Note Taking for OSINT

Effective note-taking is crucial for successful OSINT investigations. Proper documentation ensures information integrity, enables pattern recognition, and maintains evidence chains.

Essential Note-Taking Tools

Desktop Applications

KeepNote

• Type: Hierarchical note organization
• Features:
• Tree-like structure for organizing information
• Rich text formatting with images and attachments
• Cross-platform compatibility
• Offline functionality
• Best for: Structured investigations with multiple subjects

CherryTree

• Type: Hierarchical note-taking application
• Features:
• Tree structure with nodes and subnodes
• Syntax highlighting for code
• Password protection
• Export to multiple formats
• Best for: Technical investigations requiring code documentation

Joplin

• Type: Open source note-taking and to-do application
• Features:
• Markdown support
• End-to-end encryption
• Synchronization across devices
• Web clipper extension
• Best for: Secure, synchronized note-taking across multiple devices

Cloud-Based Solutions

Notion

• Type: All-in-one workspace for notes and collaboration
• Features:
• Database functionality
• Template system
• Real-time collaboration
• Integration with other tools
• Best for: Team investigations and comprehensive case management

OneNote

• Type: Microsoft's cloud-based note-taking platform
• Features:
• Free-form canvas
• Handwriting recognition
• Integration with Microsoft Office
• Real-time synchronization
• Best for: Mixed media documentation and Microsoft ecosystem users

Screenshot and Image Annotation Tools

Greenshot

• Features:
• Built-in image editor
• Automatic upload to cloud services
• OCR capabilities
• Annotation tools (arrows, text, highlighting)
• Best for: Quick screenshot documentation with annotations

Flameshot

• Features:
• Powerful screenshot software
• Advanced editing tools
• Command-line interface
• Cross-platform support
• Best for: Linux users and command-line workflows

Note-Taking Best Practices

Structure and Organization

1. Use Consistent Naming Conventions
2. Date-based filing (YYYY-MM-DD)
3. Subject-based categorization

4. Unique case identifiers

5. Create Information Hierarchies

6. Main investigation folder
7. Subject-specific subfolders

8. Evidence categories (images, documents, profiles)

9. Implement Tagging Systems

10. Use relevant keywords
11. Create tag taxonomies
12. Enable cross-reference capabilities

Documentation Standards

Source Attribution

Always record: - URL and timestamp - Screenshot date and time - Tool or method used for collection - Confidence level of information

Evidence Preservation

• Maintain original file formats
• Create backup copies
• Document chain of custody
• Use hash values for integrity verification

Information Verification

Cross-Reference Methods

• Multiple source confirmation
• Timeline consistency checks
• Fact-checking against known data
• Reverse verification techniques

Confidence Levels

Use standardized confidence indicators: - High: Multiple independent sources confirm - Medium: Single reliable source or multiple unconfirmed sources - Low: Unverified single source - Uncertain: Conflicting information exists

Sock Puppets and Operational Security

Creating Research Personas

Sock puppets are fictional online personas used for intelligence gathering without revealing your real identity.

Key Resources:

• Creating Effective Sock Puppets
• The Art Of The Sock
• Anonymous Sockpuppet Account Setup Process

Example Persona Elements:

• Email: louisthornton@jourrapide.com
• Consistent backstory and interests
• Appropriate profile photos
• Realistic activity patterns

Platform-Specific Considerations:

• Twitter: Focus on interests and engagement patterns
• LinkedIn: Professional background and connections
• Facebook: Personal interests and social connections

Security Measures

1. Compartmentalization
2. Separate devices or virtual machines
3. Different browsers with cleared data

4. Unique personas for different investigations

5. Anonymous Communication

6. VPN services
7. Tor browser
8. Temporary email services

9. Encrypted messaging

10. Evidence Protection

11. Encrypted storage
12. Secure backup procedures
13. Access control measures
14. Regular security audits

Documentation Templates

Investigation Log Template

Case ID: [Unique Identifier]
Date: [YYYY-MM-DD]
Investigator: [Name/ID]
Objective: [Investigation goals]

Timeline:
- [Timestamp]: [Action taken]
- [Timestamp]: [Information discovered]
- [Timestamp]: [Verification completed]

Sources:
- [Source 1]: [Description and reliability]
- [Source 2]: [Description and reliability]

Findings:
- [Key finding 1]: [Confidence level]
- [Key finding 2]: [Confidence level]

Next Steps:
- [Action item 1]
- [Action item 2]

Source Verification Checklist

• URL documented with timestamp
• Screenshot captured
• Source reliability assessed
• Cross-referenced with other sources
• Information categorized by confidence level
• Chain of custody maintained