Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Collecting OSINT: Grabbing Your Data Now to Use Later

  • Wed., July 18, 2018 - 11:00am Singapore / 12:00pm Tokyo / 1:00pm SydneyTuesday, July 17, 2018 at 11:00 PM EDT (2018-07-18 03:00:00 UTC)
  • Micah Hoffman, Josh Huff

You can now attend the webcast using your mobile device!



The tools and resources used by OSINT investigators greatly influence their abilities to discover other research lines to pursue also known as data pivots. Often, these resource collections are a bookmarked list of websites and some favorite tools the investigator has found useful. Let us enhance your capabilities by showing you the power of creating and using your own offline collections of OSINT-related data. Tree leaves, images of the insides of hotel rooms, pictures of cars and car parts all play parts in jumping ahead in your investigations. Imagine if you found an image of a blanket in a picture on a target's social media and could compare that against your local image bank to discover what hotel chain uses those blankets. And that is just the beginning! In this webcast, you will learn how to recognize and collect resources that will create your own private information caches (built on OSINT data) to help in future OSINT investigations. 

Speaker Bios

Micah Hoffman

Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micah's SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and he's been a SANS Certified Instructor since 2013. He's the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

Josh Huff

Josh Huff is a Digital Forensics Analyst and licensed private investigator in Columbia, South Carolina. Josh’s cases have spanned the gamut of computer and mobile forensics, audio forensics and open source investigation to support his firm’s field investigators. Josh has invested much of his time networking with information security professionals in the area. As a result he has become a speaker and co-organizer of Columbia’s InfoSec meetup, ColaSec. During his time with ColaSec, Josh organized a study group on Open Source Intelligence and an exploration of encrypted communications. The studies in OSINT led to conference speaking engagements around the country and his casework has landed him in court as an expert witness in computer forensics. Josh blogs his OSINT research at and he can be found on Twitter @baywolf88.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.