What People Want From Osint Platforms - Source Excerpt 03 - Nonfunctional Requirements and Pain Points

Back to What People Want From Osint Platforms

Summary

This source excerpt begins near Nonfunctional Requirements and Pain Points and preserves the surrounding evidence from 2IA.org/agent-file-handoff/Archive/2026-05-16-publication-system-improvement/What People Want From OSINT Platforms.md.

**Source path:** 2IA.org/agent-file-handoff/Archive/2026-05-16-publication-system-improvement/What People Want From OSINT Platforms.md

| Feature | Journalists | Law enforcement | Corporate security and CTI | Human rights and academic investigators | Hobbyists and volunteers | Evidence basis |
|---|---|---|---|---|---|---|
| Data-source breadth and freshness | Critical | Critical | Critical | Critical | High | Maltego, OpenCTI, MISP, GIJN databases, LexisNexis all foreground broad source coverage. citeturn12view2turn16view11turn16view9turn16view6turn30view0 |
| Search, filtering, and entity resolution | Critical | Critical | Critical | High | High | OpenCTI filters, Maltego Quick Find/filters, Hunchly tags/history filtering, Accurint search. citeturn23view3turn23view4turn22search2turn22search6turn19view2 |
| Evidence capture, provenance, and audit trail | Critical | Critical | High | Critical | Moderate | Bellingcat Auto Archiver, Hunchly evidence model, NIST chain of custody, College of Policing audit-trail guidance, Berkeley Protocol. citeturn20view2turn14view5turn15view6turn31view1turn13view1 |
| Geolocation, timeline, and link analysis | Critical | High | High | Critical | High | Bellingcat and GIJN center geolocation; OpenCTI and Maltego center graph/timeline/link analysis. citeturn23view1turn16view0turn13view5turn23view0 |
| Automation, APIs, and feed ingestion | Moderate | High | Critical | Moderate | Low | OpenCTI GraphQL/connectors/streams and MISP APIs/workflows show strongest demand in enterprise and CTI settings. citeturn13view7turn16view11turn25search1turn16view10 |
| Multilingual support | High | Moderate | Moderate | Critical | Moderate | Amnesty translation guidance and Bellingcat multilingual AI-geolocation signal high value in global investigations. citeturn23view2turn13view12 |
| Real-time monitoring and alerting | Moderate | High | Critical | Moderate | Moderate | ASIS and Maltego Monitor show this is especially valuable for operational security and public safety. citeturn14view0turn25search3 |
| Usability, onboarding, and cost transparency | Critical | High | High | High | Critical | Bellingcat’s survey on tool-fragmentation, GIJN’s emphasis on under-staffed newsrooms, OSINT Framework’s focus on free tools. citeturn20view3turn14view13turn15view12 |

Desired integrations follow the same pattern. Journalists and researchers want search engines, satellite and mapping tools, archiving services, OCR/translation tools, transportation and registry data, and evidence-capture tools. Law enforcement and corporate teams want those same sources plus internal databases, SSO, case systems, SIEM/XDR/EDR stacks, alerting channels, and public-safety or due-diligence marketplaces. OpenCTI explicitly supports connectors and integrations with other systems; MISP workflows already trigger notifications, Teams messages, webhooks, and custom scripts; Hunchly supports integrations such as Maltego; and Maltego’s Hub includes public, partner, and internal/custom data sources. citeturn16view12turn16view10turn15view13turn12view2

## Nonfunctional Requirements and Pain Points

What users want from OSINT is not just functionality. They also want the following conditions to be true:

1. **Privacy, legality, and ethical defensibility.** The Berkeley Protocol anchors OSINT in professional, legal, and ethical procedure. College of Policing guidance says OSINT for policing must comply with legislation, be corroborated, and account for account-registration requirements, content removal, audit trails, and IP-footprint risks. ICRC warns that OSINT can create harms to civilians’ rights, lives, and safety. citeturn13view1turn8search2turn31view1turn15view7

2. **Evidentiary integrity and provenance.** NIST defines chain of custody as documentation across collection, safeguarding, and analysis; Hunchly emphasizes hashes, timestamps, and transparent audit trails; Berkeley/OHCHR standards were written specifically to improve the use of public digital information as evidence. citeturn15view6turn13view3turn15view8

3. **Usability and low training overhead.** This is a stronger demand signal than many OSINT vendors acknowledge. Bellingcat’s surveys show widespread frustration with finding suitable tools and keeping up with changing capabilities and pricing. GIJN’s 2025 tooling roundup explicitly prioritized tools that solve concrete newsroom problems without requiring advanced computer science skills. citeturn20view3turn14view13

4. **Scalability and performance.** The OSINT Research Studios paper describes a “pressing need to scale and speed up” investigations because of data volume and task complexity. Corporate and CTI platforms respond with connectors, live ingestion, and automation. citeturn28view1turn16view11turn25search1

5. **Security and OPSEC.** Policing guidance warns that accessing open-source information leaves an identifiable police IP footprint and may require misattributable IP handling. Hunchly supports Tor workflows for dark-web investigations. Security is not just platform hardening; it is investigator safety and attribution control. citeturn31view1turn23view8

6. **Cost predictability and sustainability.** Cost matters both for hobbyists and for professional teams. Bellingcat explicitly describes frustration when a previously free tool becomes unaffordable. OSINT Framework and GIJN both emphasize mostly free resources, while enterprise stacks emphasize integration and workflow gains that justify licensing. citeturn20view4turn16view5turn15view12turn30view0

The recurring pain points line up closely with those requirements. The most common are fragmented discovery of tools, information overload, disappearing content, inconsistent data quality, legal uncertainty, and skill gaps. A Hunchly law-enforcement testimonial captures one of the most common complaints: investigators are “inundated with information” and need help prioritizing and sorting high-value content. Community research adds another important pain point: novice users often ask for “all the tools” before learning how to verify, interpret, and document findings. citeturn13view3turn28view0

There is also a human-cost pain point that is easy to underweight in product discussions. Amnesty’s Evidence Lab explicitly warns about vicarious trauma in archive and verification work, and Bellingcat’s writing on sexual and gender-based violence shows how OSINT involving sensitive material can create ethical, legal, and psychological risks for investigators as well as subjects. This implies a real market need for safer workflows, content-reduction tactics, escalation guidance, and do-no-harm design. citeturn32view0turn32view1

## Skills and Training Needs

The research and official training ecosystem suggest that OSINT users do not primarily need more raw tools; they need better skill formation. The most important training needs are these:

1. **Verification and corroboration tradecraft.** GIJN, Bellingcat, Berkeley, and College of Policing all stress that open-source information should be verified and corroborated rather than treated as authoritative on its own. This is the foundational OSINT skill. citeturn16view4turn17search10turn13view1turn31view1

2. **Search literacy and source selection.** Users need to know where to search, what sources are available, how source quality varies, and how to choose between public, commercial, and internal data. Bellingcat’s toolkit was built because open-source researchers struggle to discover and assess tools; GIJN and OSINT Framework both serve precisely this training gap. citeturn20view3turn14view14turn16view5turn15view12

3. **Geolocation, timeline-building, and visual analysis.** These are mainstream rather than advanced specialties. Bellingcat, GIJN, and Berkeley’s investigation programs treat them as central parts of OSINT practice. citeturn23view1turn16view0turn16view3

4. **Legal, privacy, ethics, and OPSEC.** College of Policing, Berkeley/OHCHR, ICRC, and Amnesty all treat legal and ethical reasoning as operational skills, not optional background knowledge. That includes privacy, evidence handling, source protection, IP attribution, and do-no-harm principles. citeturn31view1turn13view1turn15view7turn32view1

5. **Documentation, reporting, and reproducibility.** OSINT outputs need to be reviewable. Hunchly packages findings into client- and court-ready outputs; Berkeley’s standards and OSINT clinic work emphasize transparent, repeatable documentation of each evidentiary step. citeturn13view3turn13view1turn29view2

6. **Automation, APIs, and scripting for advanced users.** OpenCTI connectors require STIX understanding and, in practice, Python for the SDK; MISP workflows and automation expose growing demand for technically proficient OSINT operators in enterprise contexts. citeturn16view11turn16view10