45+ Cyber Security Courses at SANS 2019 in Orlando! Save up to $200 thru 2/27.


To attend this webcast, login to your SANS Account or create your Account.

Collecting OSINT: Grabbing Your Data Now to Use Later

  • Wed., July 18, 2018 - 11:00am Singapore / 12:00pm Tokyo / 1:00pm Sydney
  • Micah Hoffman and Josh Huff
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


The tools and resources used by OSINT investigators greatly influence their abilities to discover other research lines to pursue also known as data pivots. Often, these resource collections are a bookmarked list of websites and some favorite tools the investigator has found useful. Let us enhance your capabilities by showing you the power of creating and using your own offline collections of OSINT-related data. Tree leaves, images of the insides of hotel rooms, pictures of cars and car parts all play parts in jumping ahead in your investigations. Imagine if you found an image of a blanket in a picture on a target's social media and could compare that against your local image bank to discover what hotel chain uses those blankets. And that is just the beginning! In this webcast, you will learn how to recognize and collect resources that will create your own private information caches (built on OSINT data) to help in future OSINT investigations. 

Speaker Bios

Micah Hoffman

Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world penetration testing and incident response experience to provide unique solutions to his customers. Micah holds GIAC's GAWN, GWAPT, and GPEN certifications as well as the CISSP. Micah is an active member in the NoVAHackers group, has written Recon-ng and Nmap testing tool modules and enjoys tackling issues with the Python scripting language. When not working, teaching, or learning, Micah can be found hiking or backpacking on Appalachian Trail or the many park trails in Maryland. Catch him on Twitter @WebBreacher.

Josh Huff

Josh Huff is a Digital Forensics Analyst and licensed private investigator in Columbia, South Carolina. Josh’s cases have spanned the gamut of computer and mobile forensics, audio forensics and open source investigation to support his firm’s field investigators. Josh has invested much of his time networking with information security professionals in the area. As a result he has become a speaker and co-organizer of Columbia’s InfoSec meetup, ColaSec. During his time with ColaSec, Josh organized a study group on Open Source Intelligence and an exploration of encrypted communications. The studies in OSINT led to conference speaking engagements around the country and his casework has landed him in court as an expert witness in computer forensics. Josh blogs his OSINT research at https://www.learnallthethings.net/ and he can be found on Twitter @baywolf88.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.