Tools for geolocation and analysis of images
Tool link: https://github.com/GONZOsint/gvision
Image geolocation - the current
challenge
Long gone are the days when we could rely on most
images
containing EXIT geolocation data. In fact, almost all social media platforms
automatically strip media content of EXIF data. However, some social media
platforms, including VKontakte, will instead provide EXIF geolocation data in their
own mapping interfaces for profiles. However, if we need to investigate and analyze
images that have neither EXIF geolocation data nor are served in any such mapping
interface, we must use our own analytics to geolocate the images.
For
beginners, applying analytics to geolocate images will inevitably be a
time-consuming process. What we can do, however, is reduce the time spent analyzing
images - one solution we can turn to to achieve this goal is GVision.
What is GVision and when should I use it?
Developed
by GONZOsint, GVision is a reverse image search utility that installs and runs as a
Python script and is delivered in a browser with a very clean application interface.
The utility uses the Google Cloud Vision API to detect landmarks and identify their
location. In this case, it is important to use the Google Cloud Vision API because
it is a machine learning driven service that allows us to detect the presence of
objects, faces, text and logos in images. However, it should be noted that the
Google Cloud Vision API is not able to geolocate every image or detect every
landmark in an image from the beginning. However, it is a great service for
performing quick reverse search and geolocation analysis of images. By using
GVision, it is possible to use its user interface to quickly drag and drop files and
analyse them efficiently.
How to use GVision?
Before
we can start installing and configuring GVision, we must first register the Google
Cloud Platform Console and enable the Google Cloud Vision API.
However, you
can use the Google Cloud Vision API for a maximum of 1000 free queries per month,
and any queries above this limit will incur a fee. In addition, to get the API, each
user must enter their billing details. Then, we must create a service account in
Google Cloud Platform Console and download a private key in JSON format.
Installing and Configuring GVision
The process was
very simple - GONZOsint did a great job of keeping the utility not only easy to use
but also easy to run. Arguably the most frustrating process involves obtaining the
necessary API keys - but that is certainly something that GONZOsint has no control
over.
To get install the tool, users can simply git clone the project’s repo
from Github and simply use the command-line to install the necessary prerequisites
by invoking pip install -r requirements.txt. At this point, we can
now invoke streamlit run gvision.py to serve the utility locally
via port 8501. The utility can now be run directly from the browser through the
given IP address and port number.
Next, we need to upload the JSON file
containing the Google Cloud Vision API to the GVision interface by clicking ‘Upload
a config file’ and selecting the JSON file in question. Once done, GVision will
authenticate the API key.
Analyzing and Geolocating Images
We will again point out that GVision and the Google Cloud Vision API apply
landmark detection to identify and geolocate significant features in an image. The
success rate is not 100%. However, as we pointed out at the beginning, manually
geolocating images is a time-consuming process, and GVision can help analysts save
time and streamline their workflow accordingly.
So, what kind of results did
we get from GVision. As you can see, we uploaded some photos of Wagner Group fighter
jets and Wagner Group agents taken from Russian social media, and the results were
very impressive. First, the reverse image search function provided us with a list of
URLs where the same images have been used online. Yes, it can be argued that a
normal reverse image search can achieve the same result - but sometimes it's better
to get a list of URLs so that we can do our own verification.
When the Google Cloud Vision API is able to match a landmark image, GVision will
display the geographic location of the image via the built-in OpenStreetMap
interface. GVision will also display the landmark's latitude and longitude values
and the name of the neighborhood of the location.
Next, GVision will also
display the detected entities on the image. The types of entities returned are
impressive. For example, an image named Wagner Group fighters returned the following
network entities:
[
"Tank",
"Motor vehicle",
"Russia",
"Внештатный",
"Mercenary",
"Wagner Group",
"Tree",
"GRU",
"Museum"
]
At the same time, it
correctly
matched the image to the online database, showing the same Wagner Group fighter in
addition to a visually similar image.
The big question is whether GVision is
a useful tool to have in our OSINT toolbox. While we must point out that the Google
Cloud Vision API is not advanced enough to detect all landmarks - it does a very
good job of finding matches. Secondly, the entity detection capabilities are also
excellent and certainly provide OSINT'ers with a great deal of context for their
images.