Suche
Lesesoftware
Info / Kontakt
Open Source Intelligence Investigation - From Strategy to Implementation
von: Babak Akhgar, P. Saskia Bayerl, Fraser Sampson
Springer-Verlag, 2017
ISBN: 9783319476711 , 302 Seiten
Format: PDF, Online Lesen
Kopierschutz: Wasserzeichen
Preis: 171,19 EUR
eBook anfordern
Preface
6
Acknowledgements
8
Contents
9
Editors and Contributors
11
Introduction
15
1 OSINT as an Integral Part of the National Security Apparatus
16
Abstract
16
1.1 Introduction
16
1.2 OSINT and Counter Terrorism Strategy
17
1.3 The CENTRIC OSINT Hub
21
1.4 Concluding Remarks
22
References
22
2 Open Source Intelligence and the Protection of National Security
23
Abstract
23
2.1 Introduction
23
2.2 From Threat to Threat
24
2.3 Online Radicalisation
26
2.4 Counter Measures
28
2.5 Conclusions
30
References
31
3 Police Use of Open Source Intelligence: The Longer Arm of Law
32
Abstract
32
3.1 Introduction
32
3.2 Understanding Intelligence in Policing
33
3.3 Intelligence Collection Disciplines
35
3.4 Characteristics of Open Source Intelligence
35
3.5 Modelling Open Source Intelligence
39
3.6 Conclusions
41
References
42
4 OSINT as Part of the Strategic National Security Landscape
43
Abstract
43
4.1 Introduction
43
4.2 Understanding the Strategic Landscape into Which OSINT Must Be Applied
44
4.3 Understanding the Intelligence Cycle in Which OSINT Must Exist and the Wider Intelligence Mix in Which It Must Integrate
47
4.3.1 Understanding the Application of OSINT in Operational Decision Making
52
4.3.2 UK Government Intelligence: Its Nature, Collection, Assessment and Use
53
4.4 How Might an Overarching Information Governance Architecture Support OSINT for Decision Making Within the Wider Intelligence Mix and Cycle?
58
4.5 Summary
63
References
64
5 Taking Stock of Subjective Narratives Surrounding Modern OSINT
66
Abstract
66
5.1 Introduction
66
5.2 Contextual Background
67
5.3 Lack of Public Clarity
68
5.4 Opposing Narratives
69
5.5 Independent Reviews
71
5.6 Conclusion
72
References
73
Methods, Tools and Techiques
75
6 Acquisition and Preparation of Data for OSINT Investigations
76
Abstract
76
6.1 Introduction
76
6.2 Reasons and Strategies for Data Collection
78
6.3 Data Types and Sources
80
6.3.1 Structured and Unstructured Data
80
6.3.2 Where and How to Obtain Open Source Data
80
6.3.2.1 Supporting Manual Searches
81
6.3.2.2 Web Crawling and Spiders
81
6.3.2.3 Web Metadata
83
6.3.2.4 APIs
83
6.3.2.5 Open Data
84
6.3.2.6 Social Media
84
6.3.2.7 Traditional Media
87
6.3.2.8 RSS
87
6.3.2.9 Grey Literature
88
6.3.2.10 Paid Data and Consented Data
88
6.3.2.11 Data on the Deep and Dark Web
89
6.4 Information Extraction
90
6.4.1 Natural Language Processing
90
6.4.1.1 Main Body Extraction
91
6.4.1.2 Entity Extraction
93
6.4.2 Modelling
94
6.4.2.1 Entity Relation Modelling
94
6.4.3 Feedback Loops
94
6.4.4 Validation Processes
95
6.4.5 Disinformation and Malicious Intent
95
6.4.6 Software Tools for Data Collection and Preparation
96
6.5 Privacy and Ethical Issues
97
6.5.1 Privacy by Design
97
6.5.2 Being Polite Online
98
6.5.2.1 Monitor Web Crawls and Respecting robots.txt
98
6.5.2.2 Keeping to API Limits
98
6.6 Conclusion
99
References
99
7 Analysis, Interpretation and Validation of Open Source Data
101
Abstract
101
7.1 Introduction
101
7.2 Types of Data Analysis
102
7.2.1 Textual Analysis
102
7.2.1.1 Text Processing
102
7.2.1.2 Word Sense Disambiguation
103
7.2.1.3 Sentiment Analysis
104
7.2.2 Aggregation
105
7.2.2.1 Document Clustering
105
7.2.3 Connecting the Dots
106
7.2.3.1 Network Analysis
107
7.2.3.2 Co-occurrence Networks
108
7.3 Location Resolution
109
7.3.1 Geocoding
110
7.3.2 Reverse Geocoding
110
7.4 Validating Open Source Information
111
7.4.1 Methods for Assigning Priority
112
7.4.2 Approaches for Recognising Credibility
113
7.4.3 Methods for Identifying Corroboration
114
7.5 Conclusion
114
References
115
8 OSINT and the Dark Web
117
Abstract
117
8.1 Introduction
117
8.2 Dark Web
120
8.2.1 Darknets on the Dark Web
120
8.2.2 Dark Web Size
124
8.2.3 Dark Web Content
124
8.3 OSINT on the Dark Web
126
8.3.1 Landscape of Dark Web Activities of Investigative Interest
126
8.3.2 Challenges Faced by LEAs on the Dark Web
128
8.4 OSINT Techniques on the Dark Web
129
8.4.1 Crawling
130
8.4.2 Search Engines
131
8.4.3 Traffic Analysis and de-Anonymization
132
8.5 Case Study: HME-Related Information on the Dark Web
133
8.5.1 Methodology
134
8.5.2 Experimental Evaluation
135
8.6 Conclusions
136
References
137
9 Fusion of OSINT and Non-OSINT Data
139
Abstract
139
9.1 Introduction
139
9.2 OSINT Data
140
9.2.1 Geographical Data
140
9.2.2 Statistical Data
141
9.2.3 Electoral Register
141
9.2.4 Court Records
142
9.2.5 Social Media
142
9.2.6 Blogging Platforms
142
9.2.7 Search Engines
143
9.2.8 Internet Archive
144
9.2.9 Freedom of Information
144
9.3 Non-OSINT Data
144
9.3.1 Criminal Records
145
9.3.2 Financial Records
146
9.3.3 Telecommunication Records
147
9.3.4 Medical Records
148
9.3.5 Imagery, Sensors and Video Data
149
9.4 Fusion Opportunities
149
9.4.1 Targeted Search
150
9.4.2 Validation of Other ‘INTs’
150
9.4.3 Filling in the Missing Links
150
9.4.3.1 Identity Matching
151
9.4.3.2 Enhanced Social Network Creation
152
9.4.4 Environmental Scanning
153
9.4.5 Predictive Policing
154
9.4.6 Situational Awareness During Major Events
155
9.4.7 Identification and Tracking of Foreign Fighters
156
9.4.8 Child Sexual Exploitation
156
9.5 Conclusions
157
References
157
10 Tools for OSINT-Based Investigations
159
Abstract
159
10.1 Introduction
159
10.1.1 Effective Cyber-Risk Management
160
10.2 Key Assessment Themes
161
10.2.1 Security
161
10.2.1.1 Privacy
161
10.2.1.2 Protecting Against Malware
162
10.2.1.3 Unnecessary Bundled Software
162
10.2.1.4 Cloud-Based Services
162
10.2.2 Reliability
163
10.2.2.1 Code Quality
163
10.2.2.2 Open Formats and Standards
163
10.2.3 Legality
164
10.2.3.1 Licensing
164
10.2.3.2 Authorities
165
10.3 Completing a Tool Review
165
10.4 Assessment Framework
166
10.4.1 Document Information
167
10.4.2 Supplier Assessment
168
10.4.3 External Assessments
168
10.4.4 Practitioner’s Assessment
169
10.5 Conclusion
170
References
171
11 Fluidity and Rigour: Addressing the Design Considerations for OSINT Tools and Processes
172
Abstract
172
11.1 Introduction
172
11.2 Intelligence Analysis
175
11.3 What Do We Design?
177
11.4 Designing for Fluidity and Rigour
180
11.4.1 Fluidity as a Design Concept for OSINT Investigations
182
11.4.2 Rigour as a Design Concept for OSINT Investigations
184
11.5 Conclusions: Guidance for Designing Analysts’ Tools
187
Acknowledgments
188
References
188
Pratical Application and Cases
191
12 A New Age of Open Source Investigation: International Examples
192
Abstract
192
12.1 Introduction
192
12.2 Conclusion
198
References
199
13 Use Cases and Best Practices for LEAs
200
Abstract
200
13.1 Introduction
200
13.2 OSINT in an Increasingly Digital World
201
13.3 OSINT Best Practices for LEAs
203
13.3.1 Absolutes
203
13.3.2 Exploitables
203
13.3.3 Information Auditing
205
13.3.4 Strategic Data Acquisition
205
13.3.5 OSINT Pitfalls
206
13.3.5.1 Leakage
206
13.3.5.2 Anonymization
206
13.3.5.3 Crowd-Sourcing and Vigilantism
207
13.3.5.4 Corrupting the Chain of Evidence
207
13.3.5.5 Source Validation
208
13.4 LEA Usage of OSINT in Investigations: Case Examples
208
13.4.1 Exploiting Friendships in an Armed Robbery Case
208
13.4.2 Locating Wanted People Through Social Media
209
13.4.3 Locating a Sex Offender
210
13.4.4 Proactive Investigation Following a Terrorist Attack
211
13.5 Going Undercover on Social Media
212
13.6 Conclusions
212
References
213
14 OSINT in the Context of Cyber-Security
215
Abstract
215
14.1 Introduction
215
14.2 The Importance of OSINT with a View on Cyber Security
218
14.3 Cyber Threats: Terminology and Classification
219
14.4 Cyber-Crime Investigations
220
14.4.1 Approaches, Methods and Techniques
220
14.4.2 Detection and Prevention of Cyber Threats
223
14.5 Conclusions
229
References
229
15 Combatting Cybercrime and Sexual Exploitation of Children: An Open Source Toolkit
234
Abstract
234
15.1 Introduction
234
15.2 The Extended Impact of Cybercrime
235
15.3 Tools for Law Enforcement
237
15.4 The Role of OSINT
238
15.5 The UINFC2 Approach
240
15.5.1 Citizen Reporting Form
240
15.5.2 LEA/HOTLINE UINFC2 Platform
242
15.6 Concluding Remarks
248
Acknowledgments
249
References
249
16 Identifying Illegal Cartel Activities from Open Sources
251
Abstract
251
16.1 Introduction
252
16.2 The Principles
254
16.2.1 The Definition of a Cartel
254
16.2.2 The Sources of Information
255
16.2.2.1 Government Procurement Records
257
16.2.2.2 Company Registry
257
16.2.2.3 Legal Databases
257
16.2.2.4 Other Open-Source Intelligence (OSINT) sources
258
16.2.3 Cartel Patterns
258
16.2.4 Security Models
260
16.2.4.1 Negative Security Models and Supervised Learning
260
16.2.4.2 Positive Security Models and Unsupervised Learning
261
16.3 Data Acquisition from Open Sources
261
16.3.1 The Architecture
261
16.3.2 Entity Extraction
262
16.3.3 Filtering Out Suspicious Items in the Fusion Centre
262
16.3.4 Feature Engineering
264
16.3.5 Fitted Parameters of Economic Models
265
16.3.6 Network Science and Visualization
265
16.4 Machine Learning Methodologies
266
16.4.1 Evaluation of Predictive Methods
267
16.4.2 Logistic Regression
268
16.4.3 Decision Trees
269
16.4.4 Boosting
269
16.5 Conclusion and Further Work
270
References
271
Legal Considerations
274
17 Legal Considerations for Using Open Source Intelligence in the Context of Cybercrime and Cyberterrorism
275
Abstract
275
17.1 Introduction
275
17.2 Citizens’ Perceptions and Human Rights
276
17.3 Investigatory Powers
277
17.3.1 Existing and Proposed Powers
278
17.3.2 (Un)Lawful Practices
279
17.4 Data Protection
280
17.4.1 The Legislation
280
17.4.2 Further Considerations
282
17.5 Data Acquisition
283
17.6 Rules of Evidence
283
17.6.1 Seizing Digital Evidence
284
17.7 Unused Material
284
17.8 Different Jurisdictions
285
17.9 Overcoming Problems
286
17.9.1 Europol
286
17.9.2 Joint Investigation Teams
286
17.9.3 Eurojust
287
17.9.4 CEPOL
287
17.9.5 Interpol
288
17.10 Summary
288
17.11 Conclusion
290
References
291
18 Following the Breadcrumbs: Using Open Source Intelligence as Evidence in Criminal Proceedings
293
Abstract
293
18.1 Introduction
293
18.2 What Is the Difference Between Intelligence and Evidence?
294
18.3 Practical Issues
296
18.4 Legal Framework
296
18.5 European Convention on Human Rights
297
18.6 Uses of OSINT as Evidence
299
18.7 Conclusion
300
References
300