A very impressive Sr. OSINT analyst/investigator is Sofia Santos. She posts videos on Youtube about discovering truth about image and video data. She also manages a blog that has (among other things) OSINT exercises. Some, well most, of her exercises are very challenging. However, exercise #006 is tagged as “easy.” Check it out below, and then I’ll show what I did to work out a solution.
Sofia Santos: OSINT Exercise #006 (link below)
My Solution
Before I get to the solution, I wanted to point out some tools used.
Browser Tools
I noticed that Sofia uses a right-click reverse image search plugin, and noticing her videos showcase the Opera browser – well I found the same plugin. In Opera and Chrome, you can install a right-click reverse image search utility. This saves having to download an image, go to Google’s reverse image search, upload it, etc. In this way, you can simply right-click an embedded image on a website and send it to Google.
The Opera plugin has several options that can be turned on, including different reverse image search systems: Bing, Yandex, TinEye and so on. Google’s reverse image search (default) has the added bonus of Google Lens (which will translate any text in an image!
Solution
Sofia links to the image from the Tweet:
https://gralhix.files.wordpress.com/2023/01/osintexercise006.jpeg
The image has been cropped by Twitter, or the original uploader. So I reverse image search to find the original, uncropped format. I used Google, Bing and Yandex for this. Yandex actually found an uncropped version as the first hit.
Date
INITIAL DATE: Clicking on the actual article, linked on Yandex, shows it was posted on August 22, 2016.
This alone answers the question that this is NOT a recent event, as reported by the Twitter account from the exercise.
Digging Deeper with EXIF data
Yandex linked to the high-resolution image directly. I hoped that I might get some EXIF data on the image, leading me to accurate source.
The high resolution file is this one:
https://joemiller.us/wp-content/uploads/WaziriyaAutobombeIrak.jpg
EXIF dat is metadata stored on an image. It usually contains the camera make/model, the date time of the photo and sometimes geo data. If you have a modern camera from a professional journalist, it may even have coordinate geo data. If you’re lucky, it will also include the name of the photographer…
Keep in mind that EXIF data could be tampered with, but it’s worth a try to see what can be found. I was a bit worried that the file, having been renamed and not from the original camera name format, may have lost the original EXIF data.
You don’t have to download an image to extract this metadata. I use the site below, which takes a URL or uploaded image, and displays the EXIF on it:
Results on this image are seen here:
UPDATED DATE: The first section of data tells us the Date Created: Aug 27, 2006 and a time of 13:34 (1:34pm local time). This is the oldest date, 10 years older than the article that linked to it in 2016. Since this is from the EXIF, it’s possibly the origin date of the image. We even have a time it was taken.
Unfortunately this first section says that location data is not saved on this EXIF. This makes sense. This is an older image, when cameras didn’t have wifi/internet access to code geo data.
The next section shows the camera details. Not too useful, except that brand is their pro line. In 2006, that camera would have cost nearly $4,000 just for the body. We can infer this is a serious photographer, a professional photo journalist.
The final section of EXIF data shows a copyright with full name. Jackpot. Googling for this name comes up with a hit on a US military photographer and their work is displayed on various US Gov. and educational websites, including:
https://wmdcenter.ndu.edu/Media/Images/igphoto/2002493919/
The link above is from the Weapons of Mass Destruction division of National Defense University and it has geographic data:
According to the above citation, the original image belonging to Eli J. Medellin, was photographed in Iraq.
TL;DR
Using a reverse image search, we can see the image isn’t recent, so not part of a recent event.
Digging deeper on the EXIF, we can see that the image was likely taken in Iraq on Aug. 27, 2006.