“Decoding Political Violence with OSINT and Lessons from the Frontline”

Join deep dive: Wed, Dec 18, 16:00 CET
12 Mar 2024

Everything You Need to Know to Become a More Valuable OSINT Investigator

Daphnée Aguilar

Hashtags, location filters, reverse image searches, Google Dorks, archive services – using these advanced open-source intelligence (OSINT) techniques have become the bread and butter of today’s OSINT investigators.

And there are other tools and tricks of the trade at your disposal. With them, you can achieve much more as an OSINT analyst and improve the effectiveness and accuracy of your analyses.

In this article, we will share investigative tips and resources that will help you become a more valuable OSINT investigator.


How to Stay at the Top of Your Game as an OSINT Analyst 🔗︎

Sharpening your OSINT skills works similarly to how you put together fragmented pieces of information from open-source databases to make connections.

The catch is that, much like the cases you work on, there is no single path, definitive course, or playbook containing all OSINT knowledge that guarantees success. (Though some would argue that Michael Bazzell’s fifth edition of “Open Source Intelligence Techniques” comes remarkably close!)

On the bright side, there are methods and approaches that you can include and replicate to improve the accuracy and integrity of your OSINT analysis.

1. Be Ruthlessly Selective and Validate, Validate, Validate! 🔗︎

Avoid information overload when you add unclassified data to your existing intelligence processes without validating it.

The rule of thumb is to be meticulously selective and strategic about which OSINT data to incorporate and whether you’ll have the means to cross-reference the data, assess the source, and explain its relevance to other collaborators and stakeholders. You should be especially vigilant now with the explosion of AI-generated content, to avoid falling for manipulated information.

Once you have made some assumptions based on data that is available to you, try to poke holes in your own logic. Look for evidence that proves or disproves your hypothesis, and ask the following questions:

  1. Can I validate it?
  2. Can I vouch for this data’s authenticity?
  3. Can I explain its relevance to the overall investigation?
  4. What techniques can I apply to avoid bias?

INVESTIGATOR TIPS

To help you in the process of finding answers to these questions, you can also make use of some additional materials on our blog:

Our cheat sheet outlining 12 essential OSINT tactics also supports you to be truly selective among the vast amounts of online data coming from various sources.

These guidelines will help you establish structure and direction for your investigations, whether you are gathering online evidence for ongoing cases or preparing to request subpoenas.


2. Repeat the Motto: Security, First! 🔗︎

We have already used up a lot of digital ink on our blog to list the best operational security (OPSEC) principles and practices and how to apply them in your daily work. But the topic of compromised credentials is so vast and crucial that it’s impossible not to mention it when speaking about increasing your professional skills.

Expert investigators not only follow the OPSEC rules of the company where they work. They independently and proactively check whether their own or their collaborators’ credentials have been compromised, and advocate for new principles and measures to be adopted by their peers.

What if a compromise does occur? Keep a cool head at all times and inform whoever needs to be informed while keeping your ego in check. A valuable investigator is not only someone who can effectively complete investigations but also someone who can admit a mistake sooner (way sooner!) rather than later.

After all, what counts is making your operation safe, and it’s a team effort. Having an immediate response checklist at your disposal to refer to and informing the rest of the team without hesitation can only improve the speed at which you can assess, contain, and recover from data breaches, adding another point to your resume.

INVESTIGATOR TIPS

Here are some additional tools that can help you protect your identity, which you might find useful to try:

  • Check Your Hack – verify if your credentials have been compromised and listed for sale on the Genesis Market
  • Fake Person Generator – create a fake persona to hide your real information
  • Google Voice – conceal your phone number by designing a “fake” number that gets routed to your phone

For more information on adding an extra layer of security to your operations, explore our other resources:


3. Learn from Other Investigators 🔗︎

Many OSINT professionals and enthusiasts write about their experiences and share case studies on their blogs or in closed forums. The key: Instead of merely reading about an interesting case, you should actively try to replicate those use cases. This helps you identify systematic approaches to data collection, analysis, and verification, along with developing useful workflows for future reference.

Additionally, you learn about the capabilities and limitations of various tools and technologies in a practical setting. You can then use this knowledge to assess whether your current toolkit is sufficient for the types of investigations you conduct and which methodologies are effective for the investigators you follow.

Although you won’t always have access to exactly the same data or tools, you will be able to identify and utilize the patterns and approaches in the investigator’s train of thought when tasked with a similar case.

INVESTIGATOR TIPS

If you want to connect with fellow OSINT investigators, check out our ready-to-download list featuring 15 reliable OSINT and cyber threat intelligence (CTI ) organizations and associations.

For more OSINT learning materials, check out our list of over 100 websites, blogs, podcasts, YouTube channels, and books, covering not only OSINT but also Cybersecurity, Cybercrime, and Trust and Safety insights.


4. Build up Your Credibility 🔗︎

While communities like these offer a wealth of practical knowledge, administrators of more closed and niche groups may be selective and careful when admitting new members.

The reason is that investigators may be hesitant to reveal all their techniques in public spaces because they need to be cautious about disclosing information in case malicious actors exploit their expertise. How can you prove you’re there for the right reasons?

There is some work to be done on your part to help open the doors for you to access this wealth of knowledge. Demonstrating that you work for a renowned organization is one thing, but don’t let it be your only ace in the hole.

You can build your credibility by sharing your contributions in various other, more accessible communities, attending industry events, participating in capture-the-flag contests, and expanding your network.

INVESTIGATOR TIPS

While you’re working on your contributions to the community, keep these things in mind:

  1. Share information because you want to help, not because you seek fame. OSINT professionals have a remarkable attention to detail and know how to read between the lines. They will notice whether your motivations are genuine, such as improving yourself and supporting others’ work, or not.
  2. Share OSINT knowledge and techniques securely, with obfuscated data, and without compromising your organization and clients — Don’t let adversaries use your hard work against you.
  3. A jack of all trades is a master of none. To make your contributions truly valuable and not replicate obvious industry truisms, identify your strengths and focus on specializing in your area of expertise, from which other experts like yourself can benefit.

5. Be Critical of Expert Information 🔗︎

Do you remember the first tactic? “Be Ruthlessly Selective and Validate, Validate, Validate!” – this applies not only to the use of data in your investigations, but also to the expert information you consume.

Be mindful of whose advice you follow. If an investigator consistently shares faulty results, this should be a clear signal to you.

What if you only follow “the most popular” and “the most renowned” experts?

Always Question Ready Assumptions!

Continuously question the status quo and scrutinize your own reasoning by seeking out evidence that supports or contradicts hypotheses.

6. Collect Insights from Maltego Experts and Partners 🔗︎

Our Maltego Subject Matter Experts are also keen to contribute to the OSINT community. We share our expertise and often leverage our network to partner with other industry experts.

We consistently publish insights on applying OSINT in cybercrime investigations and cyber threat intelligence:

For existing and new Maltego users, we also offer access to our learning platform, Spark, where you can explore a full catalog of courses, both live and on-demand, and participate in live sessions hosted by Maltego SMEs. These resources enable investigators to leverage their OSINT knowledge to the fullest within the platform.

Download Your OSINT Resources 🔗︎

While this article has provided some insights and methods to enhance your investigative skills, there’s always more to discover and apply in the ever-evolving field of OSINT.

Below you can find resources we recommended in this article to further equip you with more knowledge for advanced open source intelligence work:

12 OSINT Steps to Gather Online Evidence 🔗︎

Download the resource

DE +49
Albania +355
Algeria +213
Andorra +376
Angola +244
Anguilla +1264
Antigua And Barbuda +1268
Argentina +54
Armenia +374
Aruba +297
Australia +61
Austria +43
Azerbaijan +994
Bahamas +1242
Bahrain +973
Bangladesh +880
Barbados +1246
Belarus +375
Belgium +32
Belize +501
Benin +229
Bermuda +1441
Bhutan +975
Bolivia +591
Bosnia and Herzegovina +387
Botswana +267
Brazil +55
Brunei Darussalam +673
Bulgaria +359
Burkina Faso +226
Burundi +257
Cambodia +855
Cameroon +237
Canada +1
Cape Verde +238
Cayman Islands +1345
Central African Republic +236
Chile +56
China +86
Cote d'Ivoire +225
Colombia +57
Comoros +269
Congo +242
Cook Islands +682
Costa Rica +506
Croatia +385
Cuba +53
Cyprus +90392
Czech Republic +42
Denmark +45
Djibouti +253
Dominica +1809
Dominican Republic +1809
Ecuador +593
Egypt +20
El Salvador +503
Equatorial Guinea +240
Eritrea +291
Estonia +372
Ethiopia +251
Falkland Islands (Malvinas) +500
Faroe Islands +298
Fiji +679
Finland +358
France +33
French Guiana +594
French Polynesia +689
Gabon +241
Gambia +220
Georgia +995
Germany +49
Ghana +233
Gibraltar +350
Greece +30
Greenland +299
Grenada +1473
Guadeloupe +590
Guam +671
Guatemala +502
Guinea +224
Guinea-Bissau +245
Guyana +592
Haiti +509
Honduras +504
Hong Kong +852
Hungary +36
Iceland +354
India +91
Indonesia +62
Iran, Islamic Republic of +98
Iraq +964
Ireland +353
Israel +972
Italy +39
Jamaica +1876
Japan +81
Jordan +962
Kazakhstan +7
Kenya +254
Kiribati +686
Korea, Democratic People's Republic of +850
Korea, Republic of +82
Kuwait +965
Kyrgyzstan +996
Lao People's Democratic Republic +856
Latvia +371
Lebanon +961
Lesotho +266
Liberia +231
Libyan Arab Jamahiriya +218
Liechtenstein +417
Lithuania +370
Luxembourg +352
Macao +853
Macedonia, the former Yugoslav Republic of +389
Madagascar +261
Malawi +265
Malaysia +60
Maldives +960
Mali +223
Malta +356
Marshall Islands +692
Martinique +596
Mauritania +222
Mauritius +230
Mayotte +269
Mexico +52
Micronesia, Federated States of +691
Moldova, Republic of +373
Monaco +377
Mongolia +976
Montserrat +1664
Morocco +212
Mozambique +258
Myanmar +95
Namibia +264
Nauru +674
Nepal +977
Netherlands +31
New Caledonia +687
New Zealand +64
Nicaragua +505
Niger +227
Nigeria +234
Niue +683
Norfolk Island +672
Northern Mariana Islands +670
Norway +47
Oman +968
Pakistan +92
Palau +680
Panama +507
Papua New Guinea +675
Paraguay +595
Peru +51
Philippines +63
Poland +48
Portugal +351
Puerto Rico +1787
Qatar +974
Reunion +262
Romania +40
Russian Federation +7
Rwanda +250
San Marino +378
Sao Tome and Principe +239
Saudi Arabia +966
Senegal +221
Serbia +381
Seychelles +248
Sierra Leone +232
Singapore +65
Slovakia +421
Slovenia +386
Solomon Islands +677
Somalia +252
South Africa +27
Spain +34
Sri Lanka +94
Saint Helena +290
Saint Kitts and Nevis +1869
Saint Lucia +1758
Sudan +249
Suriname +597
Swaziland +268
Sweden +46
Switzerland +41
Syrian Arab Republic +963
Taiwan +886
Tajikistan +7
Thailand +66
Togo +228
Tonga +676
Trinidad and Tobago +1868
Tunisia +216
Turkey +90
Turkmenistan +993
Turks and Caicos Islands +1649
Tuvalu +688
Uganda +256
United Kingdom +44
Ukraine +380
United Arab Emirates +971
Uruguay +598
United States +1
Uzbekistan +7
Vanuatu +678
Holy See (Vatican City State) +379
Venezuela +58
Viet Nam +84
Virgin Islands, British +84
Virgin Islands, U.S. +84
Wallis and Futuna +681
Yemen +967
Zambia +260
Zimbabwe +263

By clicking on "Access", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

15 OSINT and CTI Communities and Organizations to Follow 🔗︎

We hope these materials will inspire you to continue learning and refining your skills with Maltego. Keep investigating, stay curious, and don’t forget to check back for more insights that we share on our blog, Twitter, LinkedIn, and Mastodon, or email newsletter.

Happy investigating!

About the Author 🔗︎

Daphnée Aguilar

Daphnée Aguilar 🔗︎

Daphnée is a Criminologist with more than 10 years of experience as an Intelligence Officer. She specialized in developing actionable intelligence for identifying, preventing, and neutralizing threats and risks from Transnational Organized Crime. Driven by the feminist movement, her last research was on the Effects of Gender and Racial Bias on Gender-Based Violence Policies. She considers herself a professional taco taster.

By clicking on "Subscribe", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.