The Hidden & Visible Elements of OSINT: Part 1

Corporate SecurityOSINT Tools & Techniques

Do you recall a time when you looked in your bag for the thing you needed and you could not find it? Do you remember when later you found that thing, there in your bag? It was hiding. The visible surface area of the many objects in your bag made it difficult to see. This is a common scenario, and the average person is able to cope.

When conducting OSINT, the techniques used to locate the unseen are less straightforward. There are a number of advanced skilled OSINT investigators must develop to conduct their job. We will discuss some of the basic elements to capture when it comes to online content, be it websites, social media platforms, and files. In addition to some of the key information, investigators need to capture, a number of critical skills and specific tasks are used meaning that there is actually a lot to consider when looking at even the smallest pieces of information online.

hidden and visible elements of the internet using osint

The Lens

Investigative thinking requires a specific type of lens. People are naturally prone to bias. Each of us, all humans, fall prey to multiple cognitive biases. These are natural and occur often without us being aware. Analytical thinking that rises above bias to trace the causal flow of an incident can be challenging. Validating information, challenging each assumption along the way, and thought to checks and balances go a long way. Yet this idea of bias is not quite complete without mentioning the other bias that rarely surfaces in polite conversation. It’s nobody’s fault, it happens to us all too. I am talking about cultural bias. This does not refer to the bias one has towards another person, though this can happen as a result of cultural bias. As social creatures, we take on the image of the cultures and societies to which we belong, the ones that raised us. I have a very specific reaction to the smell of cow manure. A man living with his small tribe on the African continent who uses cow manure to build his hut and fuel his fire would have very different feelings about the smell of cow manure. When conducting investigations even assumptions about whether s*%t stinks must go out the door. The appropriate lens to use in investigative thinking is one without bias.

The Visible

Surface Web

Google only crawls 4% of the Internet – which means beyond Google there is 96% more content that might be useful. The Surface Web is what the kids know, what the kids love. The Surface Web is where you can find all that. It is reachable and findable by standard search engines, it is available for people to find it. The 96% is referred to as the Dark Web. [link to Dark Web blog post – core one]

Distinguish between the Surface, Deep & Dark Web with Untangling the Web: Where to Get Started with Online Investigations.

Advanced Google Queries

Cache:[website/page name] produces the latest cache result of a website or page.

Inurl:[Keyword] produces results with specific words inside of the URL. 

filetype: [Keyword] will also limit to type, as in PDF documents or Word documents.

AROUND(X) produces a proximity search between two words. For example: “Media Sonar AROUND(5) technology” will query for all instances where Media Sonar is within 5 words of technology.

inposttitle:[Keyword] retrieves blog posts and articles with certain keywords in the title.

Adding a “-” character before a search operator will exclude the indicated operator from results.

Date Range: allows you to type in your search with any of the above operators. Hit the box below the search bar called “Tools” and click on the drop-down menu marked “Any time.” Scroll down until it says “custom date range” and enter the date.

Media Sonar equips security teams with additional filtering capabilities across the Surface, Deep & Dark Web. Filter through the noise and become aware of relevant threats in real-time. Book a demo to learn more.

For What Exactly?

The investigative process requires the right lens, and you need to know where to start looking. OSINT techniques uncover information about malicious threat actors, possible threats, or crimes that have occurred in the conversations and breadcrumbs that people leave behind on the Internet in the commission of, or in relation to, the acts.

The second part of our series will be published next week, and we will look at how people use language in public conversations to give themselves away. We will learn about legal OSINT boundaries and the communication trail you can follow, threat actor selfies, and language. What ties them all together is meaning, and the OSINT investigator ultimately wants to know just that: “What does this all mean?”

In The Hidden & Visible Elements of OSINT Part 2, we cover the different mediums people use to communicate and how to capture conversations across the visible elements of OSINT.

See Media Sonar in Action

Harness the unique insights only available from Web Intelligence & Investigation to better protect your corporate brand and assets.
Previous Post
OSINT Best Practices: Legal & Ethical
Next Post
The Hidden and Visible Elements of OSINT: Part 2

Become a Media Sonar Insider

Become a Media Sonar Insider

Please fill in a few details & we'll add you to our communications list.

Looking For More Content?