Researching the JFK Assassination with OSINT Tools

The release of over 63,000 pages of John F. Kennedy (JFK) assassination documents has offered new opportunities for Open-Source intelligence (OSINT) analysis. However, separating historical lessons from the mysteries they leave behind is no easy feat. Using new records that were recently made available, OSINT techniques are being employed to highlight cross-links between Lee Harvey Oswald and Cold War intelligence operations, as well as any redaction patterns that can be gleaned from the declassified records. This article examines the role of OSINT tools and techniques in conjunction with forensic science, the application of Artificial Intelligence (AI) in cross-checking these records, and the immutability of timestamps recorded on the blockchain.

OSINT Techniques and Tools

As new documents from the Cold War era are declassified, they reveal unsettling information about Lee Harvey Oswald's involvement in covert operations. These revelations show that sensitive details remain carefully redacted, even in some of our most closely examined historical records. A tool like Babel X is used by agencies like the Department of Homeland Security to analyse social media and other online data. Such tools might offer some perspective on talks concerning newly identified Central Intelligence Agency (CIA) operatives, such as James W. McCord Jr., whose work on fluoroscopic scanning technology is also detailed in the records.

To help map potential connections between Oswald and intelligence assets, OSINT practitioners can cross-reference these revelations with declassified embassy visitor logs, historical flight manifests, and targeted financial transactions. The files reveal gaps in interagency communication between the CIA and the FBI during the 1960s. Modern OSINT tools could retroactively analyse redaction patterns across document versions, metadata in digitised files, and chronological inconsistencies in operational reports.

For example, OSINT tools can automatically scan dark web marketplaces and forums, potentially revealing discussions about newly exposed CIA operatives or previously unknown connections. By cross-referencing declassified embassy visitor logs, historical flight manifests, and targeted financial transactions, OSINT practitioners can map potential connections between Oswald and intelligence assets.

Challenges in OSINT Analysis

The release of the JFK documents onto the U.S. National Archives and Records Administration's website provided significant volumes of new data. However, the challenge OSINT practitioners face is the authentication and processing of these documents. Despite the National Archives' extensive collection of over 6 million pages of records, photographs, motion pictures, sound recordings, and assassination artefacts, the absence of concrete evidence in the new files complicates investigative work on the conspiracy. Instead, most of what is included is related to Cold War CIA operations, spying, and diplomatic manoeuvring, leaving researchers piecing together bits of information without closure or having access to the complete picture. Censoring at least 2,400 pages is among the most pressing OSINT investigative challenges, as it restricts access to potentially crucial information.

When reports are withheld, they create gaps in the electronic paper trail, interfering with the building of a clear and complete timeline of events. These gaps also limit the effectiveness of OSINT tools such as FOCA, which searches for document metadata to determine document origins, editing history, and native security features. The inability to analyse the full dataset makes applying pattern recognition techniques to detect inconsistencies between declassified and classified records challenging.

Furthermore, the files contain some redactions and were hurriedly made public. These files reveal personally identifiable information, some sources and methods of intelligence gathering, and the names of individuals, although most of those involved have since passed away. Ethically, this will require a careful review of OSINT workflows.

Combining OSINT with Traditional Forensic Approaches

However, such challenges must be addressed because OSINT is crucial when verifying historical documents, such as the JFK assassination records. By comparing declassified documents with those previously released, researchers can identify missing information, discrepancies, or changes between the two, revealing details that could expose significant gaps in the primary record. An easy way to cross-reference the documentation is by comparing government records, Freedom of Information Act (FOIA) files, and third-party databases such as the Black Vault or WikiLeaks. Apart from creating digital footprints, these techniques can be used to assess changes made to documentation in instances where documents have been altered, redacted, or even forged before being made publicly available.

Forensic tools like ExifTool or pdfinfo can uncover hidden information within scanned documents or PDFs, including author, creation and modification dates, and even watermarks. These details may provide insight into records from previous reports or alterations made to earlier documents.

Additionally, reverse image searches can reveal if a document, or part of a declassified document, ever existed online before or after its classification. This can help validate the document’s existence before declassification or confirm a potential authorised release. Social media platforms and investigative forums are powerful OSINT tools. Collaborating with digital research communities helps enable crowdsourced verification, where experts work collectively to identify anomalies in declassified materials.

Examining online discussions can also reveal clues about how a document may have evolved over time or whether parts of it correspond to previous intelligence leaks. Practitioners can tell if specific records have been declassified before through conversation monitoring, a common technique in OSINT communities. OSINT methods can also strongly support investigative efforts; however, limitations remain due to the lack of access to secret documents, redactions, and gaps in the data.

OSINT enhances the authentication of historical documents and helps to detect fake content when combined with traditional forensic analysis, blockchain timestamping, and AI-assisted cross-reference. While this approach may not deliver definitive confirmation or rejection of the JFK records, it remains a vital tool for making historical discoveries and verifying the factual accuracy of government disclosures.

Blockchain Timestamping

Blockchain timestamping also offers additional forensic verification through an immutable record of when a document was created or altered. Researchers can confirm the integrity of a document stored on a decentralised ledger at any given moment by generating a cryptographic hash of the document. Python Libraries such as OpenTimestamps can independently timestamp a document on the blockchain to ensure its contents are not altered post-release. Forensic experts could examine the hashes if earlier file versions were previously stored on a blockchain to verify whether the newly declassified version has been tampered with or altered.

Implementing blockchain timestamping on JFK papers would create a lasting, irreversible public record of history. If intelligence agencies had tasked blockchain as a tracking mechanism for declassified files, an unquestionable chain of custody would lend confidence to the authenticity of each release. If more than one document version exists, a forensic examiner can utilise blockchain verification of original authorship or determine whether unauthorised edits or modifications were made.

A classic example of the essence of the chain of custody can be found in the CIA's handling of the Oswald file. James Jesus Angleton, the chief of counterintelligence for the CIA, refused to release the Oswald file for four years, because "no record was allowed to see the light of day", purportedly to conceal the fact that Oswald had been under CIA investigation before the assassination. Withholding this file for years raises suspicion more than concern, but the most significant issue lies in the timeliness of its disclosure and accessibility. If blockchain technology were employed on the Oswald file, there would be an irrevocable record of modifications, access, and deletions, preserving the past and preventing after-the-fact manipulation.

AI-Powered Cross-Referencing

AI-powered cross-referencing enhances document verification by analysing vast amounts of historical data, identifying patterns, and uncovering inconsistencies that may go unnoticed through manual examination. Machine learning models can process over 60,000 pages of text from declassified JFK files, comparing linguistic structures, key phrases, and document formatting to detect anomalies or potential forgeries.

Beyond text analysis, AI can also evaluate associated audio and visual materials, transcribing and cross-referencing testimonies, radio communications, and film footage to identify discrepancies between official reports and recorded evidence. Geospatial data from Dealey Plaza can further contribute to the forensic process by reconstructing ballistic trajectories, eyewitness positions, and movement patterns. These techniques enable researchers to assess whether the documented accounts align with the physical evidence.

By integrating AI-driven analysis with OSINT, blockchain timestamping, and traditional forensic methods, investigators can develop a comprehensive, data-driven approach to verifying the authenticity of historical records.

AI Risks to Historical Investigations and How to Mitigate Them

While AI checking can maximise the verification of documents, it also poses inherent risks to historical inquiries. Machine learning paradigms are only as accurate as the data upon which they were constructed. As a result, tainted and biased data sets can lead to incorrect conclusions. Artificial intelligence interrogation can also misinterpret linguistic norms, contextual factors, or censorship, generating false positives or deceptive correlations, even when the intent is not inauthentic. Audio or video coding and geospatial deep learning models may struggle with low-resolution or degraded archival material, resulting in mistranscriptions or misaligned evidence.

Additionally, regardless of how sophisticated AI becomes, its output must be continually verified to mitigate risk using traditional investigative methods, including but not limited to human document examination, forensic paper and ink testing, and metadata inspection. Human judgment remains vital for contextualising AI-generated findings and helps ensure that algorithms do not incorrectly flag genuine documents as inauthentic or misinterpret minor or subtle amendments.

Impact on Conspiracy Theories

While OSINT tools have previously granted researchers unprecedented access to Cold War intelligence records, the necessary classified redactions still obstruct full transparency. The JFK files mainly affirm failures in interagency communications between the CIA and FBI, expose sophisticated Cold War surveillance techniques like fluoroscopic scanners, and catalogue pre-assassination intelligence warnings regarding Oswald.

However, OSINT analysis indicates that the files largely confirm the Warren Commission’s central conclusions while revealing bureaucratic failings rather than secret conspiracies. Integrating OSINT research with blockchain timestamping, alongside traditional forensic approaches such as ink analysis, handwriting verification, and paper composition testing, enables forensic specialists to create a multi-layered approach to document verification.

Blending these new digital methods with traditional forensic study techniques guarantees the utmost precision in confirming the provenance of sensitive government material. If discrepancies are found, these methods enable us to track what has changed and how, providing a means to assess whether a document has been amended to serve a specific agenda.

Ethical Considerations

Sensitive historical documents should be released after careful consideration of the ethical implications. However, the pursuit of historical truth must also be balanced against the need to protect privacy, national security interests, and the integrity of intelligence operations. There are strict ethical considerations for your work as an OSINT analyst, as you must adhere to strict ethical guidelines to ensure that any analysis avoids exposing sensitive information or putting anyone at risk. This entails carefully reviewing redactions to prevent the disclosure of personally identifiable information and maintain the confidentiality of intelligence sources and methods.

Conclusion

While OSINT has not cracked any of the JFK case’s riddles, it affords unique insight into Cold War-era intelligence practices, and some observers argue that a level of transparency should be demanded of modern administrations. The real revelation could be how releasing historical documents challenges our ability to make sense of complex informational fields. By using OSINT techniques, coupled with traditional forensic practices to cross-reference and passive image analysis, and finally, time-stamping records on the blockchain, historians can better authenticate and verify historical records that, now more than ever, can be fabricated and used to manipulate and deceive the public about historical events.

Addressing the challenges and ethical issues of analysis is essential to ensure that historical research is conducted responsibly, ethically and with integrity.

Authored by: The Coalition of Cyber Investigators © 2025 The Coalition of Cyber Investigators.

All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator; and

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader.

With over 80 years of combined hands-on experience, Paul and Neal remain actively engaged in their field.

They established the Coalition to provide a platform to collaborate and share their expertise and analysis of topical issues in the converging domains of investigations, digital forensics, and OSINT. Recognising that this convergence has created grey areas around critical topics, including the admissibility of evidence, process integrity, ethics, contextual analysis, and validation, the coalition is Paul and Neal’s way of contributing to a discussion that is essential if the unresolved issues around OSINT-derived evidence are to be addressed effectively. Please feel free to share this article and contribute your views.