DEV Community

shyn
shyn

Posted on

Building a Forensic Image Analyser: Bridging the Gap in OSINT Investigations

#cybersecurity #osint #investigations #webdev

I recently built a Dockerised Image Metadata Analyser to solve this. Here is the breakdown of why I built it, how it works, and the lessons I learned along the way.

The Project Background: The "Digital Ghost" Problem

Modern investigators often face what I call the Digital Ghost problem. You find a crucial image, but without knowing the where and when, the lead goes cold.

While online "EXIF viewers" exist, they pose significant risks:

  • OPSEC Risk: Uploading evidence to a third-party site can leak your investigation.
  • Reliability: Most tools don't tell you what to do when metadata is missing.
  • I built this tool to be a localized, secure sandbox for analysts.

The Tech Stack

  • Python & Pillow: For deep-diving into JPEG EXIF headers.
  • Streamlit: To turn a forensic script into a professional, interactive dashboard.
  • Docker: To ensure the tool is platform-independent and leaves no "forensic footprint" on the host machine.

Key Features

  1. Automated Geolocation Mapping
    The tool doesn't just pull raw GPS data (which is often in confusing DMS format); it automatically converts them to decimal degrees and provides a clickable Google Maps link and an embedded map.

  2. Visual OSINT Fallback Mode
    We know social media platforms (WhatsApp, X, Instagram) strip metadata. When my tool detects an "empty" image, it automatically switches to Visual OSINT Mode, providing the investigator with:

  • A visual checklist (shadow analysis, landmarks, flora).
  • Quick links to external tools like Google Lens, Yandex, and SunCalc.

Technical Hurdles & Learning Moments

The Indentation Trap

As a Python beginner, I hit the classic IndentationError. It was a vital reminder that in both coding and intelligence, precision matters. A single misplaced space can break a system, just as a single overlooked detail can stall an investigation.

Security First: Credential Rotation
During the deployment to GitHub, I faced a real-world security scenario: managing Personal Access Tokens (PATs). I practiced immediate Incident Response by rotating my tokens after a local configuration error, reinforcing the importance of secret management in the dev lifecycle.

See the Code

The project is fully open-source and can be deployed with a single Docker command.

👉 GitHub Repository: https://github.com/shynsec/osint-image-analyser

Top comments (0)