Last Updated on March 26, 2026 by Editorial Staff
An OSINT report is a structured document that presents verified investigative findings derived from publicly available sources — separating confirmed facts from corroborated leads from unverified results, with every finding traced to its source and every source weighted by reliability.
Quick Answer: An OSINT report is not a list of search results. It is a structured output that answers the question defined at the start of the investigation, distinguishes verified findings from unverified leads, documents what was searched as well as what was found, and provides source citations that allow any finding to be independently verified. The four standard formats are the subject profile, the timeline, the findings memo, and the adverse findings summary — each suited to a different objective.
Report building in one sentence: Separate what you found from what it means, document everything you searched as rigorously as what you found, and assign a confidence level to every finding before it reaches the output.
Without a structured output, OSINT research is a browser history. The report is what makes the investigation complete, defensible, and usable.
⚠️ Legal Notice: OSINT reports based on publicly available information are legal to produce for personal research, due diligence, and journalism. When findings are used to make formal employment, housing, or credit decisions, the Fair Credit Reporting Act (15 U.S.C. § 1681) governs the process regardless of how the underlying research was conducted. Reports containing personally identifiable information should be handled and stored responsibly. This guide covers lawful research methods only and does not constitute legal advice.
Why This Guide Is Reliable
inet-investigation.com publishes research-based guides built on primary government sources, investigative practice, and public records law. This article is part of the OSINT series — it deep-dives Phase 8 of the 8-Phase OSINT Investigation Framework.
The Complete OSINT System
This article completes the OSINT process. Here is how the series connects:
Article What it covers Phase OSINT Tools for Beginners Tools, sources, and foundational concepts — OSINT Workflow The 8-phase framework All phases OSINT Pivoting How to follow data connections Phase 4 How to Verify Information Using OSINT Source hierarchy, cross-referencing, confidence levels Phases 5–7 How to Build an OSINT Report How to present findings Phase 8 OSINT for Advanced Investigators Professional-depth methodology All phases Each article in this series feeds the next. Tools produce identifiers. The workflow organizes the process. Pivoting discovers connections. Verification converts discoveries into findings. The report presents those findings in a form that is defensible, usable, and complete.
Where This Guide Fits
New to OSINT? Start with OSINT Tools for Beginners, then OSINT Workflow. This article covers the final phase of that framework.
Familiar with the workflow? This article deep-dives Phase 8 only — report formats, structure, documentation standards, the findings/conclusions distinction, and chain of custody for digital evidence.
Why the Report Phase Is Not Optional
Most OSINT guides end at the search phase. Find the information, document some notes, done. What that produces is research — not intelligence.
The difference is significant. Research is a collection of results. Intelligence is a structured, verified, sourced assessment that answers a specific question and can be examined, challenged, and defended.
A report makes three things true that raw research cannot:
Defensibility. When findings are questioned — by the person investigated, by a lawyer, by an editor — a structured report with source citations and confidence levels can be examined and verified. Notes from a browser session cannot.
Completeness. Documenting what was searched as well as what was found demonstrates the scope of the investigation. “No criminal records found” is meaningless without “searched Texas, Oklahoma, Louisiana state court portals and PACER on [date].” The scope documentation is what makes a negative result meaningful.
Usability. Raw notes are for the investigator who produced them. A structured report is usable by anyone who needs to act on the findings — a client, a lawyer, an editor, a decision-maker — without requiring them to reconstruct the investigation from scratch.
How to build an OSINT reportTransform research into defensible intelligence — every finding sourced, weighted, and separated from conclusionsReport build sequence✅ Complete Phases 1–7 firstObjective defined · pivots exhausted · source tiers assigned · cross-referencing done · confidence levels set↓📋 Separate findings from conclusionsWhat the record shows vs. what it means — these must never appear in the same voice without labeling↓🎯 Choose the right formatObjective determines format — see formats on the right↓📊 Write confirmed findingsHigh-confidence only · each finding cites source + tier + retrieval date · numbered↓⚠️ Write corroborated findingsMedium-confidence · multiple sources but no Tier 1 confirmation · labeled explicitly↓🔍 Write unverified leadsLow-confidence · single source · never in the same list as confirmed findings↓❌ Write negative resultsEvery system searched that returned nothing · system name + date + result · the most undervalued section↓🧠 Write conclusions separatelyLabeled as assessment · “Based on findings, the investigator assesses…” · never mixed with confirmed facts↓📎 Attach source indexEvery source cited · URL + retrieval date + archive URL for significant findingsChoose your format📁 Subject profileIdentity · address history · employment · public record · adverse findings · online presence. Separates confirmed from corroborated from unverified.Best for: identity verification · personal due diligence📅 TimelineChronological record of events anchored to dated sources. Reveals patterns invisible in individual records. Each entry: date · event · source · confidence.Best for: events · transactions · asset movements📄 Findings memoConfirmed findings · corroborated findings · unverified leads · negative results · scope limitations · conclusions labeled as assessment.Best for: professional due diligence · legal review🚨 Adverse findings summaryConfirmed adverse only: criminal records · civil judgments · regulatory actions · liens · material discrepancies. Scope note is mandatory.Best for: contractor screening · investment due diligenceThe findings / conclusions distinctionFinding: “A civil lawsuit was filed against John Smith, Travis County, Case No. 2021-DC-01847, March 15, 2021.”Not a finding: “Smith has a troubled history with contracts.” — this is a conclusion and must be labeled as such.Core principle: A report is not a summary of research — it is a controlled presentation of verified facts with explicitly labeled uncertainty. The structure, the confidence levels, and the scope documentation are what separate intelligence from a browser history.Most reports fail here: Presenting unverified or interpretive statements in the same voice as confirmed facts. This is the fastest way to undermine credibility and create legal risk. Confidence levels and explicit labeling are not optional — they are the document’s integrity.The Legal Framework
Law What It Covers Relevance to OSINT Reports Fair Credit Reporting Act (FCRA) Governs consumer reporting agencies Reports used for employment, housing, or credit decisions must come from FCRA-compliant CRAs with written consent Privacy Act of 1974 Limits disclosure of federal records about individuals Affects what federal information can be included in reports about individuals State privacy laws Vary by jurisdiction Some states restrict compilation and distribution of personal information Defamation law Prohibits false statements of fact presented as true Reports containing unverified claims presented as confirmed expose the author to defamation liability Source: FCRA — 15 U.S.C. § 1681 — Cornell LII
The defamation risk is real and specific. An OSINT report that presents a low-confidence finding — an unverified aggregator result, a misattributed court record — as a confirmed fact, and that finding reaches someone who acts on it to the subject’s detriment, creates legal exposure. The findings/conclusions distinction and the confidence level system are not just analytical tools — they are legal protection.
Before You Write: The Pre-Report Checklist
Before writing a single sentence of the report, confirm these elements are complete:
- [ ] Phase 1 objective is clearly stated and still the frame for all findings
- [ ] All pivot searches are documented with identifier, system, date, and result
- [ ] All negative results are recorded — not just positive findings
- [ ] Source tier has been assigned to every significant finding
- [ ] Cross-referencing has been completed — every significant finding checked against at least one independent source
- [ ] Confidence level has been assigned to every significant finding
- [ ] All source URLs have been preserved and, where possible, archived
- [ ] Findings have been separated from conclusions in your notes
If any of these are incomplete, the report is not ready to write. A report built on incomplete Phase 5–7 work will contain unverified claims presented alongside verified ones — which undermines the value of everything in it.
The Core Distinction: Findings vs. Conclusions
This is the most important concept in OSINT reporting, and the most frequently violated.
A finding is what a record shows. It is a fact derived from a specific source with no interpretive content — a direct statement of what was found, where, and when.
Finding: “A civil lawsuit was filed against John Smith in Travis County District Court on March 15, 2021, Case No. 2021-DC-01847, naming Smith as defendant in a contract dispute.”
A conclusion is what the finding means. It is an interpretive statement based on one or more findings. It involves judgment.
Conclusion: “Smith has a history of contract disputes that may indicate unreliability in business dealings.”
⚠️ Most OSINT reports fail at this step — presenting unverified or interpretive statements as confirmed facts. This is the fastest way to undermine the report’s credibility and create legal risk. Every statement in a report must be identifiable as either a finding (this is what the record shows) or a conclusion (this is what I assess it to mean). These must never appear in the same voice without explicit labeling.
Why the distinction matters:
The finding is verifiable — anyone can pull Case No. 2021-DC-01847 and confirm it exists. The conclusion is a judgment that may be contested. In professional contexts this creates credibility problems. In legal contexts it creates liability. In investigative journalism it creates correction risks.
Practical rule: In formal reports, findings and conclusions appear in separate sections. In informal memos, distinguish them by phrasing: “Records show…” vs. “This suggests…” vs. “Based on the above findings, it appears…”
The Four Standard OSINT Report Formats
Format 1 — Subject Profile
Best for: Identity verification, personal due diligence, background research. Answers: Who is this person, is their background as claimed, and is there anything adverse in their public record?
Structure:
1. Subject identification — Full name and variations · DOB · confirmed addresses · confirmed employers 2. Identity verification summary — Claims made vs. claims verified — Discrepancies between claimed and verified 3. Public record findings — Court records · property records · business interests · professional licenses 4. Online presence assessment — Social media profiles · consistency with verified records 5. Adverse findings — Criminal records · civil judgments · regulatory actions · liens 6. Unverified leads — Single-source results not yet independently confirmed 7. Scope documentation — Systems searched · dates · positive and negative resultsWriting guidance: Lead with confirmed identity. Present adverse findings prominently — don’t bury them. Separate confirmed from unverified explicitly.
Format 2 — Timeline
Best for: Investigations involving events, transactions, asset movements, or a subject’s history of activity over time. Answers: What happened, in what order, and what do the dates reveal?
Structure:
[DATE] | [EVENT] | [SOURCE] | [CONFIDENCE] Example: 2018-03 | LLC registered in Texas | Texas SoS filing | High 2018-07 | Domain registered — same email | WHOIS | Medium 2019-02 | Civil lawsuit filed | Travis County court | High 2019-11 | Lawsuit dismissed | Travis County court | High 2020-04 | LLC dissolved | Texas SoS filing | High 2020-06 | New LLC registered same address| Texas SoS filing | HighWhy timelines are powerful: Individual records examined separately don’t reveal patterns. A timeline of the same records makes the pattern visible — a business dissolved one month after a lawsuit dismissed, replaced immediately by a new entity at the same address. That inference is possible only when records are placed in chronological relationship.
Writing guidance: Every entry must have a source and confidence level. Medium or low confidence entries should be visually distinct from high-confidence entries. The timeline is a finding — what it implies is a conclusion, stated separately.
Format 3 — Findings Memo
Best for: Professional due diligence, formal investigations, situations where the report may be reviewed by lawyers, clients, or decision-makers. Answers: What did the investigation find, what was it unable to determine, and what are the next steps?
Structure:
FINDINGS MEMO Subject: [Name / Entity] Date: [Investigation completion date] Prepared by: [Author] Objective: [Exact question from Phase 1] EXECUTIVE SUMMARY [2–3 sentence summary of key findings and conclusions] CONFIRMED FINDINGS [Numbered — verified through Tier 1 or Tier 2 sources — each with source citation and confidence level] CORROBORATED FINDINGS [Numbered — multiple sources but no Tier 1 confirmation — sources noted] UNVERIFIED LEADS [Single-source results not yet independently confirmed — noted for further investigation] NEGATIVE RESULTS [Systems searched that returned nothing — system name and date] SCOPE LIMITATIONS [Jurisdictions not searched · record types unavailable · pre-digital period gaps] CONCLUSIONS AND ASSESSMENT [Clearly labeled as interpretive — what findings suggest · open questions · follow-up recommended] SOURCE INDEX [Complete list of sources with URLs and retrieval dates]Writing guidance: The findings memo is the most formal format. Every finding must be numbered and cited. Confirmed findings and unverified leads must never appear in the same list. The scope limitations section is not optional.
Format 4 — Adverse Findings Summary
Best for: Contractor verification, investment due diligence, high-risk background screening. Answers: Is there anything adverse in this subject’s public record?
Structure:
ADVERSE FINDINGS SUMMARY Subject: [Name / Entity] Investigation date: [Date] Objective: [Specific screening purpose] CONFIRMED ADVERSE FINDINGS — Criminal records: [findings or "none found in searched jurisdictions"] — Civil judgments: [findings or "none found in searched jurisdictions"] — Regulatory actions: [findings or "none found in searched jurisdictions"] — Liens and financial records: [findings or "none found in searched jurisdictions"] — Material discrepancies: [claimed vs. verified] UNCONFIRMED ADVERSE INDICATORS [Medium or low confidence results that may warrant further investigation] SCOPE NOTE [What was searched and what wasn't — mandatory]Critical guidance: An adverse findings summary must never imply a clean history when the investigation was limited. “No criminal records found” means no records found in the systems searched on the date searched — not that no criminal history exists. The scope note is what separates a professional adverse report from a misleading one.
Documentation Standards
Source Citations
Every finding in a report must be traceable to a specific source. Minimum citation elements:
Element What to record Source name Name of the database, portal, or tool Record identifier Case number, docket number, filing number, parcel ID, or equivalent URL Direct link to the record where available Retrieval date The date the record was accessed Archive URL Archive.ph or Wayback Machine archive of the page where possible Why retrieval date matters: Government portals change, records get expunged, URLs break. A finding cited as “Travis County court records” with no date is not reproducible. A finding cited as “Travis County District Court, Case No. 2021-DC-01847, accessed March 15, 2024, https://[url]” can be verified by anyone.
Why archive URLs matter: Online records sometimes disappear between the investigation and the time findings are questioned. An archived copy of the page at the time of access is evidence that the record existed and showed what you say it showed.
Chain of Custody for Digital Evidence
In formal investigations — legal proceedings, journalistic investigations, professional due diligence — digital evidence needs to demonstrate it hasn’t been altered between discovery and presentation.
Minimum chain of custody documentation:
- Original file downloaded and preserved in unaltered form
- Hash value of the file recorded at time of download (SHA-256 is standard)
- Storage location documented
- Annotations maintained as a separate annotated copy — original remains unaltered
- Access log maintained showing who accessed the file and when
For personal due diligence, full chain of custody documentation isn’t necessary. For investigations that may result in legal action, employment decisions, or publication, it is.
Handling Personal Identifiable Information
OSINT reports often contain sensitive personal information. Professional standards:
Minimum retention — retain only what’s necessary to support the findings. Full Social Security numbers, financial account numbers, and personal medical information should not appear in OSINT reports even when technically available from public records.
Secure storage — reports containing personal information should be stored in encrypted storage, not in unprotected cloud documents or email attachments.
Access limitation — distribute reports only to those who need to act on the findings.
Retention period — define how long the report and underlying records will be retained before deletion.
Writing the Report: Style and Tone
OSINT reports are not persuasive writing. They are technical documents whose purpose is to convey verified facts with appropriate uncertainty language.
Use precise, neutral language for findings:
Weak: “Smith seems to have a troubled financial history.” Strong: “Three civil judgments appear in Travis County court records under the name John M. Smith between 2018 and 2022, totaling $47,400.”
Use explicit uncertainty language for unverified results:
Weak: “Smith also has addresses in Nevada.” Strong: “People-search aggregator profiles associate the subject with addresses in Las Vegas, Nevada. This has not been verified through Nevada county property records or state court records.”
Use labeled interpretive language for conclusions:
Weak: “The pattern suggests Smith deliberately structured his business entities to evade creditors.” Strong: “Based on the timing of entity formations and dissolutions relative to the civil judgments (see Timeline, items 4–9), new entities appear to have been formed within 60 days of each adverse judgment. The investigator assesses this pattern as potentially consistent with asset protection structuring, though other explanations exist.”
Confidence language reference:
Confidence level Language to use High “Records confirm…” · “Verified by…” · “[Source] shows…” Medium “Multiple sources indicate…” · “Appears consistent across…” · “Corroborated by…” Low “A single source suggests…” · “Unverified report of…” · “Requires further investigation…” Conclusion “Based on the above findings, the investigator assesses…” · “This pattern appears consistent with…” Negative Results: The Most Undervalued Section
The negative results section is where most informal OSINT reports fail. It is consistently omitted, abbreviated, or treated as a formality. It is none of these things.
A negative result is a finding. “No criminal records found in the Texas, Oklahoma, and Louisiana state court portals or in PACER as of [date]” tells the reader something specific and meaningful. It means the investigation searched those systems and found nothing — which is different from not having searched them.
The absence of a negative results section implies completeness that may not exist. If a report lists only what was found, the reader reasonably infers the listed findings represent the complete picture. If the investigation only searched one state’s court records, that inference is wrong — and could lead to decisions based on an incomplete assessment.
What the negative results section should contain:
NEGATIVE RESULTS / SCOPE DOCUMENTATION System | Date searched | Result ---------------------------------|-----------------|-------- Texas state court portal | March 15, 2024 | No records found Oklahoma state court portal | March 15, 2024 | No records found PACER (all federal districts) | March 15, 2024 | No federal filings found Travis County property records | March 15, 2024 | No property ownership found Texas Secretary of State | March 15, 2024 | No active business registrations Systems not searched: — Nevada court records (no confirmed Nevada address) — Pre-2000 historical records (outside digital access period)This section turns a search session into a documented investigation.
A Complete Report Example
Investigation objective: Verify the identity and background of a contractor (Brian Holloway, Austin TX) before making a $12,000 payment.
ADVERSE FINDINGS SUMMARY
Subject: Brian M. Holloway Investigation date: March 15, 2024 Objective: Verify contractor identity and surface any adverse public record before payment
CONFIRMED ADVERSE FINDINGS
Federal bankruptcy filing — HIGH CONFIDENCE Brian M. Holloway filed for Chapter 7 bankruptcy in the Western District of Texas on February 14, 2020 (Case No. 20-10234-hcm). The case was discharged August 3, 2021. Schedule F lists seven unsecured creditors including three private individuals owed a combined $18,400. The bankruptcy petition lists phone number 512-555-0187 as contact, consistent with the phone number provided by the subject. Source: PACER, Western District of Texas, Case No. 20-10234-hcm, accessed March 15, 2024.
Civil lawsuit — HIGH CONFIDENCE A civil lawsuit was filed against Brian M. Holloway in Travis County District Court on June 2, 2019 (Case No. 2019-DC-03412) by a private party alleging breach of contract. The case was dismissed without prejudice on November 14, 2019. Source: Travis County District Court portal, Case No. 2019-DC-03412, accessed March 15, 2024.
CONFIRMED IDENTITY FINDINGS
Identity confirmed — HIGH CONFIDENCE Brian M. Holloway confirmed as owner of 4821 Shoal Creek Blvd, Austin, TX 78756 since 2016. Phone number 512-555-0187 confirmed in sworn bankruptcy filing. Identity consistent across reverse phone lookup, Travis County Appraisal District (parcel 123456, accessed March 15, 2024), Travis County District Court, and PACER.
UNCONFIRMED INDICATORS
None identified.
NEGATIVE RESULTS
No criminal records found in Texas state court portal (accessed March 15, 2024). No additional federal filings beyond bankruptcy found in PACER (accessed March 15, 2024). No business registrations found under subject’s name in Texas Secretary of State (accessed March 15, 2024).
SCOPE NOTE
This investigation searched Texas state courts, PACER (all federal districts), Travis County property records, and Texas Secretary of State. Records in other states were not searched as the subject has no confirmed out-of-state addresses. Historical records predating the available digital period were not searched.
ASSESSMENT
The subject’s identity is confirmed through four independent sources. Two adverse public record findings exist: a 2020 federal bankruptcy with unpaid private debts and a 2019 civil lawsuit for breach of contract. The bankruptcy was discharged and the lawsuit dismissed, but their existence may be relevant to the decision to proceed with payment. The investigator makes no recommendation — this assessment is provided for informational purposes only.
Common Report Mistakes
Presenting unverified findings as confirmed. The most consequential error. When an aggregator result or misattributed record appears in the confirmed findings section, the entire report becomes less trustworthy — and legally risky.
Omitting the negative results section. Implies a comprehensiveness the investigation may not have. Always document what was searched and not found.
Conflating findings with conclusions. “A lawsuit was filed” is a finding. “The subject is litigious” is a conclusion. These cannot appear in the same voice without labeling.
Vague source citations. “Court records show…” without a case number, jurisdiction, and access date is not a citation. Anyone who needs to verify the finding cannot do so.
Failing to archive sources. A report citing a URL that no longer works is a report that can’t be verified. Archive significant sources at the time of access.
Over-scope. Including every result regardless of relevance. A report that lists every address a subject has ever lived at and every search performed — without filtering for relevance — is raw research presented as output.
Under-scope. Omitting significant findings because they’re uncomfortable or uncertain. Every finding that meets the confidence threshold goes in, regardless of whether it favors one outcome.
Frequently Asked Questions
Does every OSINT investigation need a formal report? No. A quick identity check before a meeting doesn’t need a formatted document. The format scales to the stakes — personal screening warrants notes with source documentation; professional due diligence warrants a formal findings memo; investigations that may lead to legal action warrant full documentation standards.
Can I include screenshots? Yes, and for significant findings you should. Screenshots with URL, date, and context visible provide visual documentation supporting the written finding. Store originals unaltered alongside annotated copies.
What if findings conflict with each other? Document the conflict explicitly. A finding where two sources disagree should be noted as “conflicting records” with both sources cited. If the conflict can’t be resolved, include both findings with the conflict noted — don’t choose one and suppress the other.
How do I handle a finding that turns out to be wrong? Correct it and document the correction. If a finding was included at medium confidence and subsequent research revealed it was misattributed, correct the report, note the correction with the date, and explain the error. Accuracy matters more than appearing infallible.
How long should an OSINT report be? As long as the objective requires and no longer. A subject profile for a quick contractor check might be one page. A corporate due diligence report might be twenty. Length is determined by the number of confirmed findings and the scope documentation — not by a desire to appear thorough.
Final Thoughts
An OSINT report is the form that makes an investigation complete. Without it, research is a private activity — useful to the person who conducted it, inaccessible to anyone who needs to act on it, and indefensible if its findings are questioned.
A report is not a summary of research — it is a controlled presentation of verified facts with explicitly labeled uncertainty.
The principles are simple: distinguish findings from conclusions, document scope as rigorously as findings, assign confidence levels to everything, and never present an unverified result in the same voice as a verified one.
The structure serves the reader. The citations serve the truth. The scope documentation serves the subject — because “no records found in these systems on this date” is a precise and honest statement, and “no adverse history” without that scope is not.
Research becomes intelligence when it can be examined, challenged, and defended. The report is how that happens.
Where to Go Next
To understand the full process this phase belongs to: OSINT Workflow: The 8-Phase Investigation Framework — Phase 8 is the final step; the other seven phases are covered there.
For Phase 4 in depth: OSINT Pivoting: How to Follow Data Connections Across Systems — the discovery phase that produces the raw material the report organizes.
For Phases 5–7 in depth: How to Verify Information Using OSINT — source hierarchy, cross-referencing, and confidence levels that convert pivot findings into reportable intelligence.
For professional-depth methodology: OSINT for Advanced Investigators — infrastructure research, breach databases, image analysis, and documentation standards at advanced depth.
Related Guides
- OSINT Workflow: The 8-Phase Investigation Framework
- OSINT Pivoting: How to Follow Data Connections
- OSINT Tools for Beginners
- OSINT for Advanced Investigators
- Public Records for Journalists
- How Investigators Verify Someone’s Identity
Disclaimer: This article is for informational purposes only and does not constitute legal advice. OSINT research methods and their permissible uses vary by jurisdiction and purpose. Reports containing personal information should be handled responsibly and in compliance with applicable privacy laws. If you are using OSINT findings for employment, housing, or credit decisions, ensure compliance with FCRA requirements. This article may contain affiliate links — we may earn a commission if you purchase through them, at no extra cost to you.
2 thoughts on “How to Build an OSINT Report”
Comments are closed.