June 27, 2022
Hey Guys, Tiger Catcher Here...
So a thread popped up asking how we identify a location from a photo, so I thought I'd put a few words down to show you exactly how I do it.
To start with I want to say this, OSINT is about your ability to investigate and interrogate the intelligence you have at hand. What makes a good OSINTers (if that's a term) is someone who can use the information at hand to answer the specific Information/Intelligence request (IR)
You don’t need a technical background to conduct a technical investigation. Python scripts, Google Dorks and understanding JSON dumps can make this process easier but aren’t a requirement. The technique below is shamefully easy in principle, but what is tested is your ability to understand what you are seeing and why that is important to your investigation. Anyway......let's get started.
So my approach to any Intelligence Request (IR) or wider investigation is the same. This is something I’ve done in over 14 years of military experience and some of you may recognize it:
So for this one there was no formal IR, just a request for help on understanding how to geo-locate a place from an image given. In professional terms I would have written an IR along the lines of this:
"Find the geographic location in which photo 001 was taken, to within 100m."
In this first phase of the Intelligence Cycle you are defining what specific goal you hope to achieve with your subsequent actions. It's important we have a specific goal in order to focus our efforts on what exactly has been asked. In my professional career I have seen vital intelligence missed or overlooked because people simply haven't planned or had the appropriate direction.
The Planning phase is pretty straight forward in this case: Find the geo coordinates where this photo was taken. I can’t use clever military software nor can I use EXIF data (we know the image was taken from Instagram which clears all EXIF data) so good old Google Lens it will have to be.
Image Intelligence Planning
When looking at an image it's important to look at it in a manner which will facilitate information collection. That is to say, “How you look at an image matters.”
Look at the image....I mean really look at it. In my office at home I tend to project it onto my white board and highlight areas that I think could help my collection efforts. Alas, my projector is broken so I did it the old way and printed off the image and used pen or tabs to pinpoint areas of interest. If you want to go all 80's you could use string and a cork board with pins, I'm all about the 80's vibe.(que Kate Bush, and Stranger Things binge watch)
Any way you do this is fine, but I'd argue that a physical image is better than on the computer. I find it gives me a better perspective. But for the sake of irony and ease whilst I write this I'll highlight areas digitally. But you still get the idea.
Pinpoint every part of the picture you think will aid you in identifying the location. With practice, you will learn to identify more and more features of an image that will aid your investigation.
Ok so in this instance I’ve established my collection plan, I kind of know what my limits are and adapt my collection accordingly. In this instance I think it's probably easier to use the Google Lens function and look to match at least 3 to 4 of the above points of interest. I tend to have a subconscious priority but as long as you hit 3 or 4 you should be able to successfully answer your IR (he says with hope). So my points of interest are below and I’ve given a brief explanation as to why they are useful. By no means is this list exhaustive and as good OSINTers you will probably get more.
1 - Mountains: Mountains or rocky out crops are excellent for identifying places, no two mountains are the same. I call them the "fingerprint of the land" and are an excellent way of identifying places (a geologist will tell me I'm wrong now ) . Also I wish Google Lens was as thorough.
2- High features with settlement in it: Settlements are fairly common at the bottom of the high features and certainly on shore lines but just like mountains no two are the same. Great example of this is Dartmouth, England (goggle it)
3 - High features moving down to the water's edge: Again nothing new, but I'd use this to try and confirm that the spot I'm looking at is accurate, also in an image it is great to understand the scale of high features and distance. One thing I won't cover in this article is perspective but it's on my list of things to do, if there are any ex Recon soldiers you will know how this goes.
4 - Stick built structure on the shore: These are pretty unique, and give an indication again of perspective. But be careful stick structures are temporary and should be treated as such.
5 - Green foliage on the shore line: Green foliage on the shore line shows that the water line is unlikely to come that far, which would in probability say that the photo taker is close to some sort of green patch or at very least higher up the shore line.
6 - Shadows: There are extensive explanations on how to use shadows to work out north south east and west so I won't waste your precious investigation time going over it. But in this image you can clearly see the 3 men are looking east and the photographer is looking west. This is perfect for the micro location and also narrows down the list of places across the globe.
7 - Possible Estuary: Again another tool to confirm that you are looking at the right place, It could also be a wider beach head that connects to an island or peninsula.
So now how do you actually investigate the above?.....I have good news for you: It's relatively easy. Use Google Lens!
Google Lens is a fairly new offering from Google and actually is a really powerful tool (I will do more blogs on Google Lens soon). However, Google Lens requires you to be signed in and upload the image so please be aware of this. The risk here is that Google would have a log of everything your account was searching for. This may or may not matter to you but do be aware that’s how Google Lens works.
So here are the steps you need to take to get to the Google Lens point. Note: This is a desktop workflow that only works when using the Chrome browser. (There are separate Google Lens apps for mobile as well.)
Ok so now we are here and you should see a screen that looks similar to this:
Once you are in here you can see that Google Lens is picking up on the image and running it through the search engine to match it with similar images. This could be useful but remember: We’ve already picked out the features of the photo we’re interested in. Let’s focus on those instead.
Start with the one that will most likely get you the best results. So for me I’d say point number 1 which is the rocky outcrop/mountain. So crop the image as best as you can around the mountain so you can get the very unique rocky outcrop and everything around it but don't have things that will confuse the program. This is a bit of an art but you will get the hang of it in no time.
It should look like this:
Now on the right hand side you will see the visual search results. This is where the inner detective in you needs to come out. Scroll down the images and try to find any image that looks identical to the one you have selected in your area. (NOTICE: You will need to do this for every point of interest!) The more pieces of data you can link together the stronger your investigation will become. Remember, good investigators pivot, great investigators correlate and corroborate.
I’m now scrolling down the image results to find a good match… Bingo! I’ve hit something:
In this instance I take a read and try to get a raw image of the one johntoddjr.com has published. The website is still live and the author has protected the images but they are still good enough to use.
So now we have a lead, we have some intelligence to go on and now there is the process of processing. (If you can process what i just said)
There are lots of tangents in the processing of your intelligence and this isn't the time or place to go down them, so I will just cover the things I did. Again, this won’t be an exhaustive list that applies to every investigation. Your tangents and rabbit holes may vary.
So now I have the image from johntoddjr.com. I need to confirm with a level of certainty that it is the high feature I’m looking for. Visually it looks the same, but if you really want to improve your balance of certainty (nothing is ever certain by the way) then make sure you do a level of due diligence. This will save you a lot of time in the long run and produce a better final product.
I use a technique whereby I compare the two images using Microsoft Power Point:
In this instance I am looking to match the shape and texture of the right-hand side of the high feature as well as other general characteristics. I'll caveat this by saying so many factors can change your perspective of an image such as: seasons, angle of photos, day and night, shade, geological characteristics , buildings etc. But in this instance it’s a pretty decent match.
We now have our first point of corroboration/correlation. I am pretty confident that both images represent the same high feature so I can further develop the intelligence I now have and find out where the picture was taken.
Note: Every investigative step taken after this point will be based on the connection I’ve just made. That is to say, “If you get the beginning of your investigation wrong, you’ll get the end of your investigation wrong”
The website johntoddjr.com talks about the location in quite a bit of detail. Actually, you can gain a significant amount of intelligence from the article and it's important that you read the whole page in detail. But for the interest of speed and the task at hand I will highlight the most relevant points. All these points are biased to 'location' but obviously you would tailor relevancy according to your investigation.
In the article we see several references to places. I can see now that we are in Mexico, and the picture is in Villa Rica (Don Victor's house...who sounds like one cool dude). The article talks about Quiahuiztlan and the desire to go to Veracruz which runs a shuttle every 8 minutes. All of these are excellent bits of intelligence and start us off down a very firm 'processing' path.
So next phase, Google Earth/Google Maps. Both tools are equally as effective. Open them up and straight away we know we are in Mexico. Veracruz specifically. The article talks about Villa Rica and the desire to go to Veracruz.
And a quick search in Google Maps shows all the bits of intelligence we drew from the article. So I’m confident we are in the right lane of investigation. But as is the nature of investigation: this is where things get a bit difficult-ish.
When I drilled down to the Villa Rica spot on the map it went into a city location: Heroica. Heroica does not necessarily match up to the image we are trying to identify but some of the images in that location are of that of the beach we are looking for. BINGO!?.... not quite but we are so close.....so the trail is red hot.
Note: It would be tempting to stop digging here. You’re pretty sure that’s the place. Right? But look back at our planning step. What are you trying to do here? "Find the geographic location in which photo 001 was taken, to within 100m."
So, there are numerous directions we can go here, the first way is to look at the user who took this photo and see if they have a more accurate geo-located image. In this instance he doesn't. So, the hard work begins.
We know two factors from a geographical point of view. They are that the image was taken by a high feature, and by a large body of water. In this instance we can confidently say that's the sea. Open Google Maps at your Villa Rica pin drop and switch your map layer to "Terrain" view. Move up and down the coastline looking for high features up and down the coast. Pro Tip: I also find at this point it's super helpful to consider orientating your Google map to the point of view of the person taking the photo.
Again, this is a skill you will need to establish: understand the value of perspective and depth perception. The image below shows that the left-hand feature is much closer than the right which is lost in the initial picture. Also, that there is a curve in the shore line again something lost in the initial picture. Below I explain this in the briefest of terms, but ultimately I located the exact beach head using these three features.
1. Prominent curve in the beach hooking left and away from the high feature of interest.
2. High features drive down to the beach with a saddle in between. It is also closer than the feature on the right-hand side.
3. Feature to the right is further away than the one on the left with a re-entrant in between.
So now I am pretty damn confident this is the beach I'm after. Now I need to fully confirm and get a decent accuracy of the exact location.
Switch to satellite view and zoom into the beach head. I found that I could really start to see I'd hit the jackpot and that this was in fact the beach I was looking for.... BUT it is important that I continue to 100% confirm it's the beach I'm after. I need to fully exploit all the information I have; this would mean pulling together the other information points and layering them over and understanding its collation to one another. In layman's terms, make sure all your information points link together.
I will caveat again there is so much intelligence here for me to exploit, but I just want to stick with the information points I set myself in the early days of the investigation. Your points of interest you marked off in the original photo should ALL support one another and you should explore them all thoroughly.
I won't go into the analysis too deeply but ultimately, it's an extension of the exploitation. But I use this as the final phase of the exploitation tying everything together and grading its accuracy as one piece of intelligence. I was pretty happy that I’m about 98% certain (I’ve never gone above 98% in my career) so now lays the answer to my IR. (where was the photo taken to within 100m)…. In Google Earth/Maps right click on the spot and that should give you the long and lat which in this case is 19.67761954438692, -96.39487167071816
So, this bit is the bit of working in OSINT people don't realize is about 90% of your work. Dissemination is usually in the form of very lengthy written documents and briefings. It took me 45 mins to find out where this picture had been taken, it has taken me 4 hours to write this up for you. If you want to get into OSINT, be prepared to do A LOT of document making and briefings.
Below is a really really crude example of a one pager, but in real world you would be expected to to deliver something far more comprehensive...but hey that's why we get paid the big bucks yeah.
To conclude, use of all the above should be done in a manner to protect your security. Understanding geographic products is something you should look to grasp. Be absolutely tenacious in your approach to geo-locating. Some jobs have taken me days to do.
Other than that, i hope you enjoy this blog, if you have any questions please give me a shout in the Trace Labs Discord.