What is Data Enrichment & Pivoting

OSINT tips for analysis and dig deeper information

What is data enrichment?

Data enrichment is the process of adding information or supplements to raw data sets obtained from open sources, with the aim of increasing the value, context, and meaning of the data. In the context of Open Source Intelligence (OSINT), data enrichment aims to enrich the information that has been collected so that it becomes more relevant, accurate, and can be processed for further analysis.

The data enrichment process in OSINT includes:

1. Entity identification

Taking raw data and extracting important entities such as names, IP addresses, domains, emails, organizations, geographic locations, and others.

2. Data correlation

Combining information from various open sources (social media, forums, WHOIS, DNS records, and others) to find connections between entities.

3. Metadata addition

Adding supporting data such as access date, source, accuracy, media, author, and reputation of the information obtained

4. Categorization and normalization

Classifying data into specific categories (e.g., individuals, organizations, digital assets) and harmonizing formats so that data can be easily processed automatically and in a structured manner

The purpose about data enrichment

1. Improve the quality and reliability of information

2. Provide additional context for analysis and decision making

3. Facilitate the pivoting process (exploring connections from one data set to another)

4. Unlock the potential for new discoveries through indirect correlations

Example

You find unique data such as email addresses and phone numbers, for example +60 xxxxx and the email address test@redacted.com. Then you conduct a more in-depth search, for example, from the email address to the associated social media accounts that are registered. Then, for the phone number, you check it in your e-wallet or local bank and find the name of the owner of that number.

What is pivoting?

Pivoting is a method used in OSINT (Open-Source Intelligence) to find more information by moving from one clue to another that is still related. With pivoting, investigators can start with just one piece of simple data, such as an email address or phone number, then jump to social media accounts, and then find photos, names, or even related websites. All these small jumps ultimately help form a more complete picture of the person, group, or object being investigated.

The purpose of pivoting?

1. Connecting data

Bringing together information such as email, username, or IP address to see related information

2. Building context

Making previously separate or random data clearer, for example, about who the owner is or what their activities are

3. Turning data into intelligence

Turning simple clues into finding important identities, infrastructure, or activities

Example

For example, you have obtained an email address, then you can perform data enrichment in the previous stage. For example, you find social media accounts linked to the email address. For example, you find an Instagram profile, then you search for information through Instagram, such as followers, following, activity, POI, and close friends, as well as when the account is active and inactive.