Week in OSINT #2023-06

Week in OSINT #2023-06

osint verification processes training
This week's episode turned into a special about the process of doing research. I adopted a somewhat logical flow in the order of topics, and have something special at the end.

When doing some research on last week's content, I found out that there were some good articles posted dealing with the workflow within verification of online media, or OSINT investigations in general. So I decided it was time to write a bit more about the process, documentation, verification and reporting on information that is found during an investigation:

  • Intelligence Cycle
  • Documentation
  • Verification
  • Reporting
  • OSINT Exercises

Media: Intelligence Cycle

After the collection and documentation part, it is time to process, analyse and disseminate the data you have. This is the so-called 'intelligence cycle', and it just happens that the London based company arcX recently published a video about the importance of it. It is important, because simply collecting data or information from the internet is not OSINT, as Dutch OSINT Guy stated last month. Data, information and intelligence are different things, and it is important to know their different meaning.

The intelligence cycle
The intelligence cycle

Link: https://www.youtube.com/watch?v=z7v6-thd9pI

Tutorial: Documentation

Over at OS Tradecraft, the process of documenting, or collecting, information is explained in detail. It is not only about the importance of documentation, but also how to make sure it is done in the correct way. It talks about organizing it, but also the compliance part and auditing. And it also mentions several tools that are available, for instance to download whole websites. Or a list of handy applications to make screenshots or record your screen.

Using Hunchly to collect and document
Using Hunchly to collect and document

Link: https://www.ostradecraft.com/post/...

Article: Verification

On the website of OSINT Combine a new article was posted last week, and it is all about verification of online media. It shows not only the importance of verification, but it also talks about the process itself. It talks about the relevance, reliability, credibility and whether the information can be corroborated. This article shows the thought process, and the basics of fighting disinformation, debunking hoaxes, researching online and fact checking. This mainly deals with verification of information posted online, but this can also be adopted to research findings. Because sadly enough, wrong assumptions have made innocent victims more than once.

Image © by OSINT Combine
Image © by OSINT Combine

Link: https://www.osintcombine.com/...

Tip: Reporting

After collecting, processing and analysing the data, it might be time to report your findings. I see a lot of people asking on Reddit asking for 'templates'. But this is pretty much an impossible thing to create, since there are way too many sorts of open source intelligence reports, for instance:

  • Criminal organizations
  • Military conflicts
  • Persons of interest
  • Geolocation
  • Verification of events

When the such a standard template contains a block on personal information like place of birth, or phone numbers, then it will be useless when investigating an armed conflict. And a possible section about a timeline cannot always be filled when drafting up a profile of a person of interest.

But what does an intelligence report need? For that, I will refer to the OHCHR Berkeley Protocol that was published in December 2022:

Written reports should analyse the information collected in order to draw logical conclusions, estimates and predictions. Reports should reflect sound methodology and be able to explain that methodology to the target audience. The veracity and integrity of the underlying information in a report is crucial.

And it also mentions the parts it should contain, where applicable. The first topic to mention, is one I added myself since I missed that in the actual Berkeley protocol:

Introduction

In my personal opinion a report should start with an introduction, that should contain a small introduction. Mention the event itself, where content may have been shared, but do make sure not to include any sort of presumptions already, to keep this factual.

Objectives

This section will describe the objectives and research questions of the investigation. When there is an objective, the investigation itself has a clear goal. This will also help to focus the reader of the report, since it will establish a direction or purpose of certain findings.

Methodology

Any research methods that need explaining, will be documented in this part, or external expertise was needed. When a specific technique is used in one small part during the investigation, it could suffice to give extra explanation before presenting the findings.

Activities

All steps in the investigation, as they were performed, will be explained, to aid independent verification. Document what steps were taken, but also at what date and time. This makes it possible for independent research to verify any findings.

Sources

The source of the data used during the investigation, and its quality, will be mentioned in this section. The information, or intelligence, gathered from any source, is only as good as its trustworthiness.

Uncertainties

When findings are not conclusive, or in case of gaps in the investigation, they need to be mentioned. This will also make sure that the investigation stays unbiased. Stick to facts, but when there is a clear need to write down possible scenarios, or when something is unclear, then don't be afraid to mention this.

Results

The outcome of the investigation, in factual terms, is described here. It might also include new discovered questions, new avenues to explore, but most of all, a small summary of what was found.

And I can't stress this enough: When writing reports, make sure you stick to the facts, and don't favour any specific theories, which could end up in a confirmation bias. If you do use a presumption to find certain answers, or kickstart a new inquiry, make sure they don't turn into a working theory that will lead the rest of the investigation. As a researcher, you should be completely unbiased throughout the process.

Training: OSINT Exercises

With all the theory of doing research done, it is time to practice your skills! Sofia Santos has posted some OSINT challenges on her website earlier in January of this year. At the moment of writing, there are 5 challenges on her website, and I suggest you try and solve them. The great thing is, that when you get stuck, she already has posted videos with a possible solution underneath the challenge. Besides these challenges, the rest of Sofia's website is turning into a small treasure trove of good articles, so do check out her site!

OSINT challenges by @Gralhix
OSINT challenges by @Gralhix

Link: https://gralhix.com/list-of-osint-exercises/

FUNINT: Kase Scenarios

Soon Kase scenarios will launch their first experience! They promise immersive and realistic scenario-based trainings, inspired by real-world cases. Are you ready to take on the roll of a journalist, investigating a lead you received from an anonymous source? Unravel the story, researching social media, find locations, dive into cryptocurrency and investigate companies! And make sure to keep an eye out for future Week in OSINT episodes, for more information!

Story-based OSINT training by Kase Scenarios
Story-based OSINT training by Kase Scenarios

Have a good week and have a good search!

Previous Post Next Post