Exif Tool Explained

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone professor colleagues I hope you're all well and good health admits these trying and unprecedented times moving right along my teammates and I would love to present to you what we found to be one of the most essential tools that anyone in the forensics world should be aware of my team and I decided to proceed with this tool for several reasons firstly as you guys will see soon this tool has valuable real-life applications that forensic workers can frequently use secondly this tool is simple yet capable of providing an enormous amount of information with just a few clicks of a button allow me to tell you more about this handy program known as exit tool eggs if tool is an open source software that was developed by an application developer by the name of Phil Harvey in the year 2003 this software is a highly respected tool because it can extract dozens upon dozens of extremely valuable pieces of information from almost any file type that you can think of for example if we were to use this tool to analyze a a JPEG file we would be able to show tons of vital vital information such as the exact time the photo was taken the date that photo was taken the size of the photo it can even display the exact GPS location of where the photo was taken it can even display the make and model of the device used to capture the the photo the tool can even identify one of the most important questions in the case was the file edit was it edited was it altered or manipulated in any way shape or form as we know these are incredibly vital pieces of information that can determine whether the judge rules for or against the criminal very soon my classmates Mike and azim will explain how we can acquire exit tool and additionally they will also provide a practical hands-on demonstration of this tool to further explain how helpful this tool can be in real-life situations but before they illustrate the practical aspect I wanted to quickly summarize some of the theoretical abstract back and aspects to exit tool so the first important to understand is the term which is actually the first half of the tool or exif exif exif it basically stands for exchangeable image file format and this is a protocol that standardizes the way cameras computers scanners phones desktops drones and pretty much any other device any other devices that you can think of and basically standardized is the way they capture store and format image and audio files in other words this is the tool that actually captures and stores extremely important information such as the exact details of the device as well as the GPS location and if the device itself is equipped with a GPS receiver or not these important details are all capable via the tool exit file or exif and all of this data and more is actually stored as metadata which is basically all of the details that describe the files that you're analyzing another crucial concept that is intertwine with this tool is the way it can be utilized there's basically two methods to utilize exif tool one being the more technical and more beneficial command line method using the command line or and then there's the other being the more user-friendly graphic u graphical user interface as you can see from the picture running these commands can help accommodate specific requests that would otherwise take a significant amount of time in just a minute my teammate Mike will demonstrate the technical hands-on aspect the other method is the graphical user interface this would be the easier to comprehend more simple interface it would especially be helpful in the in the situation where you're presenting the information in front of the judge and jury my other teammate Azim will conclude this teach-back assignment by demonstrating the practical aspect the practical aspects of the graphical user interface one last thing I wanted to mention - I wanted to share about this tool before my teammates before my teammate Mike demonstrates the command line is exit tools incredible versatility one of the factors that make this tool unbelievably applicable is that it can be used to extract data from quite literally hundreds of different types of files this is very helpful as hackers and cyber criminals typically use discrete and irregular your regular atypical files to store their data moreover this tool is executable on Mac and Android further adding towards versatility this is just some of the background theoretical aspect information that I feel is important people understand about exit tool that being said I'm gonna pass it forward to my teammate Mike he's gonna basically explain the practical hands-on aspect he's gonna show you and demonstrate how you can use the command line to basically further gain information on files I've ruined my name is Michael Ibanez I'm gonna go ahead and start during the demonstration on the command line access tool portion not gonna go over the GUI in detail in my opinion I'm not that big of a fan of the GUI feel like I don't have as much control as I do within the command line so let's go ahead and get started so the first thing we want to do here is open up the command prompt and we have to navigate over oops over to the directory that the EXIF tool lives in which in my case I saved it over to its own folder let's go ahead and show demonstration on this one here okay so what we're gonna go ahead and do here is we're going to basically I'm gonna get a directory that I have saved on my local computer and pretty much what I'm gonna do is scrap scrape all the data from that directory through all the images that I have so the images I mean they range in the hundreds and hundreds and hundreds of images so a quick way of doing that is through this X of tool so it's a great tool to quickly pull data from the images themselves so this is metadata that we're referring to so in this case what I'm going to do is I'm just gonna print well I'm going to print it over on the command line so basically what these flags are doing or these conditions or parameters or specifying is that we want to pull the metadata of all of the images within a given directory and print them to the command line so it's not gonna look that great but it's gonna be a quick way and what this is doing this - common parameter is basically saying all the metadata that has any common let's say common dates right so anything that's taken within the same time frame or has the same timestamp kind of group them together so as you can see here it's not that pretty I guess you could say so what I personally like to do let's go to cancel this what I'd like to do is I like to put this flag here and I just put a put txt output comm in dot txt and what this is doing is it's throwing that data into a text document so in my opinion I think it's gonna be a little bit neater and what you can end up doing is using like I don't know like a quick access database tool quick access database create one and then import that txt document import it into a database and then you can kind of clean it up that way I think I think that's something that might be a little bit better here so I'm not going to do all of my images because I have probably a few hundred images in there so instead I'm just gonna cancel it in the middle of its task and this output command basically what it's going to do is that txt is gonna live inside of that directory where the X of tool lips okay so here's example I'm just gonna go ahead and give it a few seconds here you can see how quick it pulls the data and that's also what I like about it is that you can press control-c and that kills the task so if we open up the txt document you can see all of the images and all the metadata so not everything is in here not like any of the cool stuff really we'll show you in just a moment how to get more information specifically the GPS latitude longitude output that to a txt but really what's cool and what I thought was fascinating is that it even tells you whether you use flash whether you didn't use flash you know there's there's times where it says fired meaning the flash on your camera actually fired when you took the picture see here's an example auto which is the setting that I had it at and it did not fire there's other things in here that shows and there's looks like the resolution of the images it looks like the time it was created the device so here you can see I used an HTC One X terrible phone glad it's gone this it looks like I used another person's phone because it's an iPhone 5s which I've never owned so there's tons of things here and and the cool thing about it let's say you're doing some sort of a case and you just want to quickly go through kind of filter out all the directory and just pull images that were based off of let's say a given time and day if you just do like a quick fine you could see here that it grouped all of these images by the days and the time so I thought that was pretty cool and even the model so if you're doing some sort of a case I think that's definitely helpful if let's say there was an incident that happened on a certain time and date you can quickly search through it and I know it's not the image itself but it kind of breaks it down and it makes it easier to locate okay so I'm just gonna go out and close out of this now all right going back to the command prompt all right so the next command we're gonna go ahead and go over this is probably one of my favorites so far you can do a you can basically capture all of the GPS longitude and latitude latitude coordinates of the images that of course have geotech nailed so you can do that for an entire directory so in this case we're gonna go ahead and run the EXIF oops EXIF tool and we're going to do we want to include the file name latitude and we want to print the text so if you want to just bring print it to the command prompt to use the dash T parameter and that's gonna output all of this so if you see this here these little dashes or hyphens that just indicates that there's no data for those or there's no metadata for those images but you can see here all of the images that do have the longitude and the latitude and it you can just pretty much copy this and you can paste it so let's just do because I really don't like it in this view we can do output GPS board txt and we can just there you go so now we can test this out here so we can just copy this directly from the txt that was created and it's get basically you can just go ahead and copy and paste that into your Google Maps should be able to find the exact coordinates for it and you might have to mess with the formatting too so if you don't do the formatting correctly this is what you'll find on Google Maps so you just have to go with some of the recommendations you might have to use like a character map on your computer so that way you can pull like the exact degrees symbol you can input it and just follow the same formatting here so once you get that information you can just do a Google search of it and the coordinates will usually populate the correct location here so perfect okay so all right so this is what the coordinates are you can see it in here once once you input it the way that Google Maps prefers the formatting for the GPS coordinates you can just go ahead and search it and it's pretty spot-on this is actually this is actually where my old house is so this is exactly where the image was taken and it's to the T like it's the exact house and everything so that's very accurate in this particular photo so that was that's a pretty good example there there's other services and websites that you can use for looking up GPS coordinates so you're not just limited to Google Maps but it's it's pretty easy to use and a lot of people are familiar with it so let's close out of the character map and one other command that we liked all right so here we're going to hold the metadata showing the created date of the images the aperture and basically these are camera configurations the shutter speed T for print this case we want to do the same draft oops going to do the same directory manually and then we're gonna do gem settings all right cam settings perfect so here's the settings and you can kind of view this by the columns here so you can see when the image was created so the time stamp and then here's we have the aperture and then we have the shutter speed so pretty interesting and and with these I mean you can get kind of a sense of like you know with the shutter speed usually shutter speeds are if I recall from just doing a little bit of research and photography the shutter speeds if they're slower then you're capturing more light which indicates that you're more than likely capturing the photo in the dark and vice versa so really cool stuff we really enjoyed this tool there's tons and tons of examples out there really what you can do is you can go to the exit tool org and you can look at the examples that they have here and in these examples you can capture some of the some of the most common things that you can do in here so this one here is just a basic command to extract all the metadata from a file named a JPEG so really you're just grabbing you're just specifying what file and like so you're not limited to the images you could use it can be JPEGs it could be mp4 mp3 is just whatever is specified in their readme file what's supported is basically what you'll read what you can read off of that particular item that you're inputting in you're adding to that command line so you can even modify so depending on what whatever is supported you can change the metadata too so and you can do that for an entire directory and it's almost I mean I don't want to say it's instantaneous but it's a lot quicker than using the GUI and the command line in my opinion it's it's more supported than it is that then the GUI is the GUI from just digging around the forum they're not gonna be supporting it anymore there is a portion of the GUI where you can use like a Google Maps API which is the scripts aren't working properly they tried fixing it and they're not planning on fixing it so you can't really look at GPS coordinates through the GUI so I think I think the command line is definitely the way to go with the exit tool but on this website you can really dig around and just find different flags and different parameters that you can set up there's so many things here that you can do so you can generate HTML pages from a hex dump the information gathered so this is a really great resource and it has it for Windows Mac OSX and Linux and here you can kind of filter it by what you want to do so read the metadata right to lis copy rename and geo tag files so overall great tool we really enjoyed this project it's definitely something fun to even research and and look into and use it for yourself one of the things that we noticed throughout our project is we were kind of curious to see hey you know what what websites are actually leaking metadata or which ones are allowing you to pull an image from a website and then scrape kind of the metadata from it so what we did is we were kind of testing it out by grabbing images from Instagram and out of curiosity we were like well what do these companies do with the data right because people upload images and they have the metadata included into them and so we noticed that it's good standard practice to scrape or just kind of scrub all that pettite data off because that's gonna prevent cyber cyber stalking right so you want to make sure that if you are building a website and people are uploading images you of course want to wipe or scrape off all that metadata so people aren't traced or they're you know that you can't find their personal information in their locations if they personally don't configure that on their cameras or their phones so some websites we're providing that information whether they were using Adobe Photoshop or not really cool tool we really enjoyed it great project highly recommend using this tool and playing around with it so now that we understand what I said to Liz and what made a day date is we're gonna look into what except to a GUI is we're gonna look and see how this could be beneficial for someone who does digital forensics and some obstacles they may faced was conducting an investigation so to begin with you just want to go to this link which is provided in the instructions document and you want to click the green text or it says click here to download accept so GUI so my download date is should download fairly fast you want to open it in your folder and do want to extract it you're going to make sure to extract all and now an extracted folder should come and you also want to make sure to copy your XF tool - Kay into the extracted GUI folder you just want to paste it and now you want to make sure you rename that accept tool - Kay - just accept tool and now you're able to open up excepto GUI so for this example we're gonna be analyzing a picture that was taken at the at Queen Mary so if you look at to the right you'll see all the metadata which is probably some of the most important information as a digit as someone doing digital forensics so we can see for example the make of the device that was taking which is Apple and if it was taken on Android I would say Android we could see the model of the device which was taken on the iPhone X M which camera I was taking on as we could see it was taken from the backdoor camera so the back of the phone and we can also see that it was geo tagged now this is a key important factor when doing digital forensics because you're able to see where the picture was taken for example let's say this picture was from a murder scene that a criminal a picture of if someone doing digital forensics they might want to see okay where exactly was this picture taken app because all we see is just a room with some stuff in it so um in order to find that information what you want to do is click all and here it gives some very important information such as the last time the file was modified so this way we can see if the suspect modified the picture at all the last time I was access and when the data was created so as we can see here it was created um on May 27th 2020 and um in order to find the location you just scroll down to where it says or says GPS latitude and GPS longitude now all you want to do is just copy this information into Google as we can see it says as we could see it says it's north and then you want to copy this this is West and now it tells you exactly where it was taken which was at the Queen Mary so I personally took this picture so I know this information is correct that it was on pretty on par with the location so this gives someone doing digital forensics a good overview of where the picture was taken when it was taken when it was s modified and this is very important when doing an investigation um so one thing was where I'm learning this tool one thing we realized was that one fault that this has is that if a picture was extracted from a third-party application suicide such as Instagram or whatsapp it those third-party websites delete all of them it made so none of this information will appear so that could be one obstacle that a digital forensics person may face while doing an investigation so a few other cool things you could do is export and export metadata into a text file and you can also you could also remove the metadata from a certain image so all you want to do is just click remove and then click execute but I don't want to do that for this specific picture so um so yeah this is some key important factors from a digital forensics aspect um and this is for the excepto GUI but if we look into just the XF tool itself you could also see that it gives you so they execute you can also see that it gives you the same information um you could see that a file name could see where the directory is that you could see the camera model name from the model which is Apple I was taking on iPhone eggs and also gives you the GPS information which is right here and right here so this like I said this excepto is very useful for a um additional forensic person doing an investigation because it gives you some key information such as the location um where was taken from what device it was taken and when it was taken and another obstacle that you might run into is when when a device has their geolocation disabled this information here won't work people appear the GPS information won't appear so you're not able to track them so that's one all of you so I hope this was helpful and I hope you guys could test this out on your own time and just mess around and see kind of kind of how it works
Info
Channel: Asrar Biabani
Views: 284
Rating: 5 out of 5
Keywords:
Id: VSmYYii0CD0
Channel Id: undefined
Length: 28min 13sec (1693 seconds)
Published: Fri Jul 09 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.