A day in the life of an investigator: Inside the world of open source at CIR

Photo: Kristin Wilson via Unsplash

Working as an open source (OSINT) investigator at CIR is both challenging and rewarding. Each day brings new opportunities to uncover, verify, and report on critical information related to human rights violations and armed conflicts.

We spoke to Sofia and Erin, to find out more about their day-to-day work and how they became investigators at CIR.

How did you become an open source investigator?

Sofia: I was undertaking a course in Ethical Hacking in 2021 when the subject of OSINT was mentioned. By the time the concept of geolocation was presented, I was hooked. I started looking for more ways to practise and test this newfound skill which led me to create a small blog. I began writing and sharing geolocation walkthroughs and simple OSINT analysis.  

In February 2022 I saw a tweet asking for volunteers to help geolocate and verify Russian activity on the border of Ukraine. I offered to volunteer and used my blog posts as an example of what I could do. I was accepted into the Eyes on Russia project and, a couple of days later, offered a contract as an OSINT analyst on a different project within CIR. 

Erin: I received my Forensic Science degree in 2020, right when COVID was at its peak. I obtained a lab job testing COVID samples in 2021, where I met a colleague who was conducting OSINT investigations in their spare time. We played a lot of Geoguessr in our downtime, and with my forensic background, my colleague thought I would be suitable for an OSINT career.  

I started taking online OSINT classes, reading material in book and digital form. I joined a couple of crowd-sourcing projects that connected me with other OSINT enthusiasts. 

Through these connections, I was able to get my foot in the door as a geolocation and verification volunteer for  one of CIR’s projects in 2022. From this work, I received an opportunity to interview for a junior investigator role within CIR and was hired soon after. 

What made you decide to apply to work at CIR?

Sofia: I felt I had a skill that was useful in a time of need. I saw a call for help on Twitter and applied to be a volunteer. I was already aware of CIR but I did not feel I was “good enough” to apply for a job at the organisation. I was proven wrong by being offered a full-time paid role based on the skills I had shown as a volunteer.  

Erin:  I knew of someone who had recently joined CIR and they spoke highly of the company. Then, I was given the opportunity to volunteer for one of the projects. I liked the work so much, I thought I would be a good fit for the company.  

What types of investigations do you work on?

Sofia: I investigate claims of human rights violations, armed conflict, security incidents, and the activity of extremist groups. I also occasionally analyse emerging trends and the dissemination of disinformation within those topics.  

Erin: I work on investigations focusing on human rights violations. I also specialise in forensic analysis and assist in graphic incident cases.

What does a typical work day look like for you?

Sofia: My day typically starts with checking news and scanning user-generated content shared on open sources related to the geo–political area of my project. I oversee the main database in which we collect visual and audio evidence of human rights abuses, armed conflict, and terrorist activity, so part of my day involves ensuring that all content has been properly collected, verified, and categorised.  

During the verification process, I geolocate and chronolocate data whenever possible, and work with the media team to ensure that what we post online is clear and correct. 

In the afternoon I either work on my own investigations or supervise the work of the OSINT team. I’ll support colleagues with data collection, verification and analysis, or by creating visual content in the form of figures, graphs and maps. Once a report is complete, I review it and provide feedback to my team.

Erin: My day begins by logging into different platforms, and checking emails and messages. Next, I review any outstanding or urgent requests from the project team before starting my main tasks for the day.

Day to day, my work will either be focused on finding, verifying, and reporting on a single event incident, or collecting, analysing, and reporting information for a thematic investigation topic. Both types of investigation will involve:

• Utilising social media platforms safely while searching for incidents online.
• Immediately archiving all links into our project’s database 
• Verifying footage using techniques such as geolocation and chronolocation. 
• Using Google dorking techniques to identify relevant information and imagery.

What tools do you use for your investigation work?

Sofia: I like to keep it simple and mostly focus on the basics:

• Search engines: Google, Yandex, Bing 
• For geolocation: Google Maps, Google Earth Pro, Mapillary, YouTube 
• X (formerly Twitter) monitoring: Tweetdeck  
• Data visualisation: DataWrapper 
• Image editing: Photopea.com 
• Browser extensions: Blur, Map Switcher, Google Translate, Wayback Machine, Reverse Image Search 

Erin: I rely on a variety of tools and platforms: 

• For geolocation: Google Maps, Google Earth Pro, Satellites Pro, Apple Maps, Planet, Sentinel Hub, PeakVisor
• For chronolocation: SunCalc, Sentinel Hub, NASA FIRMS (Fire Information for Resource Management System), Metadata analysis (EXIF data, etc.)
• For tracking flights/ships: Flightradar24, MarineTraffic
• For creating figures, social media posts, and editing photos: Canva , Paint, Adobe Photoshop, Krita 
• For creating maps: Datawrapper, ArcGIS
• Browser Extensions: Blur, Wayback Machine, Google Translate, Reverse Image Search
• For OPSEC & PERSEC: VPNs, Password managers, Virtual Machines.

What do you enjoy about working at CIR?

Sofia: I get to work with brilliant minds. My team is full of inspiring people who both challenge and inspire me on a daily basis. I’m continuously learning from them and feel like we all push each other to be better.  

I also feel like everyone within my project works out of passion and dedication for the cause. It’s abundantly clear we all deeply care about what we do. 

Erin: Working with people from all around the world and all walks of life. Then getting to share and teach new tools and techniques to each other while working towards a great cause. There is so much value in this work and everyone involved cares so deeply about the events happening around the world and those affected.  

What skills would you say are important to become an investigator here at CIR?

Sofia: I believe the main skills necessary for any OSINT investigator are knowing how to find, analyse and verify open source data.  

There are additional skills that will make the difference between “an” OSINT analyst and a “great” OSINT analyst, however:

• Strong writing skills for clearly explaining findings and making conclusions
• A willingness to learn and accept criticism
• A desire to work collaboratively with co-workers, respectfully ask for help, and offer your assistance
• Strong mental resilience for dealing with often graphic content; it’s important to be able to compartmentalise your work and personal life. 

Erin: Attention to detail would be the first skill I think of for OSINT investigations. Familiarity with maps and satellite imagery is also important because it is such a large portion of what we do. 

Knowledge of biases and understanding the difference between fact and speculation is another skill crucial for investigations. 

What tips do you have for open source investigators who would like to work at CIR?

Sofia: Build your online OSINT portfolio to showcase what you can do. This can include a range of content such as blog entries, OSINT analysis, or even full-scale investigations. You could even try to get your work published by a third party. The goal is to go beyond having just a traditional CV. In OSINT everything is about evidence –  you should be able to provide proof of your skills, rather than just claim you have them.  

If in doubt, go for it. The best OSINT analysts I know come from diverse backgrounds. Your past experiences are not a hindrance, they bring valuable perspectives into a job that relies on thinking outside the box. 

Erin: Make sure you know the basics of geolocation and chronolocation. A lot of the locations we focus on don’t have access to street view, making geolocations a lot more difficult. And shadows don’t always appear, so knowing how to determine the best timeframe is important as well. 

Know how to communicate your findings in a very structured way with appropriate wording. A lot of our findings don’t get verified or only get partially verified, so knowing how to write with cautionary terminology and understanding bias is really important.  

Any final thoughts?

To become an OSINT investigator, you don’t necessarily need a lot of experience, but you do need to know the foundations of OSINT – and you can develop your knowledge through volunteering, online courses, university modules, or crowdsourcing and hackathon opportunities. Writing a blog or publishing your work online can be a good way of building a portfolio.