OSINT for Corporate Investigation

Who this is for

Corporate investigators, integrity-risk analysts, third-party risk managers, competitive-intelligence teams, and M&A diligence staff using open-source evidence to characterise entities and their principals. Your output typically lands in a decision memo — invest, onboard, partner, acquire, walk away — and the margin for error is narrow because the consequences are concrete.

This guide assumes familiarity with the core methodology and focuses on the conventions corporate work imposes on top of it.

Core techniques

Entity identity resolution. Before any claim can be attached to a company, confirm you are looking at the same company across sources. Shared names, similar names, and deliberately similar names are common. Use registration numbers, formation dates, registered addresses, and named officers as identity anchors; never rely on the trade name alone.

Officer and principal research. Names, prior roles, disqualifications, litigation involvement, regulatory history, and public statements. The litmus test for a principal is not whether they have a clean public record but whether the record is consistent with the representations made to your organisation.

Supply-chain mapping. Direct suppliers, their subcontractors, their freight and logistics, and the jurisdictions their operations traverse. Public disclosures, customs data, shipment records, and press coverage each illuminate part of the chain. Sanctions and forced-labour exposure typically appear at tier two or three, not at the named counterparty.

Reputational and adverse-media research. News, regulatory enforcement, NGO reports, academic literature, and court records covering the entity and its principals. Grade each hit by source authority, primary-document backing, and distance from the original event.

Technical footprint analysis. A company's web and infrastructure presence often reveals age, competence, and connectedness in ways filings do not. A firm claiming a twenty-year history whose domains were registered last quarter is telling you something specific. Use infrastructure signals as corroboration, not accusation.

Competitive and market intelligence. For M&A and competitive work, public filings, patent records, hiring patterns, and product documentation yield a lot. Keep the investigation squarely on public sources; pretexting and similar methods are neither legal nor necessary.

Essential tools

Company registry searches for primary corporate records across jurisdictions.
WHOIS and DNS lookup for registrant history and infrastructure connections.
Wayback Machine for historical states of corporate websites and past personnel listings.
Shodan for internet-exposed infrastructure relevant to technical posture and supply-chain risk.
Google dorking for documents technically public but not surfaced through obvious browsing.
Maltego for link analysis across entities, officers, and addresses.
Metadata extraction for document and image provenance.
The Subthesis legal document analysis tool for extraction across long due-diligence document sets, contracts, and filings.

Legal and ethical considerations

Other specific considerations:

Insider trading and market abuse. Research programmes that uncover material non-public information create handling obligations under securities law. Know the escalation path before a finding lands in your queue.
Export controls and sanctions touchpoints. Supply-chain findings can trigger export-control or sanctions issues the same way financial investigations do. Coordinate with compliance when the evidence suggests exposure.
Retention. Due-diligence files are discoverable. Hold them for the period your policy requires, no longer, and dispose on schedule.
Competitive intelligence ethics. The line between competitive intelligence and espionage is not subtle, but it is occasionally crossed under pressure. Stay on the public-source side of it explicitly.

Workflow example

A technology vendor proposes to acquire a mid-size competitor. The intelligence requirement for the integrity track of the diligence becomes: "Identify material adverse signals about the target's officers, principal shareholders, and publicly identified customers that would affect the acquisition decision, using only public sources."

Collection starts with the corporate registry for the target and all entities in its group, archiving and hashing every filing. Officers and principals are screened against sanctions lists, litigation dockets, regulatory enforcement databases, and adverse-media sources. Domain and infrastructure history is pulled, and the historical states of the target's public site are retrieved via the Wayback Machine. A striking finding: the target's historical site listed a senior adviser who no longer appears in current versions; the adviser's name is associated in archived regulatory records with a penalty in another jurisdiction. The finding is logged as a lead to be resolved.

Analysis tests the adviser lead against alternative explanations — common name, unrelated individual, minor historical involvement scrubbed for cosmetic reasons — and finds the disqualification hypothesis survives: primary regulatory record matches on date of birth, nationality, and prior role. Two independent press sources confirm the individual's former role with the target.

The diligence memo reports the finding with appropriate hedging, cites every claim to a hashed artefact, and recommends a specific representation and warranty and a disclosure question for the target's counsel. A second finding concerning a customer concentration issue is reported as material but with the note that the open-source picture cannot establish whether long-term contracts are in place — the team should pursue that through the target's data room, not further open-source work.

A common trap: accepting a current corporate website as a source of truth about current personnel. Websites reflect marketing, not always compliance. Cross-check personnel claims against filings and LinkedIn history in every investigation that turns on them.