The goal of any OSINT investigation is to find as much relevant, timely, and accurate information about the subject as possible, whether that is a person, business, location, or event. This research must be based on a strong foundation and when looking to collect publicly available information (PAI) about a person of business, this tends to come from personally identifiable information (PII). 

PII can be a powerful starting point, which can lead to a wealth of additional data. For OSINT professionals, understanding how to leverage this type of PAI effectively is critical. This article explores how common PII like names, dates of birth, addresses, phone numbers, email addresses, and registered businesses can be used to uncover new insights.

Full Name: The Gateway to Identity

The name of a person or business is often the starting point for any OSINT research. Investigators should seek to identify a legal full name/ registered name and any aliases/ trading names. Using just these names, investigators can:

• Search directories, phone books, and registrations for the subject
• Scan government databases for public records like County Court Judgements (CCJs) and property ownership
• Locate social media profiles across various platforms, like X and LinkedIn, which can provide insights like employment history and connections
• Identify potential relatives and associates through family tree databases or social media connections
• Leverage search engines and news archives for mentions in web articles

Date of Birth: Age is More Than a Number

Having just the name of an individual can lead to confusion, as many people in the UK may share the same full name. A DOB can help with:

• Cross-referencing with names to ensure accuracy and filter out false positives
• Verifying an identity across different platforms and records, such as linking a registered business to a subject via directorship on Companies House.
• Finding age-specific information such as school yearbooks or alumni records

Address: Mapping Connections

A physical location provides a geographic anchor for investigations to set parameters and narrow down results. Having a location for a person or business, whether it is a rough estimate like a county or town, or a more specific address, a house number and street, means that results are targeted on your entity of interest. Searching by an address can lead to:

• Identifying property ownership records and development history
• Finding neighbours or other household members
• Locating nearby businesses or public spaces that may be relevant, such as gyms, parks, and stores
• Establishing your subject’s presence in a specific relevant location over time

Phone Number: A Line to Digital Footprints

When looking into an individual, a phone number, like an email address, tends to be a unique piece of contact information that has a 1:1 correlation with a subject. While landline phone numbers can be used by a whole property, a mobile number is only linked to one person at a time, unless it is used by a business or criminal enterprise. Once deactivated, a phone number can be taken by another individual, however, most people move numbers across to their new phones. A phone number can be used for:

• Performing reverse lookups for additional contact information
• Finding linked social media accounts on platforms that use phone numbers for account creation and verification
• Identifying the carrier and type of phone to gain insights into a person's technology usage
• Searching for online listings or classifieds where the number might have been used
• Checking for associated messaging app profiles, like WhatsApp or Telegram
• Discovering accounts with online banks like Monzo

Email Address: The Digital Identifier

When a person can be connected to an email address, investigators have a data point that is ubiquitous with creating an online account. Emails can be used in OSINT for:

• Discovering linked accounts on various platforms through native platform searches, API searches, and account recovery processes.
• Searching within data breach databases to uncover linked accounts and passwords
• Identifying usernames that might be used across multiple platforms

Registered Businesses: Following the Paper Trail

Business records like company formation documents and account filings can provide information about associated individuals and financial dealings. When a registered business crops up during an investigation, it can be used for:

• Accessing incorporation documents for details on business structure and other involved parties, like directors, secretaries, and shareholders
• Finding related businesses or subsidiaries
• Locating physical addresses of operations, including satellite offices or locations
• Searching for financial records, tax information, or government contracts

The Power of Cross-Referencing

While a single data point can be useful for finding results, finding multiple pieces of information that can be combined and cross-referenced helps investigators to determine the significance of the results, ensuring results are accurate. Examples of the benefits of having multiple known data points can include:

• A name and date of birth connecting to a registered business
• An email address and a name uncovering additional usernames
• A phone number and a name revealing social media profiles
• An address and a business name leading to incorporation documents and a director’s name
• An email address and phone number both connected to the same name can reveal their owner

Ethical Considerations

Harnessing PII during OSINT investigations offers a broad range of possibilities, however, it's crucial to approach this work with ethical considerations in mind. Collecting personal information on any individual must be done within legal boundaries, such as the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA), which ensure respect for an inherent right to privacy. Generally, PII can only be collected in the UK if the individual agrees or without consent when the goal of the investigation is to investigate and prevent crime or serious security incidents.

Automating the Process with Cradle

For OSINT professionals, the ability to take basic PII and expand it into a comprehensive picture of an individual or organisation is an invaluable skill. By understanding the interconnections between different types of public information and leveraging various tools and techniques, investigators can uncover insights that might not be immediately apparent. 

Public Insight’s OSINT tool, Cradle, can automate this process, identifying addresses connected to people and businesses from over 30 million publicly available data points, driving a faster and more effective investigative workflow. Learn more and sign up for a trial today at www.publicinsights.uk.