Why For Today’s Cyber Investigations We Need to Combine Intelligence Disciplines

Christina Lekati
6 min readOct 27, 2023

by Christina Lekati & Samuel Lolagar

Intelligence professionals and investigators often like to jokingly debate about which intelligence discipline is the most valuable of them all, or which one was the one that ultimately cracked the case. The answer always seems to be crystal clear to them: The discipline that made all the difference was one they specialize in, of course!

Although we have occasionally been guilty of this same bias, we cannot deny the truth. And that is that it depends. While some view intelligence disciplines as separate from one another and sometimes competing, we view them as complementary. We believe in the power of interdisciplinary knowledge. And we believe in the power of combining and supplementing intelligence collection disciplines to create a powerful combination when appropriate.

But there is another truth to this debate: intelligence disciplines are constantly evolving…and so are crimes. The environment of criminal investigations has changed dramatically within the past few years. Today’s criminals are tech-savvy and regularly misuse modern online tools and platforms for their criminal agenda. A vast amount of criminals today leave behind a significant degree of online activity, communications, tools, and engagement in online platforms. That means there is also plenty of evidence that can be found through traces left on the internet. Sadly, these digital trails are often ignored or underutilized by investigators, either due to a lack of training, practice, or mindset. At the same time, criminals take the time to educate themselves, exchange information and tactics with one another, and hide better online and offline.

Investigators can and should follow those digital trails. They should be equipped with the knowledge and skills necessary to take advantage of the intelligence they can collect online. They should also know the methodologies and tools involved in this process. But are they adequately prepared to do so? What are the necessary skills? Are they trying to play a new game with old tricks?

In criminal investigations, three disciplines fit together like bread, butter, and honey. These are open-source intelligence (OSINT), social media intelligence (SOCMINT), and human intelligence (HUMINT). Combining the three has the potential to take someone from researching a subject/case to engaging overtly or covertly with key people in a highly effective manner. To explain how, we will start with the first and fundamental discipline (the bread): open-source intelligence.

Open Source Intelligence (OSINT)

The internet is a goldmine of information. This information is publicly available and, therefore, in most jurisdictions, fair game and legal to use in an investigation. You can find anything from transportation methods and schedules of your target to their actual physical location, whereabouts, and anything else the internet has made available. There are 1000 secrets hidden there, but let us start with the first one: OSINT is more than well-crafted Google searches that bring to the surface the gold nuggets of information you need. It is a mindset, and the best tool is your brain. In an investigative context, you use OSINT techniques to uncover pieces of evidence that relate to your case or target. And then, you use your investigative and analytical mindset to make these pieces of evidence lead to more pieces of the puzzle until you have a (mostly) full, substantiated story.

Social Media Intelligence (SOCMINT)

Social media intelligence refers to information collection through the social networking platforms that your target person, group, or their associates use. This is a sub-discipline of OSINT that presents you with a variety of handy options. Through SOCMINT, an investigator can not only get access to hard data but also intuitive (or inferred) intelligence or even use social media as a tool for (inter)active reconnaissance in some case scenarios.

For example, a target’s profile picture can be used in a reverse image search to yield more social media profiles or open up other online resources relating to your subject. Automated network analysis or an interaction analysis can be performed on their social media connections to establish the target’s close relationships and key figures in their inner circle. Specific pieces of information can be used as gateways to more connecting information sources.

Personal details are also found in abundance. With some training and research into your target’s profile, you can create a highly accurate personality profile. This can include information readily observable, such as your target’s hobbies, routines, locations, etc., or intelligence derived from educated inferences based on human psychology. The latter can include your target’s personality characteristics, wants, motives, insecurities, and driving forces (all of which can be inferred with a high degree of success rate by not-so-obvious behavioral traces that unnoticeably leak through the target’s online behavior). We do not recommend attempting this without proper training. However, knowing the profiling matrix of your target is usually invaluable when the time comes to interact with them.

This leads us to the phase of…

Human Intelligence (HUMINT)

The oldest intelligence discipline, HUMINT, refers to the collection of information through human sources — in written or spoken form. Human intelligence is still very relevant and valuable in the cyber domain. Some information is simply not going to be found online through OSINT, SOCMINT, or other intelligence disciplines. This is where HUMINT comes in, to help fill in the gaps or elicit information that has the potential to solve a case.

At the same time, OSINT and SOCMINT can be used as supporting disciplines when an investigator’s or intelligence professional’s ultimate goal is to be able to interact with a suspect effectively and either infiltrate a group, recruit the target, draw a confession or conduct other primarily HUMINT-related activities. These activities can happen overtly or covertly. Some sources provide information knowingly, and others have no clue that they reveal important information or are not aware of whom they give the information to. In the case of a covert HUMINT operation, you will most probably have to create a fake social media account (a sock puppet). Knowing your subject’s profiling matrix and the social networks your target is active in is crucial for creating a sock puppet that is made to convince and work with a target.

In summary, combining OSINT, SOCMINT, and HUMINT can be a highly effective intelligence collection approach for modern investigations. Each discipline alone is powerful, but combined, they intensify the value and provide investigators with a sophisticated toolset for challenging investigations.

This potential was our primary motivation when we (Christina Lekati & Samuel Lolagar) decided to join forces and create a course that would provide attendees with the knowledge and skills necessary to take advantage of the above intelligence collection opportunities. Our course “Fundamentals of Cyber Investigations and Human Intelligence” is now available as a recorded, online class that you can access and attend on-demand. All participants that complete the class are eligible to receive a certificate of completion. You can find all the relevant information and register at: https://digital-trails.academy/

Welcome to the world of secrets that love to hide in plain sight! We hope to see you in class and show you how to find them.



Christina Lekati

Practicing and interconnecting my big passions: Social Engineering, Psychology, HUMINT & OSINT, for the sake of better cybersecurity & to help keep others safe.