The below is a collection of articles on Open Source Intelligence (OSINT) best practices that provide insights, guidance, and recommendations for practitioners. While many articles address a wide range of aspects such as tools, sources, use case (including human trafficking), operational security, etc, the focus is best practices. A best practice is a method or technique that has been consistently proven to produce the desired results and is widely accepted as a benchmark for achieving optimal outcomes. Best practices are typically derived from experience, research, and analysis and can be replicated across similar scenarios. In the OSINT context, best practices ensure the effective and ethical collection, analysis, and dissemination of publicly available information (PAI) in a manner that optimizes the reliability and usability of the resulting intelligence.
The articles include basic, intermediate, and advanced techniques from a wide sampling of sources. They reflect current OSINT trends, emerging technologies, and updated frameworks. Collectively, it is hoped the articles:
- Serve as a resource of unique or alternative workflows for OSINT professionals
- Assist organizations in onboarding, training, and mentoring new OSINT staff
- Support the ongoing sharing of knowledge and experiences by OSINT practitioners
The articles are listed chronologically by Title | Source/Author | Date | Url.
Berkeley Protocol on Digital Open Source Investigations | OHCHR | Jan-2024 | https://www.ohchr.org/sites/default/files/2024-01/OHCHR_BerkeleyProtocol.pdf
Open Source Intelligence Techniques (OSINT) for Fraud Prevention | Seon | Jan-2024 | https://seon.io/resources/guides/open-source-intelligence-techniques-osint-for-fraud-prevention/
Open Source Investigation Best Practices in 2024 | Blackdot Solutions | Jan-2024 | https://blackdotsolutions.com/blog/open-source-investigation-best-practices/
Open-Source Intelligence (OSINT) Gathering | Authentic8 | Jan-2024 | https://www.authentic8.com/blog/osint-gathering-best-practices
OSINT Methodology [Part 1] | Dragown | Jan-2024 | https://dragown.medium.com/osint-methodology-part-1-a86904db47ef
OSINT Methodology [Part 2] | Dragown | Jan-2024 | https://dragown.medium.com/osint-methodology-part-2-43a4a6fe1133
SOWEL: SOcmint Weaknesses Enumeration List | SOWEL | Jan-2024 | https://sowel.soxoj.com/about#SOWEL+SOcmint+Weaknesses+Enumeration+List
The Cyber Threat Intelligence Lifecycle: A Fundamental Model | Kraven Security | Jan-2024 | https://kravensecurity.com/the-threat-intelligence-lifecycle/
The Journalist’s Toolbox A Guide to Digital Reporting and AI | Routledge | Jan-2024 | https://www.routledge.com/The-Journalists-Toolbox-A-Guide-to-Digital-Reporting-and-AI/Reilley/p/book/9781032460208?utm_source=substack&utm_medium=email
The OSINT Handbook: How to Use Open Source Data to Transform Investagory Best Practice | Blackdot Solutions | Jan-2024 | https://blackdotsolutions.com/blog/read-the-osint-handbook/
The Practitioner’s Guide to Global Investigations | GIR | Jan-2024 | https://globalinvestigationsreview.com/guide/the-practitioners-guide-global-investigations/2024
What Are Intelligence Requirements? A Comprehensive Guide | Kraven Security | Jan-2024 | https://kravensecurity.com/what-are-intelligence-requirements/
What is the Indicator Lifecycle? A Guide to Using Indicators | Kraven Security | Jan-2024 | https://kravensecurity.com/what-is-the-indicator-lifecycle/
Leveraging OSINT Techniques for Email Investigations | Authentic8 | Feb-2024 | https://authentic8.com/blog/osint-techniques-email-investigations?utm_source=osint_newsletter&utm_medium=thirdparty
Mastering OSINT Techniques: Advanced Strategies for Information Gathering and Analysis | Medium | Feb-2024 | https://medium.com/@scottbolen/mastering-osint-techniques-advanced-strategies-for-information-gathering-and-analysis-1d681b11efcb
The Ultimate OSINT Handbook on Personal Information | SOCRadar | Feb-2024 | https://socradar.io/the-ultimate-osint-handbook-on-personal-information/
Top 5 Cyber Threat Intelligence Lifecycle Challenges | Kraven Security | Feb-2024 | https://kravensecurity.com/top-5-cyber-threat-intelligence-lifecycle-challenges/
Everything You Need to Know to Become a More Valuable OSINT Investigator | Maltego | Mar-2024 | https://www.maltego.com/blog/what-is-open-source-intelligence-and-how-to-conduct-osint-investigations/
How to Get Started: Investigating Payment Gateways Online | Bellingcat | Mar-2024 | https://www.bellingcat.com/resources/2024/03/26/how-to-get-started-investigating-payment-gateways-online/
How to Optimize Data Sources: Collection Management Framework | Kraven Security | Mar-2024 | https://kravensecurity.com/collection-management-framework/
The Reconnaissance Handbook | Group-IB | Mar-2024 | https://www.group-ib.com/resources/research-hub/reconnaissance-handbook/?utm_campaign=WW-NSL-2024-03-14-AUDIT-Reconnaissance%20Handbook&utm_medium=email&_hsmi=84353856&_hsenc=p2ANqtz—0A3jtaTBhRPcr5aog60dP0S0AI-0UbkQWOJ4-6JXdYZdd7UuMZ8R2QBEpomV8YTMjfcGWOTL7Mewz11edEorDrAmVA&utm_content=84353856&utm_source=hs_email
Top 5 Challenges When Creating Intelligence Requirements | Kraven Security | Mar-2024 | https://kravensecurity.com/challenges-when-creating-intelligence-requirements/
What is OSINT (Open Source Intelligence)? | SentinelOne | Mar-2024 | https://www.sentinelone.com/cybersecurity-101/open-source-intelligence-osint/
10-step approach to OSINT mastery from Micah Hoffman | Authentic8 | Apr-2024 | https://authentic8.com/blog/10-steps-osint-mastery
Analysis of Competing Hypotheses: How to Find Plausible Answers | Kraven Security | Apr-2024 | https://kravensecurity.com/analysis-of-competing-hypotheses/?utm_source=newsletter&utm_medium=email&utm_term=2024-04-22&utm_campaign=+New+content+from+Kraven+Security
The Ultimate Beginner’s Guide to OSINT [2024] | OSINT Jobs | Apr-2024 | https://www.osint-jobs.com/post/the-ultimate-beginners-guide-to-osint
Visualizing OSINT data to support due diligence investigations | Cambridge Intelligence | Apr-2024 | https://cambridgeintel.medium.com/visualizing-osint-data-to-support-due-diligence-investigations-808471348099
6 link analysis techniques every investigator should know | Cambridge Intelligence | May-2024 | https://cambridgeintel.medium.com/6-link-analysis-techniques-every-investigator-should-know-dda861af4ca4
Automate OSINT Report Writing with ChatGPT | Intel Assistant Agent | OSINT Ambition | May-2024 | https://publication.osintambition.org/osint-analysis-with-chatgpt-augment-your-intel-reporting-with-intel-assistant-bot-c5bceb8ba41f
Biggest OSINT Investigation Mistake You’re Making (and How to Fix It) | Ervin Zubic | May-2024 | https://medium.com/@ervin.zubic/biggest-osint-investigation-mistake-youre-making-and-how-to-fix-it-9d0bed8c1058
ChatGPT for OSINT Analysts: Your AI-Powered Assistant for Organizing Collected Intelligence | OSINT Ambition | May-2024 | https://publication.osintambition.org/chatgpt-for-osint-analysts-your-ai-powered-assistant-for-organizing-collected-intelligence-33bbe4b1fac5
Email OSINT Techniques | ROOtendo | May-2024 | https://medium.com/@R00tendo/email-osint-techniques-c1e82efb253d
My OSINT Blueprint – Methodology and Tools Part One | AaronCTI | May-2024 | https://aaroncti.com/my-osint-blueprint-methodology-and-tools-part-one/
Open Source Intelligence (OSINT) Primer | Post_Fact | May-2024 | https://docs.google.com/document/d/1wnEbVu_hrLdfDFIeG5LPeSvxxkMsu6IP0lW1XWRNDRU/edit#heading=h.yrazsqkcpo8o
OSINT, OPSEC, Privacy, Infosec, & Digital Exposure Profiling | Cqcore | May-2024 | https://www.cqcore.uk/osint-methodology/
Unmasking Crypto Money Laundering with OSINT & Blockchain Forensics | OSINT Ambition | May-2024 | https://publication.osintambition.org/unmasking-crypto-money-laundering-with-osint-blockchain-forensics-6e9bb9cd2d53
Mastering OSINT: Key Techniques for 2024 | McAfee Institute | Jun-2024 | https://www.mcafeeinstitute.com/blogs/articles/mastering-osint-key-techniques-for-2024?utm_source=chatgpt.com
Prompt Catalog for Artificial Intelligence | Virtual Private Library | Jun-2024 | http://www.promptcatalog.ai/
The Definitive Guide: OSINT Workflows for Fentanyl Trafficking | Skopenow | Jun-2024 | https://www.skopenow.com/skopenow-osint-guides/osint-workflows-for-fentanyl-trafficking?
Conducting OSINT on the Dark Web: Methods and Best Practices | Lisa Boyle | Jul-2024 | https://cyberhuntress.co.uk/2024/07/10/conducting-osint-on-the-dark-web-methods-and-best-practices/
OSINT in the Age of Misinformation and Fake News | Vlad Mihet | Jul-2024 | https://osintteam.blog/osint-in-the-age-of-misinformation-and-fake-news-38a90d5e0689
Systematically Searching for Identity-Related Information in the Internet with OSINT Tools | Marcus Walkow & Daniela Pöhn | Jul-2024 | https://arxiv.org/abs/2407.16251
The Definitive Guide: OSINT Workflows for Insurance Fraud Detection | Skopenow | Jul-2024 | https://www.skopenow.com/guides-and-reports
The Power of OSINT for KYC/AML Investigations | Fivecast | Jul-2024 | https://www.fivecast.com/industry-segments/financial-intelligence/the-power-of-osint-for-kyc-and-aml-investigations/
Best Practices for PEP Screening with OSINT Tools | BableStreet | Aug-2024 | https://www.babelstreet.com/blog/best-practices-of-pep-screening-with-osint-tools
Best Practices in OSINT: Cast the Net Wide, or Use a Line? | Fivecast | Aug-2024 | https://www.fivecast.com/blog/best-practices-in-osint-cast-the-net-wide-or-use-a-line/
Can Understanding of Naming Conventions Help Solve Your OSINT Case? | Ervin Zubic | Aug-2024 | https://medium.com/@ervin.zubic/can-understanding-of-naming-conventions-really-solve-your-osint-case-fa8f4c14e9dc
Complete domain name research framework. Thinking beyond OSINT tools | Petro Cherkasets | Aug-2024 | https://www.osintteam.com/complete-domain-name-research-framework-thinking-beyond-osint-tools/
Critical Thought and OSINT: Is There Room for Intellectual Rigor Amidst Mounting National Security Risks Stemming from Online Threats? | Randall Stickley | Aug-2024 | https://www.linkedin.com/pulse/critical-thought-osint-room-intellectual-rigor-amidst-stickley-jwqce/?trackingId=LjmqKsyxMnk%2B7c87w0TsKQ%3D%3D
Mastering Email Enrichment for Effective OSINT Operations | Usersearch | Aug-2024 | https://usersearch.org/updates/mastering-email-enrichment-for-effective-osint-operations?utm_source=substack&utm_medium=email
OSINT Best Practices: Entity-Centric Collection | Fivecast | Aug-2024 | https://www.fivecast.com/educational-resources/osint-best-practices-entity-centric-collection-industry-brief/
OSINT in Public Transport: Sources and Use Cases | Social Links | Aug-2024 | https://blog.sociallinks.io/osint-in-public-transport-sources-and-use-cases/?ref=blog-social-links-data-driven-investigations-newsletter
OSINT Investigations Approaches for LEAs | Social Links | Aug-2024 | https://sociallinks.io/osint-investigation-infographic-by-social-links?utm_source=linkedin&utm_medium=organic_social&utm_campaign=coe_posts
The Definitive Guide: OSINT Workflows for Financial Investigations | Skopenow | Aug-2024 | https://www.skopenow.com/guides-and-reports
The Importance of Managed Attribution in OSINT Investigations | Ervin Zubic | Aug-2024 | https://publication.osintambition.org/the-importance-of-managed-attribution-in-osint-investigations-63dd9d00d8df
Open Source Artificial Intelligence Agents (OSAIA) MiniGuide 2024 | Marcus Zillman | Sep-2024 | http://whitepapers.virtualprivatelibrary.net/OSAIAminiguide.pdf
Scrubbing Up On OSINT Cyber Hygiene (Best Practices) | OSINT Industries | Sep-2024 | https://www.osint.industries/post/scrubbing-up-on-osint-cyber-hygiene-best-practices
The Importance of OSINT Investigative Strategy | Raymond Todd | Sep-2024 | https://www.osint.uk/content/the-importance-of-osint-investigative-strategy?utm_source=substack&utm_medium=email
Analyze Email Headers With OSINT | The OSINT Guide (Substack) | Oct-2024 | https://osint2h22v.substack.com/p/comprehensive-guide-to-analyzing?utm_source=post-email-title&publication_id=1267149&post_id=150588742&utm_campaign=email-post-title&isFreemail=true&r=3ue1qc&triedRedirect=true&utm_medium=email
Finding Similar Content | Dan Russell | Oct-2024 | https://searchresearch1.blogspot.com/2024/10/searchresearch-challenge-10924-finding.html
How to confirm a connection between people | Dmitry Danilov (part of SOWEL) | Oct-2024 | https://sowel.soxoj.com/Instructions/How+to+confirm+a+connection+between+people
OSINT for Financial Investigations and Fraud Detection: Techniques and Best Practices | Convoy Group | Nov-2024 | https://security-watch-blog.convoygroupllc.com/?s=tools
The Definitive Guide: OSINT Investigations on Distributed Microblogging Platforms | Skopenow | Dec-2024 | https://www.skopenow.com/skopenow-osint-guides/the-definitive-guide-osint-investigations-on-distributed-microblogging-platforms?utm_campaign=3658122-Q4_2024_BlueSky&utm_medium=email&_hsenc=p2ANqtz–CiUQYxF2oDhXr2sX7x7s6BqTBOhXD_pAggNz4aN7jPB6oylojCRquE4NDLYYxRX7syAxRk0o8aztCHDK-dCruIGohyg&_hsmi=338755148&utm_content=338755148&utm_source=hs_emailUsing Dark Web for OSINT Investigations | Neotas | Dec-2024 | https://www.neotas.com/using-dark-web-for-osint-investigations/?utm_source=chatgpt.com
