case library

OSINT Case Lab

Work through files derived from real public cases. Each file includes a data package, task, hint, answer key, weak-analysis example, and careful report example.

10 public casespassive researchevidence chaincareful report language

Published files

Ten case files based on real public sources.

Case 01GEOINT35-50 min

Visual geolocation check

Check whether a convoy image was taken on the claimed route by comparing fixed visual clues with maps, satellite imagery, and a basic timeline.

Public source: Bellingcat / 2015

geolocationmapstimelinesecond source

Open file

Case 02Crisis verification25-40 min

Old video shared as a new event

Test whether a crisis video is actually from the claimed event by checking first publication traces and visual context.

Public source: Associated Press Fact Focus / 2023

reverse searchfirst uploadcontextvideo

Open file

Case 03Institution verification20-30 min

Fake institutional announcement

Check whether a statement that appears to come from an institution is supported by the real account, domain, and official correction channels.

Public source: ABC News / Reuters / 2022

impersonationsocial mediaaccount checkstatement

Open file

Case 04Domain / CTI35-55 min

Phishing domain chain

Read a phishing claim as a chain: short link, lookalike domain, passive DNS, certificate traces, and page similarity.

Public source: Citizen Lab / 2017

phishingdomainpassive DNSshort link

Open file

Case 05Blockchain / media verification30-45 min

Crypto wallet claim

Assess a political or institutional donation claim by checking source authenticity, wallet evidence, and whether a transaction can be verified.

Public source: Full Fact / 2024

cryptofake videosource checkwallet

Open file

Case 06Attribution risk25-40 min

Wrong-person attribution

Study how crowdsourced investigations can harm innocent people when similarity, rumor, and limited official information are treated as proof.

Public source: The Guardian / 2013

misattributionethicsrumorcrowdsourcing

Open file

Case 07Public records25-35 min

Company name and legal record change

Check whether a company changed its legal identity by separating brand name, product name, court filings, and formal records.

Public source: TechCrunch / 2023

company recordscourt filinglegal namecorporate trace

Open file

Case 08Disaster verification20-35 min

Disaster image verification

Verify whether a disaster photo or video really belongs to the claimed event by using reverse image search, archives, and date context.

Public source: AFP Fact Check / 2023

disasterphotoreverse searchold content

Open file

Case 09Maritime OSINT35-55 min

Flight or vessel route claim

Assess a vessel route claim by combining AIS history, satellite imagery, media reports, and gaps in public tracking data.

Public source: Bellingcat / 2024

AISvesselsatelliteroute

Open file

Case 10Defensive CTI30-45 min

CVE exploitation claim

Verify whether a CVE is actively exploited by checking vendor advisories, CISA KEV, and reliable threat reports.

Public source: CISA / 2023

CVEKEVvendor advisorydefense

Open file

File format

Every file uses the same learning structure.

Data package

What open-source material is available?

Task

What question should the analyst answer?

Hint

A direction without giving away the result.

Answer key

The evidence chain and expected conclusion style.

Bad analysis

A common but unsafe or weak inference.

Good report

A short, sourced, and careful output example.

Original Turkish lab

The Turkish Case Lab remains available.

The English lab is being localized step by step. The Turkish archive keeps the full original platform structure.

Open Turkish lab