Investigative Journalism Methods - Professional Frameworks

Executive Summary

This document synthesizes methodologies from leading investigative journalism organizations including the International Consortium of Investigative Journalists (ICIJ), ProPublica, Organized Crime and Corruption Reporting Project (OCCRP), BBC, Global Investigative Journalism Network (GIJN), and Investigative Reporters and Editors (IRE). These frameworks have been tested at unprecedented scale through investigations analyzing billions of documents across hundreds of countries.

Key Principles:

Documentary evidence systematically prioritized over testimonial evidence
Hypothesis-based investigation framework separating facts from assumptions
Multi-layered verification processes with independent fact-checking
Collaborative infrastructure enabling global coordination while maintaining security
Evidence hierarchy placing authenticated official documents at the top
Transparent methodology and fierce editorial independence

Scale Achievements:

Panama Papers: 11.5M documents, 2.6TB, 370+ journalists, 80+ countries
Paradise Papers: 13.4M documents, 380+ journalists, 67 countries
Pandora Papers: 11.9M documents, 2.9TB, 600+ journalists, 150 media organizations
OCCRP Aleph: 4+ billion documents, 180+ countries

This methodology shares concepts and techniques with other investigation frameworks:

Evidence Hierarchy

Legal eDiscovery - FRE 902 self-authenticating records, hash certification
Police Investigations - FBI 5-step chain of custody protocol
Regulatory Investigations - Documentary evidence hierarchy in professional standards cases

Verification Protocols

Intelligence Analysis - Admiralty Code (source reliability + information credibility)
Academic Research - Source triangulation and methodological rigor assessment
Police Investigations - Cognitive Interview technique for witness reliability

Multi-Document Analysis

Legal eDiscovery - TAR 2.0/CAL for massive document review (Panama Papers scale)
Academic Research - PRISMA protocol for systematic document screening
Intelligence Analysis - Decision-level fusion for contradictory sources

Quality Control

Quality Control Comparison - Comprehensive QC methodology comparison across all six domains
Academic Research - Cohen's Kappa (≥0.60 for "substantial agreement")
Regulatory Investigations - Independent dual decision-makers

Temporal Analysis

Legal eDiscovery - 8-step timeline construction with Bates linking
Police Investigations - 5WH framework (When as critical dimension)
Intelligence Analysis - Chronologies for pattern detection and gap identification

Network Analysis

Legal eDiscovery - Email network metrics (betweenness centrality, community detection)
Intelligence Analysis - Entity relationship mapping across INT types
Academic Research - Framework Method for thematic network visualization

1. Investigation Workflows

1.1 Hypothesis-Based Framework

Core Principle: Separate verifiable facts from working assumptions to prevent confirmation bias and maintain investigative rigor.

Structure:

Investigation Hypothesis
├── Known Facts (documented, verified)
│   ├── Primary source documents
│   ├── Corroborated testimonies
│   └── Official records
├── Working Assumptions (require verification)
│   ├── Hypothesis to test
│   ├── Evidence needed
│   └── Alternative explanations
└── Open Questions
    ├── Information gaps
    ├── Contradictions to resolve
    └── Sources to develop

Process:

Initial Hypothesis Formation
- State the investigative question clearly
- Document known facts with sources
- Identify assumptions requiring verification
- List alternative explanations
Evidence Prioritization
- Documentary evidence > testimonial evidence
- Official documents (if authenticated) > secondary sources
- Multiple corroborated sources > single source
- Direct evidence > circumstantial evidence
Continuous Refinement
- Update hypothesis as new evidence emerges
- Document changes in understanding
- Maintain chain of reasoning
- Test against alternative explanations

Example Application:

Hypothesis: Official X misused public funds for personal benefit

Known Facts:
- Bank transfer records showing payments to Company Y (documents verified)
- Official X's spouse is listed as director of Company Y (corporate registry)
- Contract awarded to Company Y without competitive bidding (procurement records)

Assumptions Requiring Verification:
- Official X influenced contract award
- Company Y provided no legitimate services
- Payments exceeded market rates

Evidence Needed:
- Communication records between Official X and procurement department
- Market analysis of comparable services
- Delivery records or proof of service completion
- Official X's financial disclosure statements

Alternative Explanations to Test:
- Company Y was legitimately qualified and provided services
- Procurement followed legal exemptions
- Market rates justified the payment
- Official X had no involvement in contract decision

1.2 GIJN 5-Phase Investigation Process

The Global Investigative Journalism Network framework provides a systematic approach from inception to impact measurement.

Phase 1: Research & Planning (20-30% of timeline)

Define investigation scope and public interest
Preliminary document review and background research
Identify key actors, institutions, and relationships
Develop investigation plan with milestones
Assess legal and ethical considerations
Secure necessary resources and permissions

Phase 2: Source Development (25-35% of timeline)

Cultivate human sources across multiple positions
Establish communication protocols (secure channels)
Build trust through repeated interactions
Develop insider sources with direct knowledge
Identify whistleblowers and protect their identity
Map source reliability and access levels

Attribution Levels:

On Record: Full attribution with name and position
On Background: Information usable, but not attributable to named source
On Deep Background: Information guides investigation, not directly cited
Off Record: Information cannot be used, helps understanding context

Phase 3: Financial Tracking (15-25% of timeline)

Obtain and analyze financial records
Trace money flows through corporate structures
Identify beneficial ownership and shell companies
Cross-reference banking records with official disclosures
Map financial networks and relationships
Identify unexplained wealth or discrepancies

Phase 4: Verification & Fact-Checking (20-30% of timeline)

Independent verification of all key facts
Cross-reference multiple sources
Authenticate documents and records
Verify testimonies against documentary evidence
Test claims against alternative explanations
Resolve contradictions and information gaps

Phase 5: Impact Measurement (Post-publication)

Track policy changes and institutional responses
Monitor legal proceedings initiated
Document follow-up investigations by authorities
Assess public awareness and discourse shifts
Measure dataset usage by other journalists
Evaluate methodology improvements for future work

1.3 IRE/NICAR Data-Driven Framework

Investigative Reporters and Editors (IRE) and the National Institute for Computer-Assisted Reporting (NICAR) emphasize data analysis and open-source intelligence.

Core Components:

A. Open Source Intelligence (OSINT)

Public records mining (court filings, property records, corporate registries)
Social media investigation and network mapping
Web archiving and historical content recovery
Geolocation and satellite imagery analysis
Metadata extraction from digital documents
Domain registration and website ownership tracking

B. Public Records Strategy

Freedom of Information Act (FOIA) requests
State and local public records requests
Court document retrieval systems (PACER, state databases)
Government contracting databases
Campaign finance records
Professional licensing and disciplinary records

C. Data Journalism Techniques

Database construction from unstructured sources
Statistical analysis for pattern detection
Data cleaning and standardization
Comparative analysis across jurisdictions
Anomaly detection and outlier identification
Data visualization for pattern recognition

D. Whistleblower Handling Protocol

Secure communication channels (Signal, SecureDrop, PGP)
Source protection procedures
Document verification from anonymous sources
Legal consultation on source protection
Psychological support for sources under stress
Exit strategy planning for at-risk sources

E. Digital Security

Encrypted communications (end-to-end encryption mandatory)
Secure document storage (VeraCrypt, offline encrypted drives)
Two-factor authentication on all accounts
VPN usage for investigative research
Air-gapped systems for sensitive material
Digital forensics capabilities

2. Investigation Workflows

2.1 The Investigative Cycle

Standard Investigation Phases:

Story Genesis
- Tip, leak, or observation
- Preliminary assessment of public interest
- Initial feasibility analysis
- Resource allocation decision
Pre-Investigation Research
- Background reading and context building
- Identification of key actors and institutions
- Preliminary document gathering
- Expert consultation
- Legal and ethical review
Active Investigation
- Systematic evidence collection
- Source interviews and document analysis
- Follow-up research based on findings
- Hypothesis testing and refinement
- Building documentary foundation
Verification Phase
- Independent fact-checking of all claims
- Document authentication
- Cross-referencing sources
- Alternative explanation testing
- Legal review and risk assessment
Writing and Editing
- Narrative construction based on evidence
- Line-by-line editorial review
- Fact-checker independent verification
- Legal vetting
- Ethical review
Right of Reply
- Subjects given opportunity to respond
- Responses incorporated or addressed
- Final fact-check after responses
- Legal review of final version
Publication and Follow-up
- Coordinated release (if collaborative)
- Source protection monitoring
- Follow-up reporting on impacts
- Dataset publication (when appropriate)
- Methodology documentation

2.2 Collaborative Investigation Workflow (ICIJ Model)

The International Consortium of Investigative Journalists pioneered "radical sharing" for global investigations.

Workflow Stages:

Stage 1: Data Acquisition and Security

Secure data transfer via encrypted channels
Physical delivery of hard drives when appropriate
Immediate encryption of all materials (VeraCrypt double encryption)
Access logging and audit trails
Need-to-know access controls
Legal assessment of data handling

Stage 2: Initial Processing

Data deduplication and integrity verification
Preliminary indexing and cataloging
Metadata extraction
Initial assessment of data scope and structure
Technology stack selection
Infrastructure setup

Stage 3: Partner Selection and Onboarding

Invitation to trusted media partners
Geographic and expertise coverage assessment
Confidentiality agreements
Security training for partners
Access provisioning to shared systems
Communication channel establishment

Stage 4: Parallel Investigation

Partners investigate within their jurisdictions/expertise
Regular coordination calls and updates
Shared findings posted to collaboration platform
Cross-referencing and connection identification
Collective hypothesis testing
Resource sharing and expertise exchange

Stage 5: Story Development

Individual story development by partners
Peer review within consortium
Fact-checking coordination
Legal review by multiple jurisdictions
Embargo coordination
Publication strategy alignment

Stage 6: Coordinated Publication

Simultaneous global release
Shared dataset publication
Joint press conferences
Coordinated social media strategy
Follow-up coordination
Impact tracking

Key Principles:

Radical Sharing: All data accessible to all partners
Trust-Based Collaboration: Pre-existing relationships essential
Security First: Comprehensive operational security
Editorial Independence: Each partner controls their story
Collective Impact: Coordinated release maximizes attention
Open Methodology: Transparent processes build credibility

3. Source Verification and Fact-Checking Protocols

3.1 Three-Step Verification Process

Step 1: Verification

Confirm the source is who they claim to be
Assess source's access to information
Evaluate source's reliability and track record
Check for conflicts of interest or bias
Document verification method

Step 2: Investigation

Corroborate claims with independent sources
Obtain supporting documentation
Test claims against known facts
Identify and resolve contradictions
Seek alternative explanations

Step 3: Documentation

Record verification process in detail
Document chain of custody for materials
Note limitations or caveats
Create audit trail for fact-checkers
Preserve original materials

3.2 Source Evaluation Framework

Reliability Assessment:

Direct Knowledge: Source has firsthand access to information
Position/Expertise: Source's role gives credible access
Track Record: Source has provided accurate information previously
Corroboration Available: Multiple sources confirm claims
Documentary Support: Documents back testimonial claims
No Apparent Bias: Source has no obvious conflict of interest

Red Flags:

Secondhand or thirdhand information
Claims inconsistent with documents
Changing stories or contradictions
Unwillingness to provide supporting evidence
Anonymous sources with unverifiable claims
Sources with clear agenda or bias

Source Classification System:

Tier 1: Direct witnesses with documentary proof
Tier 2: Insiders with direct access, claims corroborated
Tier 3: Knowledgeable sources, partially corroborated
Tier 4: Secondary sources, claims require verification
Tier 5: Circumstantial sources, use with extreme caution

3.3 ProPublica Anonymous Source Policy

Core Standard: Anonymous sources used only when information is vital to the public, no alternative exists, and source is knowledgeable and reliable.

Requirements:

Essentiality: Information must be of significant public interest
Necessity: No on-the-record source available
Reliability: Source demonstrably knowledgeable and credible
Verification: Independent corroboration required
Transparency: Explain to readers why anonymity granted
Editorial Approval: Senior editor must approve usage

Documentation:

Real identity known to reporter and editor
Reason for anonymity documented internally
Verification method recorded
Corroborating evidence on file
Legal review of source protection strategy

Attribution Language:

Describe source's access without revealing identity
Explain reason anonymity was granted
Note limitations of anonymous sourcing
Example: "According to a government official with direct knowledge of the investigation, who requested anonymity because they were not authorized to speak publicly..."

3.4 Magazine-Model Fact-Checking

Independent Verification System:

Fact-Checker Role:

Operates independently from reporter and editor
Verifies every factual claim in the story
Checks quotes against recordings or transcripts
Confirms document authenticity and accuracy
Tests interpretations and contextualizations
Challenges conclusions not supported by evidence

Process:

Line-by-Line Review
- Every sentence examined for factual claims
- Each claim sourced to primary material
- Quotes verified against audio/transcripts
- Statistics checked against source data
- Context verified for accuracy
Source Verification
- Contact original sources directly when possible
- Verify credentials and expertise
- Confirm quotes and attributions
- Check for misrepresentation or missing context
- Document verification attempts
Document Authentication
- Verify provenance and chain of custody
- Check for alterations or manipulation
- Confirm official documents with issuing authority
- Cross-reference against public records
- Assess context and completeness
Numerical Verification
- Recalculate all statistics and percentages
- Verify against source data
- Check methodologies for appropriateness
- Confirm sample sizes and margins of error
- Test interpretations for accuracy
Dispute Resolution
- Fact-checker disputes flagged to editor
- Reporter provides additional verification
- Editor adjudicates disagreements
- Legal review when necessary
- Changes documented in audit trail

Annotation System:

Factual claims color-coded by verification status
Sources linked to each claim
Caveats and limitations noted
Alternative interpretations documented
Verification method recorded

3.5 Document Verification Checklist

Form Analysis:

Document type and expected format
Layout, fonts, and formatting consistency
Official seals, logos, or letterhead
Signatures and dates
Paper quality and aging (for physical documents)
Metadata (for digital documents)

Content Analysis:

Internal consistency of information
Language and terminology appropriate to source
Dates and timelines logical
References to verifiable external facts
Technical details accurate
Legal or procedural language correct

Authenticity Verification:

Cross-reference with official records
Contact issuing authority for confirmation
Compare with known authentic examples
Expert evaluation (forensic document analysis if necessary)
Metadata analysis for digital documents
Chain of custody documentation

Contextual Verification:

Document fits within known timeline
Consistent with other verified information
Parties identified are correct
Circumstances described are plausible
No anachronisms or impossibilities
Supporting documents available

Red Flags:

Inconsistencies in formatting or style
Unusual or suspicious provenance
Anonymous source with no verification path
Too convenient timing or content
Inconsistent with known facts
Similar to known forgeries

4. Document Analysis Techniques

4.1 7-Stage Document Processing Pipeline

Developed through ICIJ mega-leaks (Panama Papers, Paradise Papers, Pandora Papers), this pipeline processes millions of documents systematically.

Stage 1: Data Reception & Deduplication

Secure encrypted transfer or physical delivery
Hash verification for file integrity
Duplicate detection using file hashes
Initial cataloging and metadata extraction
Storage in encrypted volumes (VeraCrypt)
Access logging initiation

Stage 2: Text Extraction

Extract text from structured documents (PDF, Word, Excel)
Apache Tika for multi-format processing
Preserve formatting and structure metadata
Handle password-protected files
Extract embedded files and attachments
Maintain parent-child relationships

Stage 3: Optical Character Recognition (OCR)

Process scanned documents and images
Tesseract or ABBYY FineReader for text extraction
Language detection and multi-language processing
Quality assessment of OCR output
Manual review of low-confidence extractions
Re-scan poor quality documents

Stage 4: Indexing and Search

Apache Solr or Elasticsearch for full-text indexing
Faceted search by document type, date, entities
Near-duplicate detection
Relevance ranking algorithms
Cross-document reference linking
Boolean and proximity search capabilities

Stage 5: Structured Data Extraction

Identify tabular data in documents
Extract to structured databases
Parse semi-structured formats (emails, forms)
Create relational models
Enable SQL queries on extracted data
Link structured data to source documents

Stage 6: Entity Extraction (Named Entity Recognition)

Identify persons, organizations, locations
Extract financial figures, dates, addresses
Custom entity types (company roles, jurisdictions)
Disambiguation of entity references
Confidence scoring for extractions
Manual review and correction workflow

Stage 7: Network Analysis

Load entities and relationships into graph database (Neo4j)
Map ownership structures and corporate networks
Identify connections between entities
Visualize networks with Linkurious or similar
Path-finding between entities of interest
Centrality and influence analysis

4.2 Tools and Technologies

Document Processing:

Apache Tika: Multi-format text and metadata extraction
Tesseract OCR: Open-source OCR engine
ABBYY FineReader: Commercial OCR with high accuracy
Tabula: PDF table extraction
pdf-extract: Rust library for PDF text extraction

Search and Indexing:

Apache Solr: Enterprise search platform used in Panama Papers
Elasticsearch: Distributed search and analytics
Blacklight: Discovery interface over Solr
Datashare: ICIJ's open-source document analysis platform
Aleph (OCCRP): 4B+ document cross-reference system

Entity Extraction:

spaCy: Industrial-strength NLP with NER
Stanford NER: Named entity recognition system
Apache OpenNLP: Natural language processing toolkit
Custom models: Trained on domain-specific data (financial terms, legal language)

Network Analysis:

Neo4j: Graph database for relationship mapping
Linkurious: Network visualization and investigation
Gephi: Open-source network visualization
NetworkX: Python library for network analysis

Collaboration Platforms:

I-Hub: ICIJ's custom collaboration platform (Oxwall-based)
Datashare: Document analysis and sharing
Aleph: OCCRP's cross-reference platform
Secure communication: Slack/Mattermost with encryption

Security Tools:

VeraCrypt: Disk and volume encryption (double encryption)
PGP/GPG: Email encryption
Signal: Encrypted messaging
SecureDrop: Anonymous source submission system
Tails OS: Secure operating system for sensitive work

4.3 Panama Papers: Case Study in Scale

Dataset Characteristics:

Volume: 11.5 million documents, 2.6 terabytes
Sources: Mossack Fonseca law firm leak
Formats: Emails, PDFs, database files, images
Languages: Multiple (required translation workflows)
Journalists: 370+ from 80+ countries
Timeline: 12+ months from data receipt to publication

Processing Approach:

Secure Infrastructure Setup
- Air-gapped servers for data processing
- Encrypted storage with access controls
- VPN-only access for remote journalists
- Two-factor authentication mandatory
- Activity logging and monitoring
Initial Processing (3 months)
- Deduplication reduced dataset significantly
- Text extraction from mixed formats
- OCR of scanned documents (30%+ of total)
- Initial indexing in Apache Solr
- Basic entity extraction
Partner Onboarding (1 month)
- Selected partners based on geography and expertise
- Security training and access provisioning
- Tool training (search interface, collaboration platform)
- Coordination protocols established
Parallel Investigation (6 months)
- Partners investigate their jurisdictions
- Weekly coordination calls
- Shared findings on I-Hub platform
- Cross-referencing and connection building
- Story development and verification
Pre-Publication (2 months)
- Fact-checking across consortium
- Legal review in multiple jurisdictions
- Right of reply to subjects
- Final verification and editing
- Publication strategy coordination
Publication (April 2016)
- Simultaneous global release
- Coordinated press conferences
- Dataset made searchable online
- Follow-up reporting coordination

Impact:

Government investigations in 79 countries
Recoveries of $1.2+ billion in unpaid taxes
Resignations of multiple heads of state
Legal reforms in offshore finance
Pulitzer Prize for Explanatory Reporting

Lessons Learned:

Scale requires industrial-strength infrastructure
OCR quality critical for usability
Entity extraction needs manual review
Security cannot be compromised for convenience
Trust among partners essential
Coordinated release maximizes impact

4.4 Paradise Papers & Pandora Papers: Scaling Further

Paradise Papers (2017):

Volume: 13.4 million documents
Sources: Appleby law firm and corporate registries
Focus: Offshore finance, corporate structures
Innovations: Improved entity extraction, Neo4j network analysis
Impact: $1+ billion recovered, multiple legal actions

Pandora Papers (2021):

Volume: 11.9 million documents, 2.9 terabytes
Journalists: 600+ from 150+ media organizations
Sources: 14 offshore service providers
Focus: Hidden wealth of political leaders
Innovations:
- Enhanced entity disambiguation
- Automated relationship extraction
- Improved collaboration workflows
- Better visualization tools
- Faster processing pipeline (lessons from previous leaks)

Technical Evolution:

Datashare: ICIJ's open-source platform released
Better NER: Custom models for financial/legal entities
Graph Analysis: Neo4j integration for network mapping
Collaboration: More intuitive interfaces, better search
Security: Enhanced protocols based on lessons learned

5. Managing Large Document Troves

5.1 Initial Assessment and Scoping

Upon Receipt of Large Dataset:

Secure the Data
- Encrypt immediately (VeraCrypt or similar)
- Isolate from network if necessary
- Create offline backup
- Document chain of custody
- Assess legal risks of possession
Preliminary Survey
- Sample documents across dataset
- Identify file types and formats
- Assess languages present
- Estimate volume and complexity
- Identify potential processing challenges
- Determine required resources
Public Interest Assessment
- Identify potential stories and significance
- Assess newsworthiness and impact
- Consider ethical implications
- Evaluate legal risks
- Determine if investigation is warranted
- Decide on collaboration needs
Resource Planning
- Estimate processing time and cost
- Identify required technical expertise
- Determine journalist staffing needs
- Assess need for external partners
- Plan infrastructure requirements
- Create project timeline

5.2 Processing Strategy

Phased Approach:

Phase 1: Quick Wins (10-15% of timeline)

Identify most accessible/relevant documents
Process high-value subset first
Extract structured data sources
Run basic entity extraction
Enable search on initial subset
Begin preliminary reporting

Phase 2: Systematic Processing (50-60% of timeline)

Full pipeline processing of entire dataset
OCR of image-based documents
Entity extraction and disambiguation
Network analysis and relationship mapping
Cross-referencing and linking
Quality control and correction

Phase 3: Deep Dive (20-30% of timeline)

Investigate specific leads
Follow connections in network analysis
Verify key findings
Cross-reference with external sources
Build evidence packages
Prepare for publication

Phase 4: Finalization (10-15% of timeline)

Complete verification and fact-checking
Legal review
Right of reply
Final editing
Publication preparation

5.3 Search Strategies

Keyword Development:

Start with known entities and terms
Expand based on initial findings
Use domain-specific terminology
Create synonym lists
Include common misspellings
Adapt to document language/style

Advanced Search Techniques:

Boolean Logic: AND, OR, NOT operators
Proximity Search: Terms within X words of each other
Wildcard Search: Partial word matching
Fuzzy Search: Spelling variation tolerance
Field-Specific Search: Search within specific metadata
Date Range Filtering: Temporal focus

Iterative Search Process:

Broad search to assess scope
Narrow with additional terms
Review sample results for relevance
Refine search based on findings
Document effective search strategies
Share strategies with team

5.4 Collaborative Document Review

Division of Labor:

Geographic: Partners focus on their jurisdictions
Topical: Expertise-based assignment (finance, politics, etc.)
Entity-Based: Track specific individuals or organizations
Temporal: Focus on specific time periods
Document Type: Specialize in emails vs. contracts vs. financial records

Coordination Mechanisms:

Regular Calls: Weekly/bi-weekly all-hands updates
Shared Findings Database: Central repository of discoveries
Entity Tracking: Shared list of persons/organizations of interest
Cross-Reference Alerts: Notify when entities appear across investigations
Story Registry: Avoid duplication, coordinate coverage
Peer Review: Partners review each other's work

Documentation Standards:

Consistent citation format for documents
Unique identifiers for key evidence
Annotation of important passages
Tagging system for categorization
Version control for analysis
Audit trail for verification

6. Collaboration Tools and Methods

6.1 ICIJ I-Hub Platform

Core Features:

User Profiles: Journalist bios, expertise, contact info
Forums/Discussion Boards: Topic-based conversations
Document Sharing: Centralized evidence repository
Task Management: Story assignments and coordination
Real-Time Chat: Quick communication
Activity Feeds: Updates on partner activities

Built on Oxwall:

Open-source social networking framework
Customized for investigative needs
Security-hardened for sensitive data
Access controls and logging
Integration with document analysis tools

Best Practices:

Regular updates on progress
Share findings proactively
Ask questions and seek connections
Peer review and collective intelligence
Respect embargo and publication coordination
Maintain security protocols

6.2 ICIJ Datashare

Open-Source Document Analysis Platform:

Features:

Local or server deployment
Multi-format text extraction
OCR integration
Named entity recognition
Full-text search (Elasticsearch)
Batch document processing
Network visualization (Neo4j integration)
Tagging and annotation
Collaborative features

Workflow:

Import documents into Datashare
Automatic text extraction and OCR
Run NER to extract entities
Search and filter documents
Tag and annotate findings
Export results for reporting
Share with collaborators (if configured)

Advantages:

Free and open source
Privacy-preserving (local deployment)
Powerful search capabilities
Integration with standard tools
Active development and support
Community of users

6.3 OCCRP Aleph

Cross-Reference at Scale:

Dataset:

4+ billion documents
180+ countries
Government records, corporate registries, leaks
Continuously updated
Cross-border investigation focus

Capabilities:

Search across massive aggregated dataset
Entity matching and disambiguation
Network visualization
Cross-referencing between sources
Secure collaboration features
Export and reporting tools

Use Cases:

Background research on entities
Cross-border connection identification
Asset tracing across jurisdictions
Corporate ownership mapping
Sanctions and watchlist screening

Access:

Available to journalists via application
Training provided for effective use
OCCRP provides investigation support
Collaboration opportunities with OCCRP network

6.4 Secure Communication Protocols

Encrypted Messaging:

Signal: End-to-end encrypted, minimal metadata
Wire: Enterprise encrypted messaging
Threema: Swiss-based encrypted messaging
Element/Matrix: Federated encrypted chat

Email Encryption:

PGP/GPG: Public key encryption for email
ProtonMail: Encrypted email service
Tutanota: End-to-end encrypted email

File Sharing:

SecureDrop: Anonymous document submission
OnionShare: Anonymous file sharing via Tor
Tresorit: End-to-end encrypted cloud storage
VeraCrypt volumes: Encrypted containers for sharing

Video Conferencing:

Signal video calls: Encrypted video/audio
Jitsi Meet: Self-hosted encrypted video
Wire video: Enterprise encrypted video
Avoid: Unencrypted platforms for sensitive discussions

Operational Security Rules:

Use encryption by default, always
Verify encryption is active before discussing sensitive topics
No sensitive information in unencrypted channels
Regular security audits of tools and practices
Incident response plan for breaches
Train all participants in security protocols

6.5 Project Management for Investigations

Tools:

Trello/Notion: Task tracking and coordination
Asana: Project management with timelines
Airtable: Database for evidence tracking
Slack/Mattermost: Team communication (with encryption)
GitLab/GitHub: Code and document version control

Workflow Management:

Story Pipeline: Idea → Research → Writing → Editing → Fact-check → Legal → Publication
Milestone Tracking: Key deadlines and deliverables
Resource Allocation: Assign journalists to tasks
Dependency Management: Track blockers and dependencies
Status Updates: Regular progress reporting
Risk Register: Track legal, ethical, security risks

Documentation:

Investigation plan document
Evidence logs and source lists
Fact-check sheets
Legal review notes
Editorial decision logs
Post-mortem after publication

7. Evidence Tracking and Citation Standards

7.1 Evidence Hierarchy

Tier 1: Official Documents (Authenticated)

Government records and filings
Court documents and judgments
Corporate registrations and filings
Regulatory agency documents
Parliamentary/congressional records
Official audit reports

Tier 2: Primary Source Documents

Contracts and agreements
Internal memos and communications
Financial statements and records
Engineering reports and studies
Medical records
Original research data

Tier 3: Multiple Corroborated Testimonies

Multiple independent sources confirm same facts
Sources with direct knowledge
Consistent accounts across sources
No apparent coordination between sources
Documentary support for some claims

Tier 4: Single Reliable Testimony with Partial Documentary Support

Source with direct knowledge and credible access
Some documentary evidence supports claims
Source has proven reliable in past
Claims are internally consistent
No evidence of bias or agenda

Tier 5: Corroborated Circumstantial Evidence

Indirect evidence that collectively suggests conclusion
Multiple pieces of circumstantial evidence
Pattern consistent with hypothesis
Reasonable alternative explanations considered
Used cautiously with appropriate caveats

Tier 6: Single Testimony from Credible Source

Source position gives plausible access
Claims are specific and detailed
No obvious conflicts of interest
Cannot independently verify
Used with attribution and caveats

Tier 7: Uncorroborated Claims

Single source, no verification available
Use only when essential and with clear attribution
Explain limitations to readers
Seek corroboration before publication
Consider omitting if too weak

Key Principle: Build stories on Tier 1-3 evidence. Use Tier 4-5 to support. Use Tier 6-7 sparingly and with transparency about limitations.

7.2 Citation and Attribution System

Document Citation Format:

[Document Type] [Document ID/Title], [Date], [Source/Location]

Examples:
Internal memo from [Name] to [Name], March 15, 2018, obtained by [NewsOrg]
Corporate filing, XYZ Corp Annual Report 2020, Companies House (UK)
Email from [Name] to [Name], April 3, 2019, subject: [Subject], Panama Papers
Court filing, Smith v. Jones, Case No. 12345, Superior Court, filed June 1, 2021

Source Attribution Levels:

Full Attribution (On Record):

"According to [Name], [Title]..."
"John Doe, who served as CFO from 2015-2020, said..."
Use for: Official statements, public figures, whistleblowers willing to be named

Partial Attribution (On Background):

"According to a government official familiar with the investigation..."
"Three employees, who requested anonymity because they were not authorized to speak publicly, said..."
Use for: Sensitive information from sources who need protection but information is vital

General Attribution (On Deep Background):

"According to sources familiar with the matter..."
"Documents and interviews reveal that..."
Use for: Very sensitive sources, information guides reporting but not directly cited

No Attribution (Off Record):

Information used only for understanding, not publication
Helps guide investigation and questioning
Cannot be cited even generally

Transparency Requirements:

Explain why anonymity granted (e.g., "who requested anonymity for fear of retaliation")
Describe source's access to information without identifying them
Note when information has been corroborated
Disclose limitations (e.g., "could not independently verify")
Explain verification attempts

7.3 Evidence Management Systems

Physical Evidence:

Secure storage (locked file cabinets, safes)
Limited access with logging
Original documents separated from working copies
Chain of custody documentation
Climate-controlled for preservation
Destruction protocols for post-investigation

Digital Evidence:

Encrypted storage (VeraCrypt, BitLocker)
Multiple backups (local and offline)
Access controls and user permissions
Version control for document analysis
Metadata preservation
Secure deletion protocols

Evidence Database:

Unique identifier for each piece of evidence
Source and acquisition date
Verification status
Relevance tags and categories
Cross-references to other evidence
Usage tracking (which stories cite it)

Example Structure:

Evidence ID: DOC-2023-001
Type: Email
Date: 2018-03-15
From: John Smith (CEO)
To: Jane Doe (CFO)
Subject: Q1 Financial Results
Source: Confidential company leak
Received: 2023-01-10
Verification: Confirmed authentic via header analysis and corporate response
Relevance: Proves knowledge of financial misstatement
Used In: Story #5 (accounting fraud)
Status: Published
Caveats: Company disputes interpretation

7.4 Provenance and Chain of Custody

Document Provenance:

How was document obtained?
Who had access to it originally?
How did it reach the journalist?
Has it been altered or redacted?
Can authenticity be verified?
Are there other copies?

Chain of Custody Log:

Document: [ID and description]
Original Source: [How obtained, from whom, when]
Received By: [Journalist name], [Date]
Verification: [Method and result], [Date]
Analyzed By: [Names], [Dates]
Fact-Checked By: [Name], [Date]
Published: [Date, Story ID]

Maintaining Integrity:

Use write-once media for original preservation
Hash documents upon receipt (SHA-256)
Track all access and modifications
Separate originals from working copies
Document any redactions or alterations
Maintain metadata throughout process

7.5 Legal and Ethical Documentation

Decision Logs:

Major editorial decisions documented
Rationale for including/excluding information
Legal considerations and consultation
Ethical discussions and resolutions
Source protection decisions
Risk assessments

Legal Review Documentation:

Defamation risk assessment
Privacy law considerations
Source protection legal strategy
Document possession legality
Right of reply documentation
Insurance and indemnification status

Ethical Review:

Public interest justification
Harm minimization measures
Consent and notification decisions
Vulnerable source protection
Conflicts of interest disclosed
Editorial independence maintained

8. Security and Redaction Protocols

8.1 Operational Security (OpSec) Framework

Threat Model Assessment:

Identify potential adversaries (government, corporate, criminal)
Assess capabilities of adversaries
Evaluate risks to journalists, sources, and data
Determine required security level
Document security procedures
Regular threat reassessment

Communication Security:

End-to-end encrypted messaging mandatory (Signal preferred)
PGP for email when necessary
No sensitive discussions on unencrypted channels
Phone calls on encrypted lines only
In-person meetings for highest sensitivity
Code words/phrases for critical information

Device Security:

Full disk encryption on all devices
Strong passwords (12+ characters, unique)
Two-factor authentication on all accounts
Regular software updates
Antivirus and anti-malware
Air-gapped devices for most sensitive work

Network Security:

VPN usage mandatory for research
Tor for anonymity when needed
Avoid public WiFi for sensitive work
Secure home/office network
Separate devices for sensitive vs. routine work
No cloud storage of sensitive materials (except encrypted)

Physical Security:

Secure storage of documents and devices
Visitor logs and access controls
Shoulder surfing prevention
Secure disposal of materials
Travel security protocols
Emergency response plan

8.2 Source Protection

Identity Protection:

Minimize people who know source identity
Use pseudonyms in internal communications
Avoid creating records linking source to information
Metadata scrubbing on source materials
No identifiable information in documents or notes
Legal consultation on source protection laws

Communication Protocols:

Establish secure channel at first contact
Use encrypted messaging exclusively
No email to source's work address
Burner phones for voice communication
Public locations for in-person meetings
Anti-surveillance measures

Document Handling:

Remove metadata and identifying marks
Avoid unique formatting/wording that could identify source
Don't reference source position too specifically in story
Sanitize screenshots and excerpts
Secure destruction of materials that could identify source
Legal protection of source materials from subpoena

Psychological Support:

Recognize stress and trauma sources experience
Provide contacts for counseling/support
Regular check-ins after high-stress events
Respect source boundaries and decisions
Exit strategy planning if source feels unsafe
Post-publication support and monitoring

8.3 Data Security Protocols

Encryption Standards:

At Rest: VeraCrypt for volumes, BitLocker for Windows, FileVault for macOS
In Transit: TLS 1.3 minimum, PGP for email, encrypted file transfer
In Use: RAM encryption for most sensitive work, air-gapped processing

Double Encryption for Maximum Sensitivity:

1. Encrypt individual files (e.g., GPG)
2. Store in encrypted volume (e.g., VeraCrypt)
3. Volume stored on encrypted disk
4. Physical access controls to device

Key Management:

Strong passphrases (5+ words, randomly generated)
Key splitting for shared access (Shamir's Secret Sharing)
Secure key storage (password manager, hardware token)
Key escrow for organizational continuity
Regular key rotation
Key destruction protocols

Backup Strategy:

Multiple backups in different locations
Offline backups for security
Encrypted backups
Regular backup testing
Version control for working documents
Secure backup destruction after project completion

Data Destruction:

Secure file deletion (multiple overwrites)
Physical destruction of media when appropriate
Certificate of destruction for contracted services
Destruction logs
Legal requirements for retention considered
No recoverable data left behind

8.4 Redaction Protocols

What to Redact:

Personally identifiable information (PII) of non-subjects
Source-identifying information
National security information (after legal review)
Proprietary business information not relevant to story
Information that could endanger individuals
Legally protected information (e.g., sealed court records)

Redaction Methods:

Text Documents:

Use PDF redaction tools (Adobe Acrobat, QOPPA)
Black boxes over text (ensure text underneath is deleted)
Verify redaction by searching PDF for redacted terms
Flatten PDF to prevent removal of redactions
Test redacted document thoroughly before publication

Images:

Blur faces of non-subjects
Obscure identifying information (license plates, addresses)
Use opaque covering (not transparent)
Edit master file, not just overlay
Verify no EXIF data exposes location

Metadata:

Strip EXIF data from images
Remove document properties and revision history
Check for hidden text and comments
Remove tracked changes
Sanitize PDF metadata

Common Mistakes to Avoid:

Pixelation that can be reversed
Transparent overlays that can be removed
Searchable text underneath visible redaction
Metadata containing redacted information
Screenshots where original is still on device

Quality Control:

Second person reviews all redactions
Test redacted documents for leaks
Legal review of redaction decisions
Document rationale for redactions
Balance transparency with protection

8.5 Incident Response

Security Breach Response:

Containment: Isolate compromised systems, assess scope
Assessment: Determine what was accessed, by whom, when
Notification: Inform affected parties (sources, partners, legal)
Remediation: Fix vulnerabilities, restore secure operations
Documentation: Full incident report, lessons learned
Prevention: Update protocols to prevent recurrence

Source Exposure Response:

Immediate Contact: Warn source if safe to do so
Legal Consultation: Source protection strategy
Risk Mitigation: Help source secure their situation
Media Strategy: Consider how to address if public
Investigation: How was source exposed? Who was responsible?
Support: Ongoing assistance to source

Data Leak Response:

Assess Damage: What data was exposed, to whom
Notification: Inform all affected parties
Legal Review: Obligations and liabilities
Public Statement: If necessary, transparent about what happened
Forensics: How did leak occur, who was responsible
Prevention: Enhanced security measures

9. Temporal Analysis and Timeline Construction

9.1 Importance of Temporal Analysis

Why Timelines Matter:

Reveal contradictions between accounts
Show evolution of official narrative
Identify gaps in documentation
Establish causation vs. correlation
Detect backdating or timeline manipulation
Verify witness credibility

Common Temporal Discrepancies:

Dates of knowledge vs. dates of claimed knowledge
Sequence of events contradicting official account
Impossible timelines (events couldn't have occurred in stated sequence)
Backdated documents or communications
Gaps in records during critical periods
Post-hoc rationalizations

9.2 Timeline Construction Methodology

Data Collection:

Extract all dates from documents
Record date formats and time zones
Note explicit vs. implicit dates
Identify relative temporal references ("two weeks later", "before the meeting")
Document metadata timestamps
Collect witness testimony on dates

Temporal Entity Types:

Absolute Dates: Specific calendar dates (January 15, 2020)
Relative Dates: References to other events ("three days after")
Approximate Dates: Ranges or uncertainties ("early 2020", "sometime in March")
Recurring Events: Regular occurrences ("monthly meetings")
Durations: Time spans ("three-week investigation")

Cross-Referencing:

Verify dates across multiple sources
Identify conflicting dates for same event
Establish anchor events with certain dates
Calculate dates from relative references
Test timeline against external facts (e.g., person was traveling on alleged meeting date)

Timeline Representation:

Date         Event                                     Source              Confidence
----------   ----------------------------------------  ------------------  -----------
2018-01-15   Initial contract signed                   Contract Doc        Confirmed
2018-02-03   First payment transferred                 Bank Record         Confirmed
2018-03-20   Project "completed" according to report   Progress Report     Uncertain
2018-04-10   Official claims unaware of problems       Interview           Disputed
2018-04-22   Internal email shows awareness            Email (leaked)      Confirmed
2018-05-15   Public statement denying knowledge        Press Release       Inconsistent

9.3 Temporal Verification Framework

ChronoFact Research Findings:

82% of temporal verification errors due to implicit temporal information
Explicit dates generally reliable
Implicit dates require additional verification
Cross-reference multiple sources for temporal claims
Automated systems struggle with complex temporal relationships

Verification Process:

Identify Temporal Claims
- Explicit: "The meeting occurred on March 15, 2019"
- Implicit: "After the investigation concluded..."
Establish Anchor Points
- Find events with certain, verifiable dates
- Public events, official filings, media reports
- Use as reference for relative dates
Calculate Derived Dates
- Use relative references and anchors
- Example: "Three weeks after the March 15 meeting" = ~April 5
Cross-Reference Sources
- Multiple sources confirm same timeline
- Conflicting sources require resolution
- Documentary evidence prioritized over testimony
Test for Plausibility
- Could events have occurred in stated sequence?
- Do travel records, work schedules support timeline?
- Are gaps or clusters suspicious?
Document Uncertainties
- Note where dates are approximate or uncertain
- Flag contradictions requiring further investigation
- Distinguish between confirmed and inferred dates

9.4 Timeline Visualization Tools

TimelineJS:

Interactive web-based timelines
Integrates text, images, media
Google Sheets backend for easy updating
Embeddable in articles
Free and open source

CaseFleet:

Legal timeline software
Fact extraction from documents
Chronological organization
Issue-centric grouping
Collaborative features

Aeon Timeline:

Complex timeline creation
Multiple parallel timelines
Filtering and grouping
Integration with writing tools
Desktop application

Custom Solutions:

Database-backed timelines
D3.js for interactive visualizations
Integration with document management
Automated extraction of dates
Network-timeline hybrids

Best Practices:

Color-code by source or confidence level
Include source citations in timeline
Note gaps and uncertainties
Update as new information emerges
Use for both analysis and publication
Make interactive versions for readers

9.5 Temporal Contradiction Detection

Pattern Analysis:

Cluster events by participant, location, or topic
Identify gaps in documentation during critical periods
Look for unusual patterns (e.g., flurry of activity before official decision)
Compare official timeline to documentary timeline

Contradiction Types:

Type 1: Stated vs. Documented Timeline

Official claims event occurred on Date A
Documents show event occurred on Date B
Example: "I first learned of this in May" vs. April email showing awareness

Type 2: Impossible Sequences

Event A said to occur after Event B
Documents show B occurred after A
Example: Report references data that didn't exist until later date

Type 3: Backdating

Document claimed to be from Date X
Metadata or content indicates created later
Example: Meeting minutes reference events that occurred after meeting

Type 4: Unexplained Gaps

Routine documentation suddenly absent
Resumes after critical period
Example: Weekly meeting minutes missing for month of controversial decision

Type 5: Inconsistent Accounts

Witness A says event occurred in January
Witness B says March
Documents could support either or neither
Example: Conflicting memories vs. ambiguous documentary evidence

Investigation Strategies:

Confront subjects with timeline contradictions
Seek explanation for discrepancies
Obtain additional records to fill gaps
Expert analysis of document dating
Correlation with external events (news, travel, etc.)

10. Specific Examples from Major Organizations

10.1 International Consortium of Investigative Journalists (ICIJ)

Organization:

Founded 1997, based in Washington DC
Network of 280+ journalists in 100+ countries
Parent organization: Center for Public Integrity (originally)
Now independent nonprofit

Signature Investigations:

Panama Papers (2016): 11.5M docs, 370+ journalists, 80 countries
Paradise Papers (2017): 13.4M docs, offshore finance focus
Implant Files (2018): Medical device safety, 250+ journalists, 36 countries
Pandora Papers (2021): 11.9M docs, 600+ journalists, 150 orgs

Methodology:

Radical sharing model (all partners access all data)
Secure collaboration infrastructure (I-Hub platform)
Coordinated global publication
Open-source tool development (Datashare)
Long timeline (12-18 months typical)
Focus on systemic issues, not just individuals

Key Principles:

Trust-based collaboration (pre-existing relationships)
Editorial independence for each partner
Security and source protection paramount
Transparency in methodology
Impact over speed
Public interest guides decisions

Tools Developed:

I-Hub: Collaboration platform for global teams
Datashare: Document analysis platform (open source)
Linkurious: Network visualization (partnership)
Training materials and best practices published

Impact Model:

Coordinated publication maximizes attention
Dataset published for public/authority use
Follow-up reporting tracked and coordinated
Policy advocacy and reform efforts
Measure recoveries, investigations, reforms

Lessons Learned:

Scale is manageable with right infrastructure
Collaboration multiplies impact exponentially
Security cannot be compromised
Transparency builds credibility
Public dataset publication extends impact
Time investment is essential for quality

10.2 ProPublica

Organization:

Founded 2007, independent nonprofit
Based in New York City
~100 journalists and staff
Focus: investigative journalism in public interest

Signature Investigations:

Machine Bias (2016): Algorithmic discrimination in criminal justice
Dollars for Docs (2010): Pharmaceutical industry payments to doctors
Bailout Tracker (2008-2014): Financial crisis accountability
Surgeon Scorecard (2015): Medicare data analysis revealing quality variations

Methodology:

Data-driven investigation emphasis
Long-form narrative storytelling
Collaboration with local news outlets
Public dataset publication when possible
Congressional testimony and policy advocacy
Aggressive FOIA litigation

Anonymous Source Policy:

Use only when information vital to public
No alternative source exists
Source is knowledgeable and reliable
Editorial approval required
Explain to readers why anonymity granted
Independent verification of claims

Fact-Checking Process:

Senior editor reviews all investigations
External fact-checkers for major stories
Line-by-line verification
Legal review before publication
Sources given opportunity to respond
Corrections policy strictly followed

Collaboration Model:

Partner with local news for distribution and local reporting
Share resources and expertise
Co-publication arrangements
National reach with local depth
Revenue sharing when appropriate

Data Journalism:

Extensive use of public records and databases
Statistical analysis for pattern detection
Custom data collection and scraping
Visualization for storytelling
Public release of cleaned datasets
Tools and methodology documentation

Impact:

6 Pulitzer Prizes
Numerous legal and policy changes
Billions in funds recovered
Corporate and government accountability
Model for nonprofit investigative journalism

10.3 Organized Crime and Corruption Reporting Project (OCCRP)

Organization:

Founded 2006, network of investigative centers
Covers Eastern Europe, Caucasus, Central Asia, and beyond
25+ independent member centers
600+ journalists in 40+ countries

Signature Investigations:

Azerbaijani Laundromat (2017): $2.9B money laundering scheme
Troika Laundromat (2019): Russian money laundering network
Cyprus Confidential (2023): Offshore finance and Russian wealth
Mafia in Europe (ongoing): Transnational organized crime

Aleph Platform:

4+ billion documents
180+ countries covered
Government records, leaks, corporate data
Cross-reference capability
Available to journalists globally
Continuously updated

Methodology:

Focus on cross-border organized crime and corruption
Follow the money emphasis
Use of leaked and official data
Collaborative investigations with partners
Long-term tracking of networks
Public dataset publication

Investigative Approach:

Entity-centric (track organizations and individuals)
Network mapping of criminal/corrupt networks
Financial forensics and asset tracing
Document verification from multiple jurisdictions
Source cultivation in law enforcement and whistleblowers
Visualizations of complex relationships

Technology:

Aleph for cross-referencing massive datasets
ID tool for identity matching
Data.occrp.org for public data access
VIS tool for visualization
Collaboration with ICIJ on major leaks

Regional Expertise:

Deep knowledge of post-Soviet corruption
Balkans organized crime
Offshore finance jurisdictions
Russian oligarch networks
Understanding of weak governance contexts

Impact:

Billions recovered in illicit funds
Multiple arrests and prosecutions
Sanctions imposed on corrupt actors
Reforms in offshore finance centers
Global awareness of corruption networks

Challenges Addressed:

Operating in hostile environments
Journalist safety (legal support, security training)
Legal threats and SLAPPs (strategic lawsuits)
Limited resources in member centers
Language barriers (overcome via collaboration)
Verifying documents from authoritarian states

10.4 BBC (British Broadcasting Corporation)

Organization:

Public service broadcaster, UK
Large investigative journalism units
BBC Africa Eye, BBC Arabic Eye, BBC News investigations
Global reach and resources

Signature Investigations:

Africa Eye: Anatomy of a Killing (2018): War crimes in Cameroon using OSINT
Syria's Disappeared (2019): Documentation of detention and torture
Death in the Med (2015): Investigation of migrant shipwrecks

OSINT and Verification:

Extensive use of open-source intelligence
Video and image forensics (geolocation, chronolocation)
Social media investigation
Satellite imagery analysis
Collaboration with Bellingcat and other OSINT specialists
Rigorous verification of user-generated content

Methodology:

Combine traditional reporting with digital forensics
Long-form documentary format
Investigative journalism units dedicated to depth
Collaboration with local journalists for access and context
Editorial independence from government (despite public funding)
Multi-platform storytelling (TV, radio, online)

Verification Standards:

Three-source rule for controversial claims
Expert verification of technical evidence
Chain of custody for video and images
Metadata analysis for authenticity
Cross-reference with official records
Legal review for defamation and security

Impact:

Global audience reach (millions)
Diplomatic and policy consequences
War crimes investigations by authorities
Public awareness of underreported issues
Training and capacity building in partner regions

Challenges:

Government pressure and editorial independence
Operating in conflict zones and authoritarian states
Verification of content from inaccessible areas
Balancing speed with thoroughness
Legal threats from powerful actors

10.5 The Guardian

Organization:

British newspaper, independent editorial board
Strong investigative tradition
Guardian US expands reach
Digital-first strategy

Signature Investigations:

NSA Files / Edward Snowden (2013): Mass surveillance revelation (with Glenn Greenwald)
Panama Papers (2016): ICIJ collaboration partner
Cambridge Analytica (2018): Facebook data harvesting scandal
Paradise Papers (2017): ICIJ collaboration

Methodology:

Collaboration with sources willing to provide large datasets
Partnership with international investigations (ICIJ)
Data journalism and visualization
Aggressive digital security for source protection
Long-form and multimedia storytelling
Fact-checking and legal review processes

Source Protection:

SecureDrop for anonymous submissions
Legal defense of sources
Careful redaction and publication strategies
Worked with Snowden to manage document release
Consultation with government on national security risks

Collaboration:

Partner with other outlets for major investigations
Share stories and resources
Co-publish with international partners
New York Times, ProPublica partnerships

Impact:

Snowden revelations led to global debate on surveillance
Cambridge Analytica revelations led to Facebook investigations
Multiple Pulitzer Prizes and awards
Policy changes and reforms

11. Training and Capacity Building

11.1 Essential Skills for Investigative Journalists

Core Competencies:

1. Research and Information Gathering

Public records navigation (FOIA, court records, corporate filings)
Open-source intelligence (OSINT) techniques
Database querying and management
Archive and library research
Source development and cultivation
Interview techniques (on-camera, phone, in-person)

2. Data Literacy

Spreadsheet analysis (Excel, Google Sheets)
Basic statistics (mean, median, distributions, significance)
Data cleaning and standardization
SQL for database queries
Data visualization principles
Critical assessment of data quality

3. Digital Security

Encryption tools (PGP, Signal, VeraCrypt)
Secure communication protocols
Device and network security
Threat modeling and risk assessment
Source protection techniques
Operational security practices

4. Verification and Fact-Checking

Source evaluation frameworks
Document authentication methods
Cross-referencing techniques
Expert consultation
Red flags and warning signs
Skepticism and adversarial thinking

5. Legal and Ethical Knowledge

Defamation law basics
Privacy law and regulations
Public interest defenses
Source protection laws
Freedom of information law
Ethical frameworks (SPJ, IFJ codes)

6. Narrative and Writing

Long-form investigative writing
Structure and pacing
Clarity and accessibility
Evidence-based storytelling
Maintaining reader engagement
Ethical framing

7. Multimedia Skills

Video and audio production
Photography and image editing
Data visualization tools
Interactive storytelling
Social media strategy
Multimedia verification

11.2 Training Programs and Resources

GIJN (Global Investigative Journalism Network):

Global Investigative Journalism Conference (biennial)
Regional conferences and workshops
Online resource center
Tipsheets and guides
Network directory
Helpdesk for journalists

IRE/NICAR:

Annual NICAR conference (data journalism focus)
IRE conference (investigative journalism)
Boot camps and workshops
Online training and webinars
Resource center and tipsheets
Investigative Reporters & Editors Journal

ICIJ:

Methodology guides published
Datashare training materials
Collaboration best practices
Security protocols documentation
Case studies from major investigations

OCCRP:

Summer School for investigative journalism
Training on Aleph platform
Regional trainings
Mentorship and collaboration opportunities
Online resources and guides

Knight Center (University of Texas):

Massive Open Online Courses (MOOCs)
Certificates in data journalism, digital security, verification
Spanish and Portuguese language courses
Self-paced learning
Expert instructors

Bellingcat:

Online Investigation Toolkit
Workshops and training sessions
Case study publications
Discord community for OSINT practitioners
Methodology transparency

Poynter Institute:

Fact-checking training (International Fact-Checking Network)
Ethics workshops
Leadership training
Verification and digital literacy courses

European Journalism Centre:

Grants and fellowships
Training programs
Toolkits and resources
Network building

11.3 Self-Directed Learning

Essential Reading:

"The Art of Access" by David Cuillier and Charles Davis - FOIA and public records
"The Investigative Reporter's Handbook" by Brant Houston - IRE methodology
"Data Journalism Handbook" - Free online, collaborative resource
"Verification Handbook" - Free online, for digital age verification
"Story-Based Inquiry" by Mark Lee Hunter et al. - Hypothesis-driven investigation

Online Resources:

GIJN Resource Center (gijn.org/resources)
IRE Resource Center (ire.org/resource-center)
Bellingcat's Online Investigation Toolkit
First Draft News (verification and misinformation)
Columbia Journalism Review (analysis and best practices)

Tools to Master:

Google Advanced Search & Google Scholar - Research fundamentals
DocumentCloud - Document hosting and annotation
Tabula - Extract tables from PDFs
OpenRefine - Data cleaning
QGIS - Geographic information systems
Gephi - Network visualization
Maltego - OSINT relationship mapping

Practice Exercises:

Investigate your own data (phone records, emails, financial transactions)
Analyze public datasets (government data portals)
Verify viral claims on social media
Map your own social/professional network
Reverse image search suspicious photos
File FOIA requests and track responses
Build a database from unstructured sources

11.4 Organizational Capacity Building

Newsroom Investment:

Dedicated investigative team (not ad-hoc)
Time allocation (months, not weeks)
Legal support and insurance
Training budgets for staff
Technology infrastructure
Editorial support for long investigations

Skill Development:

Regular training sessions
External workshop participation
Cross-training (reporters learn data, data journalists learn reporting)
Security training for all staff
Legal and ethical training
Mentorship programs (experienced-junior pairing)

Infrastructure:

Secure communication systems
Document management systems
Data analysis tools and licenses
Collaboration platforms
Backup and archiving systems
Legal and fact-checking resources

Culture:

Value depth over speed
Celebrate thorough verification
Accept "no story" outcome if evidence insufficient
Encourage adversarial thinking
Support risk-taking (with appropriate safeguards)
Learn from failures

Partnerships:

Collaborate with other outlets
Share resources and expertise
Join investigative networks
Partner with universities and research centers
Engage with civil society and NGOs
International partnerships for cross-border work

12. Quality Control and Editorial Review

12.1 Multi-Layered Editorial Process

Stage 1: Planning and Pitch

Investigative pitch reviewed by senior editor
Public interest assessment
Feasibility and resource evaluation
Legal and ethical preliminary review
Approval and resource allocation
Timeline and milestone setting

Stage 2: Research and Reporting

Regular check-ins with editor
Early review of key documents
Discussion of investigative direction
Hypothesis testing and refinement
Mid-project assessment
Pivot or continuation decision

Stage 3: Writing and Structure

Draft reviewed by primary editor
Structure and narrative assessment
Evidence sufficiency evaluation
Gaps and weaknesses identified
Revisions and additional reporting
Iterative editing process

Stage 4: Fact-Checking

Independent fact-checker reviews line-by-line
Verification of every factual claim
Source confirmation
Document re-authentication
Statistical verification
Resolution of disputes between reporter and fact-checker

Stage 5: Legal Review

Attorney reviews for defamation, privacy, other legal risks
Assessment of evidence supporting claims
Recommendations for language changes
Right of reply strategy
Risk mitigation measures
Final legal sign-off

Stage 6: Senior Editorial Review

Editor-in-chief or senior editor final review
Public interest confirmation
Ethical considerations
Organization reputation and mission alignment
Publication timing and strategy
Final approval

Stage 7: Right of Reply

Subjects given detailed questions and opportunity to respond
Responses evaluated for accuracy and relevance
Story updated to incorporate or address responses
Final fact-check after incorporating responses
Legal review of final version
Documentation of right of reply process

Stage 8: Publication Preparation

Copy editing and proofing
Headline and dek writing
Multimedia element preparation
Social media and distribution strategy
Staff briefing on potential responses
Post-publication monitoring plan

12.2 Quality Standards and Benchmarks

The Slightest Mistake Principle:

"The slightest mistake can discredit an entire investigation"
Zero tolerance for factual errors
Rigorous verification of every detail
Assume adversaries will scrutinize every word
Corrections handled transparently and quickly
Post-publication review of any errors

Verification Benchmarks:

Critical Facts: Verified by at least two independent sources
Quotes: Audio recording or contemporaneous notes, confirmed with source
Documents: Authenticated via multiple methods
Statistics: Recalculated independently, methodology verified
Expert Claims: Expert credentials confirmed, claims peer-reviewed when possible
Visual Evidence: Metadata, geolocation, chronolocation verified

Attribution Standards:

Every claim has clear attribution
Strength of sourcing matches importance of claim
Anonymous sources explained and justified
On-the-record sourcing preferred
Documentary evidence cited specifically
Transparency about limitations and caveats

Fairness Benchmarks:

Subjects given adequate opportunity to respond
Alternative explanations considered and addressed
Context provided for accusations
Proportionality (coverage matches significance)
No personal attacks, focus on actions and decisions
Balance between accountability and fairness

12.3 Common Pitfalls and How to Avoid Them

Pitfall 1: Confirmation Bias

Risk: Seeing only evidence that supports hypothesis
Prevention: Actively seek disconfirming evidence, test alternative explanations, independent fact-checker challenges assumptions
Red Flag: All evidence points one direction, no complications or caveats

Pitfall 2: Source Over-Reliance

Risk: Single source drives narrative, inadequate verification
Prevention: Corroborate all claims, seek documentary evidence, maintain skepticism of all sources
Red Flag: Story collapses if one source proves unreliable

Pitfall 3: Document Misinterpretation

Risk: Misunderstanding technical or legal content, taking out of context
Prevention: Expert consultation, full document context, challenge interpretations
Red Flag: Interpretation seems too convenient, lacks nuance

Pitfall 4: Ethical Overreach

Risk: Invading privacy, harming innocents, means don't justify ends
Prevention: Ethics review at every stage, public interest test, harm minimization
Red Flag: Discomfort with methods, private info not clearly public interest

Pitfall 5: Legal Vulnerability

Risk: Defamation, privacy violation, contempt of court, source exposure
Prevention: Early and ongoing legal review, risk assessment, insurance
Red Flag: Attorney recommends against publication or significant changes

Pitfall 6: Speed Over Accuracy

Risk: Racing to publish, cutting corners on verification
Prevention: Time investment commitment, resist competitive pressure, "right over first"
Red Flag: Feeling rushed, cutting verification steps

Pitfall 7: Complexity Obscurity

Risk: Story too complex to be understood or verified
Prevention: Simplify focus, clear narrative structure, expert and lay reader review
Red Flag: Inability to clearly explain in two sentences, readers won't understand

Pitfall 8: Missed Red Flags

Risk: Forged documents, unreliable sources, hoaxes
Prevention: Healthy skepticism, independent verification, expertise in document authentication
Red Flag: Too good to be true, source reluctant to answer basic questions

12.4 Post-Publication Review

Immediate Monitoring:

Track responses from subjects and critics
Monitor social media and comments
Address questions and critiques quickly
Correct any errors immediately and transparently
Document threats or legal actions
Support staff handling public response

Impact Assessment:

Track official responses (investigations, policy changes)
Monitor legal proceedings
Document reforms or accountability measures
Measure public awareness and discussion
Track follow-up reporting by others
Dataset usage statistics (if published)

Internal Review:

Post-mortem meeting with team
What went well, what could be improved
Lessons learned for future investigations
Process improvements identified
Team debrief and psychological support if needed
Documentation of methodology for future reference

Long-Term Follow-Up:

Continue reporting on investigation impacts
Update datasets and resources
Track evolution of issues investigated
Measure lasting impacts
Share learnings with journalism community
Reflect on broader significance

13. Core Investigative Process Summary

13.1 The Investigative Workflow at a Glance

1. STORY GENESIS
   ├─ Tip, leak, or observation
   ├─ Preliminary public interest assessment
   └─ Feasibility and resource evaluation

2. PRE-INVESTIGATION RESEARCH
   ├─ Background reading and context
   ├─ Key actors and institutions identified
   ├─ Preliminary document gathering
   └─ Legal and ethical review

3. ACTIVE INVESTIGATION
   ├─ Systematic evidence collection
   │  ├─ Documentary evidence prioritized
   │  └─ Testimonial evidence corroborated
   ├─ Source interviews and development
   ├─ Follow-up research
   └─ Hypothesis testing and refinement

4. VERIFICATION PHASE
   ├─ Independent fact-checking
   ├─ Document authentication
   ├─ Cross-referencing sources
   ├─ Alternative explanation testing
   └─ Legal review

5. WRITING AND EDITING
   ├─ Evidence-based narrative construction
   ├─ Line-by-line editorial review
   ├─ Fact-checker verification
   ├─ Legal vetting
   └─ Ethical review

6. RIGHT OF REPLY
   ├─ Subjects given opportunity to respond
   ├─ Responses incorporated or addressed
   ├─ Final fact-check
   └─ Final legal review

7. PUBLICATION
   ├─ Coordinated release (if collaborative)
   ├─ Multimedia and distribution strategy
   ├─ Source protection monitoring
   └─ Follow-up reporting and impact tracking

13.2 Decision Trees for Key Choices

Should We Pursue This Investigation?

Is there significant public interest?
├─ No → Do not pursue
└─ Yes → Continue assessment
    │
    Is there a reasonable prospect of obtaining evidence?
    ├─ No → Do not pursue (or wait for better access)
    └─ Yes → Continue assessment
        │
        Are legal and ethical risks manageable?
        ├─ No → Do not pursue (or redesign to manage risks)
        └─ Yes → Pursue investigation

Can We Use This Anonymous Source?

Is information vital to the public interest?
├─ No → Seek on-record source or do not use
└─ Yes → Continue evaluation
    │
    Is on-record alternative available?
    ├─ Yes → Use on-record source instead
    └─ No → Continue evaluation
        │
        Is source knowledgeable and credible?
        ├─ No → Do not use
        └─ Yes → Continue evaluation
            │
            Can we independently verify claims?
            ├─ No → Do not use (or obtain corroboration first)
            └─ Yes → Use with editorial approval and transparency

Should We Publish This Document?

Is document authentic?
├─ Uncertain → Do not publish until verified
└─ Verified → Continue evaluation
    │
    Does it serve public interest to publish?
    ├─ No → Do not publish (summarize if relevant)
    └─ Yes → Continue evaluation
        │
        Does it expose innocent parties to harm?
        ├─ Yes → Redact PII, or do not publish if harm outweighs public interest
        └─ No → Continue evaluation
            │
            Are there legal restrictions on publication?
            ├─ Yes → Legal consultation, comply or challenge
            └─ No → Publish with appropriate context

13.3 Critical Success Factors

Time Investment:

Major investigations require months, not weeks
Rush to publish compromises quality
Impact over speed mindset
Resource allocation must match timeline needs

Documentary Foundation:

Documentary evidence prioritized systematically
Build story on documents, supplement with testimony
Authenticate all documents rigorously
Maintain chain of custody

Verification Rigor:

Independent fact-checking for all claims
Multiple sources for critical facts
Test against alternative explanations
Adversarial approach to evidence
Resolve all contradictions before publication

Legal and Ethical Review:

Early legal consultation, not just pre-publication
Ethics review at every stage
Public interest justification clear
Harm minimization for innocents
Source protection absolute

Collaboration When Appropriate:

Cross-border or complex investigations benefit from partners
Share resources and expertise
Coordination maximizes impact
Trust and security essential

Transparency:

Methodology documented and explained
Limitations acknowledged
Attribution clear
Corrections handled transparently
Build credibility through openness

Editorial Independence:

Fierce independence from influence
Public interest drives decisions
Resist pressure from subjects or advertisers
Organizational mission aligned with investigation

14. Evidence Hierarchy

14.1 The Pyramid of Evidence

                      ┌────────────────────────────────────┐
                      │  OFFICIAL DOCUMENTS (AUTHENTICATED)│  ← STRONGEST
                      └────────────────────────────────────┘
                             ┌────────────────────────┐
                             │  PRIMARY SOURCE DOCS   │
                             └────────────────────────┘
                        ┌──────────────────────────────────┐
                        │ MULTIPLE CORROBORATED TESTIMONIES│
                        └──────────────────────────────────┘
                   ┌────────────────────────────────────────────┐
                   │ SINGLE RELIABLE TESTIMONY + DOCS SUPPORT   │
                   └────────────────────────────────────────────┘
              ┌────────────────────────────────────────────────────┐
              │     CORROBORATED CIRCUMSTANTIAL EVIDENCE           │
              └────────────────────────────────────────────────────┘
         ┌────────────────────────────────────────────────────────────┐
         │        SINGLE TESTIMONY FROM CREDIBLE SOURCE               │
         └────────────────────────────────────────────────────────────┘
    ┌────────────────────────────────────────────────────────────────────┐
    │                  UNCORROBORATED CLAIMS                               │  ← WEAKEST
    └────────────────────────────────────────────────────────────────────┘

14.2 Applying the Hierarchy

Story Construction Principle:

Foundation (Tier 1-3): Build story on strongest evidence
Supporting (Tier 4-5): Use to supplement and contextualize
Cautious Use (Tier 6-7): Only when essential, with clear attribution and caveats

Example Application:

Claim: Official X misused public funds for personal benefit

Tier 1 Evidence (Official Documents):

Government procurement records showing contract awarded to Company Y
Bank records showing payments to Company Y
Corporate registry showing Official X's spouse as director of Company Y
Use: Foundation of story, can state definitively

Tier 2 Evidence (Primary Source Documents):

Internal company emails discussing project
Invoices and delivery records
Contract terms and conditions
Use: Detail the transactions, provide context

Tier 3 Evidence (Multiple Corroborated Testimonies):

Three procurement officers confirm no competitive bidding
Two company employees say no work was performed
Use: Establish pattern and intent

Tier 4 Evidence (Single Reliable Testimony + Partial Docs):

Whistleblower says Official X ordered contract award, has one email partially supporting this
Use: With attribution, flag as requiring further verification

Tier 5 Evidence (Circumstantial):

Official X vacationed at expensive resort around time of payment
Official X's standard of living appears inconsistent with salary
Use: Suggestive context, but not proof alone

Tier 6 Evidence (Single Credible Source):

Anonymous government source says Official X is known to be corrupt
Use: If essential, with anonymity explained and strong caveats

Tier 7 Evidence (Uncorroborated):

Random tip that Official X has offshore accounts
Use: Investigative lead, not for publication without verification

Publication Decision:

Strong case based on Tier 1-3 evidence alone
Tier 4-5 adds context and detail
Tier 6-7 not necessary for publication, but may guide further investigation

14.3 Documentary vs. Testimonial Evidence

Why Documentary Evidence Is Prioritized:

Documentary Evidence Advantages:

Contemporaneous (created at time of events)
Less susceptible to memory errors
Can be independently verified
Difficult to dispute if authenticated
Provides precise details (dates, amounts, exact language)
Less subject to interpretation

Testimonial Evidence Limitations:

Memory degrades over time
Susceptible to bias and self-interest
Can be influenced by subsequent events
Difficult to verify independently
Varies based on witness perspective
Subject to interpretation

Best Practice:

Use documents to establish facts
Use testimony to explain documents
Cross-verify testimony against documents
Flag when testimony contradicts documents
Seek documents to corroborate testimony
Prioritize direct witnesses over hearsay

Example:

Strong Approach: "The contract was awarded on March 15, 2018, according to procurement records. Three employees involved in the process, who requested anonymity for fear of retaliation, said the decision was made without competitive bidding. Internal emails obtained by [NewsOrg] show the procurement director writing, 'We need to expedite this for reasons that will become clear,' two days before the award."

Weak Approach: "According to a source, the contract was awarded improperly sometime in early 2018. The source said competitive bidding was skipped and that internal emails would prove this."

15. Alignment with S.A.M. Framework

15.1 Investigative Journalism and S.A.M. Convergence

The Systematic Adversarial Methodology (S.A.M.) framework aligns closely with investigative journalism best practices, particularly in:

1. Evidence-Based Analysis

Journalism: Documentary evidence systematically prioritized over testimonial
S.A.M.: Documents are primary analytical objects, testimony provides context
Convergence: Both frameworks build conclusions on verified documentary foundation

2. Contradiction Detection

Journalism: Timeline analysis, cross-referencing sources, identifying inconsistencies
S.A.M.: Eight contradiction types systematically identified and categorized
Convergence: Both actively seek discrepancies rather than accepting surface narratives

3. Verification Standards

Journalism: Multi-layered fact-checking, independent verification, source corroboration
S.A.M.: Evidence verification, chain of custody, authentication protocols
Convergence: Both demand rigorous verification before drawing conclusions

4. Adversarial Approach

Journalism: Challenge official narratives, test alternative explanations, assume adversarial scrutiny
S.A.M.: Systematic adversarial analysis, question assumptions, expose institutional dysfunction
Convergence: Both adopt skeptical stance toward power and official accounts

5. Temporal Analysis

Journalism: Timeline construction, temporal contradiction detection, date verification
S.A.M.: Temporal contradiction type, timeline inconsistencies, date clustering analysis
Convergence: Both recognize temporal analysis as critical for detecting deception

6. Network Analysis

Journalism: Map relationships, identify connections, trace financial flows
S.A.M.: Entity extraction, relationship mapping, accountability network analysis
Convergence: Both understand systemic dysfunction requires relationship analysis

7. Transparency and Methodology

Journalism: Document process, explain methodology, transparent about limitations
S.A.M.: Methodology documentation, audit trails, reproducible analysis
Convergence: Both value transparency as essential for credibility

8. Public Interest Focus

Journalism: Public interest justification for all investigations
S.A.M.: Focus on institutional dysfunction affecting public welfare
Convergence: Both exist to serve public accountability, not private interests

15.2 S.A.M. Contradiction Types in Journalistic Context

SELF Contradictions:

Journalistic Application: Single document contains internally inconsistent information
Example: Official report states "no prior knowledge" in executive summary but timeline shows earlier awareness
Detection Method: Close reading, timeline construction, fact-checking

INTER_DOC Contradictions:

Journalistic Application: Documents from same source contradict each other
Example: Public statement denies involvement, internal memo shows active participation
Detection Method: Cross-referencing, document comparison, systematic search

TEMPORAL Contradictions:

Journalistic Application: Timeline inconsistencies, impossible sequences, backdating
Example: Meeting minutes reference data that didn't exist until later date
Detection Method: Timeline construction, date verification, metadata analysis

EVIDENTIARY Contradictions:

Journalistic Application: Claims unsupported by presented evidence
Example: Report claims "thorough investigation" but no investigation records exist
Detection Method: Evidence inventory, verification against claims, document analysis

MODALITY_SHIFT:

Journalistic Application: Changes in certainty or tone without explanation
Example: "Definitely no wrongdoing" becomes "no evidence of intentional wrongdoing"
Detection Method: Language analysis, compare versions, timeline of statements

SELECTIVE_CITATION:

Journalistic Application: Cherry-picking evidence, ignoring contradictory information
Example: Official report cites three supportive studies, ignores ten contrary studies
Detection Method: Literature review, expert consultation, comprehensive document search

SCOPE_SHIFT:

Journalistic Application: Unexplained changes in investigation or report scope
Example: Investigation initially covers five departments, final report only addresses one
Detection Method: Compare initial scope to final product, document exclusions

UNEXPLAINED_CHANGE:

Journalistic Application: Position or policy changes without justification
Example: "Contractor met all requirements" becomes "contractor terminated for cause"
Detection Method: Timeline of statements, seek explanation, interview key actors

15.3 Integrating S.A.M. into Investigative Workflow

Document Ingestion Phase:

Apply S.A.M. 7-stage pipeline for large document sets
Entity extraction for network analysis
Temporal extraction for timeline construction
Metadata preservation for authenticity verification

Analysis Phase:

Systematically search for S.A.M. contradiction types
Use S.A.M. framework to organize findings
Cross-reference contradictions with evidence hierarchy
Map accountability networks

Verification Phase:

Apply journalism verification standards to S.A.M. findings
Corroborate contradictions with multiple sources
Test alternative explanations for contradictions
Document verification process

Publication Phase:

Present contradictions with full context
Cite specific evidence for each contradiction
Explain significance and patterns
Transparent about methodology and limitations

15.4 S.A.M. as Tool for Investigative Journalism

Advantages:

Systematic framework prevents missing contradictions
Categorization helps organize complex investigations
Aligns with journalistic emphasis on documentary evidence
Network analysis reveals systemic issues
Temporal analysis built-in
Scalable to large document sets

Considerations:

S.A.M. is analytical tool, not substitute for journalistic judgment
Context and nuance require human interpretation
Ethical and legal review still essential
Source protection paramount regardless of methodology
Public interest assessment guides S.A.M. application

Best Practice Integration:

Use S.A.M. for systematic analysis of large document sets
Apply journalistic verification to S.A.M. findings
Combine S.A.M. entity/network analysis with source interviews
Integrate S.A.M. timelines with traditional timeline construction
Document S.A.M. methodology for transparency
Report S.A.M. findings in accessible narrative form

16. Sources

Primary Methodological Frameworks

International Consortium of Investigative Journalists (ICIJ)

icij.org - Methodologies, case studies, and tools
"Panama Papers Methodology" - icij.org/investigations/panama-papers/about-this-project/
"Paradise Papers Methodology" - icij.org/investigations/paradise-papers/
"Pandora Papers Methodology" - icij.org/investigations/pandora-papers/about-pandora-papers-investigation/
Datashare documentation - datashare.icij.org
I-Hub collaboration platform documentation (internal)

Global Investigative Journalism Network (GIJN)

gijn.org/resources - Comprehensive resource library
"Story-Based Inquiry: A Manual for Investigative Journalists" by Mark Lee Hunter et al. - UNESCO/GIJN publication
GIJN Toolbox - gijn.org/toolbox
Regional conference proceedings and presentations

Investigative Reporters and Editors (IRE) / NICAR

ire.org/resource-center - Database of tipsheets and best practices
"The Investigative Reporter's Handbook" by Brant Houston
NICAR conference materials - ire.org/training/conferences/nicar/
IRE Journal archives

Organized Crime and Corruption Reporting Project (OCCRP)

occrp.org - Investigations and methodologies
Aleph platform - aleph.occrp.org
"Azerbaijani Laundromat Methodology" - occrp.org/en/azerbaijanilaundromat/
"Troika Laundromat Methodology" - occrp.org/en/troikalaundromat/

ProPublica

propublica.org - Investigations and methodology explanations
"ProPublica's Anonymous Source Policy" - propublica.org/about/anonymous-source-policy
Data Store - propublica.org/datastore (published datasets)
Nerd Blog - propublica.org/nerds (technical methodologies)

Verification and Fact-Checking

First Draft News (now part of Information Futures Lab)

firstdraftnews.org/long-form-article/verification-handbook/ - "Verification Handbook" (multiple editions)
Guides on visual verification, social media verification

Bellingcat

bellingcat.com - OSINT investigations and methodology
"Bellingcat's Online Investigation Toolkit" - bit.ly/bcattools
Case studies with detailed methodology explanations

Duke Reporters' Lab

reporterslab.org - Fact-checking database and resources
Research on fact-checking practices globally

Poynter Institute / International Fact-Checking Network (IFCN)

poynter.org/ifcn - Fact-checking standards and training
IFCN Code of Principles - ifcncodeofprinciples.poynter.org

Document Analysis and Data Journalism

"Data Journalism Handbook"

datajournalism.com - Collaborative handbook, free online
Multiple editions covering tools and techniques

European Journalism Centre

datajournalism.com - Data journalism resources and tools
Training materials and case studies

"The Art of Access: Strategies for Acquiring Public Records" by David Cuillier and Charles Davis

FOI strategies and legal frameworks

NICAR (National Institute for Computer-Assisted Reporting)

ire.org/nicar - Data journalism training and resources
Database library and tool recommendations

Security and Source Protection

Committee to Protect Journalists (CPJ)

cpj.org/safety-kit - "Journalist Security Guide"
Digital security resources for journalists

Electronic Frontier Foundation (EFF)

ssd.eff.org - "Surveillance Self-Defense" guide for journalists
Legal guide to source protection

Freedom of the Press Foundation

freedom.press - SecureDrop development and documentation
Digital security training for journalists

Rory Peck Trust

rorypecktrust.org - Safety resources for freelance journalists

Legal and Ethical Frameworks

Society of Professional Journalists (SPJ)

spj.org/ethicscode.asp - SPJ Code of Ethics
Ethics hotline and case studies

Reporters Committee for Freedom of the Press

rcfp.org - Legal resources for journalists
"The Reporter's Privilege Compendium"
FOI guides by state/country

International Federation of Journalists (IFJ)

ifj.org - Global ethical standards
Safety and rights resources

Academic Research on Investigative Journalism

Journalism Practice (journal)

Studies on investigative journalism practices and methodologies

Columbia Journalism Review

cjr.org - Analysis of investigative journalism cases
Methodology critiques and best practices

Tow Center for Digital Journalism (Columbia)

towcenter.columbia.edu - Research on digital journalism tools and practices

Temporal Analysis Research

ChronoFact Framework Research

Academic papers on temporal claim verification
Findings: 82% of temporal verification errors from implicit temporal information
Published in computational linguistics and journalism studies journals

Tools and Technology Documentation

Apache Tika

tika.apache.org - Text extraction tool documentation

Apache Solr / Elasticsearch

solr.apache.org, elastic.co - Search platform documentation

Neo4j

neo4j.com - Graph database documentation
Use cases in investigative journalism

Linkurious

linkurious.com - Network visualization for investigations

Datashare (ICIJ)

datashare.icij.org - Open-source document analysis platform

Aleph (OCCRP)

docs.aleph.occrp.org - Cross-reference platform documentation

VeraCrypt

veracrypt.fr - Disk encryption tool

Signal

signal.org - Encrypted messaging app

Case Studies and Post-Mortems

"The Panama Papers: Breaking the Story of How the Rich & Powerful Hide Their Money" by Frederik Obermaier and Bastian Obermayer

First-hand account of Panama Papers investigation

"Panama Papers: Inside the Journalists' Investigation" - ICIJ/BBC documentary

GIJN Case Study Library

gijn.org - Detailed case studies of major investigations

IRE Awards Archives

ire.org/awards - Award-winning investigations with methodologies

Training and Capacity Building

Knight Center for Journalism (University of Texas)

journalismcourses.org - MOOCs on investigative journalism, data journalism, verification

Google News Initiative

newsinitiative.withgoogle.com - Training resources and tools

Dart Center for Journalism and Trauma (Columbia)

dartcenter.org - Resources for reporting on sensitive topics, trauma-informed practices

Appendices

Appendix A: Glossary of Terms

Adversarial Analysis: Systematic approach to evidence evaluation that assumes critical scrutiny and actively seeks disconfirming evidence.

Attribution: The act of identifying the source of information in reporting. Levels include on-record (full identification), on-background (information usable, not directly attributed), on-deep-background (guides reporting, not cited), and off-record (not usable in publication).

Chain of Custody: Documentation of the possession, handling, and transfer of evidence from acquisition through publication, ensuring integrity and authenticity.

Contradiction: Inconsistency between two or more pieces of evidence, testimony, or claims that requires investigation and resolution.

Corroboration: Confirmation of information through multiple independent sources or types of evidence.

Disambiguation: Process of determining which real-world entity a name or reference refers to when multiple possibilities exist.

Documentary Evidence: Written or recorded evidence, including official documents, contracts, emails, financial records, etc. Generally more reliable than testimonial evidence.

Embargo: Agreement not to publish information until a specified date/time, often used in collaborative investigations to coordinate release.

Entity Extraction (NER): Automated identification of named entities (people, organizations, locations, etc.) in text documents.

Fact-Checking: Independent verification of factual claims in reporting, ideally by someone not involved in the original reporting.

FOIA (Freedom of Information Act): Laws requiring government agencies to disclose records upon request (terminology varies by country).

Hypothesis-Driven Investigation: Investigative approach that begins with a clear hypothesis, distinguishes facts from assumptions, and tests the hypothesis against evidence.

I-Hub: ICIJ's custom collaboration platform for global investigative teams.

Named Entity Recognition (NER): See Entity Extraction.

Network Analysis: Mapping and analyzing relationships between entities (people, organizations) to reveal connections and patterns.

OCR (Optical Character Recognition): Technology to extract text from scanned documents or images.

OSINT (Open Source Intelligence): Intelligence gathering from publicly available sources.

Provenance: The origin and history of a document or piece of evidence, including how it was created, who had access, and how it reached the journalist.

Redaction: Removal or obscuring of sensitive information (PII, source-identifying details, national security info, etc.) from documents before publication.

Right of Reply: Journalistic practice of giving subjects of investigations opportunity to respond to allegations before publication.

SecureDrop: Open-source whistleblower submission system enabling anonymous document leaks to journalists.

Source Protection: Measures taken to prevent identification of confidential sources, including legal, technical, and operational security measures.

Temporal Analysis: Examination of when events occurred, timeline construction, and identification of temporal contradictions.

Testimonial Evidence: Evidence derived from witness statements or interviews. Generally less reliable than documentary evidence and requires corroboration.

Verification: Process of confirming the accuracy and authenticity of information, documents, or sources through independent methods.

Whistleblower: Individual who exposes wrongdoing within an organization, often providing insider information or documents to journalists or authorities.

Appendix B: Quick Reference Checklist

Before Starting Investigation:

Public interest clearly identified
Preliminary feasibility assessment completed
Legal and ethical considerations reviewed
Resources allocated (time, budget, staff)
Investigation plan documented
Security protocols established

During Investigation:

Verification Phase:

Every factual claim verified independently
Quotes confirmed with sources or recordings
Statistics recalculated or confirmed
Expert claims validated by peer review
Visual evidence authenticated (metadata, geolocation)
Contradictions between sources resolved
Fact-checker review completed
Disputes between reporter and fact-checker adjudicated

Pre-Publication:

Legal review completed
Right of reply provided to subjects
Responses incorporated or addressed
Final fact-check after incorporating responses
Ethical review confirms public interest
Security measures for source protection confirmed
Senior editorial approval obtained
Post-publication monitoring plan in place

Publication and Follow-up:

Coordinated release (if collaborative)
Datasets published (if appropriate)
Methodology explained transparently
Team briefed on responding to criticism
Source safety monitored
Impact tracked (investigations, reforms, prosecutions)
Corrections handled promptly and transparently
Post-mortem conducted with team

Appendix C: Resource Quick Links

Training:

GIJN Resource Center: https://gijn.org/resources
IRE Resource Center: https://ire.org/resource-center
Knight Center MOOCs: https://journalismcourses.org
Bellingcat Toolkit: https://bit.ly/bcattools

Tools:

Datashare (ICIJ): https://datashare.icij.org
Aleph (OCCRP): https://aleph.occrp.org
DocumentCloud: https://documentcloud.org
Tabula (PDF tables): https://tabula.technology

Security:

EFF Surveillance Self-Defense: https://ssd.eff.org
CPJ Security Guide: https://cpj.org/safety-kit
SecureDrop: https://securedrop.org
Signal: https://signal.org

Verification:

Verification Handbook: https://firstdraftnews.org/long-form-article/verification-handbook
InVID Verification Plugin: https://invid-project.eu/tools-and-services/invid-verification-plugin/

Legal:

Reporters Committee: https://rcfp.org
FOI Resources: https://ire.org/foi

Organizations:

Document Version: 1.0 Last Updated: January 2026 Prepared For: Phronesis FCIP / Apatheia Labs Framework Alignment: S.A.M. (Systematic Adversarial Methodology)

END OF DOCUMENT