In today’s article we will speak about the professional skillset that, in our opinion, every OSINT analyst must have or try to develop to enhance their career.
The reality that we have to face, is that there is jet not a bachelor's degree or a specific OSINT master's, and if on one side this enriches the analysts landscape with a huge variety of backgrounds and different types of mentality, for a person which would like to approach OSINT and understand how to become a professional, the lack of a specific study courses could leave them disoriented and without knowledge about where to start.
That’s why, from the Center of Excellence of Social Links we have developed this article (and more are coming!) which aims to show which characteristics can be enhanced to create the right mindset that can lead one to solve a huge amount of cases.
Decomposing
When we accept to conduct an investigation and approach analysis on any type of Open Source, we would probably get thousands of results, which will further need to be analysed and given a sense to; probably every analyst, once in their life, has experimented the sense of lostness in front of a huge amount of pictures, tweets, reviews, IP addresses, connections, likes, URLs, and so much more.
So, the investigation has started, and something needs to be found, but from where would it be better to start?
This first question can only be answered with a word called “decomposition”, which is the ability to take a big piece of information -in this case, the huge amount of digital content- and break it down into smaller pieces, each of them which have a particular meaning, and to take a small piece of content and understand which questions could potentially be answered from that specific piece of content.
The same piece of information can have a wide variety of different meanings, so the first thing to do is keep the question you want to answer in your mind, which can help you understand where to focus. What do I need to get? The owner of a company? The physical address of a criminal? The digital footprint of a person by starting with its alias on Instagram? To know if a certain person has brothers or sisters?
The questions can be more than one during the same investigation, but it is extremely important to have them well clear in the analyst's mind before putting their hands on the data. Depending on the type of questions, some data will be more relevant and others could be deleted.
So, we need to have a clear understanding of which information we need to solve the investigation, then we need to do mental work, which will allow us to understand where such information can be gained from in the huge amount of data that we have already collected. This is one of the most challenging but interesting parts of the tasks because it consists of the decomposition of the smallest pieces of content in the different types of information that that specific content can provide.
After this process, the analyst will find themselves with one or more specific questions, and with an amount of data to which a sense has been given, so for every small piece of data, the analyst will have clear in mind what type of information can be gained from that piece of data. For example, one “Instagram story” can give insights into what a person likes, their habits, their friends and family members, as well as what a person would like other people to perceive of him or her. So it can be used to answer different types of questions: where does this person live? Who are its friends and relatives? What is the economic situation of this person?
Once this work is done, the analyst will be able to answer the starting question, because he or she will have all the needed data to proceed. There will be one specific question, and some pieces of data will have different meanings, but thanks to the decomposition work previously made, the analyst will know where the answers that he needs are collected, and so the huge amount of data that scared him when he started will be just a nice packet of information where he perfectly knows how to move inside, where to look for what, what has lack of sense and can be avoided.
Being able to do this decomposition work is a skill that can be learned by learning to apply a significant lent on your investigation glasses; being able to ask yourself the precise type of answer that you need to get from your investigation is the most important thing because the more the question is precise, the most it can be decomposed into small details which will need small pieces of answers that will be collocated in the high amount of data before starting the actual investigation analysis phase.
The decomposing process can be seen a little bit as the same as tidying up a bedroom: when you approach it, it seems just a mess of stuff where nothing is where it should be, and it is impossible to give a place to a specific object. But by decomposing the bedroom and giving space to every object and by categorizing objects depending on their specific characteristics, the bedroom will not just feel more comfortable to live into, but will be able to help you live your everyday life better, with less stress and worries and more time.
Causes and effects
Building links between causes and effects is all about connecting the dots between different events, actions, or pieces of information. Imagine you're a detective putting together a puzzle. You need to see how one thing leads to another, understand the chain of events, and uncover the hidden patterns that tell the full story. This skill involves critical thinking and a knack for spotting relationships that aren't immediately obvious. It's more than just noticing that Event A happened before Event B; it's about digging deeper to understand how and why A led to B. This involves analyzing data from various sources, looking for recurring themes, and making logical connections. By mastering this skill, you can reveal the underlying mechanisms that drive events and actions.
In OSINT investigations, building links between causes and effects is crucial for turning scattered data into coherent intelligence. Analysts often work with vast amounts of information from different sources like social media, news articles, public records, and more. By understanding the cause-and-effect relationships, analysts can identify trends and predict future events. For example, seeing how a series of social media posts escalate into coordinated protests. Cause-and-effect links can also help to highlight connections between seemingly unrelated data points. For instance, linking financial transactions to trace the funding sources of illegal activities.
To boost the skill of building links between causes and effects, focus on developing sharp analytical thinking through regular practice and studying case studies. Enhance your research skills by diversifying your information sources and practicing rigorous fact-checking. Utilize analytical tools like data visualization software and OSINT-specific tools to map relationships and identify patterns. This comprehensive approach will help you connect the dots more effectively and uncover the underlying mechanisms driving events.
Formulating the hypothesis
Formulating a hypothesis is all about making an educated guess that can be tested through investigation. Think of it as creating a roadmap for your inquiry. You start with an initial question or observation and then craft a potential explanation that you can verify with evidence. This skill requires a balance of creativity and logic—you need to be imaginative enough to come up with potential explanations but also grounded enough to ensure they are testable and realistic. A well-formulated hypothesis sets the direction for your research and helps you stay focused on finding relevant information.
In OSINT investigations, formulating a hypothesis is crucial for guiding the research process. Analysts often encounter vast amounts of information, and without a clear hypothesis, it’s easy to get lost in the data. By starting with a hypothesis, analysts can focus their efforts on gathering evidence that supports or refutes their initial guess. For example, if an analyst hypothesizes that a specific group is behind a series of cyberattacks, they can direct their investigation towards gathering data that either confirms or disproves this theory. This approach helps in systematically narrowing down possibilities and uncovering the truth.
To boost the skill of formulating hypotheses, start by honing your critical thinking abilities. Engage in exercises that challenge you to come up with multiple explanations for a given scenario and then test them. Study case studies to see how successful hypotheses were formulated and tested in the past. Practice developing clear, concise, and testable hypotheses based on preliminary observations.
Conclusions
As we have seen, most of the skills that can be considered necessary to become an OSINT analyst, cannot be studied in books, but they consist of the ability to develop a certain mindset and approach to data and analysis
If on one side this can look like a challenge, the good news is that all the mentioned abilities can be developed and enhanced with a good amount of effort, and especially of exercises.
We are going to drop the second round of OSINT skillsets needed in a couple of weeks, meanwhile, if you would like to start exercising to develop the skills that we explained but you don’t know where to start, feel free to drop me or Costanza a message on LinkedIn and we will be happy to help you develop your OSINT mindset.