Mandiant Academy™

Intelligence Research II—Open Source Intelligence (OSINT) Tools & Techniques
(On-Demand Module Overview)

This foundational course teaches students to identify and develop pivot points or leads in investigations across multiple use cases.

View Datasheet

Course Description

The course helps learners understand the best times and ways to use an open source tool in research and reviews the basic functionalities of such tools. It encourages critical thinking to help learners push research further across several scenarios drawn from frontline experience, including executive-level RFIs, incident response investigations and information operation campaigns.

Learning Objectives

After completing this course, learners should be able to:

  • Configure systems to ensure good operational security (OPSEC) and safety while researching
  • Keep detailed case notes and avoid getting lost in their research 
  • Think critically about why and when to use a particular tool within the context of their research task 
  • Navigate basic functionalities of several common OSINT tools 
  • Identify investigation pivot points and artifacts, and understand how to leverage these to drive their investigations forward
woman looking at a laptop

Who Should Attend

This is a foundational level course for cyber practitioners who must safely and efficiently conduct research as part of investigations or in response to RFIs.


Students should have taken Cyber Intelligence Foundations and Cyber Research I (Scoping) or have equivalent knowledge.


16 hours

Content is available for 3 months from date of enrollment. It can be accessed 24/7 from a standard web browser.


$2,000 USD or 2 EOD Units

Course Outline


  • Definitions (OSINT, Intelligence, Collections vs. Research)
  • Collection Methods

Employing a Research Model

  • 7-Phase Branch Model
  • Pivot Points
  • Rabbit Holes
  • Loose Ends
  • Case Notes
  • Collaboration Methods

Getting your Systems Started

  • The Risks of Research
  • Operational Security (OPSEC)
  • VPN
  • VPN Obfuscation techniques
  • VM
  • Unattributable Connection TOR

Techniques and Tools

  • Search Engines
  • Reverse image Search
  • Metadata, Geolocation
  • Social Networking
  • Social Media Accounts
  • Passive DNS
  • HTML review
  • Encoding/Decoding

Meet your instructor

Shanyn Ronis, Manager of Mandiant Intelligence Training Services

Shanyn Ronis has extensive knowledge and background in Cyber Threat Intelligence and methods for operationalizing intelligence for mission success. Since 2013, she has worked in various cyber intelligence positions, ranging from Intelligence Analyst to embedded Fusion Analyst within a SOC environment, to leading Tier 2 Incident Response. Ms. Ronis is a member of the Forbes 30 Under 30 class of 2017.

Shanyn Ronis headshot