Investigation Risk Categories & Mitigations
framework
Core idea
OSINT investigations carry real-world legal, personal, and operational risks. Six recognised risk categories, each with a severity rating and a mitigation, must be understood before beginning. Understanding them beforehand is non-negotiable.
Components
- Legal exposure (High): Accessing private systems or using leaked databases may expose you to criminal liability under computer fraud laws. Mitigation: stick to genuinely public data; document the legal basis for every collection method.
- Personal safety (High): Investigating criminal actors can provoke hostile responses; investigators have been doxxed and threatened. Mitigation: maintain strict OPSEC separation between your investigator identity and personal identity.
- Confirmation bias (High): Pre-deciding the conclusion and seeking supporting evidence causes false attribution and serious harm to innocent parties. Mitigation: actively seek disconfirming evidence; require corroboration from independent sources.
- Operational contamination (Medium): Alerting a subject may cause them to delete evidence or move funds; every active action creates this risk. Mitigation: complete passive collection before any active contact; archive evidence immediately.
- Misinformation laundering (Medium): Sophisticated actors plant false information in public sources; a mislabelled address is a classic deception technique. Mitigation: always trace attribution claims to primary source evidence.
- Psychological impact (Low): Prolonged investigation of difficult subjects has documented effects including vicarious trauma. Mitigation: set time limits on difficult sessions; debrief regularly; work in a team where possible.
When to use
Before and throughout any OSINT or blockchain investigation, to assess and mitigate exposure across legal, personal, and operational dimensions.
Example
Choosing not to open a leaked database (legal exposure) and instead relying on genuinely public records, while documenting the legal basis for each collection method.
Related
Pre-Investigation Readiness Checklist, Manage Both Digital Footprints (OPSEC), Passive vs Active OSINT
Last updated on