OSINT Techniques Series: Collecting Geolocation OSINT
What is Geolocation OSINT?
A geolocation is the identification of an electronic device’s geographical position using data collection technology, like GPS. Once a device has been located, so can the individual who owns that device, as people usually keep their electronics in close proximity. Law enforcement investigators can use geolocations to collect open source intelligence (OSINT), searching for clues on the whereabouts of potential suspects. This process of geographic research using publicly available information (PAI) is called Geolocation OSINT.
Types of Geolocation Data Collection
Investigators can collect geolocation information by a variety of means. As mentioned previously, an investigator could locate a device through GPS technology. However, the device must be connected to GPS in order for this process to work. Similarly, an investigator might locate a cell phone by utilizing cell tower or Wi-Fi connections. But, like the GPS-locating method, the phone would have to be connected to a cell tower or a Wi-Fi access point. Many investigative subjects might remain completely disconnected from such services in order to prevent the discovery of their locations through these means.
So how might an investigator find a potential suspect’s location if they can’t access a device through a GPS, cell tower, or Wi-Fi connection? Since the internet contains an enduring database of PAI, countless pieces of evidence left behind in the form of a digital trail can lead an investigator on the right path towards an investigative subject’s location. One form of web-based media can provide crucial geolocation hints: images.
OSINTing for Images
EXIF data
One search entry on a typical browser can lead to a host of images. But without identifying details about an image, such as when and where it was taken, the picture might not provide any valuable insights to an investigator.
This is why some investigators might try to gather Exchangeable Image File Format (EXIF) data: metadata associated with a digital picture. EXIF data can contain information about where the image was captured, including latitudes and longitudes. Additional details might include the date and time the image was taken as well as the specific settings on the camera that captured the photo.
EXIF data provides the fastest and easiest method for verifying image locations. Popular browsers like Chrome and Firefox even offer extensions that enable you to quickly view EXIF data. However, if an analyst wishes to investigate a user on a social media platform, they encounter an obstacle—EXIF data is often removed from images posted on these platforms. Unfortunately, when this is the case, analysts will need to work a little harder to find image geolocations.
Google Maps and Google Street View
In place of EXIF data, analysts can use more advanced OSINT techniques, like utilizing the information available on Google Maps and Google Street View. This is particularly useful for analysts performing browser-based research, as they do not need to sign into a Gmail account in order to download data from Google Maps. An analyst could use these two Google tools to examine geographical icons, like notable buildings and streets, in a particular image. Once they’ve located these geographical icons, the analyst can correlate the objects to the subject’s physical location.
Geolocation OSINT Risks
While geolocations are considered PAI, and therefore accessible to any internet user, there are still certain risks to collecting this form of OSINT. For example, using just a browser with a VPN for security would create a recipe for easy exploitation by online entities. If an operator doesn’t have a reliable managed attribution (MA) solution when browsing the web, their identity is at risk of discovery. Similarly, collecting online data can be challenging without the right tools. While browsers offer a simple way to access information, collecting this information often requires switching between separate software and applications. This creates a disorganized and time-consuming collection process.
Secure Solutions for Geolocation OSINT
A secure managed attribution platform allows operators to safely collect Geolocation OSINT. This technology should include the ability to maintain complete control over the operator’s online presence. An effective MA platform also needs access to third-party applications and browser-based tools for efficient data collection.
Read more about how Nfusion supports Geolocation OSINT missions.