How to Start Using OSINT Techniques for Investigative Journalism

You’re staring at an official statement, a press release, or a carefully curated video. Every instinct tells you there’s more to the story, a truth buried beneath the polished surface. For the modern investigative journalist, this is where the real work begins. The initial advice is always the same: learn a few search operators, check social media profiles, and scrape public websites. While useful, these are merely the entry points into the world of Open Source Intelligence (OSINT).

True investigative work, the kind that holds power to account, isn’t about finding a single piece of public data. It is about a disciplined investigative process: meticulously building a verification chain, correlating disparate sources to form a coherent picture, and maintaining strict operational security to protect your work and yourself. It requires a shift in mindset—from a reporter who gathers facts to an analyst who constructs and verifies a narrative from raw, open data.

This guide provides the operational framework for that transition. We will move beyond the basics and into the core methodologies used by professional investigators. We will cover how to master free satellite imagery for geolocation, track the assets of the powerful, evaluate advanced tools, navigate the critical ethical boundaries, and finally, make the leap from data gatherer to indispensable news analyst.

This article provides a structured path into the world of OSINT, breaking down the essential techniques and mindset required for deep investigative work. The following sections offer a roadmap from foundational skills to advanced analytical thinking.

Table of Contents: An OSINT Framework for Journalists

• How to Access and Read Satellite Imagery for Free?
• FlightRadar24 and MarineTraffic: How to Track Oligarchs and Weapons?
• Maltego for Journalists: Is It Worth the Learning Curve?
• The Privacy Line: When Does OSINT Become Stalking?
• How to Use Google Earth Pro to Verify a Video’s Location?
• Virtual Machines: Why You Need One Before Investigating the Dark Web?
• How to Source Data That Goes Beyond the Official Press Release?
• How to Transition from Reporting Facts to Becoming a News Analyst?

How to Access and Read Satellite Imagery for Free?

Geolocation, or “geolocating,” is the science of confirming the physical location of an image or video. It’s a foundational OSINT skill that provides irrefutable physical context to an event. This isn’t about simply finding a spot on a map; it’s about building a verification chain, where each piece of evidence supports the next. You start with a wide view from space and systematically narrow your focus to ground-level truth. This process allows you to debunk false claims about where an event took place by comparing visual data from multiple sources.

A textbook example of this method is the Bellingcat investigation into war crimes in Ethiopia’s Tigray region. Investigators analyzed execution videos by first identifying unique topographic features like ridges and plateaus. Using tools like PeakVisor and Google Earth, they matched these features to a specific location: Mahbere Dego village. Shadow analysis then helped determine the time of day, creating a verifiable timeline that dismantled the official narrative. This demonstrates a core principle: satellite imagery is your anchor point for physical truth.

To conduct this level of analysis, you must follow a methodical workflow. The process involves more than just looking at a picture; it’s about using multiple free tools to cross-reference data points.

1. Start with Google Earth Pro: Use the historical imagery slider to track changes over time. This is critical for seeing construction, destruction, or seasonal changes that can help date an image or video.
2. Access Sentinel Hub: This provides near-real-time multispectral data. Different band combinations can reveal details invisible to the naked eye, such as analyzing vegetation health, identifying water bodies, or mapping urban heat signatures.
3. Use PeakVisor for Topography: This mobile app allows you to match mountains, ridges, and skylines from ground footage with precise 3D terrain models, confirming perspective and location.
4. Cross-Verify with SunCalc: Shadow analysis is a powerful tool for chronolocation. By calculating sun angles for a specific location and date, you can authenticate timestamps or determine the time of day a photo was taken with remarkable accuracy.
5. Document Your Process: Use Google Earth’s placemarks and image overlays to build your visual evidence. This creates a compelling, easy-to-understand final product that shows your work.

FlightRadar24 and MarineTraffic: How to Track Oligarchs and Weapons?

Beyond static locations, OSINT provides the means to track moving assets. Platforms like FlightRadar24 and MarineTraffic, which aggregate Automatic Dependent Surveillance-Broadcast (ADS-B) and Automatic Identification System (AIS) data, are not just for enthusiasts. For journalists, they are powerful tools for monitoring the movements of private jets, superyachts, and cargo ships, often linked to oligarchs, sanctioned individuals, or illicit arms transfers. The key is not to just watch a single vessel or aircraft, but to conduct pattern-of-life analysis to identify unusual routes, frequent destinations, or coordinated movements.

A critical concept in this field is identifying “dark periods”—times when a vessel or aircraft turns off its transponder to evade tracking. Correlating these disappearances with their reappearance points can reveal sensitive locations like private airfields or clandestine port calls. This requires patience and methodical data collection over time. The significance of this capability has grown immensely, as OSINT activity surged after the Ukraine war in 2022 and other major global conflicts, making asset tracking a frontline journalistic skill.

Investigating these movements involves more than just watching a live map. The real work is in the data. You must archive flight histories, cross-reference aircraft registration numbers with corporate ownership records, and compare shipping manifests with vessel tracking data. By layering these datasets, a journalist can uncover the hidden logistics networks that underpin global power structures and conflicts. This is digital detective work that connects dots across continents, following the money and the power by following its physical footprint.

Maltego for Journalists: Is It Worth the Learning Curve?

While many OSINT tools perform a single function, Maltego operates as a visual analysis environment. It excels at data correlation by transforming disparate pieces of information—like an email address, a domain name, or a social media handle—into a graph of interconnected nodes. For a journalist, this means moving beyond a spreadsheet of facts to a visual map of relationships. The learning curve is not insignificant, but the payoff is the ability to uncover hidden connections that would otherwise remain buried in data.

The value of Maltego is its ability to automate the process of pivoting from one data point to another. It runs “Transforms” that query dozens of public sources simultaneously, building out a network of connections in minutes, not days. For journalists trying to map a complex corporate structure or a criminal network, this is a game-changer. As investigative journalist Aida Kokanovic demonstrated in a human trafficking network investigation, starting with just a few phone numbers, Maltego was able to map out social media profiles and hidden links between suspects, exposing the network’s structure visually.

The primary question for journalists is whether the free Community Edition (CE) is sufficient or if a paid license is necessary. The answer depends on the scale and frequency of your investigations. The CE is powerful enough for targeted searches on individuals or small networks, but newsroom-level collaboration and access to premium data sources require a professional license.

The Privacy Line: When Does OSINT Become Stalking?

The power of OSINT comes with immense ethical responsibility. The line between legitimate investigation in the public interest and invasive stalking is a critical boundary that every journalist must navigate. While all the information gathered is “open source,” its aggregation and analysis can create a portrait of a person’s life that is intensely private. The simple fact that data is public does not automatically grant a license for its indiscriminate collection and publication. The guiding principle must be a rigorous and defensible public interest test.

This isn’t a vague ethical sentiment; it’s an operational checklist to be applied before and during an investigation. You must constantly ask: Is the subject a public figure whose actions have public consequences? Does the information relate directly to their public duties or a matter of significant public concern? Does the potential harm to the individual’s privacy outweigh the public’s right to know? If you cannot answer “yes” to these questions with confidence, you risk crossing the line into harassment.

Organizations like Al Jazeera have developed frameworks to help journalists maintain ethical standards while using OSINT. These are not legal advice, but a structured way of thinking to ensure your methods are proportional and justifiable. Adherence to such a framework is your best defense against accusations of unethical conduct.

How to Use Google Earth Pro to Verify a Video’s Location?

The internet is awash with user-generated content, with experts estimating that 500 hours of video are uploaded to YouTube every minute. This creates a massive trove of potential evidence, but also a minefield of misinformation. For a journalist, the ability to definitively verify the location shown in a video is a crucial skill. Google Earth Pro is the primary tool for this task, offering a 3D environment where you can cross-reference landmarks and perspectives to confirm or debunk a video’s claimed location.

The process is methodical and follows a surveyor’s logic. It is not enough to find one matching building; you must establish multiple points of correspondence to create a solid verification. This “3-Point Verification” method ensures that you have matched not just a single landmark, but the spatial relationship between several landmarks, making your conclusion far more robust. This is how you prove, beyond a reasonable doubt, that a video was filmed from a specific vantage point.

Your verification process should follow these steps:

1. Identify Permanent Landmarks: Scan the video for 3-5 unique and permanent features. These could be buildings, cell towers, distinctive mountain ridges, or unique road intersections. Avoid temporary objects like vehicles or foliage.
2. Match Spatial Relationships: Using Google Earth Pro’s 3D view, navigate to the potential location. Attempt to replicate the camera’s angle and field of view from the video, ensuring the identified landmarks line up correctly in relation to one another.
3. Verify Historical Existence: Use Google Earth’s historical imagery slider to go back in time. Confirm that the landmarks you’ve identified existed at the time the video was allegedly filmed. This can expose videos that use old footage to represent a current event.

By creating a side-by-side comparison using screenshots from the video and Google Earth, annotated with your identified landmarks, you can produce a powerful and easily understandable piece of evidence for your audience. This transforms an abstract claim into a verified fact.

Virtual Machines: Why You Need One Before Investigating the Dark Web?

When an investigation requires you to venture into high-risk digital environments like the dark web, forums known for malware, or websites operated by hostile actors, your standard operating system is a liability. Every click, every download, and every interaction leaves a digital trace and exposes your primary machine to compromise. This is where operational security, or OpSec, becomes paramount. A Virtual Machine (VM) is your most critical OpSec tool, acting as a disposable, isolated “clean room” for your investigation.

A VM is a completely self-contained operating system that runs in a window on your computer. Any malware encountered or forensic traces left behind are confined within the VM. Once your session is complete, you can delete the VM, and with it, any potential threat or evidence of your activity. This digital isolation is non-negotiable for any serious investigator. Using your personal or work computer for such tasks is a grave security risk, potentially leading to the compromise of your entire digital life and other ongoing investigations.

This is not theoretical. It is standard professional practice. For example, the BBC Verify team, one of the world’s largest newsroom OSINT units, uses isolated virtual environments for every investigation. This maintains evidence integrity and prevents cross-contamination between cases. Their VM “snapshots” act as forensic checkpoints, allowing them to revert the system to a clean state after accessing a suspicious source while preserving the investigative timeline. A VM is not just a tool for hackers; for a journalist, it’s an essential piece of safety equipment.

How to Source Data That Goes Beyond the Official Press Release?

The official press release is the beginning of a story, not the end. Its purpose is to control a narrative. A journalist’s purpose is to deconstruct it. Sourcing data that goes beyond the official statement requires a multi-pronged approach, using OSINT to find the unfiltered documents, dissenting voices, and raw data that provide essential context or outright contradiction. This process is about building a mosaic of information from disparate sources to reveal the full picture.

A masterclass in this technique was the New York Times’ investigation into the civilian killings in Bucha, Ukraine. While Russia issued official denials, the Visual Investigations team systematically dismantled them. They didn’t rely on a single source; they combined satellite imagery, Google Street View data for geolocation, shadow analysis for chronolocation, and, crucially, collected cell phone footage and security camera recordings from local residents. It was the powerful correlation of all these sources that exposed the truth and proved the official press releases false.

To replicate this kind of work, an investigator must know where to look for the documents and data that companies and governments don’t voluntarily promote. The goal is to find the primary sources that underpin, or undermine, the official story.

• Search Public Registries: Dig into government databases for planning applications, environmental impact statements, court records, and business registrations. These documents often contain unfiltered details.
• Use Web Archives Strategically: The Wayback Machine is invaluable. Check for previous versions of company websites, policy documents, or executive team pages that may have been altered or deleted.
• Leverage Academic Search Engines: Use platforms like BASE (Bielefeld Academic Search Engine) or Google Scholar to find scientific studies, theses, or reports that can corroborate or contradict official claims, especially those related to health or environmental issues.
• Monitor Employee Social Media: Use advanced searches on LinkedIn and Twitter to find posts from current or former employees. Their public comments or professional histories can provide crucial context or leads.
• Cross-Reference Financial Filings: For publicly traded companies, compare the optimistic language of a press release against the legally mandated disclosures in SEC filings (like 10-K or 10-Q reports). Discrepancies often reveal the real story.

How to Transition from Reporting Facts to Becoming a News Analyst?

The transition happens when you stop reporting what the data says and start explaining why it matters, connecting it to broader trends and predicting potential consequences.

– Al Jazeera Media Institute, Open-Source Intelligence Handbook

The final and most crucial step in mastering OSINT is moving beyond the role of a fact-gatherer to become a true news analyst. In a world where it’s projected that nearly 200 billion gigabytes of data will be created annually by 2025, simply reporting isolated facts is a diminishing skill. The real value lies in synthesis: the ability to weave together verified OSINT findings into a coherent analysis that explains the “so what.” An analyst doesn’t just present data; they provide foresight and understanding.

This transition requires building a personal “knowledge graph” in your area of expertise. It’s about continuously monitoring your beat using OSINT tools, not just when you’re on a specific assignment. This deep, ongoing immersion allows you to spot anomalies, recognize emerging patterns, and connect a new piece of information to a web of existing knowledge. Your goal is to be the person who can explain the second and third-order effects of an event because you’ve been tracking the underlying network for months or even years.

To cultivate this analytical mindset, you must adopt a new set of practices that prioritize context and implication over simple fact-finding.

• Map Relationships Over Time: Use tools like mind maps or Maltego to visually track the connections between key actors, organizations, and events over a long period.
• Apply the ‘So What?’ Test: For every piece of verified OSINT data you find, force yourself to answer the question: “Why does this matter?” Investigate the broader context and the potential impact.
• Develop Niche Expertise: You cannot be an expert on everything. Focus your OSINT efforts on a specific beat (e.g., maritime smuggling, disinformation networks, a particular political faction) to build deep, defensible domain knowledge.
• Connect to Broader Patterns: Link your individual findings to larger systemic issues, whether they are geopolitical shifts, industry-wide trends, or technological vulnerabilities.
• Predict Future Implications: Use your accumulated knowledge graph to make informed forecasts about potential consequences and the likely next developments in a story.

Your next step is to choose a small, low-risk subject of interest and begin applying these techniques methodically. Start building your investigative workflow today and transform data into undeniable truth.