Building a Forensic Image Analyser: Bridging the Gap in OSINT Investigations
Source: Dev.to
The Project Background: The “Digital Ghost” Problem
Modern investigators often face what I call the Digital Ghost problem: you find a crucial image, but without knowing where and when it was taken, the lead goes cold.
While online “EXIF viewers” exist, they pose significant risks:
- OPSEC Risk – uploading evidence to a third‑party site can leak your investigation.
- Reliability – most tools don’t tell you what to do when metadata is missing.
I built this tool to be a localized, secure sandbox for analysts.
The Tech Stack
- Python & Pillow – deep‑diving into JPEG EXIF headers.
- Streamlit – turning a forensic script into a professional, interactive dashboard.
- Docker – ensuring the tool is platform‑independent and leaves no “forensic footprint” on the host machine.
Key Features
Automated Geolocation Mapping
The tool doesn’t just pull raw GPS data (often in confusing DMS format); it automatically converts them to decimal degrees and provides a clickable Google Maps link plus an embedded map.
Visual OSINT Fallback Mode
Social media platforms (WhatsApp, X, Instagram) often strip metadata. When the tool detects an “empty” image, it automatically switches to Visual OSINT Mode, offering:
- A visual checklist (shadow analysis, landmarks, flora).
- Quick links to external tools like Google Lens, Yandex, and SunCalc.
Technical Hurdles & Learning Moments
The Indentation Trap
As a Python beginner, I hit the classic IndentationError. It reminded me that in both coding and intelligence, precision matters—a single misplaced space can break a system, just as a single overlooked detail can stall an investigation.
Security First: Credential Rotation
During deployment to GitHub, I faced a real‑world security scenario: managing Personal Access Tokens (PATs). I practiced immediate incident response by rotating my tokens after a local configuration error, reinforcing the importance of secret management in the development lifecycle.
See the Code
The project is fully open‑source and can be deployed with a single Docker command.