OSINT stands for Open-Source Intelligence. Open-source intelligence is data that can be
collected from publicly accessible sources on the surface, deep, and dark web. Examples of
such OSINT sources are social media, forums, blog posts, news sources, articles, archives,
interviews, and documents that can be freely accessed.
Open-Source Intelligence is crucial for analysts and investigators to detect or investigate
illegal activities such as fraud or money laundering. Since open-source intelligence is based on the collection and processing of information and data that are freely available, a vast amount of valuable data from a wide range of sources can be used for the analyses and investigations while complying with statutory data protection and privacy rules and regulations.
For open-source intelligence, analysts and investigators need OSINT tools for efficient data collection and processing while keeping their digital identity hidden. Depending on the purpose of their analysis or investigation, they might also use OSINT tools with geolocation capabilities or Natural Language Processing (NLP) when data is collected from social media and online forums in languages other than English.
Cyber forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence whether during an investigation inside any organization or in a court of law.
Digital forensics is the discipline that combines elements of law and computer science to collect and analyze digital data. The process includes examining and analyzing the collected data for closing a case. Apart from law enforcement, cyber forensics is also used for electronic discovery, commercial digital forensics, and incident response.
Digital forensic technology encompasses advanced technological solutions to retrieve and analyze large and complex web data sets for investigations. An example is mage forensics technology that extracts and analyzes collected metadata of an image file for clues.
In general, forensic science is used to help investigators solve cases. Several sciences can be applied for different cases, including biology, chemistry, physics, engineering, and computer science. In the case of digital forensics, OSINT tools are used to capture and analyze data, including cataloging and indexing metadata, to maintain evidence-based presentation.
Digital forensic tools help investigators to retrieve and process online data in a secure, efficient, and lawful manner. Digital forensic tools have the capacity to collect data from a wide range of sources and provide dark web monitoring services. These tools allow investigators to monitor the deep and dark web and identify cyber threats coming from all layers of the internet, as well as generate user alerts when significant information is identified. Digital forensic tools can also collate this information into reports which can be used for actionable insights or evidence in trials.
Digital forensics is a multidisciplinary effort that embraces several fields, including law, computer science, finance, networking, data mining, and criminal justice. Professionals are facing a mixed set of challenges and issues regarding the efficiency of digital evidence processing and related forensic procedures. Recent innovations are digital forensic tools powered by AI and encompassing ML and NLP smart algorithms to create an automated process of collecting and analyzing vast amounts of web data.
The internet is increasingly used by terrorist organizations to contact and inform members, spread propaganda materials, coordinate attacks, and fund operations. This poses a huge challenge to law enforcement and government agencies due to the level of technical knowledge required in investigations and cross-border access to electronic evidence.
Threat intelligence is evidence-based knowledge about an existing or emerging menace or hazard to assets that can be used to make informed decisions. Sources of threat intelligence include open-source information such as online forums, blogs, and message boards that are publicly accessible.
Sources of threat intelligence are publicly accessible sources on the surface, deep, and dark web as well as private sources, such as information sharing and analysis centers (ISACs).
Intelligence is the center or foundation in the development of suggested courses of action through gathering all relevant information. Counterintelligence is the exerted efforts made by the intelligence organizations to keep their enemy organizations from gathering information against them. In this context, HUMINT (Human Intelligence) is used to gather intelligence through interpersonal contact and engagement.
The grey web is part of the surface web which can be accessed by anyone. The grey web is popular among threat actors who use it for activities that are either borderline legal or blatantly illegal, such as selling hacker guides or stolen credentials.
The deep web is that part of the World Wide Web that is not indexed by standard search engines. This means deep web content cannot be found or accessed by the general public using standard browsers. Examples are webmail, online banking, and private or restricted access to e.g., web forums or paywall news articles. There are several ways to access specific deep web content. For one, a dedicated URL can be used to access e.g., a private video. To access personal accounts, the user needs to enter login details that are unique for that user, e.g., online bank account credentials. Lastly, there are deep web browsers that can be used.
The dark web is the part of the internet that accounts for 90% of all web content. The dark web consists of IP addresses that are routable, but not in use. Basically, it is a repository of hidden websites that can only be accessed with special software, such as Tor.
The dark web cannot be accessed using a standard browser since it is not indexed by search engines. Accessing the dark web therefore requires a special browser. Once the dark web Is accessed, exploring it to e.g., investigate criminal activities requires a dark web search engine. Since the dark web is not as safe as the surface web, analysts and investigators could be vulnerable to the scrutiny of e.g., threat actors related to the investigation, once they access the dark web themselves.
Browsing the dark web can be dangerous. For one, malware (e.g., keyloggers, botnet malware, ransomware, and phishing malware) is rampant. Also, the dark web has a lot of illegal cyber activity, which can be far more extreme and threatening than on the surface and deep web.
Dark web monitoring is the process of searching for and keeping track of relevant information found on a portion of the internet not accessible via normal means. Dark web monitoring can be done using a WEBINT platform in order to identify mentions of threat actors, groups, or organizations on dark web forums and marketplaces, particularly any mentions which include compromised data being illegally shared or sold.
Operational security (OPSEC) refers to managing risks by viewing operations from the perspective of an adversary in order to protect sensitive and critical information from falling into the wrong hands. Already in use by many organizations, threat intelligence requires advanced tools to detect and alert about threats in the organization’s feed and streamlining operations.
Location Intelligence (LI) refers to detecting, collecting, and analyzing geospatial data from a wide range of sources for getting actionable strategic insights. Enterprises, government agencies, and law enforcement use advanced LI tools for data visualization & mapping as part of their analyses and investigations.