Monday, February 13, 2012

Geolocation From Photos = Good Stuff

One of the great things (there are so many, but this is one of them) about DFIR is that there are many different ways to uncover and analyze data.  I was recently doing some research on pulling geolocation information from photos taken on an iPhone (mine, actually), and was led to some pretty great resources.  In my continuing efforts to contribute, below is a simple layout of how to pull geolocation information from photographs and then map that information using all open source or free tools.  Now, this method isn't the fastest, especially when dealing with a large data universe.  What I like about the tasks, though, is that it gets you a bit closer to the data, and doesn't rely on "point and click" methods. 

Pulling Longitude and Latitude


Note:  This tool can write as well as read Exif information.  Make sure the data is write-blocked or you are working on a copy and not the original.

Extract the tool.


Rename to exiftool.exe (from exiftool(-k).exe) and place in the C:\Windows directory.  This allows the program to run from the command prompt.

Open the CL window.  Type

exiftool –csv sourcedirectory > outputdirectory\logname.csv

(or leave outputdirectory out to place file in same location as images).


If all the parameters are correct, the command will run and an output file will be created in the directory specified.


Of particular interest for this project are the Geolocation, or Longitude and Latitude.



Mapping Longitude and Latitude

Now that we have the coordinates, the next step is to map them.  Download Google Earth from http://www.google.com/earth/index.html



Add placemark by selecting the yellow pin icon.  Fill out corresponding information, i.e. Latitude, Longitude and any identifying information.  Note:  You will need to adapt the format of lat/long to reflect the format shown below, with “°” rather than “deg”.


Repeat for any additional locations.  You should now be able to view the locations on Google Earth.


If people want to see other methods, let me know and I'll follow up with additional tools.  For now, though, hope this is interesting!

UPDATE:  I promised to follow up if people were interested, but the community has already done that for me - and far better than I could have done.  For more information and tools, see comments below.  Find a tool, and take the time to thank whoever it was that put up the time to make it, and even more, to make it available to everyone.  Thank you to all those who created and posted links to more tools!

23 comments:

  1. Great stuff! I wrote a tool to allow geolocation of WiFi WAPs, based on WAP MAC addresses pulled from the Windows Registry. The code that creates the Google Map URLs or the code for the KML files might be useful for doing what you mention in your post:

    http://windowsir.blogspot.com/2011/11/good-stuff.html

    ReplyDelete
    Replies
    1. @Keydet89 Thanks! I plan to follow up with a post that I will try to integrate that in to, if you don't mind.

      Delete
  2. Your post has inspired me to work on a another silly little script that may be useful to some. Too bad I've turned off location services for the camera on my phone. Gotta turn it on now so I can collect some demo data.

    ReplyDelete
    Replies
    1. @davehull Oooh, I'd love to see it when/if you put it out into the community!

      Delete
    2. Here's my contribution:

      http://trustedsignal.blogspot.com/2012/02/plotting-photo-location-data-with-bing.html

      Delete
  3. Awesome. I've used exiftool before, but this is a great way to extend it!

    ReplyDelete
    Replies
    1. Definitely enjoy exiftool... many ways of implementing it.

      Delete
  4. You should be able to use Google Chart Tools or Google Fusion Tables to create the map directly from the data without having to manually enter it.

    ReplyDelete
    Replies
    1. Cool. I'll include that in any follow-ups that go over some more automated steps!

      Delete
  5. Hi! Great blog and great post.. if you are interested in geolocation and EXIF data, I built a python tool to extract data from a photo and build a detailed PDF report with all EXIF data.. if available, GPS data are drawn on a map included in the report.. the tool extracts data from the photo using the command line tool exiv2. If you are interested, you can take a look at:

    https://github.com/PicciMario/EXIF-Viewer

    (take a look at the sample PDF reports in the "samples" directory). Bye!

    ReplyDelete
    Replies
    1. Cool... will definitely check it out. Looks like it will make installing PIL worthwhile. :)

      Delete
  6. When it rains, it pours... This seems to be quite the popular topic eh?
    Anyhoo, you've given me an excuse to test out my Perl mangling skills. I've created a Perl script (on SIFT) to extract EXIF GPS Lat/Long info and create an HTML ouput file. You can then open the file and click on a link which should take you to a GoogleMaps plot of the Lat/Long. It also handles multiple files.

    I've posted all about it at http://cheeky4n6monkey.blogspot.com

    (There may be a monkey mystery involved !)

    Thanks for the inspiration.

    Yours in bananas,

    Cheeky4n6Monkey

    ReplyDelete
    Replies
    1. Dang, your stuff is so much better than mine! I absolutely love your post... especially the perl examples, since I'm still wrapping my brain around programming. Thank you so much for sharing!

      Delete
    2. Aw thanks ... *blushes*

      If you're stuck on something programming,
      Feel free to drop me a line / vine.

      If you're lucky, I may even be able to help lol.

      Delete
  7. Replies
    1. Thanks for reading. It makes me feel validated. :)

      Delete
  8. I wrote an Encase Enscript that creates RTF reports containing TIFF/EXIF/Adobe's XPM & GPS data. Does unallocated and can filter on camera make or model.

    can be downloaded at https://support.guidancesoftware.com/forum/downloads.php?do=file&id=948

    ReplyDelete
  9. Great work you've shared with us here, thanks! I have a short article on modifying geo-tags on iDevices (if you're interested)here http://www.forensicfocus.com/geotags-friend-or-foe and I have started a new (still short) blog revolving around geo-data and privacy - www.4en6.me

    Keep up the great work!

    ReplyDelete
    Replies
    1. Thank you for sending that on... very interesting stuff!

      Delete
  10. I have also been messing about with Geolocation recently. It’s great when thanks to it you nearly solve the case. I can’t wait to go to Court and see the face of the suspect when all the “dodgy” images resolve back to the suspects address.

    Anyway, just wanted to say that in my case I used a program called PhotoME. It’s free (low budget here) and to resolve the coordinates you just click one button and Google maps displays the location. Great for thickos like me.

    First time in this blog (recommended by happyasamonkey), keep up the good work.

    ReplyDelete
  11. Great post! I wrote a script that... ahhh nevermind... :)

    ReplyDelete
  12. ExifTool can be used to create a Google Earth KML file from geotagged images. This allows you to automate the processes of viewing all of the images in Google Earth. See here for details:

    http://owl.phy.queensu.ca/~phil/exiftool/geotag.html#KML

    - Phil

    ReplyDelete