By: Pierluigi Riti
July 22, 2020
New Course: Open Source Intelligence (OSINT) Fundamentals
By: Pierluigi Riti
July 22, 2020
OSINT, Open-Source Intelligence Technique, is an approach used to collect public information using publicly available data, for this reason, the term “open-source.” OSINT has become a “buzzword,” but the technique has been used for centuries. Collecting information to have an advantage or make decisions is essentially the basis of any human relation. In this article, we have a small introduction about OSINT and how this technique is important in Cybersecurity.
Every cyberattack has some specific phases; the first phase in a cyberattack is called “reconnaissance.” In this phase, the attacker collects all the information for planning and preparing the attack. This phase is mostly used to identify the target and gain all the information needed to prepare the attack. In this phase, the OSINT tool and technique is crucial to gain the correct information. We can also use OSINT techniques to check how our data is used because it is crucial to protect yourself and reduce the risk of any data theft. The final goal for the OSINT tool and technique is not only to gain open-source data available. An appropriate collection and detailed reporting and reference, wherever the data obtained are for an investigation, for a background check, or a reconnaissance operation, clear documentation and report of the finding is necessary. This is important because we can’t rely on the fact the data remains online forever.
Conduct an OSINT investigation
Like every investigation, an OSINT investigation has some phase we need to follow to be successful. These phases are:
- Identify the necessary resource and information.
- Produce necessary documentation.
Following these phases is important to achieve the results we need and, at the same time, protect yourself from any risk connected with the investigation.
Prepare the environment
First, to conduct an investigation, it is important to be sure our computer is protected. This is an important and critical phase in our investigation. This phase aims to prepare a proper environment used to gain the information we need. This information can sometimes involve research on unprotected or suspicious sites. Having good environment preparation is also important for having an environment; we can easily spin-up during the investigation. Having a Virtual Machine always ready can reduce the time we need to spend to complete the investigation. To prepare the environment for the investigation, it is always better to start with a fresh copy of the operating system. This is because any time we surf on the Internet, the browser registers our preference in the cookie, which can affect our research. A virtual machine is the best option for creating a fresh installation with the following advantages. First, we can isolate the environment. In this way, if we navigate on some site “non-secure” or in any case not safe, we can easily destroy and restart. Another advantage of using the VM is to have available and easily replicable in case we need to change the workstation.
Identify the resource and information
When the environment is ready, it is time to identify the resources necessary to conduct the investigation; these resources can be various and depend mostly on the area of investigation. In general, an OSINT investigation addresses these areas:
- Search Engine provides a large role in every OSINT investigation. You should learn how to use the search engine, like Google and Bing, in an advanced way, which is the key to performing an effective investigation.
- Social Network, One of the best ways to get information about someone is to check the social network. Facebook, Twitter, and Linkedin are the starting point of every OSINT investigation. The social network is often used to share information about personal life. This can be used gain more information about the OSINT target.
- Other PPI information OSINT is normally used to gain more PPI, Private Personal Information; this information is normally identified with the phone number, IP address, and other sensitive information. All these information is the core of the OSINT investigation.
A successful OSINT investigation collects all the information about the target, the information is “open-source” and publicly available, but the information can easily disappear, so collect the data while it is available.
Produce the necessary documentation
With all the information gained, it is important to document the result of the investigation. The documentation of the results is the most important part of the investigation. The information can be easily removed from the Internet; for this reason, correctly documenting the information gained is an essential step for every OSINT investigation.
In this post, we present why OSINT is important not only in Cybersecurity but know the OSINT techniques can be applied in our daily life to simply protect our privacy. If you want to learn more about OSINT, please check out Cybrary’s Open Source Intelligence Fundamentals course taught by Tino Sokic. The course gives a beginner overview of OSINT, and from this course, you will learn about the theory, tools, and techniques, and the ethical implications of OSINT.