Jesse William McGraw

The five-stage workflow that separates an OSINT analyst from someone with a bookmarks bar full of tools.

Google Lens isn’t always the right tool. Here’s when each of the major reverse-image-search engines wins, and the ethics line on face-search services.

A practitioner walkthrough of the photo-geolocation method used by Bellingcat and most newsroom verification teams. Worked example included.

What OSINT.industries actually returns, how I use it for journalism and due-diligence work, and the ethics framework I won’t run a query without.

A practitioner’s roadmap to the OSINT tools that actually earn their place in your bookmarks bar. Free and paid, with honest notes on what each one is good for.

Bellingcat has, more than any other organisation, defined what serious open-source investigation looks like in practice. The MH17, Skripal, and Russian-spy investigations are landmark cases. Here is the methodology they developed and how it can be applied.

Social-media OSINT was easier in 2018 than it is in 2026. Twitter’s API restrictions, Meta’s hardening, and the migration of communities to Telegram and Discord have reshaped what is possible. Here is the current state of the art across the major platforms.

Shodan, Censys, ZoomEye, FOFA, BinaryEdge, and a small set of others continuously scan every public IP on the internet and index what they find. They are essential tools for security research, attack-surface management, and OSINT. Here is the comparison.

Passive DNS is the recording of what DNS lookups have happened across the internet. For threat intel and OSINT investigations, it is one of the most powerful single data sources — it lets you see history that current DNS records cannot reveal.

Ransomware leak sites are the public-facing front of double-extortion operations. Tracking them — what’s posted, when, by which group, against which victim — is a useful OSINT skill for threat intelligence, journalism, and breach victim notification.