Photo geolocation has become a key skill for open source intelligence (OSINT). The ability to determine the geographic location of objects in a photo allows you to effectively find the necessary accounts in social networks and identify their connections. The article provides a detailed analysis of how these skills can assist in investigations, providing specific application examples and tools to improve intelligence outcomes.
The surprising thing is that many people see photo geolocation as just a fun game or hobby.
Moreover, I have repeatedly read opinions that #geoint quizzes are something useless and completely disconnected from reality (I’m not kidding, sometimes I get such messages even in DMs). And that they are a waste of time.
I’ll be honest, I’m not a fan of geolocation quizzes and I’ve only published such posts a couple of times in three years.
But… I am convinced that the ability to geolocate a photo is one of the most useful investigative skills. I will try to show it with a simple example.
There is a profile of a person on a car forum. He doesn’t respond to messages on the forum and you want to find his profiles on other social networks to chat. There is no avatar, only the car model in the profile description (may be false). Several dozen posts in English. And we cannot guess from which country/city this person is. But we know the username, and that’s great!
We could try to find profiles with the same username. Let’s start with the simplest and run https://whatsmyname.app/ . (see note below for more info on username searches) Only a few profiles were found and they don’t have any information. Only on Pinterest there are several photos of the car (the model matches the one in the profile description) in the yard of an apartment complex.
Today, luck smiled on us, and we were able to find the exact address of the elite residential complex immediately after a fragment of the facade photo on Google.
Is it possible to somehow find a person, knowing only:
approximate home address (fictitious or outdated)
his username
Here are some possible ways you can try to do this.
Most people use first and last names when writing reviews on Google Maps, but there are also many who use pseudonyms.
But unfortunately, username enumeration tools (WhatsMyNameApp, Sherlock, Maigret, etc.) can’t find Google Maps profiles (and Google won’t help either).
Sometimes searching for <nickname>@gmail.com in Ghunt/Epieos can help. But often the nickname does not match the email.
So, all that remains is to review reviews of various locations near a person’s home address: supermarkets, cafes, gyms, hair salons, etc.
This may seem like a lot of work, but in practice it only takes a few minutes. Because less visited places may have very few reviews.
Google Maps profiles can contain a lot of useful information for research:
profile picture (allows you to find a person’s profiles on various sites using reverse image search -> find other person’s nicknames).
photos taken by the person that can also be uploaded to their other social media profiles (and found using reverse image search).
other places he often visits (by which you can determine his place of work or address of friends/relatives).
Remember that Google Maps is not popular in some countries, so you should look for reviews in local mapping services (Yandex Maps, etc.).
Another disadvantage of alias enumeration tools is that they cannot find user profiles on small local forums with only a few hundred users (sometimes Google can help, but not always).
The following types of local forums can be manually scanned by target person alias:
– city forums
– school/university forums
– district forums
– local amateur forums
In this way, it is possible to find a profile avatar or various details of a person’s biography that can be used as hypothetical entry points for an investigation.
The most important rules when viewing reviews on the map and local forums! Don’t forget nicknames that are spelled similar to the user’s nickname (John, J0hn, $ohn, Joh#, etc.).
You can also try searching for location-related content on numerous social media services (Photo Map (VK), BirdHunt, InstaHunt, YouTube Geofind, etc.).
In the example described above, they can only help you find profiles with a similar spelling of a nickname or a photo of a car of the corresponding model.
But if by this point in the investigation you have learned some more data about the person (probable name, probable age), then the chances of finding their profiles in other social networks increase.
You can find more services for publishing on social networks on the map in the Mini-Geoint cheat sheet ( https://github.com/cipher387/cheatsheets?tab=readme-ov-file#mini-geoint ).
If you add a city or area name to your query when searching for a nickname (and similar nicknames), you may find things you couldn’t find with other searches (like the local forums mentioned above).
If you know a person’s country, you can run WhatsMyName or another alias numbering tool using a list of sites that are typical for people from that country to register.
Example for Poland or WhatsMyName: https://github.com/dudek-marcin/WhatsMyName-Polish-List
You can find such lists on Github or make your own. Here are just five simple examples of what you can do if you know a person’s nickname and location. And if you had a first name, last name (even a common one), a photo of your face, a profile avatar… For each type of search, knowing your location would be very useful.
At the beginning of this article, very little was said about alias searches, but more effort should have been put into this step. Use tools other than WhatsMyName to find as many inputs as possible. A short list of these can be found in the OSINT username cheat sheet ( https://github.com/cipher387/cheatsheets/tree/main?tab=readme-ov-file#username-osint ).