Resources
Field notes from lawful intelligence work.
Practical writing on OSINT, HUMINT, evidence handling and compliance, from the practitioners who run these workflows for law enforcement, government and corporate security teams.
Articles
Fundamentals
What is OSINT? Open-source intelligence, explained
Open-source intelligence in plain terms: what counts as an open source, what separates OSINT from googling, and what makes the output usable in real cases.
5 min read
Fundamentals
What is SOCMINT? Social media intelligence, explained
Social media intelligence: what investigators actually take from social platforms, where the legal lines run, and why network structure matters more than single posts.
5 min read
Tradecraft
The intelligence cycle: five stages that keep casework honest
Direction, collection, processing, analysis, dissemination. Why the classic cycle survives every new tool, and what it looks like in a working investigation.
5 min read
Evidence
ISO/IEC 27037: the standard behind defensible digital evidence
Identification, collection, acquisition, preservation. What ISO/IEC 27037 actually requires, who the DEFR and DES are, and how the standard applies to online material.
6 min read
Verification
Geolocation and chronolocation: proving where and when
How investigators verify the place and time behind a photo or video — terrain, shadows, weather records, metadata — and why single clues are never enough.
5 min read
Tradecraft
Investigating the dark web: what is actually down there
Tor, I2P and the onion ecosystem without the mythology: what hidden services host, how investigators reach them lawfully, and where the real difficulty sits.
6 min read
Tradecraft
Research personas and managed attribution
Why investigators separate their research identity from their real one, what a maintained persona involves, and the OPSEC failures that burn cases.
5 min read
Law enforcement
Where OSINT fits in a criminal investigation
Open sources in police work: lead development, suspect identification, court preparation — and the handling discipline that keeps findings admissible.
5 min read
Corporate security
Dark-web monitoring for companies, without the theatre
What continuous dark-web monitoring can and cannot tell an organisation, which findings deserve escalation, and how to judge a monitoring service.
5 min read
Buying guide
How to evaluate an OSINT platform
Evaluation criteria that matter after the demo: evidence handling, audit trails, data jurisdiction, source coverage, and the questions vendors should answer.
6 min read
Tradecraft
OSINT vs HUMINT: how they differ, and when to combine them
What separates open-source intelligence from human intelligence — legal basis, strengths, failure modes — and how disciplined teams combine both.
8 min read
Evidence
Chain of custody for open-source evidence
How to collect, preserve and document open-source material so it survives disclosure, cross-examination and court — hashing, provenance, and process.
9 min read
Compliance
GDPR-aware intelligence workflows
Running lawful OSINT and corporate intelligence under GDPR: lawful basis, data minimisation, retention discipline, and documentation that survives audit.
8 min read
Reference
The intelligence glossary.
Plain-language, quotable definitions of 19 core terms: OSINT, HUMINT, SOCMINT, chain of custody and more, each on its own page with practical context.
Briefing list
New field notes, straight to your inbox.
Occasional briefings when we publish new tradecraft writing or ship platform capabilities. No marketing cadence, no list sharing.