Dalton Riedlbauer, Martina Elena Nitti, Lewis Li, OSINT-RDT Team
Wissal Mabrouk, Editor; Jennifer Loy, Chief Editor
February 9, 2024
Industry: Investigations
(The Open Source Intelligence [OSINT] Toolkit is a report to help teach about various OSINT tools that can be used by Threat, Security, Intelligence, and Investigative Professionals [TSIIPs])
Image Analysis Tools Expedite Photo Investigations[1]
What is the BLUF about the OSINT Tool?
Fotoforensics is an OSINT tool that helps users determine if an image has been altered or manipulated. TSIIPs can use it to verify an image’s authenticity, especially during a crisis, to discern actual events from misinformation. Uploading images allows users to identify modifications, check metadata, analyze compression levels, and search for similar images online. This tool helps protect against deception by uncovering manipulated details and objects added or removed from pictures. However, TSIIPs should be cautious as the tool lacks privacy, collects submitted images and data, and may provide misleading results.
What is the name of the OSINT Tool?
FotoForensics
URL:
Who makes this tool?
This tool is owned by Hacker Factor, a computer forensics research and consulting services company owned by Dr. Neal Krawetz.[2] Hacker Factor also sponsors the website.[3]
What country is this tool based out of?
USA
What is the purpose of the OSINT Tool?
FotoForensics is a research site that introduces the public to image analysis and provides them access to “cutting-edge” digital photo forensics tools to determine whether a picture was modified or manipulated.[4]
What is the reason TSIIPs should use this OSINT Tool?
TSIIPs should utilize FotoForensics for digital image investigations because it will very likely aid them in the analysis stage of the intelligence cycle. TSIIPs should utilize this tool because it is a research site that does not reveal personal information to the public or disclose collected data to external third parties. FotoForensics does not collect email addresses, nor does it sell content.[5]
How should TSIIPs use this OSINT Tool?
FotoForensics helps TSIIPs determine whether a picture is genuine or digitally altered. TSIIPs can use it to verify the authenticity of images circulating on social media during a crisis to discern real events from misinformation or propaganda. TSIIPs should bear in mind that the website is open to the public and lacks both privacy and web login. For operational security (OPSEC), TSIIPs should utilize FotoForensics Lab to access a privacy service.[6]
What results will TSIIPs receive from the use of this OSINT Tool?
By uploading images, users can determine if a picture is authentic, identify modifications, and understand how those modifications were made. Tools include:
File Digest: provides a summary of metadata, timestamps, and cryptographic checksums.[7]
Error Level Analysis (ELA): helps identify areas that may have been modified by examining differences in JPEG compression levels across the image. Users can expect to see variations in brightness in high-contrast edges, textures, and surfaces compared to uniform areas. Significant differences suggest potential manipulation like resaving.[8]
Metadata Analysis: provides image information such as the type of camera, timestamps, color space information, and application notes. Different image formats include different kinds of metadata. Formats like BMP, PPM, and PBM contain little data compared to JPEGs from a camera.[9]
Similar Picture Search: helps the user find variations of the uploaded image across the internet, providing context about how the picture is used.[10]
Hidden Pixels: identifies possible hidden pixels in transparent PNGs and JPEGs.[11]
ICC+: is a tool used for managing and adjusting color profiles to ensure consistent color rendering across different displays and applications.[12]
JPEG %: estimates the quality of a JPEG. A photo that has undergone significant compression potentially means it has been tampered with.[13]
How will this OSINT Tool help TSIIPs protect a person or organization?
Fotoforensics helps uncover image manipulation and details that have been added to the pictures but were not there originally or that have been deleted from pictures. This tool can aid TSIIPs in identifying misleading or deceiving images that people could use to prove their presence in a location. TSIIPs can also use it to help see if the pictures contained objects (such as weapons) that were removed afterward and that could prove the person’s (or the group’s) involvement in dangerous, terrorist, and criminal activities.
Instructions on using this OSINT Tool:
Access the FotoForensics website by clicking on the URL provided above.
Users can upload a picture from their computer by clicking on “Choose File” and pressing “Upload File” after selecting it. The file type must be JPEG, PNG, WebP, HEIC, or AVIF.
Users can also upload a picture via “Image URL” by copying and pasting the URL of the image into the search box and pressing “Upload URL” afterward.
The website will open a page with the original picture and the analyzed one below it. Users can visualize the analyzed picture on full-screen by double-clicking on it.
On the upper left-hand corner of the screen, there’s a box titled “Analysis” containing various image analysis tools: Digest, ELA, Games, Hidden Pixels, ICC+, JPEG %, Metadata, Service Info, Strings, Source). Users can choose the most relevant tool for their investigation.
Below the “Analysis” box, there are eight icons for additional tools.
Rotate the image counterclockwise or clockwise.
Flip the image vertically or horizontally.
Annotate text to the image.
Adjust the color of the image.
Reverse image search pictures through public image search images such as TinEye, Google, Bing, and RootAbout.
Export the image to hintfo.com for an external Metadata analysis.[14]
After completing the analysis, users may share their results by clicking on “Direct Link” at the bottom left-hand corner of the page. To share results with the annotations included, click on “Annotations” next to “Direct Link.”
Example of this OSINT Tool in use by a TSIIP?
A TSIIP comes across a fake image on a social media site that exacerbates tensions around a sensitive social issue in the US. An anonymous account shared a photo that contained a “triggering” message. Suspecting that it may be a part of a disinformation campaign, the TSIIP can download the photo as a JPEG and upload it to Fotoforensics to check its authenticity. The TSIIP may use the ELA tool, which reveals inconsistencies in compression levels across the image, likely indicating possible alterations. The TSIIP concludes that the image has been doctored and lacks credibility. They promptly alert the relevant authorities and debunk the fake image publicly, preventing further dissemination of misinformation. Fotoforensics’ comprehensive image analysis portfolio streamlined the investigation process and prevented widespread panic resulting from misinformation. Fotoforensics has significantly reduced the time it would have taken TSIIPs to manually search for the source of the image and inspect it for manipulation.
What other tools should be used with this OSINT Tool?
TSIIPs should leverage FotoForensics Lab, the paid service of FotoForensics if they need to carry out analysis for commercial, bulk, or private purposes. User-uploaded content is not utilized for research and the website automatically deletes the files after one day of inactivity, ensuring privacy for TSIIPs. Lab provides TSIIPs with additional tools and training for analyzing digital pictures, and stores files in a different server from the public one.[15] TSIIPs should explore similar tools such as ImageForensic, which provides a more automatic imagery analysis process through their “all-in-one” feature.[16] ImageForensic places more emphasis on user privacy, does not share data or analyses, and images/reports are only available via a user's direct link.[17] TSIIPs should also leverage Forensically by 29a.ch, which has a unique magnifying glass feature to zoom in on the image they are investigating. TSIIPs should upload their image to Forensically if they are unable to see image details in FotoForensics.[18]
Are there any concerns that TSIIPs should have about using this OSINT tool?
FotoForensics’ privacy policy is very basic and users should not presume that uploaded pictures will remain confidential. This website collects user-submitted images, general weblog data, and image information such as source, submission date, and frequency of access. By uploading an image, users consent to “FotoForensics, Hacker Factor, and research partners for analysis-related purposes.”[19] Users should be aware that images are stored on the server for a minimum of three months and "potentially indefinitely."[20] Users should abide by local jurisdictions and US laws when uploading pictures to the site. Sexually explicit content, nudity, and pornography are prohibited on the website and will result in a ban. The website may track users by collecting signatures when they violate terms of service or behave suspiciously.[21] FotoForensics only provides raw data and does not take responsibility for conclusions or the interpretation of results. Due to the quality of the image submitted, the data and information given to the picture owner after the tool's use can be misleading or erroneous.
[1] The Counterterrorism Group Logo, by Dalton Riedlbauer, via FotoForensics
[2] About, Hacker Factor, https://www.hackerfactor.com/about.php
[3] Frequently Asked Questions, FotoForensics, December 2022, https://fotoforensics.com/faq.php
[4] Ibid
[5] Ibid
[6] Ibid
[7] Tutorial: File Digest, FotoForensics, https://fotoforensics.com/tutorial.php?tt=digest
[8] Tutorial: Error Analysis Level, FotoForensics, https://fotoforensics.com/tutorial.php?tt=ela
[9] Tutorial: Metadata Analysis, FotoForensics, https://fotoforensics.com/tutorial.php?tt=meta
[10] Tutorial: Similar Picture Search, FotoForensics, https://fotoforensics.com/tutorial.php?tt=search
[11] Tutorial: Hidden Pixels, FotoForensics, https://fotoforensics.com/tutorial.php?tt=hidden-pixels.
[12] Tutorial: ICC+, FotoForensics, https://fotoforensics.com/tutorial.php?tt=icc
[13] Tutorial: Estimate JPEG Quality, FotoForensics, https://fotoforensics.com/tutorial.php?tt=estq
[14] About, Hintfo, https://hintfo.com
[15] About Lab, FotoForensics, August 2022, https://lab.fotoforensics.com/faq.php#Why%20pay%20to%20use%20Lab
[16] ImageForensic, ImageForensic, January 2013, https://www.imageforensic.org/
[17] Ibid
[18] Forensically, free online photo forensics tools, Forensically, https://29a.ch/photo-forensics/#forensic-magnifier
[19] Frequently Asked Questions, FotoForensics, December 2022, https://fotoforensics.com/faq.php
[20] Ibid