Skip to Content
OSINTThe OSINT Lifecycle

The OSINT Lifecycle

workflow

Core idea

A four-stage cycle that structures an OSINT investigation from question to report, ensuring evidence is preserved and inference is separated from fact.

Components

  1. Define requirements, What question are you answering? Who is the subject?
  2. Identify sources, Web, social, blockchain, leaked databases, domain records.
  3. Collect and preserve, Screenshot, archive, hash. Evidence can disappear.
  4. Analyse and report, Connect the dots. Distinguish fact from inference.

When to use

At the start of and throughout any OSINT investigation, to keep collection scoped and evidence defensible.

Example

Before tracing a scam wallet, define the question, list sources (block explorers, forums, WHOIS), archive and hash each finding as it is collected, then report while distinguishing confirmed facts from inference.

What OSINT Is, Common OSINT Source Categories, Pre-Investigation Readiness Checklist

Last updated on