Frequently asked questions

The questions below come up most frequently in introductory conversations about OSINT. They are deliberately short; longer treatments of each subject are linked from the individual answers and from the [methodology](/methodology/) and [ethics](/ethics/) pages.

Is OSINT legal?

Yes, in most jurisdictions, collection of information from public sources is lawful. That general rule is subject to several specific exceptions: computer-misuse statutes limit automated access in certain conditions; data-protection regimes such as GDPR govern processing of personal data regardless of source; defamation and privacy torts constrain publication; and some sector-specific regimes (health, education, finance) impose handling obligations on data once collected. In short, the technique is generally legal; the particular application may or may not be. When a specific investigation sits close to a line, consult a qualified legal professional in the relevant jurisdiction.

Do I need a cybersecurity background to do OSINT?

No. OSINT is an investigative discipline that overlaps with but does not require cybersecurity expertise. Journalists, academic researchers, compliance officers, and legal professionals use OSINT heavily with no penetration-testing background. Some subfields — such as exposed-infrastructure research using Shodan — benefit from security knowledge; most do not. Methodology, careful reading, and evidence discipline matter more than tooling expertise.

What tools should I start with?

Start with the Wayback Machine, WHOIS and DNS lookup, Google dorking, and reverse image search. These four cover a large fraction of the questions a beginner needs to answer and have no licence cost. The tool tutorials section walks through each. Avoid starting with a link-analysis platform or an expensive commercial database; they are powerful, but learning them before you know what you are trying to answer tends to produce impressive-looking noise.

Is this site affiliated with any government agency?

No. OSINT Academy is not affiliated with any government agency, law enforcement body, or intelligence organisation. It is a civilian educational resource published by Angel Reyes as part of the Subthesis ecosystem.

Can I use these techniques for personal reasons — to investigate someone I know?

The techniques work regardless of motive, but the ethical and legal framework the site teaches is specifically hostile to using OSINT for harassment, stalking, or interpersonal disputes. Proportionality, minimisation, and concern for harm are not optional features of the discipline; they are the discipline. Using the methods to invade the privacy of a private individual without a legitimate public-interest basis is outside the scope of what this curriculum endorses, and in many jurisdictions it is also unlawful.

How is OSINT different from hacking?

OSINT works only with sources that are publicly available without bypassing access controls. Hacking, in the sense that matters legally, involves access to systems or data for which the user has no authorisation. The practical boundary is usually simple: if a technique requires guessing a password, exploiting a vulnerability, or using credentials that are not yours, it is not OSINT, and typically it is unlawful.

Do I need special software or a subscription to do useful OSINT?

No. A meaningful fraction of the methodology on this site is executable with a browser, a note-taking system, and free public tools. Subscriptions to commercial databases (corporate registries, aggregators, adverse-media services) accelerate some workflows and are important for compliance and due-diligence work, but they are additions to the core methodology rather than substitutes for it.

Is it ethical to research someone's social media without their knowledge?

It depends on who the subject is, what the question is, and what will be done with the findings. Public figures acting in their public capacity are generally fair game within a proportionate investigation. Private individuals investigated for non-consequential reasons typically are not. The ethics framework on this site — proportionality, minimisation, verifiability, honesty about uncertainty, concern for harm — is the right checklist to apply to any specific case. Passive reading of public profiles is usually acceptable; account creation, follow requests, and any contact with the subject or their network moves into different territory.

What is the difference between OSINT and SOCMINT?

SOCMINT — social media intelligence — is a subset of OSINT that focuses on content posted on social media platforms. Everything that applies to OSINT generally applies to SOCMINT, with additional considerations around platform terms of service, the volatility of posted content, and the privacy-context shift that happens when a casual post is lifted into a formal investigation.

How do I preserve evidence for a legal or journalistic investigation?

Capture the original URL, timestamp in UTC, a SHA-256 hash of the captured artefact, and an archival copy submitted to the Wayback Machine and archive.today at the moment of collection. Record the capture method and any access conditions (logged in, VPN, region). Store the artefacts separately from your working notes and carry the hashes forward to the report. The collection phase of the methodology covers this in full.

Can OSINT findings be used in court?

Yes, regularly, though admissibility depends on jurisdiction, rules of evidence, and the specific form of the artefact. Archived captures with contemporaneous hashes and provenance notes are materially easier to authenticate than screenshots assembled after the fact. Legal professionals should review the OSINT workflow under the evidentiary standards applicable to the case; the legal-domain guide discusses this in more depth.

Is it OK to use breach data or leaked databases in an investigation?

Not without a specific legal and ethical review. Possession and processing of data known to have been obtained through a breach can carry independent liability in several jurisdictions regardless of public circulation. Some large disclosure-driven projects (Panama Papers, Pandora Papers derivatives) have established norms for specific datasets, but those norms do not generalise. Default position: do not ingest such sources into a live investigation without a written legal position.

How much time does a real OSINT investigation take?

Far more than beginners expect. A defensible investigation into a non-trivial question typically takes days to weeks of focused time, because most of the work is corroboration and documentation rather than discovery. Investigations that come together in an hour usually did so because the evidence was already aligned and the investigator was lucky; the methodology assumes that luck is not the normal case.

Does OSINT Academy offer certification?

No. The site is an educational resource; it does not issue credentials. Several commercial and governmental bodies offer OSINT certifications with their own criteria — this site neither competes with them nor endorses any particular programme. The skills taught here are measurable by the quality of the investigations the reader can produce, not by a credential.

How often is the site updated?

The methodology and ethics pages are stable; updates are occasional and substantive. Tool tutorials are reviewed regularly and updated when a tool's interface or capabilities change materially. The blog publishes on an ongoing cadence. Case studies are added as they are written. All significant content changes are dated; specific page-level update history can be requested through the contact channel on the about page.

Still have a question? See the [about page](/about/) for contact channels.