OSINT Flashcards

1
Q

What are the four distinct categories of open information and intelligence according to Nato handbook?

A
  • Open source data - raw print, broadcast, oral or any other form from a primary source, photo, most things on internet etc
  • Open source information - generic information that is widely disseminated - news papers
  • Open source intelligence - information that has been discovered to a select audience
  • OSINTV - very high reliable OSINT (classified documents)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is socmint

A

Social media intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is humint

A

Human source Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a definition of OSINT?

A

-Intelligence collection management, finding, selecting, acquiring information from publicly available sources, analyzing and producing actionable intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is OSINT not?

A

-Not hacking, spying, not invented by LE, not necessary free, not just internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some sources of OSINT?

A
  • Libraries (off and online)
  • Online TV shows
  • Government sources
  • Business sources
  • Academic sources
  • Satellite and maps
  • Online media
  • Social media
  • Deep/Dark web
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What steps should you take in an online investigation?

A
  • Intake and orientation
  • Strategy, search and store
  • Technical capabilities, tactical applications
  • Analysis (GUID’s)
  • Refine, recycle and reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does Intake and orientation mean?

A

-Where are you going to look? What are you looking for, how much time do you have?, why do you want to know?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does strategy, search and store mean?

A

-Consider what strategy you will use and how will you store results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does Technical capabilities, tactical applications mean?

A

-Search engine, URL slicing etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does analysis mean?

A

-You have to constantly analysis information and look for global identifier such as email address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does refine, recycle and report mean?

A

You constantly refine searches and report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are four categories of information needs?

A
  • Event eg crime, earthquake
  • Theme eg drugs on internet stats
  • Organisation eg business, gang
  • Person eg background, profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some useful search techniques

A
  • Unique quriers
  • GUID
  • use exact phrases
  • Use capitals for names
  • Translate your keywords
  • Use place names
  • Use catchphrases
  • Add or exclude with + or -
  • Use wildcards searches with *
  • Use fuzzy search
  • Use slang
  • Use multiple search engines
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some operators you can use?

A
  • intitle - must be in the title of the website
  • allintitle - all words in title of website
  • inurl - must be in the url of the website
  • allinurl - all worlds in the url of the website
  • site - only seach in that domain eg: Jason site:twitter or site:nz
  • file type - pdf, doc
  • period - withing a time period eg period:1907…1921
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some methods for searching for information on net?

A
  • Global search (short internet scan) SIS

- Thorough search

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the 7 golden W’s?

A
  • What
  • Where
  • Who
  • When
  • Why
  • What why?
  • With what?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are some search styles and strategies?

A
  • Building blocks = using AND
  • Pearl growing =grow quries from relevant documents
  • Successive fractions = add bits of data as you go
  • Interactive scanning = Researcher has not yet had a good overview but pick out keywords to use
  • Berry picking = start with one keyword and build
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How can we check something is reliable?

A
  • First hand information likely to be
  • Never trust a single source
  • Verify facts with as many different sources as possible
  • Check the link popularity
  • What do other sources say about it (comments, reviews)
  • Reliable website (big organisation)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What can we do with an IP address?

A
  • Whois and IP information
  • Reverse DNS
  • Web and CML queries
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are some signs a domain is suspicious?

A
  • Funny slept name eg using 0
  • Warning pops up when you visit
  • It has been blacklisted
  • Funny details in whois
22
Q

What is a robot.txt

A

Page that is in the root of the webserver and is a file that prevents web crawlers to index pages listed in web file

23
Q

What is page rank?

A

Link analysis algorythm which assigns a numerical weighting to hyperlinked documents to measure its importance

24
Q

What are some reasons a search engine wouldn’t show a webpage

A
  • Page isn’t indexed due to robots.txt
  • There is only dynamic content
  • Page rank is 0
  • Search engine doesn’t show it due to previous search preferences
  • Search engine doesn’t understand your quriey
25
Q

How do web browsers differ from each other

A
  • Customization
  • RSS feeds
  • Tabs
  • Plug ins
  • Add ons
  • Security
26
Q

Why might we want to hide ourselves online?

A
  • They might obstruct our investigation
  • Change their behavior/tactics
  • Deny access
  • Attack our computers
  • Alert them
27
Q

What are some things we leave as a trace online?

A
  • IP address
  • Host name
  • Geolocation
  • Browser fingerprint
  • Referrers
  • Cookies
  • Server logs
  • Stats
28
Q

What can you use to hide your IP address?

A
  • Proxy server
  • Web based anonymiser
  • TOR
  • VPN
  • SSH tunneling
  • Prepaid cellphone
  • Public wifi
29
Q

What are the four types of proxy server?

A
  • Transparent - will show your true IP address
  • Anonymous - Will hide your IP address
  • High anonymous - host will not know you are using a proxy
  • Codeen proxy - CODN. Network of high performance proxy
30
Q

What are some technical and tactical considerations when investigating a site?

A
  • Update software
  • Malware and scanning
  • Flash cookies
  • Tool bars
  • Metadata in pic and docs
  • Throw away email
  • Language, screen resolution
  • Download website
  • Source code and obfuscation
31
Q

What is an API

A

Automated programming interface - Takes request and returns results

32
Q

What is a channel?

A

A chat room in IRC

33
Q

What is a IRC network?

A

Where channels are based on and operate

34
Q

What are the 5 types of channels?

A
  • Default (public)
  • Private
  • Invite only
  • Secret
  • Invisible
35
Q

What happens when servers within a network lose contact?

A

A netsplit occurs and can take a few minutes to reconnect. When this happens a nickname collision may occur which will cause a disconnect.

36
Q

What does @ before a nick name mean?

A

It is the channel operator

37
Q

What can an IRC channel operator do?

A
  • Kick users
  • Ban users
  • Make other users operators
  • Can change channels subject, title and modes
38
Q

What are IRCops or opers?

A

They repair netsplits, answer questions, network maintenance

39
Q

What are IRC bots?

A
  • Scripts run from client or separate program
  • Can execute certain commands
  • React to certain events
  • Clone and floodbots used to multiply to flood other users
  • Used to control botnets
40
Q

What do the terms lag, zooming and k-lined mean?

A

Lag - Takes a long time for data to be sent
Zooming - entering a channel to see how is there and then leaving
-k-lined - Access restricted for behavior

41
Q

What are some commands you can use in IRC to search for people?

A
  • /whois (nickname)
  • /channel (channel) - list of users on a channel
  • /notify (nickname) - notified when someone enters nickname when enters nickname
  • /whowas (nickname) - info on someone who just left
42
Q

What is usenet?

A

It is a global network of servers that host discussion groups called newsgroups. Each newsgroup has it own topic and community

43
Q

What protocol does newsnet use?

A

Net news transfer protocol

44
Q

How can you stop usenet messages from being archived?

A
  • Use anonymous email addresses

- Use google command to not allow archiving

45
Q

What are some dark nets?

A
  • TOR
  • Freenet
  • Zeronet
  • I2P
46
Q

What investigative opportunities do we have for the darknet?

A
  • Dark net search engines
  • Sites that leak data
  • Examine photos and docs for metadata
  • Set up TOR exit nodes
  • Undercover operations
  • Postal services
  • Clearnet searches
  • PGP keys
  • Bio info
47
Q

What should you not do on dark net?

A
  • Don’t mix clear and dark net
  • Don’t full size browser
  • Never your full name days
  • Never download anything
  • Don’t use your cc
  • Don’t open files in adobe etc, read in TOR browser
  • Careful when using 3rd party or add ons in browser
48
Q

What is a definition for cryptocurrency?

A

Crypo is a decentralized, convertible, virtual currency based on math equations and protected by cryptography.

49
Q

What is data mining?

A

The process of discovering patterns in large data sets

50
Q

What does a bit coin address look like?

A

A 26 - 26 Alphanumeric characters beginning with either a 1 or 3