Guest Blogger: Nathan Block

OSINT, or Open-Source Intelligence, is a methodological process involving the systematic collection, evaluation, and analysis of publicly accessible information from diverse sources to produce actionable intelligence. Its primary purpose is to generate relevant and contextualized insights by leveraging readily available data. This intelligence can serve a multitude of objectives, including but not limited to:

• Law Enforcement and Security Applications: OSINT provides valuable data for identifying and tracking individuals of interest, such as criminal suspects, escaped convicts, and individuals featured on “America’s Most Wanted.” This can involve analyzing social media activity, public records, news articles, and other open sources to develop leads, establish patterns of behavior, and support investigative efforts.

In essence, OSINT employs structured methodologies to transform publicly available data into intelligence products that can inform decision-making across various domains. 

Both Digital Forensic Investigators (DFI) and Penetration Testers take advantage of these since they are considered passive recon. A penetration tester may have to perform a “Black Box” Penetration test, where they know almost nothing about the target. A company may actually request “what can be found out about our company from a legal perspective”?

Here are further details on this type of test:

• Minimal information: perhaps only the company name.
• External Perspective: this is where OSINT and Recon must take place.
• Focus on Reconnaissance: domain lookups, Subdomain enumeration, public records and open databases.
• Do not forget, the adversaries also have the potential & the availability to do the same types of reconnaissance or as they say, “casing-the-joint”.

There are multiple OSINT Tools applications, websites, and tools that can help the user expose or reveal factual information. This is highly regarded public information not normally seen. The below are some useful websites:

Overall, these records can be used, or dug up, to find links through a number of government agencies. Additionally, providing the ability to examine family trees and to make correlations, and commonalities based on those findings. Not only does It require a lot of patience to be able to collect the information you are seeking, but it also requires some experience. Even if sometimes not being successful you will still broaden your experience level.

Archive.gov (National Archives):

Here is an example of how to find a record in the National Archives AAD Database: e.g. Below are the details that you know:

• You know that this person served in WW2.
• You have their name as it has been spoken: Rocky Marciano
• You have specific information, such as his boxing career.
• You know the person was enlisted and had active duty in the Army.
• The problem is you only know the name as it was spoken.
• You do not know which infantry the person served under.

However, you do remember he did not go by his real last name. “Marchegiano”. That was the problem, but you find the real last name and go to National Archives; archives.gov. There are multiple options to either search their database or to request the records via mail. They also have sections for War Pictures. It’s a great site especially if you personally have family members that served their country when needed.

A major component, the Wayback Machine has archived 900+ billion webpages that no longer exist. One example is where a person needs software for their smartphone. However, the link is dead.
e.g. You can start by attempting to access a link that you are familiar with from a few years ago. Hit Enter, it tries to access the saved link from its database. This link may be for a now obsolete consumer product such as; Movies, Books, Software and deprecated technology.

Big companies such as Motorola Mobility, which is now Lenovo.
You can find these links just as they were along with the data. Wayback machine can easily find even older obsolete consumer products and technology such as Netscape, MTV, Nintendo Games from the 80’s, and old cellular technology such as Nortel Networks CDMA Switches seen below;

OSINT, or Open-Source Intelligence, is the legal and public collection of readily available information, crucial for passive reconnaissance in fields like Digital Forensics and Penetration Testing, particularly in “Black Box” scenarios where minimal target information is known. Penetration testers leverage OSINT to understand a company’s external digital footprint, mirroring how adversaries “case the joint.” Numerous OSINT tools, websites, and applications exist to expose often-overlooked public data, including resources like the OSINT Framework, the National Archives, Newspapers.com, FamilySearch.org, Ancestry.com, and the Internet Archive’s Wayback Machine, each offering unique avenues for uncovering factual information, historical records, and even archived web content, requiring both patience and experience for effective utilization.