OSINT Flashcards

1
Q

What are the four distinct categories of open information and intelligence according to Nato handbook?

A
  • Open source data - raw print, broadcast, oral or any other form from a primary source, photo, most things on internet etc
  • Open source information - generic information that is widely disseminated - news papers
  • Open source intelligence - information that has been discovered to a select audience
  • OSINTV - very high reliable OSINT (classified documents)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is socmint

A

Social media intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is humint

A

Human source Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a definition of OSINT?

A

-Intelligence collection management, finding, selecting, acquiring information from publicly available sources, analyzing and producing actionable intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is OSINT not?

A

-Not hacking, spying, not invented by LE, not necessary free, not just internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some sources of OSINT?

A
  • Libraries (off and online)
  • Online TV shows
  • Government sources
  • Business sources
  • Academic sources
  • Satellite and maps
  • Online media
  • Social media
  • Deep/Dark web
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What steps should you take in an online investigation?

A
  • Intake and orientation
  • Strategy, search and store
  • Technical capabilities, tactical applications
  • Analysis (GUID’s)
  • Refine, recycle and reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does Intake and orientation mean?

A

-Where are you going to look? What are you looking for, how much time do you have?, why do you want to know?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does strategy, search and store mean?

A

-Consider what strategy you will use and how will you store results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does Technical capabilities, tactical applications mean?

A

-Search engine, URL slicing etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does analysis mean?

A

-You have to constantly analysis information and look for global identifier such as email address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does refine, recycle and report mean?

A

You constantly refine searches and report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are four categories of information needs?

A
  • Event eg crime, earthquake
  • Theme eg drugs on internet stats
  • Organisation eg business, gang
  • Person eg background, profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some useful search techniques

A
  • Unique quriers
  • GUID
  • use exact phrases
  • Use capitals for names
  • Translate your keywords
  • Use place names
  • Use catchphrases
  • Add or exclude with + or -
  • Use wildcards searches with *
  • Use fuzzy search
  • Use slang
  • Use multiple search engines
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some operators you can use?

A
  • intitle - must be in the title of the website
  • allintitle - all words in title of website
  • inurl - must be in the url of the website
  • allinurl - all worlds in the url of the website
  • site - only seach in that domain eg: Jason site:twitter or site:nz
  • file type - pdf, doc
  • period - withing a time period eg period:1907…1921
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some methods for searching for information on net?

A
  • Global search (short internet scan) SIS

- Thorough search

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the 7 golden W’s?

A
  • What
  • Where
  • Who
  • When
  • Why
  • What why?
  • With what?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are some search styles and strategies?

A
  • Building blocks = using AND
  • Pearl growing =grow quries from relevant documents
  • Successive fractions = add bits of data as you go
  • Interactive scanning = Researcher has not yet had a good overview but pick out keywords to use
  • Berry picking = start with one keyword and build
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How can we check something is reliable?

A
  • First hand information likely to be
  • Never trust a single source
  • Verify facts with as many different sources as possible
  • Check the link popularity
  • What do other sources say about it (comments, reviews)
  • Reliable website (big organisation)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What can we do with an IP address?

A
  • Whois and IP information
  • Reverse DNS
  • Web and CML queries
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are some signs a domain is suspicious?

A
  • Funny slept name eg using 0
  • Warning pops up when you visit
  • It has been blacklisted
  • Funny details in whois
22
Q

What is a robot.txt

A

Page that is in the root of the webserver and is a file that prevents web crawlers to index pages listed in web file

23
Q

What is page rank?

A

Link analysis algorythm which assigns a numerical weighting to hyperlinked documents to measure its importance

24
Q

What are some reasons a search engine wouldn’t show a webpage

A
  • Page isn’t indexed due to robots.txt
  • There is only dynamic content
  • Page rank is 0
  • Search engine doesn’t show it due to previous search preferences
  • Search engine doesn’t understand your quriey
25
How do web browsers differ from each other
- Customization - RSS feeds - Tabs - Plug ins - Add ons - Security
26
Why might we want to hide ourselves online?
- They might obstruct our investigation - Change their behavior/tactics - Deny access - Attack our computers - Alert them
27
What are some things we leave as a trace online?
- IP address - Host name - Geolocation - Browser fingerprint - Referrers - Cookies - Server logs - Stats
28
What can you use to hide your IP address?
- Proxy server - Web based anonymiser - TOR - VPN - SSH tunneling - Prepaid cellphone - Public wifi
29
What are the four types of proxy server?
- Transparent - will show your true IP address - Anonymous - Will hide your IP address - High anonymous - host will not know you are using a proxy - Codeen proxy - CODN. Network of high performance proxy
30
What are some technical and tactical considerations when investigating a site?
- Update software - Malware and scanning - Flash cookies - Tool bars - Metadata in pic and docs - Throw away email - Language, screen resolution - Download website - Source code and obfuscation
31
What is an API
Automated programming interface - Takes request and returns results
32
What is a channel?
A chat room in IRC
33
What is a IRC network?
Where channels are based on and operate
34
What are the 5 types of channels?
- Default (public) - Private - Invite only - Secret - Invisible
35
What happens when servers within a network lose contact?
A netsplit occurs and can take a few minutes to reconnect. When this happens a nickname collision may occur which will cause a disconnect.
36
What does @ before a nick name mean?
It is the channel operator
37
What can an IRC channel operator do?
- Kick users - Ban users - Make other users operators - Can change channels subject, title and modes
38
What are IRCops or opers?
They repair netsplits, answer questions, network maintenance
39
What are IRC bots?
- Scripts run from client or separate program - Can execute certain commands - React to certain events - Clone and floodbots used to multiply to flood other users - Used to control botnets
40
What do the terms lag, zooming and k-lined mean?
Lag - Takes a long time for data to be sent Zooming - entering a channel to see how is there and then leaving -k-lined - Access restricted for behavior
41
What are some commands you can use in IRC to search for people?
- /whois (nickname) - /channel (channel) - list of users on a channel - /notify (nickname) - notified when someone enters nickname when enters nickname - /whowas (nickname) - info on someone who just left
42
What is usenet?
It is a global network of servers that host discussion groups called newsgroups. Each newsgroup has it own topic and community
43
What protocol does newsnet use?
Net news transfer protocol
44
How can you stop usenet messages from being archived?
- Use anonymous email addresses | - Use google command to not allow archiving
45
What are some dark nets?
- TOR - Freenet - Zeronet - I2P
46
What investigative opportunities do we have for the darknet?
- Dark net search engines - Sites that leak data - Examine photos and docs for metadata - Set up TOR exit nodes - Undercover operations - Postal services - Clearnet searches - PGP keys - Bio info
47
What should you not do on dark net?
- Don't mix clear and dark net - Don't full size browser - Never your full name days - Never download anything - Don't use your cc - Don't open files in adobe etc, read in TOR browser - Careful when using 3rd party or add ons in browser
48
What is a definition for cryptocurrency?
Crypo is a decentralized, convertible, virtual currency based on math equations and protected by cryptography.
49
What is data mining?
The process of discovering patterns in large data sets
50
What does a bit coin address look like?
A 26 - 26 Alphanumeric characters beginning with either a 1 or 3