The mistakes we see most in fresh OSINT teams — operator hygiene, attribution leaks, and how to make collected evidence stand up in court.
Sarah de Boer
OSINT Practice Lead
Open-source intelligence has the lowest tooling barrier in our discipline and the highest tradecraft barrier. The skill is not finding things — it is finding things lawfully, repeatably, and without burning your operation. Here are the misconceptions we patiently unwind, course after course.
Public availability does not equal lawful collection. Jurisdictional rules apply to what you collect, how you store it, how long you keep it, and what you do with it. Build a collection plan before you open a browser.
We still see investigators researching targets from their personal device, on a personal account, on the office network. A hardened workstation, a sensible exit IP, a properly aged sock-puppet identity — these are not paranoia, they are the floor.
Modern OSINT evidence comes with provenance: source URL, capture timestamp, browser configuration, hash. Tools like Hunchly do this in the background; do not interact with content you have not yet captured.
Across our European caseload, the highest-impact upgrade for most teams is not new software — it is adding a second-language collector. We have native speakers across Dutch, German, Polish, Russian, Arabic and Spanish on our investigations bench for exactly this reason.
A negative result, properly documented, is also evidence. Defence counsel will always ask what you did not look at. Have an answer.