Is OSINT legal for journalists?

Gathering and analyzing genuinely public information is lawful — that is what open-source means. The line that matters under U.S. law is access, not motive. In Van Buren v. United States, the Supreme Court read the Computer Fraud and Abuse Act as turning on whether you were authorized to access a system at all, not on why you accessed data you were allowed to see. So scraping or viewing public posts is generally fine; using stolen credentials, defeating an access control, or logging into an account that is not yours is not — regardless of the public interest in the story. Terms of service and other laws can still constrain how you collect, so this is a question to run past counsel for anything aggressive.

How is this different from your OSINT investigation services?

This guide is about journalist tradecraft: verification, provenance, ethics, and the lawful line. Our transactional OSINT work for legal and corporate matters is a separate service with a different purpose and a different buyer. A reporter usually needs help confirming and corroborating what they have found and documenting it credibly — not outsourcing the reporting. We support editorial diligence; we do not replace it.

What techniques actually verify a piece of online content?

The workhorses are geolocation (pinning where an image was taken from visible landmarks), chronolocation (when, from shadows, weather, and other time signals), reverse-image search (has this appeared before, and where), EXIF and file-metadata analysis where it survives, and archiving the source the moment you find it so it cannot quietly change or vanish. None of these is conclusive alone; they corroborate. Bellingcat's open-source guides and First Draft's framework are the standard references for the methods.

When should I not use something I found?

First Draft's guidance is blunt and worth adopting: if in doubt, do not publish it. A single source, an unverifiable provenance, or a chain you cannot reconstruct is a reason to hold, not to hedge. The Berkeley Protocol on digital open-source investigations formalizes this for human-rights and legal contexts — document your method, preserve the original, and be honest about confidence. The discipline is the same one that makes evidence defensible: show your work.

Can OSINT prove who is behind an account or a campaign?

Sometimes it strongly supports an attribution; it rarely proves one outright. Open-source signals can build a high-confidence case — consistent patterns, reused infrastructure, corroborating records — but a careful examiner distinguishes “consistent with” from “proven,” and names the uncertainty. We will tell you when the evidence supports a confident claim and when it only supports a careful one. Guaranteed attribution is not something honest OSINT offers.

OSINT for Journalists

Open-source method, applied to reporting

Open-source intelligence for journalism is not a different craft from verification — it is verification, done rigorously, with publicly available material. This guide is for reporters: it covers the techniques that corroborate online content, the legal line you must not cross, and the ethics of when not to use something. It deliberately does not rehash the generic primer on what OSINT is; the goal here is the journalist-specific discipline that makes a finding hold up.

The verification toolkit

A handful of techniques do most of the corroboration work, and the point of all of them is the same: never trust a single signal.

Geolocation — fixing where an image was captured from landmarks, signage, and terrain.
Chronolocation — establishing when, using shadows, weather records, and other time signals.
Reverse-image search — finding whether content appeared earlier elsewhere, which exposes recycled or miscaptioned media.
EXIF and file-metadata analysis — reading embedded capture data where platforms have not stripped it.
Archiving — preserving the source the moment you find it, so it cannot silently change or disappear.

The canonical method references are Bellingcat’s open-source research guides and First Draft’s five pillars of verification. For legal and human-rights contexts, the Berkeley Protocol formalizes how to document method and preserve originals. We apply these standards and cite them as the model.

A direct line to Quinn, the founder — not a sales pipeline.
Worked in-house by the examiner who scoped it.
Explainable findings you can verify, with the methodology shown.

The lawful line: access, not motive

The most important legal idea in journalist OSINT is simple. Under the Computer Fraud and Abuse Act, as the Supreme Court read it in Van Buren v. United States, liability turns on whether you were authorized to access a system — not on your purpose once you are there. Viewing and analyzing genuinely public information is open-source work. Using stolen credentials, defeating an access control, or logging into an account that is not yours is not, no matter how newsworthy the result. Terms of service and other laws can still shape how you may collect, so anything aggressive belongs in front of counsel before you do it. We do not perform unlawful access, and we do not help anyone else do it.

Provenance, corroboration, and when to hold

The ethic that separates verification from rumor is restraint. First Draft’s rule is the one to adopt: if in doubt, do not use it. A single unverifiable source, a provenance you cannot reconstruct, or a chain you cannot show is a reason to wait. Build corroboration from independent signals, preserve the original, and be candid about your confidence. This is the same discipline that makes forensic evidence defensible — show your work, and do not claim more than the material supports.

Where forensics supports the reporting

A forensic practice supports OSINT-driven stories at the edges where credibility is tested: confirming the integrity of a file, preserving and documenting material to a standard that survives challenge, and corroborating a finding with artifact-level evidence. It does not become the reporter. Where a matter moves from public-record verification into formal investigation — for legal or corporate purposes — that is a different engagement; see our OSINT investigation services for legal and corporate matters.

What working with us means

Written scope before any work. You see a written scope — deliverables, timeline, and price — and approve it before we begin. You are never billed for work you did not authorize.
We commit to findings, not outcomes. We tell you up front what the evidence can and cannot establish. Recovery, attribution, and prosecution are decided by banks, platforms, insurers, and courts — we produce the record they act on, and we put that distinction in writing.
Every case is investigated, not just scanned. A credentialed examiner reviews every case before findings leave the practice. You get a documented investigation to court-admissible standards — not a single automated scan and a one-line answer.
We will tell you if you do not need us. If a free or simpler step — a police report, an IC3 filing, a platform's own recovery flow — would resolve your situation, we point you there first.

Related guides

To harden the devices and accounts you do this work on, see digital security for journalists. The overview of how forensics supports reporting is on the For Journalists hub.

Quinnlan Varcoe

Founder & CEO

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response