homepage
Menu
Open menu
  • Training
    Go one level top Back

    Training

    • Courses

      Build cyber prowess with training from renowned experts

    • Hands-On Simulations

      Hands-on learning exercises keep you at the top of your cyber game

    • Certifications

      Demonstrate cybersecurity expertise with GIAC certifications

    • Ways to Train

      Multiple training options to best fit your schedule and preferred learning style

    • Training Events & Summits

      Expert-led training at locations around the world

    • Free Training Events

      Upcoming workshops, webinars and local events

    • Security Awareness

      Harden enterprise security with end-user and role-based training

    Featured: Solutions for Emerging Risks

    Discover tailored resources that translate emerging threats into actionable strategies

    Risk-Based Solutions

    Can't find what you are looking for?

    Let us help.
    Contact us
  • Learning Paths
    Go one level top Back

    Learning Paths

    • By Focus Area

      Chart your path to job-specific training courses

    • By NICE Framework

      Navigate cybersecurity training through NICE framework roles

    • DoDD 8140 Work Roles

      US DoD 8140 Directive Frameworks

    • By European Skills Framework

      Align your enterprise cyber skills with ECSF profiles

    • By Skills Roadmap

      Find the right training path based on critical skills

    • New to Cyber

      Give your cybersecurity career the right foundation for success

    • Leadership

      Training designed to help security leaders reduce organizational risk

    • Degree and Certificate Programs

      Gain the skills, certifications, and confidence to launch or advance your cybersecurity career.

    Featured

    New to Cyber resources

    Start your career
  • Community Resources
    Go one level top Back

    Community Resources

    Watch & Listen

    • Webinars
    • Live Streams
    • Podcasts

    Read

    • Blog
    • Newsletters
    • White Papers
    • Internet Storm Center

    Download

    • Open Source Tools
    • Posters & Cheat Sheets
    • Policy Templates
    • Summit Presentations
    • SANS Community Benefits

      Connect, learn, and share with other cybersecurity professionals

    • CISO Network

      Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

  • For Organizations
    Go one level top Back

    For Organizations

    Team Development

    • Why Partner with SANS
    • Group Purchasing
    • Skills & Talent Assessments
    • Private & Custom Training

    Leadership Development

    • Leadership Courses & Accreditation
    • Executive Cybersecurity Exercises
    • CISO Network

    Security Awareness

    • End-User Training
    • Phishing Simulation
    • Specialized Role-Based Training
    • Risk Assessments
    • Public Sector Partnerships

      Explore industry-specific programming and customized training solutions

    • Sponsorship Opportunities

      Sponsor a SANS event or research paper

    Interested in developing a training plan to fit your organization’s needs?

    We're here to help.
    Contact us
  • Talk with an expert
  • Log In
  • Join - it's free
  • Account
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Frequently Asked Questions - SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis
SANS Cyber Defense

Frequently Asked Questions - SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis

May 10, 2018

Frequently Asked Questions - SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis

  • What is the class about?
  • Who should take the class?
  • What is the class layout?
  • I've been doing work in the field for a while. Will the course be valuable to me or is it going to be too basic?
  • Is this course focused on only the United States and people/data there or is it more globally scoped?
  • What will the class prepare you to do?
  • Who is the class author?
  • Do I need OSINT quick test
  • What is next for SEC487?
  • Question: What is the class about?

    A: SEC487 will teach students legitimate and effective ways to find, gather, and analyze this data from the Internet. You'll learn about reliable places to harvest data using manual and automated methods and tools. Once you have the data, we'll show you how to ensure that it is analyzed, sound, and useful to your investigations.

    This is a foundational course in open-source intelligence (OSINT) gathering and, as such, will move quickly through many areas of the field. The course will teach you current, real-world skills, techniques, and tools that law enforcement, private investigators, cyber attackers, and defenders use to scour the massive amount of information across the Internet, analyze the results, and pivot on interesting pieces of data to find other areas for investigation. Our goal is to provide the OSINT knowledge base for students to be successful in their fields whether they are cyber defenders, threat intelligence analysts, private investigators, insurance claims investigators, intelligence analysts, law enforcement personnel, or just someone curious about OSINT.

    Question: Who should take the course?

    A: While far from complete, we have topics in the class that would be helpful to people that are:

    • Cyber Incident Responders
    • Digital Forensics (DFIR)
    • Penetration Testers
    • Law Enforcement
    • Intelligence Personnel
    • Recruiters/Sources
    • Private Investigators
    • Insurance Investigators
    • Human Resources Personnel
    • Researchers
    • Students
    • Parents
    • Parents of Students

    Question: What is the course layout?

    A: This is a 6-day lecture and lab course - View the upcoming course runs

    • The first 4.5 days are classic lecture and lab.
    • There are over 23 labs in the class. That means a LOT of hands-on work for you!
    • The last part of day 5 we have a solo CTF (Capture the Flag) where you work an OSINT investigation by yourself; leveraging the labs and knowledge gained in the course. This gives students time to work an assessment, time to try out new tools and techniques, and allows for students to work at their own speeds.
    • Day 6 is the group CTF where, in teams of 2-4 students, you will work on a large challenge and then present your findings to the class. And then present your findings to the class

    Question: I've never done OSINT, will I get anything out of the class?

    A: YES! I've been pleasantly surprised to find out how many different, non-cyber jobs use OSINT techniques but they don't call it "OSINT". A good example is in recruiting, they may refer to the "boolean searches" they use to find candidates. We may call those "Google Dorks" or advanced search engine queries (and there is a site that has thousands of them at https://www.exploit-db.com/google-hacking-database/). If you look information up on the internet, you kare most likely using OSINT and we can teach you to do it even better!

    Question: I've been doing work in the (law enforcement/intel/private investigator/insurance investigator/recruiter/cyber) field for a while. Will the course be valuable to me or is it going to be too basic?

    A: Everyone that has taken the class has remarked that they have learned some new trick, new tool, or new web site that they can immediately use back at work. If you have been doing this for a while, chances are good that you may know of many of the techniques and tools that we use but maybe haven't made the time to try them. In class, we give you that time. Additionally, if you've been OSINTing/recruiting/investigating for a while, lyou will know that everyone goes about the process a little differently. Learning others' techniques and site preferences can broaden your OSINT reach and help you achieve your goals. There is a detailed account of what we learn each day at https://www.sans.org/course/open-source-intelligence-gathering.

    Question: Is this course focused on only the United States and people/data there or is it more globally scoped?

    A: While I call the United States home, I understand that there are MANY of you that do not. And, as such, your targets, be they computers or people, may not reside in the United States. Our examples, courseware, and labs all have international components to them. Yes, there is a large amount of the courseware that covers data in the United States and how to find it but we also move around the world collecting and analyzing data.

    Question: What will SEC487 prepare you to do?

    • Understand the data collection life cycle
    • Create a secure platform for data collection
    • Analyze customer collection requirements
    • Capture and record data
    • Create sock puppet accounts
    • Create your own OSINT process
    • Harvesting web data
    • Perform searches for people
    • Access social media data
    • Assess a remote location using online cameras and maps
    • Examine geolocated social media
    • Research businesses
    • Use government-provided data
    • Collect data from the Dark Web
    • Leverage international sites and tools

    Question: Who is the course author?

    A: SANS Certified Instructor, Micah Hoffman

    Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world OSINT, penetration testing, and incident response experience to provide excellent solutions to his customers. Micah is the author of SEC487: Open-Source Intelligence Gathering and Analysis, is a SANS Certified Instructor, and holds GIAC's GMON, GAWN, GWAPT, and GPEN certifications as well as the CISSP.

    Micah is a highly active member in the cyber security and OSINT communities. When not working, teaching, or learning, Micah can be found hiking on Appalachian Trail or the many park trails in Maryland. Catch him on Twitter @WebBreacher.

    Question: "Do I Need OSINT?" Test

    Here is a quick test to see if you could benefit from this class.

    1. Do you frequently try to find information about people on the internet?
    2. Do you look up information about IP addresses, subnets, and/or domains on the internet?
    3. Do you use the dark web (or want to start)?
    4. Do you currently only use the simple search fields in social media sites to perform your searches?
    5. Do you use the same web sites and tools for your searches and are sometimes frustrated when they don't give you positive results?
    6. Do you use your own, personal accounts when performing your queries on social media sites?

    If you answered "yes" to any of these questions, then SEC487 is for you.

    Question: What is next for SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis?

    A: SEC487 is currently being offered in BETA in Denver, CO - June 4-9, 2018
    This course is being offered at the special beta pricing of $3,105 - Don't miss this great course at a great price!

    Share:
    TwitterLinkedInFacebook
    Copy url Url was copied to clipboard
    Subscribe to SANS Newsletters
    Receive curated news, vulnerabilities, & security awareness tips
    United States
    Canada
    United Kingdom
    Spain
    Belgium
    Denmark
    Norway
    Netherlands
    Australia
    India
    Japan
    Singapore
    Afghanistan
    Aland Islands
    Albania
    Algeria
    American Samoa
    Andorra
    Angola
    Anguilla
    Antarctica
    Antigua and Barbuda
    Argentina
    Armenia
    Aruba
    Austria
    Azerbaijan
    Bahamas
    Bahrain
    Bangladesh
    Barbados
    Belarus
    Belize
    Benin
    Bermuda
    Bhutan
    Bolivia
    Bonaire, Sint Eustatius, and Saba
    Bosnia And Herzegovina
    Botswana
    Bouvet Island
    Brazil
    British Indian Ocean Territory
    Brunei Darussalam
    Bulgaria
    Burkina Faso
    Burundi
    Cambodia
    Cameroon
    Cape Verde
    Cayman Islands
    Central African Republic
    Chad
    Chile
    China
    Christmas Island
    Cocos (Keeling) Islands
    Colombia
    Comoros
    Cook Islands
    Costa Rica
    Cote D'ivoire
    Croatia (Local Name: Hrvatska)
    Curacao
    Cyprus
    Czech Republic
    Democratic Republic of the Congo
    Djibouti
    Dominica
    Dominican Republic
    East Timor
    Ecuador
    Egypt
    El Salvador
    Equatorial Guinea
    Eritrea
    Estonia
    Eswatini
    Ethiopia
    Falkland Islands (Malvinas)
    Faroe Islands
    Fiji
    Finland
    France
    French Guiana
    French Polynesia
    French Southern Territories
    Gabon
    Gambia
    Georgia
    Germany
    Ghana
    Gibraltar
    Greece
    Greenland
    Grenada
    Guadeloupe
    Guam
    Guatemala
    Guernsey
    Guinea
    Guinea-Bissau
    Guyana
    Haiti
    Heard And McDonald Islands
    Honduras
    Hong Kong
    Hungary
    Iceland
    Indonesia
    Iraq
    Ireland
    Isle of Man
    Israel
    Italy
    Jamaica
    Jersey
    Jordan
    Kazakhstan
    Kenya
    Kiribati
    Korea, Republic Of
    Kosovo
    Kuwait
    Kyrgyzstan
    Lao People's Democratic Republic
    Latvia
    Lebanon
    Lesotho
    Liberia
    Liechtenstein
    Lithuania
    Luxembourg
    Macau
    Madagascar
    Malawi
    Malaysia
    Maldives
    Mali
    Malta
    Marshall Islands
    Martinique
    Mauritania
    Mauritius
    Mayotte
    Mexico
    Micronesia, Federated States Of
    Moldova, Republic Of
    Monaco
    Mongolia
    Montenegro
    Montserrat
    Morocco
    Mozambique
    Myanmar
    Namibia
    Nauru
    Nepal
    Netherlands Antilles
    New Caledonia
    New Zealand
    Nicaragua
    Niger
    Nigeria
    Niue
    Norfolk Island
    North Macedonia
    Northern Mariana Islands
    Oman
    Pakistan
    Palau
    Palestine
    Panama
    Papua New Guinea
    Paraguay
    Peru
    Philippines
    Pitcairn
    Poland
    Portugal
    Puerto Rico
    Qatar
    Reunion
    Romania
    Russian Federation
    Rwanda
    Saint Bartholemy
    Saint Kitts And Nevis
    Saint Lucia
    Saint Martin
    Saint Vincent And The Grenadines
    Samoa
    San Marino
    Sao Tome And Principe
    Saudi Arabia
    Senegal
    Serbia
    Seychelles
    Sierra Leone
    Sint Maarten
    Slovakia
    Slovenia
    Solomon Islands
    South Africa
    South Georgia and the South Sandwich Islands
    South Sudan
    Sri Lanka
    St. Helena
    St. Pierre And Miquelon
    Suriname
    Svalbard And Jan Mayen Islands
    Sweden
    Switzerland
    Taiwan
    Tajikistan
    Tanzania, United Republic Of
    Thailand
    Togo
    Tokelau
    Tonga
    Trinidad And Tobago
    Tunisia
    Turkey
    Turkmenistan
    Turks And Caicos Islands
    Tuvalu
    Uganda
    Ukraine
    United Arab Emirates
    United States Minor Outlying Islands
    Uruguay
    Uzbekistan
    Vanuatu
    Vatican City State
    Venezuela
    Vietnam
    Virgin Islands (British)
    Virgin Islands (U.S.)
    Wallis And Futuna Islands
    Western Sahara
    Yemen
    Zambia
    Zimbabwe

    By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Tags:
    • Open-Source Intelligence (OSINT)

    Related Content

    Blog
    n2c blog 340x340.png
    Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming
    March 13, 2025
    A Visual Summary of SANS New2Cyber Summit 2025
    Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2025
    No Headshot Available
    Alison Kim
    read more
    Blog
    340x340.png
    Open-Source Intelligence (OSINT)
    February 24, 2025
    A Visual Summary of SANS OSINT Summit 2025
    Check out these graphic recordings created in real-time throughout the event for SANS OSINT Summit 2025
    No Headshot Available
    Alison Kim
    read more
    Blog
    Security Awareness, Artificial Intelligence (AI), Digital Forensics, Incident Response & Threat Hunting, Cloud Security, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, Industrial Control Systems Security, Open-Source Intelligence (OSINT)
    December 10, 2024
    Top SANS Summit Talks of 2024
    This year, SANS hosted 13 Summits from OSINT, ICS, Ransomware, DFIR to HackFest. Here were the top-rated talks of the year.
    No Headshot Available
    Alison Kim
    read more
    • Company
    • Mission
    • Instructors
    • About
    • FAQ
    • Press
    • Contact Us
    • Careers
    • Policies
    • Training Programs
    • Work Study
    • Academies & Scholarships
    • Public Sector Partnerships
    • Law Enforcement
    • SkillsFuture Singapore
    • Degree Programs
    • Get Involved
    • Join the Community
    • Become an Instructor
    • Become a Sponsor
    • Speak at a Summit
    • Join the CISO Network
    • Award Programs
    • Partner Portal
    Subscribe to SANS Newsletters
    Receive curated news, vulnerabilities, & security awareness tips
    United States
    Canada
    United Kingdom
    Spain
    Belgium
    Denmark
    Norway
    Netherlands
    Australia
    India
    Japan
    Singapore
    Afghanistan
    Aland Islands
    Albania
    Algeria
    American Samoa
    Andorra
    Angola
    Anguilla
    Antarctica
    Antigua and Barbuda
    Argentina
    Armenia
    Aruba
    Austria
    Azerbaijan
    Bahamas
    Bahrain
    Bangladesh
    Barbados
    Belarus
    Belize
    Benin
    Bermuda
    Bhutan
    Bolivia
    Bonaire, Sint Eustatius, and Saba
    Bosnia And Herzegovina
    Botswana
    Bouvet Island
    Brazil
    British Indian Ocean Territory
    Brunei Darussalam
    Bulgaria
    Burkina Faso
    Burundi
    Cambodia
    Cameroon
    Cape Verde
    Cayman Islands
    Central African Republic
    Chad
    Chile
    China
    Christmas Island
    Cocos (Keeling) Islands
    Colombia
    Comoros
    Cook Islands
    Costa Rica
    Cote D'ivoire
    Croatia (Local Name: Hrvatska)
    Curacao
    Cyprus
    Czech Republic
    Democratic Republic of the Congo
    Djibouti
    Dominica
    Dominican Republic
    East Timor
    Ecuador
    Egypt
    El Salvador
    Equatorial Guinea
    Eritrea
    Estonia
    Eswatini
    Ethiopia
    Falkland Islands (Malvinas)
    Faroe Islands
    Fiji
    Finland
    France
    French Guiana
    French Polynesia
    French Southern Territories
    Gabon
    Gambia
    Georgia
    Germany
    Ghana
    Gibraltar
    Greece
    Greenland
    Grenada
    Guadeloupe
    Guam
    Guatemala
    Guernsey
    Guinea
    Guinea-Bissau
    Guyana
    Haiti
    Heard And McDonald Islands
    Honduras
    Hong Kong
    Hungary
    Iceland
    Indonesia
    Iraq
    Ireland
    Isle of Man
    Israel
    Italy
    Jamaica
    Jersey
    Jordan
    Kazakhstan
    Kenya
    Kiribati
    Korea, Republic Of
    Kosovo
    Kuwait
    Kyrgyzstan
    Lao People's Democratic Republic
    Latvia
    Lebanon
    Lesotho
    Liberia
    Liechtenstein
    Lithuania
    Luxembourg
    Macau
    Madagascar
    Malawi
    Malaysia
    Maldives
    Mali
    Malta
    Marshall Islands
    Martinique
    Mauritania
    Mauritius
    Mayotte
    Mexico
    Micronesia, Federated States Of
    Moldova, Republic Of
    Monaco
    Mongolia
    Montenegro
    Montserrat
    Morocco
    Mozambique
    Myanmar
    Namibia
    Nauru
    Nepal
    Netherlands Antilles
    New Caledonia
    New Zealand
    Nicaragua
    Niger
    Nigeria
    Niue
    Norfolk Island
    North Macedonia
    Northern Mariana Islands
    Oman
    Pakistan
    Palau
    Palestine
    Panama
    Papua New Guinea
    Paraguay
    Peru
    Philippines
    Pitcairn
    Poland
    Portugal
    Puerto Rico
    Qatar
    Reunion
    Romania
    Russian Federation
    Rwanda
    Saint Bartholemy
    Saint Kitts And Nevis
    Saint Lucia
    Saint Martin
    Saint Vincent And The Grenadines
    Samoa
    San Marino
    Sao Tome And Principe
    Saudi Arabia
    Senegal
    Serbia
    Seychelles
    Sierra Leone
    Sint Maarten
    Slovakia
    Slovenia
    Solomon Islands
    South Africa
    South Georgia and the South Sandwich Islands
    South Sudan
    Sri Lanka
    St. Helena
    St. Pierre And Miquelon
    Suriname
    Svalbard And Jan Mayen Islands
    Sweden
    Switzerland
    Taiwan
    Tajikistan
    Tanzania, United Republic Of
    Thailand
    Togo
    Tokelau
    Tonga
    Trinidad And Tobago
    Tunisia
    Turkey
    Turkmenistan
    Turks And Caicos Islands
    Tuvalu
    Uganda
    Ukraine
    United Arab Emirates
    United States Minor Outlying Islands
    Uruguay
    Uzbekistan
    Vanuatu
    Vatican City State
    Venezuela
    Vietnam
    Virgin Islands (British)
    Virgin Islands (U.S.)
    Wallis And Futuna Islands
    Western Sahara
    Yemen
    Zambia
    Zimbabwe

    By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    • Privacy Policy
    • Terms and Conditions
    • Do Not Sell/Share My Personal Information
    • Contact
    • Careers
    © 2025 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute. Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.
    • Twitter
    • Facebook
    • Youtube
    • LinkedIn