Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT) is the application of information gathering from public sources. Relating to the collection, processing, analysis and exploitation of the data. We understand the diversity of data sources and how to apply the information identified.
Sources information include; databases, published records, patent records and other data available to the public, effectively garnering such information, may require a variety of specialist techniques.
Where sources of information are likely to include social media. It is especially relevant to ensure that any information garnered is both accurate and obtained in an acceptable manner for litigation purposes. Simply acquiring a series of screenshots together with note making, may not be either sound or acceptable. Social media platforms are not designed to be ‘imaged or copied’ using conventional methods. Our tools and techniques are designed to meet those needs.
Most exercises typically fall into two areas of investigation, these are:
- I. T. Security
These often form an element of other cases undertaken by CCC, whether an investigation, penetration testing, asset tracing or a due diligence project.For examples of intelligence-led assignments →
I.T. Security Assessment
The purpose of an intelligence gathering exercise as part of an I.T. security assessment is to establish the volume of information available within the public domain.
The amount of information provides an indication of the level of security that currently exists within an environment, together with potential areas of weakness. We have found that significant amounts of corporate information or ‘leaks’ into the public domain occur without the ‘owners’ knowledge. As mentioned, this information also provides attackers with potential areas to exploit. Conversely, little or no information in the public domain could indicate that applicable security measures are effective.
Source data targeted in this type of exercise typically includes but is not limited to:
- Accidentally published data
- DNS Records
- Employee information
- Email addresses
- Internal phone numbers
- IP address information
- Mail exchange servers
- Management structure
- Network topography
- Press releases
- Geo-location data
The aggregation of data from a variety of sources, exponentially increases the cumulative value…
The harvesting of data in relation to a specific individual(s), can be used in a variety of areas such as human resources, vetting, due diligence and litigation. Personal information may include, addresses, affiliations, email addresses, social networking activity, telephone numbers, etc.
One of these subsets is Social Media Intelligence (SMI). This consists of the monitoring of social channels, conversations, tweets and trends. Some sources of social media include Facebook, Flickr, Instagram, Snapchat or Twitter.
SMI exercises, have significantly increased over recent years and have proved relevant in both prosecution and defence cases, involving:
- Asset tracing
- Cyber bullying
- Human resources
- Intellectual property
- Tracing enquiries
Consequently, corporate entities and individuals alike, need to be aware that; the cumulative aggregation of data from a variety of sources invariably increases its’ value.For examples of intelligence led assignments →
Our expertise and experience, uniquely combines electronic forensic skills, with an understanding of corporate finance.
Asset Tracing – Audit – Computer Security – Digital Forensics – Due Diligence – eDiscovery – Fraud Investigation
Intelligence Gathering -Passwords Analysis – Penetration Testing – Wireless Security
Services underpinned with expertise and experience.