In this post, we’ll cover two simple ways to extract Exif (Exchangeable image file) data from images.
In short, Exif is information about a digital picture, such as:
– Date and time the picture was taken
– Type of camera used
– Types of settings on the camera
– GPS Coordinates where the picture was taken
People often leave this information in images they post on the Internet, sometimes to their demise, such as the no longer Anonymous hacker, “AnonWormer”. AnonWormer aka Higinio O Ochoa III used his Twitter account to post a picture of a woman holding a sign stating “PwNd by w0rmer & CabinCr3w”. AnonWormer left the Exif data in the picture. The FBI extracted the GPS coordinates and sent local authorities to the location where the picture was taken, in a Melbourne, Australia suburb, where they found Ochoa and arrested him. Reference the “Hacking cases’s body of evidence” article for more info on this case.
In the first method, we’ll use a browser plugin. There are many browser plugins that offer Exif capabilities. For this example, we’ll use the Firefox Add-On, FxIF. Chrome’s Extension EXIF Quick View works in a similar manner, except you just have to hover the mouse over the image, as shown below:
With FxIF, you can right-click on any image in Firefox and choose FxIF Data:
The image of the cyclists located in the FxIF example can be found here:
If Exif data is available, you’ll see similar information to the FxIF Details image below. Circled in red are the GPS Coordinates and other information about the location of the picture.
From here you can click on the Map Link. FxIF links to OpenStreetMap. You can also copy the GPS Coordinates and paste into Google if you prefer Google maps.
For method 2, we’ll use an application to view the Exif data. There are a number of applications out there, but Opanda IExif is simple and effective, even if it is old 🙂 With Opanda, you open the image or drag the image into Opanda that you want to view the Exif data on. The Opanda “Exif” view shows information similar to here:
The “GPS” view shows information similar to below. You can also right-click on the globe next to GPS and select “Locate Spot on Map by GPS”, which will open the coordinates in Google maps.
The picture used in the Opanda example is located here:
Learn how to hide data in an image on this blog:
Christian Espinosa is Alpine Security’s CEO/Founder. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration cybersecurity assessments and penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, rocks out to Nightwish, and competes in Ironman triathlons.