OSINT: How open sources help verify facts

This is not hacker attacks or espionage. OSINT is a legal way to obtain intelligence using only what people and organizations themselves post online. But even “honest” surveillance has its own rules and risks. We tell you how to legally obtain information from open sources.

Stages of conducting OSINT investigations.

  • Setting goals and searching for sources

The final result of the investigation depends on this stage. Without a clear understanding of the task, you can get confused in the mass of data found and waste time. To obtain the desired result, it is important to correctly determine what you are looking for, why and to what extent.

How to start an investigation: 5 steps to prepare

  1. 1. Formulate the goal of OSINT: what do you want to know?
    For example: “Determine where a person works and who they are connected to.”

  1. 2. Specify the object of the investigation: who or what interests you: an individual, a company, an IP address, a website, a nickname. This is the subject of the analysis.

  1. 3. Formulate a hypothesis (if necessary): an assumption you will test. For example: “This person is associated with a certain organization.” Then you will look for specific evidence, and not check everything in a row.

  1. 4. Determine the time frame: what period of time are you interested in information for: a week, a month, several years? This will help narrow your search.

  1. 5. Specify the types of data that are needed: photos, addresses, telephones, social networks, domains, connections, legal information — the more precise, the better.

Remember: a clear task definition is half of a successful OSINT investigation. Then you can move on to data collection.

  • Direct search for information

  1. 1. First, check networks — VK, Instagram, Facebook, X, etc. You can use Namecheckup.com — the service will pull up all accounts with the nickname you enter. This makes the search easier. Next, we check open databases and leaks — reestrs.org, leaked databases.

  1. 2. Next, if necessary, we check domains and sites — WHOIS, DNSdumpster, crt.sh. Similarly, we check messengers and forums —Telegram, Reddit, Pastebin.

  1. 3. The final step of this stage is search engines and parsing — Google, Yandex + Dorks.

The main thing at this stage is to gather as much disparate information as possible, without dismissing even the strangest or, at first glance, seemingly uninformative facts. During subsequent verification, it is easier to discard unnecessary or irrelevant details than to overlook a small, seemingly insignificant fact. All details — phone numbers, emails, photos — are important and necessary at this stage.

  • Verification and analysis of the received information

The most important stage in conducting an investigation. It is at this stage that it is important to filter out unnecessary information and isolate what is important. There is a lot of outdated, fake and distorted information on the Internet. If you do not verify the sources, you can make incorrect conclusions or be misinformed.

Methods of OSINT data analysis:

Cross-check. Compare information from different sources. For example, if the name from a profile on one of the social networks matches the name on LinkedIn, and the photos are the same, then the probability of an exact match is higher.

 – Chronology of events. Build timelines. If a photo with a date is posted on Instagram, and on Facebook on the same day — another post from another country, this is a reason to doubt.

Geolocation and maps. Use Google Maps and Street View to check the locations indicated in photos or posts. You can also use GeoSpy or Pic2Map — services that determine the location
of a photo.

Photo and video metadata. EXIF tools can extract hidden data from images: device model, coordinates, shooting date. For videos, use InVID to check the source, upload date, and do a reverse search by frames.

When checking facts, accuracy is important. One wrong conclusion can ruin the whole investigation. Therefore, check all information carefully.

  • Documenting the information found and conclusions

An equally important stage of the investigation. When documenting, it is important to save links to primary sources, screenshots (in case of deletion or change of information), the date of the information search is also important. Try to structure the investigation report so that it is clear what follows from what. Record each step, even intermediate findings. This will simplify the export of information and will help in the future.

The report should contain at least an introduction, initial data, information found and sources, analysis and comparison, conclusions.

The key thing is to exercise caution and digital hygiene when conducting investigations.

If you need to register on social networks or specialized sites, do not use your personal email, personal account, or other personal data that can be traced back to you. It is also recommended to use a secure connection when searching for information.

Always work in a separate environment: a separate browser or virtual machine without access to your main profile. Do not use personal phone numbers or numbers and profiles associated with your family, loved ones or friends, even if the profile has not been used for several years. The development of AI technologies complicates the fight against fakes, but OSINT methods are also evolving.

Today, fact-checking is not just reading news, but working with digital evidence, when critical thinking must be supported by technical verification skills. Therefore, the ability to competently find and verify information is becoming not so much a useful skill for professionals, but a basic necessity for every Internet user.