10.07.2020

OSINT Training: Today and Tomorrow

How many software products does a qualified OSINT expert use? Maltego, Social Links and other transforms, Paliscope, Hunchly, Vortimo, InfoZoom, Analyst's Notebook (ANB), i2 Ibase, Mindmanager, Insomnia, Amped Authenticate, Screaming Frog, Snagit, Camtasia, Website Watcher. There are 15 different packages in the list from Jörn Weber, investigator and OSINT trainer from Corma.de, Germany.
Can one learn to use all this software without special training? Sure. How long it will take and when will there be any appear is another question. Still, some OSINT experts owe their achievements only to themselves. However, some people still turn to trainers and pay for training courses on OSINT products and techniques. Who are these people?
The training is for professionals for whom OSINT technology is the right tool for the job right now. Employees of state law enforcement agencies, primarily police officers, employees of corporate security services, private detectives and journalists, intelligence agents, and human resources specialists. University students during post graduation programs also study OSINT. Cybersecurity professionals, including cyber threat intelligence and antifraud specialists, are also among the students. For example, public sector clients of Leonida Reitano, an expert and trainer from Italy, include the Italian police force, the Italian Ministry of Finance, Milan University, and the defense industry. Some of his private sector clients include US media outlets, private investigators, insurance companies, and banks.
Social Links has partnered with many OSINT and OSMINT technology trainers
and educators. We decided to ask them about the features of this training and some shared their thoughts on the matter. Is the number of people willing to study growing? Yes, all the interviewed trainers noted this trend. «I think more people want to know about OSINT, but for very different reasons. Think about Pentester vs. Police Investigator vs. OSINT-Analysts from EU,» says Jörn Weber.
OSINT is one of the most researched subjects to be studied due to its versatility,
as stated by expert and trainer Dario Beniamini, Co-Founder and CEO www.intellexia.it and www.cybera.it: «It can be applied in multiple scenarios, from penetration testing
to due diligence, digital forensics, malware analysis, cyber attacks».

Who are OSINT trainers, what and how do they teach?

All four trainers, whose comments are used in this review, work in Europe and have been teaching OSINT for more than 8 years. All of them are «playing trainers». None
of them devotes all of their time only to training students, for each constantly works
as an investigator in real investigations, and they analyze examples from these working cases in their classrooms. Full-time and on-line, they teach a variety of technologies and products. The most popular are face-to-face courses lasting several days. Video conferencing has become popular during a pandemic, but this is still an exception rather than a rule.
There is both specialization and mutual cooperation: «I use a broad range of software products, depending on the nature of the assignment. I do not provide dedicated software training for one specific product. For instance, I show some of the Maltego capabilities in my training, but refer clients to Jörn Weber for an in-depth Maltego
and Social Links training,» states Bruno Mortier, a Forensic, Risk & Compliance Manager at BDO Germany.

Audit & Assurance | Tax & Legal | Advisory Services

In addition to Maltego, Social Links, PIPL, Skopenow, Domaintools and many others, Leonida Reitano also teaches a lot of «manual» tricks that fill the gaps of automated OSINT platforms. Dario Beniamini mentions TOR Browser, Web Browsers
with dedicated extensions, python scripts and VMs among the tools he teaches students of FOCA.
OSINT experts carry out extensive educational and organizational work. Leonida Reitano, for example, spoke at several international cybersecurity conferences
on the topic of OSINT and conducting safe, efficient, and effective online investigations. His book, «Esplorare Internet» has been a top seller in Italy and has been used
as a handbook by several public and private organizations.

What types of OSINT investigations are in great demand?

Bruno Mortier notes the demand for investigations relating to financial crime, vendor due diligence, integrity due diligence investigations in the framework of mergers
and acquisitions and value recovery. Furthermore, investigations to complement
Anti-Money Laundering efforts, for instance to investigate in-depth entities that have been flagged by Artificial Intelligence Systems as suspicious. Currently, vendor
due diligence peaks because since Covid-19 one can end up with no product,
a defective product or a fake product from a new or existing vendor, as Bruno Mortier emphasizes.
A serious increase of investigations related to social networks has been noted
by Leonida Reitano. IP thefts, counterfeit investigations, anti fraud, and tailored OSINT investigation are considered by Dario Beniamini as the most popular.
The key questions of the investigations are very often the same, as Jörn Weber
is certain. Who is this person behind an alias, email, website, profile etc.? What
are the links / connections of this person? Are these persons linked? The same question relates to companies: who are they, who is behind them, how are they linked? And no, the questions do not change, Jörn Weber says: «Only the way to get the info changes daily.»
The variability of the environment in which investigations are conducted is one
of the fundamental difficulties. You can master the methods of access and analysis that are possible «today», but «tomorrow» the situation can change dramatically,
and what you just learned cannot be done already. But something else will appear, another way to solve the problem, another way to find what you want. Professional trainers constantly monitor these changes, explore new products and new features
of old packages. «Many of my students are experienced investigators and want
to «upgrade» their knowledge, learn new workflows,» says Jörn Weber. The content
of the courses can be modified to meet the needs of a group of students or an order from a company.

The trickiest part of a course

Trainers deal with people of different backgrounds and levels of expertise. The hardest part is language and IT skills, says Dario Beniamini: «Explaining how to install a web browser and desire to be an OSINT expert requires a commitment from the student and a lot of patience from the teacher.»
Another problem is that there are a lot of software products. «To keep up with
all the info I «unload» - that is tricky. My objective is to make it as easy as possible
for them to use the tools. "I provide them with a number of checklists in case they need to remember it... instead of a 350 pages manual they never read,» notes Jörn Weber. For Leonida Reitano's students, the most difficult thing is to solve problems. «I ask my students to solve several OSINT challenges during my course and some of them
are quite hard. Not everybody can solve it».
Most likely, the most difficult thing is to calmly think things over first. «Not to rush
in and start searching, but spend time understanding the stakeholders, formulating goals and drafting a collection plan. Equally important is to have the eyes on the prize, namely a finished OSINT product which is actionable intelligence. Information as such has no value, that's just data. Every piece of information that provides an advantage
or enables a decision is intelligence», as Bruno Mortier emphasizes.
Most likely, the most difficult thing is to calmly think things over first. «Not to rush
in and start searching, but spend time understanding the stakeholders, formulating goals and drafting a collection plan. Equally important is to have the eyes on the prize, namely a finished OSINT product which is actionable intelligence. Information as such has no value, that's just data. Every piece of information that provides an advantage
or enables a decision is intelligence», as Bruno Mortier emphasizes.

The future of OSINT investigations

The OSINT world is changing before our eyes, and now it makes sense to study
what will be in demand in the future. «No structure, no success,» says Jörn Weber
and explains: «people will see more and more challenges in an overflow on tools, possible solutions and suddenly restricted solutions. This means there is a great future for well trained and smart investigators that now (...) their playground».
More online and standardized services for basic investigation and more tailored
and skilled investigation for specific and complex investigations, as Dario Beniamini predicts the future of OSINT.
As OSINT gets more and more automated, the ability to filter relevant information
from the deluge of data will remain a very highly demanded skill, Bruno Mortier thinks. He notes other trends as well: «I also see that people start to question the private information they make available. Governments, especially military, try to minimize
the availability of OSINT information. OSINT will evolve but remain a critical part
of investigations. Fraud and financial crime will always be around. A key development
is that crowdsourcing has become a valuable and reliable technique». «What excites me most is that the OSINT community continues to grow, share knowledge and work
in unison,» as Bruno Mortier underlines.
The broader and deeper the internet and social networks penetrate people's lives,
the more OSINT's role becomes important. Studying OSINT technologies, strategies and practices provides an advantage in many professions, and the faster you get this advantage, the greater your gain will be.
Get trial!
Be the first who knows our news!
Once a month you will learn about our latest features and hottest news. And no spam of course.
Thank you for reaching out to us!
Please leave your contact details. Social Links team member will contact you back in next 24 hours on business days.
Get trial!
Close
Follow us