Behind each image on the web is a story. Discovering the story may be easier than you think if you peel back the layers and peak behind the scenes.
A key part to any open-source intelligence (OSINT) research is the process of verification and analysis which takes the data gathered from its role as information to becoming verified intelligence. The increased digitization of the world has changed how this initial information is most prominently gathered, as we’ve covered before, and the proliferation of smartphones and social media platforms means that more than ever information is being spread through images and videos.
For OSINT researchers in the field, the ability to analyze these images and either verify or debunk what it purportedly shows is a key feature of their craft. But researching just one image could take hours. Luckily image verification is one of the few-and-far-between times there is a workable kickstart for finding the information you seek — and it’s all in the data.
What’s hiding beneath the surface?
Image metadata has the ability to quickly reveal key information that can assist a practitioner in their research. GPS coordinates, date of capture, camera make and model — these are just a few of the crucial datasets that EXIF data can reveal. But as with any research, there’s a catch and security risk that comes with peeling back the curtain.
This picture was put online in Denmark 🇩🇰, shared 424K times and viewed by 44M people. 😲@snopes and @Knack got in contact with this woman for a #FactCheck. How did we find her? 👇👇👇1/...#OSINT 🔎#GeoLocation 🌎#Verification 📸#HowTo #SpeurJeMee?🧐 pic.twitter.com/zlpyFZ8uoW— Brecht Castel (@brechtcastel) August 28, 2021
First and foremost, researchers need to know that this helpful data can be manipulated by adversaries. Relying on EXIF data alone can make your research vulnerable to misinformation, so corroboration is key in any analysis involving metadata. In addition, some sites may strip out metadata, such as coordinates, to protect their users’ privacy. Many major social media companies, including Facebook, Instagram and Twitter, are among those that remove EXIF data from user-uploaded images.
So why bother? In some cases the metadata may give analysts a tip that could otherwise take hours to research. Even with the need for corroborating data, the time saving ability of a quick look can help researchers process more images, more quickly to get the intelligence they need.
Not just data, secure data
The other pitfall in metadata, even more critical than looking out for modified or manipulated data, is the potential for attribution. When viewing metadata on an unprotected browser, it’s possible for researchers to tip off third party websites when they inspect a photo that site hosts, leaving them vulnerable to retaliatory attacks. A key function of the Silo Image Metadata Viewer is that attribution cannot be given to you for viewing the information, nor will a third party site be alerted that someone viewed it.
The newest version of Silo for Research also allows you to quickly corroborate what you discover by reverse-image searching. With a reverse-image search, researchers can see where else and when the photo has been posted, in order to efficiently verify the information obtained, such as location and date of capture.
The benefits of a purpose-built solution are built-in tools at your fingertips to help streamline and protect research. Researchers can discover great tradecraft tools and be secure at every step in their analysis, like Silo Image Metadata Viewer, Silo Translate (out-of-band for anonymity) and Silo Collector for automating collections.
To see how Silo for Research assists practitioners in protecting their craft to quickly get the information they need, request a demo.
Tags Cybersecurity Digital fingerprint Threat intelligence
The latest extension in Silo for Research allows practitioners to easily view EXIF data while making sure no one is looking back. To better your #OSINT research and avoid attribution, request a demo today: https://t.co/4uKsRNU3gJ pic.twitter.com/w3LPz1Kukf— Authentic8 (@Authentic8) November 29, 2022