OSINT Techniques Series: A Geolocation Case Study
A Picture is Worth a Thousand Words
As the saying goes, “a picture is worth a thousand words,” and in the case of OSINT research, that is certainly true. For many analysts, the OSINT process begins with photos to jump-start the intelligence collection process.
Geolocation OSINT Process
Geolocation OSINT is defined as the discovery of a digital device’s geographical position through the use of publicly available information (PAI) and data collection technology, such as GPS. Geolocation OSINT techniques may be followed for a variety of use cases, including person-of-interest (POI) monitoring, law enforcement investigations, or intelligence gathering. Discovering an image from a news article, on a deep web platform, or in an online forum could lead to uncovering a wealth of geolocation information.
The process for conducting Geolocation OSINT with images involves three primary activities:
- Gathering Information
- Examining Data Points
- Confirming Findings
First, operators must conduct an image analysis. If EXIF data is not available, an operator must extrapolate relevant data points by documenting key observations, including objects in the foreground and background, and any legible text that may be useful in identifying the geolocation of the image.
Second, operators must examine the data points that they have gathered. To do this, operators may conduct a Google keyword search, Google Maps search, or reverse image search to narrow down results and get closer to identifying the geolocation of an image.
Lastly, operators must confirm their findings to verify that the geolocation is correct. This can be done by comparing the original image with images and locations found in Google Maps and Google Street View. Using Google Street View, operators can click around to find similar landmarks that appear in the original photo and compare those landmarks side by side to confirm the geolocation of the original image.
Geolocation in Action
The following example demonstrates how to conduct geolocation OSINT using some photos taken by our colleagues while in Arizona for the DODIIS Worldwide Conference 2021.
Following the process detailed above, we begin by gathering information and documenting our observations.
In Image 1, we see a cactus with a Santa hat on it, a red office building, and a grey office building with several windows in the background. We can also see a sign with lots of text. Probably the most useful observation from the sign is that it says “Arizona Center,” which we can assume may be a well-known landmark in Arizona.
In Image 2, we see a traffic light, a circular sign that says, “Old Town Scottsdale,” and the storefront of a building in a strip mall. From the road signs, we can also see that we are at the intersection of Scottsdale Road and Main Street.
Next, let’s examine the data points by using Google Maps.
For Image 1, we enter “Arizona Center” into the search bar of Google Maps. Next, we click the little yellow man and drag him to the location to see the Google Street View for the “Arizona Center.” From there, we click around until we find a red building, like the one in the original image.
For Image 2, we search for Scottsdale, AZ, in Google Maps, and look for the intersection of Scottsdale Road and Main Street. Again, we use the yellow man icon to open Google Street View and click until we find the landmarks we have identified previously.
Lastly, we need to confirm our findings. We can do this by comparing our Google Street View results with the original images to verify our assumptions of the geolocations.
Though the cactus with the Santa hat from Image 1 was not visible in Google Street View, we were able to confirm the location of the photo by identifying the red building as the Arizona Public Service Company building in Phoenix, AZ.
From Image 2, we were able to identify the storefront as the Gilbert Ortega Gallery in Scottsdale, AZ.
Through this geolocation OSINT process, we can confirm the exact locations that these two photos were taken.
OSINT Technologies: Geolocation and Image OSINT with Nfusion
Using Nfusion, operators can seamlessly conduct their research with built-in tools and applications. Through Nfusion’s integrated browser extension, operators can capture screenshot images and their associated metadata, tag entries, and add notes about any observations. Journal and Safehold then allow operators to export their findings out of the environment for further examination.
For more information on OSINT techniques, read our previous article on geolocations and OSINT, or visit our Missions page to see how we support the collection of open source intelligence.