OSINT Academy

Tools for geolocation and analysis of images

Tool link: https://github.com/GONZOsint/gvision

Image geolocation - the current challenge

Long gone are the days when we could rely on most images containing EXIT geolocation data. In fact, almost all social media platforms automatically strip media content of EXIF data. However, some social media platforms, including VKontakte, will instead provide EXIF geolocation data in their own mapping interfaces for profiles. However, if we need to investigate and analyze images that have neither EXIF geolocation data nor are served in any such mapping interface, we must use our own analytics to geolocate the images.

For beginners, applying analytics to geolocate images will inevitably be a time-consuming process. What we can do, however, is reduce the time spent analyzing images - one solution we can turn to to achieve this goal is GVision.

What is GVision and when should I use it?

Developed by GONZOsint, GVision is a reverse image search utility that installs and runs as a Python script and is delivered in a browser with a very clean application interface. The utility uses the Google Cloud Vision API to detect landmarks and identify their location. In this case, it is important to use the Google Cloud Vision API because it is a machine learning driven service that allows us to detect the presence of objects, faces, text and logos in images. However, it should be noted that the Google Cloud Vision API is not able to geolocate every image or detect every landmark in an image from the beginning. However, it is a great service for performing quick reverse search and geolocation analysis of images. By using GVision, it is possible to use its user interface to quickly drag and drop files and analyse them efficiently.

How to use GVision?

Before we can start installing and configuring GVision, we must first register the Google Cloud Platform Console and enable the Google Cloud Vision API.

However, you can use the Google Cloud Vision API for a maximum of 1000 free queries per month, and any queries above this limit will incur a fee. In addition, to get the API, each user must enter their billing details. Then, we must create a service account in Google Cloud Platform Console and download a private key in JSON format.

Installing and Configuring GVision

The process was very simple - GONZOsint did a great job of keeping the utility not only easy to use but also easy to run. Arguably the most frustrating process involves obtaining the necessary API keys - but that is certainly something that GONZOsint has no control over.

To get install the tool, users can simply git clone the project’s repo from Github and simply use the command-line to install the necessary prerequisites by invoking pip install -r requirements.txt. At this point, we can now invoke streamlit run gvision.py to serve the utility locally via port 8501. The utility can now be run directly from the browser through the given IP address and port number.

Next, we need to upload the JSON file containing the Google Cloud Vision API to the GVision interface by clicking ‘Upload a config file’ and selecting the JSON file in question. Once done, GVision will authenticate the API key.

Analyzing and Geolocating Images

We will again point out that GVision and the Google Cloud Vision API apply landmark detection to identify and geolocate significant features in an image. The success rate is not 100%. However, as we pointed out at the beginning, manually geolocating images is a time-consuming process, and GVision can help analysts save time and streamline their workflow accordingly.

So, what kind of results did we get from GVision. As you can see, we uploaded some photos of Wagner Group fighter jets and Wagner Group agents taken from Russian social media, and the results were very impressive. First, the reverse image search function provided us with a list of URLs where the same images have been used online. Yes, it can be argued that a normal reverse image search can achieve the same result - but sometimes it's better to get a list of URLs so that we can do our own verification.

WhatsApp osint

When the Google Cloud Vision API is able to match a landmark image, GVision will display the geographic location of the image via the built-in OpenStreetMap interface. GVision will also display the landmark's latitude and longitude values and the name of the neighborhood of the location.

Next, GVision will also display the detected entities on the image. The types of entities returned are impressive. For example, an image named Wagner Group fighters returned the following network entities:

[

"Tank",

"Motor vehicle",

"Russia",

"Внештатный",

"Mercenary",

"Wagner Group",

"Tree",

"GRU",

"Museum"

]

At the same time, it correctly matched the image to the online database, showing the same Wagner Group fighter in addition to a visually similar image.

The big question is whether GVision is a useful tool to have in our OSINT toolbox. While we must point out that the Google Cloud Vision API is not advanced enough to detect all landmarks - it does a very good job of finding matches. Secondly, the entity detection capabilities are also excellent and certainly provide OSINT'ers with a great deal of context for their images.



Related Articles:

Geospatial open source intelligence investigation tools
How to track vehicles through open source investigations?
Integration of Artificial Intelligence into the US Intelligence System: An Analysis of the Current Situation of Artificial Intelligence Enhancing Geospatial Intelligence
How to use social media to determine the location of a person
The Influence of Informatization Development on Open Source Intelligence
How open source intelligence investigations capture environmental risk?