The OSINT Lifecycle
workflow
Core idea
A four-stage cycle that structures an OSINT investigation from question to report, ensuring evidence is preserved and inference is separated from fact.
Components
- Define requirements, What question are you answering? Who is the subject?
- Identify sources, Web, social, blockchain, leaked databases, domain records.
- Collect and preserve, Screenshot, archive, hash. Evidence can disappear.
- Analyse and report, Connect the dots. Distinguish fact from inference.
When to use
At the start of and throughout any OSINT investigation, to keep collection scoped and evidence defensible.
Example
Before tracing a scam wallet, define the question, list sources (block explorers, forums, WHOIS), archive and hash each finding as it is collected, then report while distinguishing confirmed facts from inference.
Related
What OSINT Is, Common OSINT Source Categories, Pre-Investigation Readiness Checklist
Last updated on