OSINT

Question 1

What are the four distinct categories of open information and intelligence according to Nato handbook?

Answer 1

• Open source data - raw print, broadcast, oral or any other form from a primary source, photo, most things on internet etc
• Open source information - generic information that is widely disseminated - news papers
• Open source intelligence - information that has been discovered to a select audience
• OSINTV - very high reliable OSINT (classified documents)

Question 2

What is socmint

Answer 2

Social media intelligence

Question 3

What is humint

Answer 3

Human source Intelligence

Question 4

What is a definition of OSINT?

Answer 4

-Intelligence collection management, finding, selecting, acquiring information from publicly available sources, analyzing and producing actionable intelligence

Question 5

What is OSINT not?

Answer 5

-Not hacking, spying, not invented by LE, not necessary free, not just internet

Question 6

What are some sources of OSINT?

Answer 6

• Libraries (off and online)
• Online TV shows
• Government sources
• Business sources
• Academic sources
• Satellite and maps
• Online media
• Social media
• Deep/Dark web

Question 7

What steps should you take in an online investigation?

Answer 7

• Intake and orientation
• Strategy, search and store
• Technical capabilities, tactical applications
• Analysis (GUID’s)
• Refine, recycle and reporting

Question 8

What does Intake and orientation mean?

Answer 8

-Where are you going to look? What are you looking for, how much time do you have?, why do you want to know?

Question 9

What does strategy, search and store mean?

Answer 9

-Consider what strategy you will use and how will you store results

Question 10

What does Technical capabilities, tactical applications mean?

Answer 10

-Search engine, URL slicing etc

Question 11

What does analysis mean?

Answer 11

-You have to constantly analysis information and look for global identifier such as email address

Question 12

What does refine, recycle and report mean?

Answer 12

You constantly refine searches and report

Question 13

What are four categories of information needs?

Answer 13

• Event eg crime, earthquake
• Theme eg drugs on internet stats
• Organisation eg business, gang
• Person eg background, profiling

Question 14

What are some useful search techniques

Answer 14

• Unique quriers
• GUID
• use exact phrases
• Use capitals for names
• Translate your keywords
• Use place names
• Use catchphrases
• Add or exclude with + or -
• Use wildcards searches with *
• Use fuzzy search
• Use slang
• Use multiple search engines

Question 15

What are some operators you can use?

Answer 15

• intitle - must be in the title of the website
• allintitle - all words in title of website
• inurl - must be in the url of the website
• allinurl - all worlds in the url of the website
• site - only seach in that domain eg: Jason site:twitter or site:nz
• file type - pdf, doc
• period - withing a time period eg period:1907…1921

Question 16

What are some methods for searching for information on net?

Answer 16

• Global search (short internet scan) SIS

- Thorough search

Question 17

What are the 7 golden W’s?

Answer 17

• What
• Where
• Who
• When
• Why
• What why?
• With what?

Question 18

What are some search styles and strategies?

Answer 18

• Building blocks = using AND
• Pearl growing =grow quries from relevant documents
• Successive fractions = add bits of data as you go
• Interactive scanning = Researcher has not yet had a good overview but pick out keywords to use
• Berry picking = start with one keyword and build

Question 19

How can we check something is reliable?

Answer 19

• First hand information likely to be
• Never trust a single source
• Verify facts with as many different sources as possible
• Check the link popularity
• What do other sources say about it (comments, reviews)
• Reliable website (big organisation)

Question 20

What can we do with an IP address?

Answer 20

• Whois and IP information
• Reverse DNS
• Web and CML queries

Question 21

What are some signs a domain is suspicious?

Answer 21

• Funny slept name eg using 0
• Warning pops up when you visit
• It has been blacklisted
• Funny details in whois

Question 22

What is a robot.txt

Answer 22

Page that is in the root of the webserver and is a file that prevents web crawlers to index pages listed in web file

Question 23

What is page rank?

Answer 23

Link analysis algorythm which assigns a numerical weighting to hyperlinked documents to measure its importance

Question 24

What are some reasons a search engine wouldn’t show a webpage

Answer 24

• Page isn’t indexed due to robots.txt
• There is only dynamic content
• Page rank is 0
• Search engine doesn’t show it due to previous search preferences
• Search engine doesn’t understand your quriey

Question 25

How do web browsers differ from each other

Answer 25

- Customization - RSS feeds - Tabs - Plug ins - Add ons - Security

Question 26

Why might we want to hide ourselves online?

Answer 26

- They might obstruct our investigation - Change their behavior/tactics - Deny access - Attack our computers - Alert them

Question 27

What are some things we leave as a trace online?

Answer 27

- IP address - Host name - Geolocation - Browser fingerprint - Referrers - Cookies - Server logs - Stats

Question 28

What can you use to hide your IP address?

Answer 28

- Proxy server - Web based anonymiser - TOR - VPN - SSH tunneling - Prepaid cellphone - Public wifi

Question 29

What are the four types of proxy server?

Answer 29

- Transparent - will show your true IP address - Anonymous - Will hide your IP address - High anonymous - host will not know you are using a proxy - Codeen proxy - CODN. Network of high performance proxy

Question 30

What are some technical and tactical considerations when investigating a site?

Answer 30

- Update software - Malware and scanning - Flash cookies - Tool bars - Metadata in pic and docs - Throw away email - Language, screen resolution - Download website - Source code and obfuscation

Question 31

What is an API

Answer 31

Automated programming interface - Takes request and returns results

Question 32

What is a channel?

Answer 32

A chat room in IRC

Question 33

What is a IRC network?

Answer 33

Where channels are based on and operate

Question 34

What are the 5 types of channels?

Answer 34

- Default (public) - Private - Invite only - Secret - Invisible

Question 35

What happens when servers within a network lose contact?

Answer 35

A netsplit occurs and can take a few minutes to reconnect. When this happens a nickname collision may occur which will cause a disconnect.

Question 36

What does @ before a nick name mean?

Answer 36

It is the channel operator

Question 37

What can an IRC channel operator do?

Answer 37

- Kick users - Ban users - Make other users operators - Can change channels subject, title and modes

Question 38

What are IRCops or opers?

Answer 38

They repair netsplits, answer questions, network maintenance

Question 39

What are IRC bots?

Answer 39

- Scripts run from client or separate program - Can execute certain commands - React to certain events - Clone and floodbots used to multiply to flood other users - Used to control botnets

Question 40

What do the terms lag, zooming and k-lined mean?

Answer 40

Lag - Takes a long time for data to be sent Zooming - entering a channel to see how is there and then leaving -k-lined - Access restricted for behavior

Question 41

What are some commands you can use in IRC to search for people?

Answer 41

- /whois (nickname) - /channel (channel) - list of users on a channel - /notify (nickname) - notified when someone enters nickname when enters nickname - /whowas (nickname) - info on someone who just left

Question 42

What is usenet?

Answer 42

It is a global network of servers that host discussion groups called newsgroups. Each newsgroup has it own topic and community

Question 43

What protocol does newsnet use?

Answer 43

Net news transfer protocol

Question 44

How can you stop usenet messages from being archived?

Answer 44

- Use anonymous email addresses | - Use google command to not allow archiving

Question 45

What are some dark nets?

Answer 45

- TOR - Freenet - Zeronet - I2P

Question 46

What investigative opportunities do we have for the darknet?

Answer 46

- Dark net search engines - Sites that leak data - Examine photos and docs for metadata - Set up TOR exit nodes - Undercover operations - Postal services - Clearnet searches - PGP keys - Bio info

Question 47

What should you not do on dark net?

Answer 47

- Don't mix clear and dark net - Don't full size browser - Never your full name days - Never download anything - Don't use your cc - Don't open files in adobe etc, read in TOR browser - Careful when using 3rd party or add ons in browser

Question 48

What is a definition for cryptocurrency?

Answer 48

Crypo is a decentralized, convertible, virtual currency based on math equations and protected by cryptography.

Question 49

What is data mining?

Answer 49

The process of discovering patterns in large data sets

Question 50

What does a bit coin address look like?

Answer 50

A 26 - 26 Alphanumeric characters beginning with either a 1 or 3