OSINT Beginnings

The Intelligence cycle must be strictly adhered to and learned thoroughly. The basics will go a long way in being an OSINT practitioner and stressing the process of the Intelligence cycle should hold greater primacy than focusing on tools. The first phase of an OSINT engagement involves planning and then organizing the initial action such as beginning to ask simple questions of who, what, when, and where. Who is the target? What is the objective is another question possibly asked. You then move from here to action. To note one must not focus too much on tooling initially. One must focus on the process and the Intelligence Cycle. Also one must realize that mastering the basics is essential and indeed experts are simply those who have better mastered the basics and can properly incorporate them into their workflow. A lot of the writing starts off with a fresh definition of OSINT to establish a base to build off of I suppose. The meaning of intelligence and information is an example because the two should not be conflated. Intelligence is information that is refined and contextualized to the objectives of the engagement. Government military papers are rife with acronyms like MDMP or IBP or (COAs). They offer no clues on their actual meaning usually acronyms do as such. To reiterate intelligence process consists of four steps (plan, prepare, collect, and produce) and to paraphrase four continued activities (analyze, generate intelligence knowledge, assess, and disseminate). There is a synergy of sorts with the intelligence process where every step is concurrent and is happening at the same time. You cycle through the steps and you don't necessarily enact the steps step by step. Other sources say determining an end goal ultimately helps with the investigation. What you are going to actualize with the intelligence will determine how you go about the investigation. #Collecting The third step is collect. One does not know what one does not know and so collection needs to collect it all as General Alexander would say of the NSA. No of course a private citizen does not have the means of such bulk collection at scale as the NSA does with all US corporations kowtowed to the government in public-private partnerships. The Google's and teleco's like AT&T that assist the mass surveillance. No, a private citizen is more limited to the available information on the open web that is freely available. When collecting one should not use private accounts on social media due to the data collection of the social media app's and the dictates of proper OPSEC (Operation Security) requires such prudence to be made. Who knows who you are coming up against and how savvy the target is of an investigation. This could lead to death threats depending on the threat level of the target like an anti-Semitic hate group. Do you know who you are dealing with? Be safe, the open internet is a rough neighborhood in reality. The collated information points to starting broad and working towards narrower queries later. This could mean generalizing initial queries in a Google dork and then honing down into more specific queries. You are trying to collect data points in this phase that are relevant to the investigation. You might have to cycle through this phase over and again due to the fact that it is not a one and you are done kind of thing. Essentially the process is not sequential and the processes overlap each other. #Processing Processing is taking the raw data and information and working it to make it more digestible to other analyst. Putting data in a format that is easy to access is one example with proper file formats. The point of processing is to take raw data that is collected and refines it for later analysis. #Analysis and Production Assessing and analyzing the information processes it into actionable intelligence that is then turned into a product to be presented to decision makers. You have to be aware of any bias you may introduce in the analysis. Confirmation bias is one form that may crop up in your research that clouds the analysis. You might start thinking everyone fits a criminal profile and may look for ways to see it as such in the data. This can be troubling and muddy the truthiness of your investigation. You are trying to produce an unbiased product for information consumption. #Dissemination Selling your intelligence as a subject matter expert is important to your audience. You have to intro with the conclusion of your research to entice your reader to read on and walk through what the data and intelligence has to say. Creating a feed back loop to incorporate feed back back into research is ideal. The consumer may have intel that could point you in a direction you may have never thought to go. Follow up questions are the very feed back that I speak of. This is part of the intelligence cycle that is then brought to the fold. And we begin again.