Images

Image Collection Tools

- Gallery-DL

To install:

mkdir ~/Downloads/Programs/Gallery-DL

cd ~/Downloads/Programs/Gallery-DL

python3 -m venv gallerydlEnvironment

source gallerydlEnvironment/bin/activate

sudo pip install -U gallery-dl

deactivate

To archive all images whithin a specific Flick album:

gallery-dl "https://www.flickr.com/photos/henrik/albums/12413515135"

To download all images from a Twitter profile:

gallery-dl https://twitter.com/IntelTechniques

It supports over 150 services to download images from, including Twitter, 4chan, Flickr, Imgur, Reddit, etc.

- RipMe

To install:

cd ~/Downloads

sudo apt install default-jre -y

wget https://github.com/ripmeapp/ripme/releases/latest/download/ripme.jar

chmod +x ripme.jar

Right-click the program and choose "Properties", then click "Open with" and select "OpenJDK Java 11 Runtime" and set it as default.

Open and enter a URL, it supports image downloads from Imgur, Twitter, Tumblr, Instagram, Flickr, Photobucket and Reddit.

- Custom Galleries Script

#!/usr/bin/env bash
opt1="Gallery-DL"
opt2="RipMe"
gallerymenu=$(zenity  --list  --title "Gallery Tool" --radiolist  --column "" --column "" TRUE "$opt1" FALSE "$opt2" --height=400 --width=300) 
case $gallerymenu in
$opt1 ) 
url=$(zenity --entry --title "Galleries Tool" --text "Enter target URL")
mkdir ~/Documents/gallery-dl
cd ~/Documents/gallery-dl
gallery-dl "$url"
open ~/Documents/gallery-dl/
exit;;
$opt2 )
cd ~/Downloads/
java -jar ripme.jar 
exit;;
esac

- Desktop Shortcut

[Desktop Entry]
Type=Application
Name=Galleries Tool  
Categories=Application;OSINT
Exec=/home/osint/Documents/scripts/galleries.sh
Icon=/home/osint/Documents/icons/galleries.png
Terminal=true

Image Search

- Google Images (images.google.com)

- Bing Images (bing.com/images)

- Camera Trace (cameratrace.com/trace)

This site was designed to help camera theft victims with locating their camera if it is being used by the thief online. For that use, you would find a photo taken with the stolen camera, and drop it into the previous site for analysis. This analysis identifies a serial number if available. If one is located, type the serial number into Camera Trace. It will attempt to locate any online photographs taken with the camera.

- Online Barcode Reader (online-barcode-reader.inliteresearch.com)

An online barcode reader can be used to identify what information is hiding behind these interesting images.

Additional barcode identification options:

  • Online Barcode (onlinebarcodereader.com)

  • xing (zxing.org)

  • Cognex (manateeworks.com/free-barcode-scanner)

  • Online Decoder online-barcode-reader.com)

Reverse-Image Search

! Cropped Reverse Image Searching

Google Images and Bing Images try to limit the number of matching photos, possibly with the intent to present only relevant images.

Consider cropping the image to only display the target, you’ll receive more search results. Yhis technique is applicable to Google and Bing, but works best with Yandex.

! Caution with sensitive images. Submitting online photos within these engines is harmless. If the photo is already publicly online, there is very little risk exposing it a second time. Overall, never submit these types of photos from your hard drive. It will always come back to haunt you.

- Google Reverse Image Search (images.google.com)

In order to take advantage of the online search, you must have the exact link to the actual photo online. Locating an image within a website is not enough. You will want to see the image in a web browser by itself, and then copy the address of the image. If I want to view the image from the actual location, I must right-click on the image and select "view image" with my Firefox browser: Chrome users will see "open image in new tab" and Internet Explorer users will see "properties" which will identify the URL of the image. This link is what you want in order to conduct a reverse image analysis.

URL directly to Google Lens with an example image URL:

https://lens.google.com/uploadbyurI?url=https://s.hdnux.com/photos/01/30/23/25/23147846/3/1200x0.jpg

- Bing Reverse Image Match (bing.com/images)

This service does not seem to be as robust as Google's.

- TinEye (tineye.com)

The results here are usually fewer than those found with Google. Since each service often finds images the others do not, all should be searched when using this technique.

- Yandex Images (yandex.ru/images)

The best reverse image search option.

- Baidu Images (image.baidu.com)

This reverse search option fails more than it functions.

- Reddit Repost Sleuth (repostsleuth.com)

This service is a reverse image search engine that only provides positive results that appear on the website Reddit.

We can use this in investigations to locate every copy of an individual photo on Reddit.

- Root About (rootabout.com)

Only queries against images stored on the Internet Archive and within Open Library.

- Wolfram Image Identification Project (imageidentify.com)

While this is not a traditional reverse image search, it does provide value.

This will identify the content of an image. If you upload a photo of a car, it will likely tell you the make, year, and model. An upload of an image containing an unknown Chinese word may display a translation and history details. The site prompts you to upload a digital file, but you can also drag and drop an image from a web page in another tab.

- Pictriev (pictriev.com)

The results are best when the image is of a public figure with a large internet presence, but it will work on lesser-known subjects as well. An additional feature is a prediction of the sex of the target as well as age.

Facial Image Search Engines

- FaceCheck (facecheck.id)

Free alternative to the paid service Pimeyes. It applies artificial intelligence to compare an online or uploaded image. This is a series of servers which analyze your target image and attempt to identify any stored images of the same person.

Only submit images which are already online and have likely already been indexed by this service.

https://facecheck.id/#furl-https://s.hdnux.com/photos/01/30/23/25/23147846/3/1200x0.jpg

- Pimeyes (https://pimeyes.com/en)

- Microsoft Azure Facial Recognition Tool (https://azure.microsoft.com/en-au/services/cognitive-services/face/#demo)

Vehicle Image Search Engines

- CarNet (carnet.ai)

Allows you to upload an image, or provide a URL, of a suspect vehicle, and it will use machine learning to identify the year, make, and model when possible.

This service extremely valuable when trying to identify vehicles captured on video doorbells and dash cameras.

Photo-Sharing Sites

- Social Media

- Flickr (flickr.com)

Many have abandoned it for Twitter and Instagram, but the mass number of images cannot be ignored.

After you have found either an individual photo, user's photo album, or group of photos by interest, vou can begin to analyze the profile data of your target. This may include a username, camera information, and interests.

FlickrMap (flickr.com/map):

Flick attempts to geo locate all of the photos. It will usually obtain this information from the Exif data.

Flick API:

Options:

  • Query an email address and identifies any Flick accounts associated with it.

  • Query a username, and identifies the Flick user number of the connected account.

  • Query a Flickr user number and identifies the attached username. Unfortunately, all of these features require a Flickr API key.

To query an email:

https://api.flickt.com/services/test/?method=flickr.people.findByEmail&rapi_key=27c196593dad58382fc4912600cf1194&find_email=test@test.com

If we only know the username:

https://api.flickr.com/services/rest/Pmethod=flickr.people.findByUsername&api_key=27c196593dad58382fc4912600cf1194&username=intellectarsenal

Once you have identified the user number:

https://api.flickr.com/services/rest/?method=flickr.people.getInfo&api_key=27c196593dad58382fc4912b00cf1194&user_id=8104823@N02

This returns the most details.

Exif Data

Generic methods and tools have been explained in “Metadata” section, here we will walk through image specific metadata.

If you locate an image that appears full size and uncompressed, you will likely still have the data intact. If the image has been compressed to a smaller file size, this data is often lost.

This is one of the reasons you will always want to identify the largest version of an image when searching online.

The quickest way to see the information is through an online viewer.

- Jeffrey's Exif Viewer (exif.regex.info/exif.cgi)

The site will allow analysis of any image found online or stored on a drive connected to your computer

Two search options, the first, copy and paste an address of an image online for analysis, the second open a file explorer window that will allow you to select a file on your computer for analysis.

The first section of the results will usually provide the make and model of the camera used to capture the image.

Scrolling down the analysis page will then identify many camera settings, such as aperture information, exposure time, sharpness, saturation, and other image details.

A serial number of a camera associated with an image can be valuable data,.

It is important to know that this data can be manipulated.

Many new SLR cameras, and almost all cellular telephone cameras, now include GPS. If the GPS is on, and the user did not disable geo-tagging of the photos in the camera settings, you will get location data within the Exif data of the photo.

Image Manipulation

Image Manipulation Forensics

It is common to find images on the internet that have been manipulated using software such as Photoshop.

Often it is difficult, if not impossible, to tell if these photos have been manipulated by visually analyzing them.

- Foto Forensics (fotoforensics.com)

Upload a digital image. Any highlighted areas of the image indicate a possible manipulation.

It is important to note that any images uploaded become part of the website's collection and a direct URL is issued. While it would be difficult for someone to locate the URI of the images, it could pose a security risk for sensitive files.

- Forensicall (29a.ch/photo-forensics)

Robust image analyzer that offers a huge collection of photo forensic tools that can-be applied to any uploaded image.

https://inteltechniques.com/blog/2016/12/21/internet-search-resource-foresically/

Options:

  • The Magnifier: To see small hidden details in an image. There are three different enhancements available at the moment:Histogram Equalization, Auto Contrast, and Auto Contrast by Channel. Auto Contrast mostly keeps the colors intact the others can cause color shifts. Histogram Equalization is the most robust option. You can also set this to none.

  • The Clone Detector: Highlights copied regions within an image. Minimal Similatity determines how similar the cloned pixels need to be to the original. Minimal Detail: Controls how much detail an area needs, therefore, blocks with less detail than this are not considered when searching for clones. Minimal Cluster Size determines how many clones of a similar region. need to be found in order for them to show up as results. Blocksize determines how big the blocks used for the clone detection ate. You generally don't want to touch this. Maximal Image Size is the maximal width or height of the image used to perform the clone search. Show Quantized Image shows the image after it has been compressed. This can be useful to tweak Minimal Similarity and Minimal Detail. Blocks that have been rejected because they do not have enough detail show up as black.

  • Error Level Analysis: Compares the original image to a recompressed version. This can make manipulated regions stand out in various ways. They can be darker or brighter than similar regions which have not been manipulated. Error Scale makes the differences between the original and the recompressed image bigger. Magnifier Enhancement offers different enhancements: Histogram Equalization, Auto Contrast, and Auto Contrast by Channel. Auto Contrast mostly keeps the colors intact; the others can cause color shifts. Histogram Equalization is the most robust option. You can also set this to none. Opacity displays the opacity of the Differences layer. If you lower it, you will see more of the original image.

  • Noise Analysis: A reverse de-noising algorithm. It can be useful for identifying manipulations to the image like airbrushing, deformations, warping, and perspective corrected cloning. Noise Amplitude makes the noise brighter. Equalize Histogram applies histogram equalization to the noise. Magnifier Enhancement offers three different enhancements: Histogram Equalization, Auto Contrast, and Auto Contrast by Channel.

  • Level Sweep: Quickly sweep through the histogram of an image. To use this tool simply move your mouse over the image and scroll with your mouse wheel. Look for interesting discontinuities in the image. Sweep is the position in the histogram to be inspected. Width is the amount of values (or width of the slice of the histogram) to be inspected. The default should be fine.

  • Luminance Gradient: Analyzes the changes in brightness along the wand y axis of the image. Look at how different parts of the image are illuminated in order to find anomalies. Parts of the image which ate at a similat angle (to the light source) and under similat illumination should have a similar color. Another, use is to check edges. Similat edges should have similar gradients.

  • PCA: Performs principal component analysis on the image. Modes: Projection of the value in the image onto the principal component; Difference between the input and the closest point on the selected principal component; Distance between the input and the closest point on the selected principal component; or the closest point on the selected principal Component. Three different enhancements available like before.

  • MetaData: Displays any Fxif metadata in the image.

  • Thumbnail Analysis: Shows any hidden preview image inside the original image.

- Aperisolve (aperisolve.com)

Display the image with various superimposed values and attempt to identify any steganography patterns.

This allow us to hunt for any hidden artifacts.

Reserve this tool for situations when I suspect modification to a file which may include hidden

Image Enlarging and Upscaling

Typically, this is not advised since you may be manipulating evidence, but there are scenarios where this may be justified. A blurty image of a license plate could warrant the manipulation of an image for clarity.

- IMG Enlarger (imglarger.com)

Requites a free account, and only magnifies the overall image. It simply doubles everything in size.

- IMG Upscaler (imgupscaler.com)

This option does not require an account and uses various software programming to truly enhance an image.

IntelTechniques Images Tool

The first search options replicate the reverse-search techniques explained for Google, Bing, and others.

The "Submit All" option on this page executes keyword searches actoss all popular networks into separate tabs on your browser.

Code in Images.html.

PreviousDocumentsNextVideos & Lives

Last updated