OSINT for Beginners: How Intelligence Analysts Find Information Online

OSINT — Open Source Intelligence — is the practice of collecting and analysing information from publicly available sources. It is one of the most powerful and underrated skills in cybersecurity. Here is how it actually works.

What Counts as Open Source?

Everything publicly accessible: websites, social media profiles, domain registration records (WHOIS), company registries, court records, Google Maps, LinkedIn, news articles, government databases, and even metadata embedded in documents. None of this requires hacking — it is all legal and available to anyone who knows where to look.

Core OSINT Tools Every Analyst Uses

• Whois / RDAP — Domain registration information. Who owns a domain, when was it registered, where is it hosted.
• Shodan.io — The "search engine for internet-connected devices." Finds exposed servers, cameras, industrial systems worldwide.
• Maltego — Visual link analysis tool. Maps relationships between entities — people, domains, IPs, organisations.
• Google Dorking — Advanced Google search operators to find specific information exposed on the public web.
• Have I Been Pwned — Checks if email addresses appear in known data breaches.
• OSINT Framework (osintframework.com) — Comprehensive directory of OSINT tools organised by category.

OSINT in Law Enforcement Context

At FG-LEA, OSINT is a core component of cyber intelligence operations. We use it to trace digital footprints, corroborate evidence, identify threat actors, and build intelligence profiles for active cases. The same techniques apply whether you are investigating a cybercriminal or researching a potential business partner.

I applied these techniques in my MutaCryptor TI Report — correlating domains, Bitcoin wallets, company registration records, and social profiles to map a fraud network operating across multiple countries.

Written by O.T. Nathaniel, AMICDFA, CCEP, CBTP — SOC Analyst & Founder of Cyber Nate