What Is an OSINT Investigation?
An OSINT investigation is the structured process of collecting, analyzing, and reporting on information gathered entirely from open, publicly available sources. Unlike traditional intelligence work, no hacking, unauthorized access, or covert surveillance is involved. The discipline is used by journalists, corporate investigators, security researchers, law enforcement, and concerned individuals.
The OSINT Investigation Cycle
Professional investigators typically follow a structured cycle to keep their work organized and defensible:
- Define your objective. What specific question are you trying to answer? Vague goals produce unfocused investigations.
- Identify your sources. Which open sources are most likely to contain relevant information?
- Collect data. Gather information systematically, recording metadata (when, where, how you found it).
- Process and verify. Cross-reference findings across multiple independent sources.
- Analyze. Draw conclusions based only on what you can support with evidence.
- Report. Present findings clearly, noting confidence levels and source limitations.
Setting Up Your Investigation Environment
Browser Hygiene
Use a dedicated browser profile or a separate browser (such as Firefox with uBlock Origin and a VPN) for investigations. This prevents your target from seeing referral traffic from your primary accounts and keeps your personal browsing separate.
Note-Taking & Documentation
Tools like Obsidian, Notion, or even a simple spreadsheet can help you track leads, sources, and findings. Note the URL, access date, and a screenshot for every piece of evidence you collect.
Virtual Machines
For sensitive investigations, running your OSINT tools inside a virtual machine (e.g., using VirtualBox or VMware) adds a layer of separation and allows you to restore a clean environment between cases.
Key Source Categories
| Source Type | Examples | Best For |
|---|---|---|
| Search engines | Google, Bing, DuckDuckGo | General discovery, Google Dorking |
| Social media | LinkedIn, X/Twitter, Instagram | Person profiles, networks |
| Public records | Court records, company registries | Legal history, ownership |
| Domain/IP data | WHOIS, Shodan, Censys | Online infrastructure |
| Geospatial | Google Maps, Sentinel Hub | Location verification |
Common Beginner Mistakes to Avoid
- Confirmation bias: Searching only for information that confirms your initial hypothesis. Always actively look for evidence that contradicts your theory.
- Poor source documentation: Failing to record where information came from makes your findings unverifiable and potentially useless in professional contexts.
- Alerting your target: Visiting someone's LinkedIn profile while logged into your personal account notifies them. Always use anonymous browsing for profile views.
- Over-reliance on a single source: One data point is a lead. Multiple corroborating sources make a finding credible.
Building Your Skills
Practice is the best way to improve. Consider using platforms like Trace Labs (which hosts OSINT capture-the-flag competitions to find missing persons), or working through publicly available training from Bellingcat's online resources. Starting with low-stakes practice targets — such as verifying a news story's location claims — helps build skills without ethical risk.