OSINT — Open Source Intelligence — is the practice of collecting and analysing information from publicly available sources to produce actionable intelligence. It requires no hacking, no special access, and no illegal tools. Everything described here is legal and accessible to anyone with an internet connection and the discipline to apply it methodically. At FG-LEA, OSINT is a core component of cyber intelligence operations and was the primary methodology behind the MutaCryptor TI Report.
- OSINT requires no hacking — all techniques described are legal, using publicly available information sources
- Domain registration age and registrar privacy settings are among the highest-confidence indicators in scam and fraud investigations
- Maltego visual link analysis dramatically accelerates relationship mapping between entities — people, domains, IPs, and organisations
- The MutaCryptor investigation that produced CNTI-2026-001 relied almost entirely on OSINT methodology
What Counts as Open Source?
Everything publicly accessible without authentication: websites, social media profiles, domain registration records (WHOIS), company registries, court records, Google Maps imagery, LinkedIn, news archives, government databases, academic publications, and metadata embedded in publicly available documents. None of this requires hacking or special access — it is all legal and available to anyone who knows where to look and how to analyse what they find.
Core OSINT Tools Every Analyst Uses
- WHOIS / RDAP — Domain registration information. Who owns a domain, when was it registered, where is it hosted, and which registrar processed it. Domain age is one of the highest-confidence fraud indicators
- Shodan.io — Often called the "search engine for internet-connected devices." Indexes exposed servers, cameras, databases, industrial control systems, and networking infrastructure worldwide. Invaluable for threat actor infrastructure mapping
- Maltego — Visual link analysis tool that maps relationships between entities — people, domains, IP addresses, organisations, and social profiles. Transforms individual data points into a navigable network graph
- Google Dorking — Advanced Google search operators to find specific information exposed on the public web. Operators like
site:,filetype:,intext:, andintitle:surface information that standard searches miss - Have I Been Pwned — Checks whether email addresses appear in known data breach datasets. Useful for victim identification and threat actor email profiling
- OSINT Framework (osintframework.com) — A comprehensive, categorised directory of OSINT tools and resources. The most useful single reference for analysts at all levels
OSINT in Law Enforcement Context
At FG-LEA, OSINT is a core component of cyber intelligence operations. We use it to trace digital footprints, corroborate physical evidence, identify threat actors, build intelligence profiles for active cases, and establish timelines for cyber incidents affecting law enforcement systems and operations.
The same techniques that identify a cybercriminal also work for due diligence on a business partner, background research on a potential employer, or verifying the legitimacy of a job offer — which brings us to the MutaCryptor investigation.
OSINT in Practice — MutaCryptor
The investigation that produced CNTI-2026-001 relied almost entirely on OSINT methodology. Domain WHOIS records revealed registration dates of 3–8 days before each company identity was deployed. Reverse image searches exposed AI-generated employee profile photos. Bitcoin transaction analysis traced wallet addresses across multiple shell company identities. Company registration searches across CAC, MCA, and Companies House found no legitimate entities. The entire network was mapped without a single privileged access point — only publicly available information, applied methodically.
If you want to develop OSINT skills practically: start with TryHackMe's OSINT rooms, then work through osintframework.com systematically. Practice on public domain names, public company registries, and your own digital footprint — understanding what is visible about you is the most instructive starting point.