OSINT Blog / Post

June 19, 2024

OSINT for Law Enforcement

Intelligence-led law enforcement investigations and operations rely on reliable, relevant, timely, and actionable intelligence. OSINT enables law enforcement agencies to collect and analyze information from the internet relating to their investigations, identifying criminals, criminality, and witnesses. 

OSINT enables law enforcement agencies to piece together information from a wide range of sources, building a detailed picture of criminals, organized crime networks, trafficking, the illegal trade of goods, and much more.

Intelligence Analysts collect, collate, and analyze information from the internet, utilizing the Kipling method by answering the 5WH questions of crime, Who?, What?, When?, Where?, Why?, and How?, enabling them to put forward recommendations to disrupt crime. 

The specific tactics and solutions used during internet investigations by law enforcement agencies are usually not fully disclosed to ensure that criminals cannot utilize this information to avoid detection, which would place the public at risk. Law enforcement agency investigators are held to a high standard when determining whether an internet investigation can gain authorization, with approval given on a case-by-case basis. 

Intelligence and Investigation professionals working on behalf of law enforcement may utilize OSINT for several purposes:

Risk Assessment

Operational Intelligence Researchers provide a 24/7 real-time intelligence capability, conducting research using open and closed sources to satisfy operational requirements and provide real-time checks for law enforcement officers. OSINT enables Intelligence Researchers to conduct checks on the subject of operational activity to determine where they live, entry points to their property, and if there are any risks, such as posted images of weapons or dogs. 

Real-time internet research can also inform the preliminary development of intelligence in support of major or critical incidents. In the immediate aftermath of serious incidents, law enforcement can monitor social media posts relating to the incident to determine the extent of the impact. This research enables law enforcement officers arriving at the scene to better interpret the situation and respond effectively. 

Background on a Subject

Intelligence professionals utilize open source information when researching to create a subject profile. Subject profiles assist in prioritization, help identify intelligence gaps, and highlight prevention, disruption, and enforcement opportunities. OSINT enables analysts and investigators to discover information that subjects have posted online or have consented to be collected, which provides insight into them and their lifestyles. For law enforcement, relevant OSINT may include name, location, contact details, photos, court records, vehicle records, financial details, and habits of a person.

Surface Web Investigations

OSINT provides law enforcement the ability to overtly or covertly investigate, research, and monitor subjects over the internet. Law enforcement officers can access social media profiles of subjects to observe their online activity, identifying items for sale and comments made that evidence criminality. False persona accounts may be used to ensure that a digital trail is not established, such as appearing on a list of people who have viewed a page. Accessing information from the internet like Tweets can provide law enforcement with access to information that might not otherwise be revealed to law enforcement officers. Witnesses to crimes may post information about what they have seen but have not reported directly to a law enforcement agency. OSINT helps expand the intelligence picture, enabling law enforcement to have as clear a view of criminal activity as possible.

Dark Web Investigations

In addition to conducting OSINT activity on the surface web, law enforcement officers can also conduct research on the dark web to uncover criminal activity. Dark web activity is only conducted by law enforcement officers when it is necessary and proportionate to meet the objectives of a specific case. Law Enforcement tools crawl dark web forums and markets for illegal activity that includes the trade of illegal goods and services, like illicit drugs, and training materials, such as guides on hacking. Dark web OSINT research facilitates investigations into crimes including cybercrime, cyberwarfare, and cyberterrorism, which traditional policing methods cannot easily disrupt.

Undercover Investigations

The majority of investigative internet activity conducted by law enforcement officers is passive, meaning that it involves no direct contact with the subject of an investigation. When necessary and proportionate, law enforcement officers may utilize covert accounts to contact subjects during OSINT activity. Law enforcement officers can act as Covert Human Intelligence Sources, gaining insight into criminals and their activity by making contact whilst using an alias. Undercover internet investigations can enable communication with a single subject or with groups of people under investigation to determine if criminality is taking place. Undercover activity can help law enforcement officers to gain the trust of criminals, facilitating network investigations and deals for the trade of illegal goods. 


The internet plays a crucial role in the radicalization, recruitment, training, financing, and incitement of terrorist activity. Law Enforcement Agencies conduct OSINT activity on the internet to pursue terrorist actors and prevent, protect against, and prepare for terrorist activity. Enacting defensive measures, law enforcement agencies practice counterintelligence (red-teaming) techniques to enhance their situational awareness. Potential high-risk targets, both locations and individuals, can be researched to expose publicly available information that may compromise their security, enabling this risk to be reduced. Additionally, law enforcement agencies conduct offensive internet investigation measures by locating, monitoring, and reporting on terrorist sources and individuals. Intelligence Analysts and Researchers will locate terrorist sites, materials, and networks and exploit them for intelligence purposes, enabling law enforcement agencies to conduct physical operations to arrest radicalized individuals planning terror-related crimes and prevent those crimes from occurring.

Big Data Analysis

Law Enforcement Agencies can utilize OSINT for big data analysis to analyze social media posts to develop situational awareness, using Intelligence Analysts and Data Scientists to interpret quantitative data at a large scale. Clustering is a technique used to analyze a collection of strong and weak ‘signals’/ ‘indicators’ within data to predict the bigger picture, enabling law enforcement to detect signals from noise. Using Weak Indicator Analysis, weak indicators can assist in dealing with crimes like the trafficking of people and arms and terrorist funding. Weak indicator analysis considers the components of threats, such as an increase in ivory trade or customs seizures of weapons. Individual indicators might not raise attention but, when clustered, these indicators may indicate a wider problem. Successful OSINT analysis for dig data analysis utilizes the human analyst element alongside the objective machine-led big data and weak signal analysis.

Utilizing OSINT when researching or investigating a subject enables law enforcement agencies to aggregate and analyze relevant and timely information from a wide range of sources to assist with managing risks and preventing crime. 

Skopenow works with law enforcement agencies and police departments around the world by automating their digital investigations. Skopenow instantly and anonymously collects, analyzes, and archives social media accounts and posts, discovers alias’, and identifies flag behaviors and hidden links between multiple parties. Skopenow also produces automated court-ready reports, collating images, text, videos, and metadata. For more information, please e-mail us at sales@skopenow.com