Open-Source Intelligence (OSINT) Gathering and Analysis

This is a foundational course in Open-Source Intelligence (OSINT) Gathering and Analysis, will move quickly through many areas of the field. While the course is an entry point for people wanting to learn about OSINT, the concepts and tools taught are far from basic.

The goal is to provide the OSINT groundwork knowledge for students to be successful in their fields, whether they are cyber defenders, threat intelligence analysts, private investigators, insurance claims investigators, intelligence analysts, law enforcement personnel, or just someone curious about OSINT.

Many people think using their favorite Internet search engine is enough to find the data they need and do not realize that most of the Internet is not indexed by search engines.

You will learn real-world skills and techniques that law enforcement, private investigators, cyber attackers, and defenders use to scour the massive amounts of information found on the Internet.

Once you have the information, we’ll show you how to ensure that it is corroborated, how to analyze what you’ve gathered, and how to make sure it is useful in your investigations.

Foundations of OSINTO

We begin with the basics and answer the questions “what is OSINT” and “how do people use it.” This first section of this course is about level-setting and ensuring that all students understand the background behind what we do in the OSINT field.

We also establish the foundation for the rest of the course by learning how to document findings and set up an OSINT platform. This information taught in this section is a key component for the success of an OSINT analyst because without these concepts and processes in place, researchers can get themselves into serious trouble during assessments by inadvertently alerting their targets or improperly collecting data.


  • Course Introduction
  • Understanding OSINT
  • Goals of OSINT Collection
  • Diving into Collecting
  • Taking Excellent Notes
  • Determining Your Threat Profile
  • Setting up an OSINT Platform
  • Effective Habits and Process
  • Leveraging Search Engines

Gathering, Searching, and Analyzing OSINT

Open-Source Intelligence (OSINT) Gathering and Analysis begins in section two after we get a glimpse of some of the fallacies that could influence our conclusions and recommendations. From this point in the course forward, we examine distinct categories of data and think about what it could mean for our investigations.

Retrieving data from the Internet could mean using a web browser to view a page or, as we learn in this section, using command line tools, scripts, and helper applications.


  • Data Analysis Challenges
  • Harvesting Web Data
  • File Metadata Analysis
  • OSINT Frameworks
  • Basic Data: Addresses and Phone Numbers
  • Basic Data: Email Addresses
  • User Names
  • Avatars and Reverse Image Searches
  • Additional Public Data
  • Creating Sock Puppets

Social Media, Geolocation, and Imagery

Section three kicks off by examining free and paid choices in people search engines and understanding how to use the data we receive from them. Some of these engines provide social media content in their results.

This makes a terrific transition for us to move into social media data, geolocation, and eventually mapping and imagery.


  • People Search Engines
  • Exercise People Searching
  • Facebook Analysis
  • LinkedIn Data
  • Instagram
  • Twitter Data
  • Geolocation
  • Imagery and Maps

Networks, Government, and Business

Section four focuses on many different but related OSINT issues. This is our blue team day, as we dive into Open Source Intelligence for IP addresses, domain names, DNS, and Whois.

We then move into how to use wireless network information for OSINT. We end the section with two huge modules on searching international government websites for OSINT data and supporting business processes with OSINT.


  • Whois
  • IP Addresses
  • DNS
  • Finding Online Devices
  • Wireless Networks
  • Recon Tool Suites and Frameworks
  • Government Data
  • Researching Companies

The Dark Web, Breach Data, and International Issues

The beginning of section five focuses on understanding and using three of the dark web networks. Students will learn why people use Freenet, I2P, and Tor.

Each network is discussed at length so that students don’t just know how and why to use it, but also gain an understanding of how those networks work. With the Tor network being such a big player in the dark web, the course spends extra time diving into its resources.

After tackling the dark web, we examine how we can use breach data in our cases and to address international OSINT issues. We end the section by examining how to find and track vehicles of all sizes.

The end of this section is a massive lab, the Solo Capture-the-Flag (CTF) Challenge that helps students put together all that they have learned up until now in the course. Through a semi-guided walk-through that touches on many of the concepts taught throughout the course, students complete a full OSINT assessment at their own speed. Setting aside time to work through our OSINT process in an organized manner reinforces key concepts and allows students to practice executing OSINT process, procedures, and techniques.


  • The Surface, Deep, and Dark Webs
  • The Dark Web
  • Freenet
  • I2P – Invisible Internet Project
  • Tor
  • Monitoring and Alerting
  • International Issues
  • Vehicle Searches
  • Solo CTF Challenge

Who Should Attend

This course will teach you techniques to help your work whether you are trying to find suspects for a legal investigation, identify candidates to fill a job position, gather hosts for a penetration test, or search for honey tokens as a defender.

While this list is far from complete, the OSINT topics will be helpful to:

  • Cyber Incident Responders
  • Digital Forensics (DFIR) analysts
  • Penetration Testers
  • Social Engineers
  • Law Enforcement
  • Intelligence Personnel
  • Recruiters/Sources
  • Private Investigators
  • Insurance Investigators
  • Human Resources Personnel
  • Researchers