Authentic8’s open-source intelligence team has released a report detailing how to extract relevant information from Exchangeable Image File Format data, which are used by intelligence analysts, law enforcement, legal investigators and investigative journalists about individuals, locations and events.
According to the team, Exif data can be extremely useful when conducting image analysis because it allows analysts to learn where an image was taken, the camera make and model used to take the image, and other details relevant to the intelligence production cycle.
Analysts can use a number of specialized tools to extract Exif data, including the FotoForensics app, which the Authentic8 OSINT team used to analyze the available metadata of an image of a cargo ship, Security Boulevard reported Thursday.
In the report, the Authentic8 OSINT team said analysts can conduct image analysis on FotoForensics by either pasting an image URL or uploading a file for analysis.
After selecting the metadata field from a variety of analysis methods offered by FotoForensics, the search tool will show pieces of information such as what type of device was used to capture the image and the approximate latitude and longitude coordinates of where the photo was taken.
Tools like FotoForensics are useful because some online forums remove Exif data from images uploaded to their platforms to protect user privacy and prevent abuse.
Online platforms also erase Exif data as it can be used to hide malware in image files to target the device where the picture is viewed.
To secure their investigation, OSINT analysts can use Authentic8’s Silo for Research (Toolbox) to conceal their online identity on websites while gathering or examining material.
Web isolation with Silo can prevent Exif headers containing hidden exploit code from touching or fingerprinting the local machine.
Silo for Research enables researchers to securely deploy relevant image analysis web apps, such as FotoForensics and the Image Verification Assistant, which features metadata analysis image tampering detection algorithms and GPS geolocation.