Reoccurring followers on multiple social media sites are a great place to find spouses, friends and close associates.

• Public records in the location that someone lives are often available on tax, courts, and registrar sites.

With these basic tools, you should be off to a good start on your OSINT Journey.

Happy Hunting!