What is OSINT? A definitive guide for law enforcement

What is OSINT, and what techniques from it do law enforcement investigators need to understand?

Law enforcement agencies are under increasing pressure to find quick and cost-effective ways to gather evidence. One of the ways many agencies are mitigating the burden of evidence-gathering is by embracing open-source intelligence (OSINT) methods. Rather than going on an extended goose chase, why not fire up the platforms and forums that bad actors use daily?

The tools of OSINT can help law enforcement officials efficiently find court-ready evidence for their cases. Resource-strapped agencies can learn how to efficiently collect evidence using OSINT methods, the challenges associated with it and the capabilities you need to protect findings and maintain chain of custody for prosecution.

What is OSINT?

Open-source intelligence is an important tool for law enforcement investigators, criminal justice entities and corrections facilities. The term is traditionally derived from government-curated intelligence, but the combination of recent geopolitical events, such as the war in Ukraine, and the prolific use of social media platforms have pushed the practice into the public sphere. Used correctly, OSINT can be a powerful force in evidence gathering, enabling law enforcement officials to utilize both freely available and cost-effective means of finding information.

But what exactly is OSINT? In its simplest form, OSINT is the process of collecting and analyzing publicly available data from a variety of sources to inform decisions. This includes any non-classified information found via public sources, such as social media, websites, blogs, news articles, books, videos and podcasts/radio. Using OSINT can help law enforcement agencies identify threats, gather evidence on perpetrators, uncover trends and detect fraud. It also eliminates the need to pay for expensive subscriptions or access to proprietary databases. More and more organizations are turning to OSINT for their evidence-gathering needs.

Other than just being a cost-effective way of gathering evidence, OSINT can be combined with existing evidence and closed-source data collection tools like Stingray devices or signal interceptors to build a more faceted case; law enforcement can gain better insights into criminals' activities while also being able to corroborate existing evidence with additional facts collected from open-source intelligence material.

What types of evidence can be gathered with OSINT?

If everyone is constantly sharing what they’re doing on social media, criminals are no exception. A surprising number of narcotics dealers, traffickers, terrorists, counterfeiters and bad actors are sharing selfies, geolocations, photos and videos of contraband and other evidence by posting on social media. Whether you’re waiting for a subpoena to be approved, backdoor access to be invented, or perhaps just at a loss of what to do, open sources could be the next move in your investigation.

Counternarcotics

Many people now communicate over social media and messaging apps, as opposed to just traditional phone carriers, over 3.3 billion, according to Statista. Narcotics dealers, like anyone else, are communicating, creating content and even blatantly selling their contraband by way of social media. By learning to track and associate personas of drug dealers online, investigators can build leads and offer evidence to prosecutors.

Protecting Elected Officials

Whether it’s a protest directed at a particular politician or party or just a large event that security teams should know about, it’s probably being organized on social media. X, formerly known as Twitter, Telegram groups and Facebook groups are great places to gather intel on large group gatherings that could threaten the safety of elected officials. Understanding what’s being planned before it happens, who plans to attend and the tone of the group can all inform the protection of a political official. 

Counterterrorism

In a recent NeedleStack episode, Abbi Dobbertin of Fivecast lamented the bygone days of Twitter when ISIS training groups would simply geotag the locations of their training camps in a post. Fighting terrorism has largely moved online. Targets may have their guard down on social media, or in the case of terrorist groups, they may be actively recruiting new members via video and chat platforms. Both can lead to key evidence on current leads and suspects for watchlists.

While content moderation can, at times, be the chagrin of evidence-gathering, as she goes on to say, there is still plenty of evidence being put out there for law enforcement teams to gather. Consistently monitoring larger targets can be important for screenshotting the evidence before the post or user is banned. Automated collection tools can assist with this issue, which we’ll cover more below.

ICAC

Even the worst of crimes, can find traces on the free and open web. Teams working to investigate internet crimes against children (ICAC), may find important evidence from public-facing accounts. One way teams can work to track perpetrators is by creating affiliations across personas, web domains and usernames. There are many tools to help build these associations and eventually connect them to a real-life counterpart.

By collecting data from public sources and analyzing it in real time, law enforcement agencies can quickly identify threats or uncover potential trends that could be critical for their cases. Additionally, the data collected through OSINT can be used to observe patterns in criminal activity and develop strategies for prevention or disruption.
Overall, OSINT provides a range of advantages for law enforcement evidence-gathering activities. It enables investigators to access vast amounts of data from public sources in real time, remain compliant with legal regulations such as FOIA and identify patterns in criminal activity that would otherwise go unnoticed.

Collecting evidence using OSINT

The first step of collection is to identify the most relevant sources. These can include public websites, social media platforms, blogs and other online sources. To start finding sources, try these tools.

Finding sources

• Google Dorking

Simple Google dorking techniques can help you narrow down the wide-ranging internet searches to find the exact information you’re looking for. For instance, if you’re searching for someone who shares a name with a famous person, you can exclude results from certain sites or limit your search to certain time periods and geographic areas. Advanced search techniques are the first step to finding who and what you’re looking for.

• Social media platforms

Collecting OSINT from social media platforms (also known as SOCMINT) is a valuable tool for law enforcement agencies. As stated earlier, not all criminals are masterminds. Some may freely upload admissible evidence to social media platforms. Understanding each platform and how it is used is important for investigators. It’s also important to stay up to date on privacy laws in your jurisdiction.

• Consider reaching beyond Facebook and Twitter. Social media platforms span far and wide, and sometimes fringe networks with lax content moderation can lead to more detailed posts and further incrimination. Once a username has been discovered, using the tool WhatsMyName.app can allow you to discover other associated usernames, potentially leading to more evidence and leads.

• Tools for OSINT in law enforcement

There are a number of tools available to assist law enforcement agents with an investigation. Learning not only time-saving tools and tips but also becoming familiar with how to use the framework of OSINT can help you gain insight into suspects and chase leads.

Once you’ve identified your sources, it’s important to develop an efficient process for collecting data from those sources in a systematic and structured way. This will help to ensure that all available evidence is collected and analyzed quickly and efficiently. Leveraging technology such as automated data collection tools can make this process easier and more effective.

The next step is to ensure that any collected evidence is securely stored in a platform that complies with legal regulations such as FOIA (Freedom of Information Act) and Sunshine laws. Storing evidence on a purpose-built platform also makes activities audit-compliant, which is essential for law enforcement agencies who need to be able to demonstrate compliance with legal guidelines for obtaining evidence.

The intelligence part of OSINT comes from analysis. It is crucial that the collected data is verified and authenticated before being used in court proceedings or other legal applications. This includes ensuring the accuracy of any metadata associated with the evidence, which can be manipulated. Timestamps and geotags must be verified if they are going to be used in court — leading to more successful cases and stronger convictions against criminals.

Challenges of OSINT evidence-gathering

Investigators must consider the various issues that come with gathering evidence through open-source intelligence (OSINT). The primary challenge is assessing the credibility and dependability of data taken from public sources. With all of the false news, propaganda and misinformation circulating online, these agencies need to do due diligence in verifying any evidence before using it for investigations or legal proceedings.

It can also be hard to acquire proof before it is discarded or removed from its origin. While content moderation practices are put in place for the public good and to protect vulnerable groups, they can also lead to the destruction of evidence before investigators have had a chance to compile it. In a rapidly changing digital world, information can become outdated quickly — making it a struggle for law enforcement to keep up with all of the available data. Some purpose-built solutions solve this issue by automating collection before it disappears.

The legal aspects of utilizing OSINT as evidence should also be analyzed carefully. Many states and even counties have different criteria when it comes to admissibility in court hearings and what counts as valid proof. It is critical that law enforcement personnel understand privacy laws in their jurisdiction when collecting and presenting OSINT as part of their cases.

What law enforcement needs to know about cryptocurrency blockchains

Cryptocurrencies’ decentralized nature and lack of oversight make its use a particular favorite of criminal activity. But there are important misconceptions about the supposed anonymity of cryptocurrency and its stability. The ability to demystify blockchains can help you track your target and their purchases across the surface, deep and dark web, and offer critical evidence for a conviction. Learn more on how to follow the money.

Should you look for evidence on the dark web?

The dark web may not be the seedy underground of the internet that some low-budget Hollywood movies make it out to be, but there is still considerable evidence that can be found. Criminals who rely on purported anonymity may be letting their guard down in forums they think are beyond the reach of law enforcement investigators. If you are wondering if you want to learn more about dark web research, including understanding the different darknets, whether or not dark web research is right for your investigation and creating a dark web access policy, check out our definitive dark web series guide.

What capabilities do you need for OSINT?

Law enforcement agencies looking to take advantage of the benefits of OSINT evidence-gathering methods must first be equipped with the necessary capabilities. 

Managed attribution: stay anonymous to protect identity and intent

OSINT data collection requires the ability to safely and anonymously access and aggregate data from multiple sources. Most importantly, it requires that the mouse never becomes the cat. In order to avoid your web activity from being used against you, total anonymity is a must-have for the integrity of the investigation and for the personal safety of law enforcement officers.

Optimize efficiency

Beyond safety, using purpose-built automated collection tools can make a department more efficient and avoid common roadblocks, such as content moderation when looking for evidence. The built-in Silo for Research tool, Collector, allows agents to set automated and repeated collections to screenshot entire social media profile posts or download videos. These tools allow officers to spend more time on creative problem-solving and less time gathering information.

Processing and storage

The amount of data collected through OSINT can be overwhelming so agencies need the capability to process large amounts of information in a short amount of time. Moreover, storing, organizing, and analyzing collected evidence is key in order for successful investigations. Silo for Research includes ample cloud storage so agents can make effective use of OSINT as an investigative tool.

Isolation from malware, ransomware and other threats

When investigating crimes, it is imperative to protect yourself against potential malware, ransomware or attribution. Law enforcement officials know better than most of the potential dangers and threats that lurk, but knowing how your data can be used to target you is equally important. Personal browsing data could lead your target a trail of breadcrumbs to follow through your research right back to your identity.

A purpose-built platform can protect your evidence and make activities audit-compliant by providing a secure environment for collecting evidence and ensuring chain of custody. Having access to a powerful platform like Silo for Research, enabled by these capabilities, allows law enforcement agencies to leverage OSINT to their advantage and solve cases in an efficient and cost-effective manner. To learn more about these and other capabilities, book a demo today.