By Cynthia Hetherington

Thorough research is necessary in any type of investigation and requires knowledge of available sources and services to accurately answer the questions asked. Whether you are an investigative journalist, researcher, a special agent, or private investigator, it is necessary to implement a consistent methodology that allows you to approach your research in a systematic way, record your findings, and report your analysis.

In this 4-part series, Hg’s Cynthia Hetherington walks you through online and offline resources, how to collect and track information, the importance of understanding the market and industry, and how to use government agency resources. Last week, she introduced the reader to open source resources and the power of the on-the-ground research. This week, she discusses how to gather information during your OSINT investigation using taxonomy.

The Internet is Only One Source

The World Wide Web is not taking over the role of library, archives, or county docket index, so do not consider this useful—but often frustrating—tool the only one to use. There is a bevy of sources available that never make it to the Web. Many county courts are offline, with public records still in file cabinets. Market research and annual reports are deliberately kept in printed form to curtail copyright infringement.

If your investigation leads you to research at the local level, a town library is a good place to usually find localized data cataloged, indexed, and archived. Some towns maintain history rooms or designate a few shelves in their town halls for books written by local authors, and small-town newspapers often report stories from the local residents’ perspectives. If General Motors decided to close plants in Springfield, Illinois, for example, the New York Times might report on GM’s financial burden to maintain such large facilities as the purpose for the closings. However, a newspaper in suburban Springfield is more likely to report on the families who were losing incomes because of the closings.

Cynthia’s Tip

Call and email the reference librarian of the public library to inquire about its collection holdings in the community your case takes you. It might take a visit to view the actual documents, because your answers may be in an old file cabinet rarely used or noticed.

Collecting and Tracking Information

When starting your investigation, create an initial word list of terms and expressions. This technique will help you develop additional, helpful words to add that you might not have thought of before. For example, I had a case involving maintenance men who had been in escalator accidents. The client did not want information about accidents involving patrons, of which there were hundreds, but, specifically, he wanted to know about the workers who repair and maintain movable floors and stairs.

Using a Taxonomy

Taxonomy is a classification system. Using the above example, search Google or another search engines for the key terms “escalator, accident,  maintenance.” Once you start typing these words, you will realize there are other terms that can work for this search, too. You are now developing word taxonomy—a list of all possible terms and expressions that can get you closer to the answers you need.

Organized into three columns, your taxonomy list for the above example would look like this:

Keep this list on your computer or in a notepad. In this same document, keep descriptive notes for yourself. You may be searching in one direction, find a brand-new lead, and want to pursue that lead. However, you will be better served if you finish the original inquiry and then return to the new lead. This disciplined “to-the-end” approach keeps you from scatterbrained and wandering searches on the Internet.

Cynthia’s Tip

It is easy when searching the Internet or using an electronic database to wander off on a lead and forget where you were originally. Using a notebook or notepad program, record where you were visiting, copy and paste the results, and leave yourself a note. You also can capture a Web page as an Adobe Acrobat document or a screenshot and save it for reviewing and/or printing later. Whichever way works for you, be consistent so that you will always know where you left off.

Tracking your words and leads in one document always pays off when you have to follow up later in the investigation and need to refer to your notes. You can search one document versus digging through a pile of notes, post-it stickers, and saved documents. Plus, if you electronically manage a word and subject directory, you can easily incorporate into your final report the items you searched for and where you looked.

Recording Your Findings

An important component of research is to establish a methodology that keeps you attuned with your search results. I recommend the combination approach of finding and recording information in the initial stages of the gathering mode:

  • Record the findings in a consistent way so that you can return to the search and repeat the steps. Recording your findings in a consistent manner will help you create a more professional looking report that will benefit the client.
  • You can choose an actual style manual, such as in Chicago Style or AP A method, or create a style that is clear and continual.

If you are uncertain if your reports are of high quality, show your report style to a trusted friend or colleague and ask for feedback on flow, content, and readability. I mention style and not an actual report, because the information you are reporting is more than likely subject to non-disclosure and client confidentiality. Having a redacted report on hand, with vital information removed or edited, is also a handy way to receive feedback.

Are you an analyst or investigator looking for introductory training on conducting OSINT investigations? If so, check out Hg’s recorded webinar, Open Source Intelligence—Start to Finish. This introductory primer series will teach you the types, differences, and jargon of open source investigations; learn how to in-take an online case, understand the parameters of the work, establish goals, and create investigative notes.


With over twenty-five years of global experience in open source investigations and one of the first investigative firms to conduct online social media investigations, Hetherington Group develops advanced cyber investigations unique to your needs. Learn how Hg’s analysts can clear through jargon and uncover answers buried deep in open sources, social media pages, and Dark Web sites.


Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a consulting, publishing, and training firm that leads in due diligence, corporate intelligence, and cyber investigations by keeping pace with the latest security threats and assessments. She has authored three books on how to conduct investigations, is the publisher of the newsletter, Data2know: Internet and Online Intelligence, and annually trains thousands of investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices in the public and private sectors.