The OSINT Cycle is your roadmap for every investigation. Think of it as a recipe – skip a step, and your final product suffers.
Planning → Collection → Processing → Analysis → Dissemination
↑ ↓
←←←←←←←←←←←← Feedback Loop ←←←←←←←←←←←←←←←←←←←←←←←Purpose: Define what you're looking for and how you'll find it
Key Activities:
Define specific objectives
Set investigation boundaries
Identify information requirements
Allocate resources
Plan operational security
Practical Planning Template:
Investigation Title: [Name your investigation] Objective: [What do you want to achieve?] Key Questions: 1. [Specific question 1] 2. [Specific question 2] 3. [Specific question 3] Timeline: [Start date - End date] Boundaries: - Will use: [List acceptable sources/methods] - Won't use: [List unacceptable sources/methods] Resources Needed: - Tools: [List required tools] - Accounts: [List required accounts] - Time: [Estimated hours]
Example Planning Session:
Objective: Verify legitimacy of "TechStart LLC" before partnership Key Questions: 1. Is the company legally registered? 2. Who are the real owners/directors? 3. Do they have the claimed experience? 4. Any red flags or legal issues? Timeline: 48 hours Boundaries: - Will use: Public records, social media, news archives - Won't use: Pretexting, contacting employees directly
Purpose: Gather raw information from identified sources
Collection Strategies:
Start Broad: Cast a wide net initially
Go Deep: Dive into promising leads
Document Everything: Screenshot, archive, note timestamps
Stay Organised: Use consistent file naming
Collection Best Practices:
✓ DO: • Use multiple search engines • Check archived versions of pages • Save everything (you can't go back) • Note collection time and source • Use legal methods only ✗ DON'T: • Rely on single sources • Assume information is permanent • Contact targets directly • Use intrusive techniques • Violate terms of service
Purpose: Transform raw data into a usable format
Processing Tasks:
Data Cleaning: Remove duplicates, fix formats
Organisation: Create logical folder structures
Standardisation: Convert to consistent formats
Enhancement: Improve image quality, extract metadata
Translation: Convert foreign language content
File Organisation Structure:
/Investigation_Name_Date/
/Raw_Data/
/Social_Media/
/Facebook/
/LinkedIn/
/Twitter/
/Public_Records/
/News_Articles/
/Images/
/Processed_Data/
/Profiles/
/Timelines/
/Relationships/
/Analysis/
/Reports/Purpose: Transform processed data into intelligence
Analysis Techniques:
Link Analysis: Map relationships between entities
Timeline Analysis: Understand the sequence of events
Pattern Recognition: Identify behaviours and trends
Anomaly Detection: Spot unusual activities
Verification: Cross-reference multiple sources
The 3-Source Rule: Always try to verify important information through at least three independent sources:
Primary source (original)
Secondary source (different platform/database)
Tertiary source (additional confirmation)
Confidence Levels:
High (90-100%): Multiple reliable sources confirm
Medium (60-89%): Some confirmation, minor discrepancies
Low (30-59%): Limited sources, unverified
Speculation (<30%): Educated guess based on patterns
Purpose: Deliver intelligence to stakeholders
Report Components:
Executive Summary: Key findings in 1-2 paragraphs
Methodology: How information was collected
Detailed Findings: Organised by category
Confidence Assessments: Reliability of each finding
Recommendations: Suggested actions
Appendices: Supporting documentation
Feedback Integration:
What additional information is needed?
Were objectives met?
What could be improved?
Any new leads to investigate?