OSINT investigations are transforming intelligence gathering, from criminal cases to human rights inquiries. Learn how Amped FIVE and Authenticate enhance the accuracy and reliability of digital intelligence. They provide advanced tools for metadata analysis, geolocation, and deepfake detection.
What was once a niche practice has in recent years become a buzzword. OSINT investigations are transforming intelligence gathering, criminal investigations and investigative journalism alike.
“Mighty is the one who has knowledge.”
Ferdowsi
Understanding OSINT Investigations
But what exactly is OSINT? And what do we really mean when we talk about intelligence?
Open-Source Intelligence, often referred to as OSINT, can mean many things to many people. Officially, it is defined as any intelligence produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.
Michael Bazzell “OSINT Techniques: Resources for uncovering online information, eleventh edition”
At this point, it might also be a good idea to take a closer look at the terms information and intelligence.
In this context, publicly available information represents knowledge in its raw form. In the process of structured analysis, this raw data is transformed into information that can be understood, with added value, and assessed in terms of its source and reliability.
This processed information now becomes Intelligence.
In short:
INFORMATION + EVALUATION = INTELLIGENCE
INTELLIGENCE = KNOWLEDGE (PROCESSED INFORMATION) INTENDED FOR ACTION1
This intelligence is then used to create intelligence products that support informed decision-making.
As highlighted in the quote above, knowledge has the potential to be equated to power. The idea of gathering and using information to guide decision-making and gain an edge over rivals is far from new. To achieve this goal of having an advantage over adversaries, it’s essential to have the most current and precise information regarding, among other things, their actions, intentions, and capabilities.
This principle holds true in many areas, whether in politics, business, military operations, or criminal investigations.
One of the earliest recognized texts on the subject of intelligence gathering and strategy is “The Art of War”, also known as “Master Sun’s Canon of War”, written in the 5th century BC by Master Sun, also known as Sun Zi (Sun being the family name, Tzu/Zi meaning master), a Chinese military leader and strategist2.
Master Sun gained fame for his exceptional command of military campaigns, much of which was due to his strategic use of intelligence and information-based decisions. “The Art of War” remains to this day a key text for military leaders, corporate strategists, and intelligence professionals across the globe.
Methods of acquiring information evolved only gradually throughout history. However, significant changes occurred at the end of the last century and especially in the last two decades, due to the impact of the Worldwide Web, social media, and ubiquitous mobile devices. With these advancements came digital open-source information. This includes various forms of media and images, such as satellite imagery, social media posts, and videos captured by witnesses using smartphones.
The Evolution of Intelligence Gathering
Never before has there been such a vast amount of freely available information anyone could find and use on the internet. And just as diverse are the applications of OSINT.
Here are some OSINT use cases for operational goals and assignments:
Criminal Investigations
OSINT can be applied in criminal investigations, for example:
- Persons of Interest – Creating a profile of an individual involved in an incident or criminal activity
- Fugitive Apprehension – Identifying the location of a person and gathering intelligence to safely apprehend them
- Loss Prevention – Similar techniques to those used by law enforcement, applied by private security or in-house investigators
- Evidence Preservation – Locating and preserving online digital evidence
Threat Assessment
- Individuals – These often involve cases of harassment, stalking, or threats from an individual or group, whether motivated by personal vendettas or mental illness. While financial gain can be a motive, emotion is often the driving factor.
Human Rights Investigations
OSINT is increasingly used as evidence in domestic and international courts, human rights bodies, and fact-finding missions.
It has proven valuable in various contexts, such as cases before the International Criminal Court, the European Court of Human Rights, and United Nations-mandated investigations.
OSINT Investigations as Digital Evidence in Legal Cases
All the information gathered in these investigations represents a relatively new form of evidence and may be unfamiliar to many legal professionals.
Therefore, it should be emphasized that, in general, digital open-source information should be treated in the same way as any other traditional form of evidence.
Professional standards must be applied in the identification, collection, preservation, analysis, and presentation of open-source information in criminal investigations. As an example of these standards, the Berkeley Protocol and the subsequent documents that arose from it should be mentioned3.
When evaluating the evidentiary value of open-source information, an investigator or court may need to address several key issues. These include determining the authenticity of digital images, and analyzing relevant metadata, the source, location (geolocation), and time information (chronolocation).
How Amped FIVE and Amped Authenticate Support OSINT Investigations
All of these issues can greatly benefit OSINT investigations, especially through the use of Amped Authenticate and Amped FIVE, which can make a significant contribution to the success of the investigation.
Let’s start with one of the initial steps in evaluating digital images – metadata.
Metadata refers to information about the data itself. It contains details about an electronic file, either embedded within it or linked to it. Metadata often includes attributes like the file’s name, size, and dates of creation and modification. It can also provide insight into how, when, and by whom or what the digital file was collected, created, accessed, modified, or formatted. Metadata should be considered as part of the broader context of supporting evidence.
An especially interesting type of metadata is EXIF data (Exchangeable Image File Format). These are a specific type of metadata automatically stored with a photo by cameras and smartphones. Typical EXIF data includes:
- Camera model and lens
- Shooting details such as aperture, shutter speed, and ISO setting
- A small thumbnail of the original image
- The author’s name and copyright details
- GPS coordinates (if enabled on the recording device)
- Compass heading
- Date and time of capture
- The original filename
This data, which is stored “behind the scenes” within each photo, remains hidden and is not visible when viewing the image itself. A special EXIF reader is required to view this data. Both Amped FIVE and Authenticate provide comprehensive tools to examine EXIF data, eliminating the need for online services or separate standalone tools. It’s important to keep in mind that many websites and messaging services remove the metadata.
Any images removed directly from a digital camera memory card will always retain the metadata. However, what you should consider when extracting EXIF data from files is the possibility that the original metadata may have been tampered with. While this is not a frequent occurrence, it is important to remember that one day, we are likely to encounter an image where the EXIF data has been deliberately altered from its original form.
Let’s take a look at what information Amped Authenticate can provide us about the following image.
Already in the Overview of the File Format, Authenticate presents us with some red warnings. It indicates that with near certainty, this image is not a camera original.
Particularly noticeable here are the odd aspect ratio and the editing software. Furthermore, the EXIF data shows that the image could have been taken with an Apple device.
Geolocation in OSINT Investigations
As mentioned earlier, the EXIF data can also contain GPS data that could show us where the image was taken. Generally, techniques that try to determine the location where an image or video was taken are called geolocalization.
Providing the GPS data is still available in the image, the tool Show Image Location On Google Maps in Authenticate can show us the location where the image was taken.
The tool takes us to Google Maps, automatically enters the necessary GPS data for us, and shows us the location where the photo was taken. At this point, it should be mentioned that Authenticate only sends the GPS coordinates of the image to Google Maps, not the actual image. Of course, these location data are only as accurate as they were recorded by the recording device.
Reverse Image Search in OSINT Investigations
However, what are the options if our image no longer contains GPS data? The Search Similar Images On The Web tool in Amped Authenticate is an equally easy-to-use and highly efficient tool for locating the origin of an image. This reverse search involves uploading the image or stills from a video to Google’s image search website. This way, the search algorithm can identify other copies of the same or similar images on the internet. A reverse image search can also help determine if an image or video was shared online before the claimed date of its creation. This could reveal that the image or video doesn’t match the claims made about it.
Let’s take a look at the following example:
After opening the image in Authenticate, we click on the Search Similar Images On The Web tool under the Tools tab.
Authenticate then opens the image search on Google and presents us with the following search results, which mention the location where the image was taken.
Here’s another example that clearly shows how effective Google’s image search algorithms are.
In the two previous examples, we easily and efficiently obtained results that provided insight into the location where the images were taken. The following example makes it a little more challenging.
A search using the entire image yielded no results.
Fortunately, the image search also offers the option to search using only parts of the image.
Which then leads us in the right direction.
We now know that the image was taken in Hannover, Germany. But of course, we would like to pinpoint the exact location, the street where the image was captured. In Authenticate, we can see under ”File Format” that the image was taken on October 6th, 2022, at 7:29 AM.
This information, combined with the Check Sun Position For Image and Date on Suncalc.org tool in Authenticate, can help us narrow down the location of the capture.
The tool takes us directly to the Suncalc website. After we enter the corresponding data for time and date, the app shows us the position of the sun at the chosen moment.
In this case, we can also see that the sun hasn’t risen yet. However, what helps us further is determining the direction in which the sun will rise. In our image, we see that the sky on the right side of the picture shows signs of the sunrise and is brighter there. This helps us identify which of the three VW logos we see in the image. It also indicates the direction we need to look in on satellite images to continue searching for the desired street.
Measuring Distance and Identifying Landmarks
By identifying that the image shows the old television tower in Hannover, we can also ascertain its height: 141 meters. This, along with an estimate of the average height of a person, average eye level, and an estimated angle of view towards the tower, allows us to make a rough estimate of the distance from the camera to the tower.
As the average human height, we take approximately 1.7m, which gives us an estimated camera height of around 1.5m. The estimated viewing angle is about 10 degrees. The justification for a 10-degree angle is that the perspective of the image suggests the camera is positioned far from the tower. The tilt of the building and the fact the tower is not excessively distorted indicate a relatively small viewing angle. Based on common photographic angles for objects of similar size and distance, a 10-degree angle is a reasonable estimate.
Using the tangent function, we obtain an approximate distance of 792 meters from the camera to the tower. Google Maps gives us the option to draw a line on the map that matches this length. We can then take a screenshot of this map section and mark our search radius.
As already mentioned, OSINT investigations are not just about gathering as much information as possible. We have seen that this raw information needs to be evaluated to obtain actionable knowledge. One of the most commonly used methods to achieve this is annotating photos, videos, and screenshots with markers and notes to highlight specific details, illustrate findings, and compare them with elements in other photos or videos.
Amped FIVE and Amped Authenticate both offer advanced annotation tools that allow these tasks to be completed precisely and efficiently.
In this case, we open the screenshot of the satellite image in Amped FIVE. Then, we can mark our search radius.
The tower is located at the center of the circle. Based on our findings on Suncalc, we know that we need to search for the desired street in the upper left half of the circle. If we take another look at our original image, we notice that the extension of the street where the image was taken does not run directly towards the tower, but rather slightly past it. In the upper left half of the circle, we notice two streets with the mentioned characteristics.
The street indicated by the pink arrow leads directly toward the tower. Therefore, we’ll focus on examining the street marked by the green arrow in Google Street View.
A quick search leads to this point on the map.
Street View, unfortunately, doesn’t allow us to take the exact viewpoint needed to see the tower. However, we can compare the details in our original image with those in Google Street View. Here as well, the advanced annotation features of Amped FIVE and Amped Authenticate are very helpful for marking and matching relevant details.
When we transfer the position from Google Street View to our map, we can see that our estimate of the distance from the camera to the tower wasn’t far off.
Deepfake Detection in OSINT Investigations
Finally, we want to address a development that presents investigators with challenges that didn’t exist in this form just a few years ago – deepfakes. Image manipulation has existed as long as images have. However, the difference today is that anyone, without specialized knowledge in image editing or CGI (computer generated imagery), can create synthetic images that are indistinguishable from real ones for most people. The same applies to audio files and, increasingly, to videos. For example, how can one be sure that a profile picture seen online actually represents a person who exists?
Let’s take a look at an example.
Of course, the situation with social media profiles is similar to image manipulation. Fake accounts have existed as long as there have been platforms where one can create an account. Studies have also shown that synthetic images of a person have the “unfortunate” characteristic of appearing more trustworthy than images of real people with comparable facial features. A characteristic that plays into the hands of those with bad intentions when using these fake accounts.
Let’s take a closer look at this online profile using Amped Authenticate’s Face GAN Deepfake filter.
In this case, the filter is very confident that this is not a real image. It says it is created using a GAN, a Generative Adversarial Network.
Even though the filter is very confident that the following example is Not a GAN-generated image, that doesn’t mean the image is real.
Another way to create synthetic images is with so-called diffusion models. Examples are Midjourney, DALL·E, Stable Diffusion, and Flux. For images created using this technique, Authenticate has a different filter, the Diffusion Model Deepfake filter.
By opening the profile picture in Authenticate and applying this filter, we get the following result.
In this case, the filter is very confident that this is an image created with Midjourney.
This article explores various intuitive and technical clues that can help in detecting deepfakes.
Conclusion
Open-Source Intelligence plays an increasingly vital role in a world overflowing with digital information. In this context, it’s not solely about gathering as much information as possible. As demonstrated, transforming raw data into actionable intelligence requires both methodological rigor and robust tools. Amped FIVE and Amped Authenticate can provide investigators with a powerful means to collect, preserve, analyze, and authenticate digital evidence. They significantly enhance the quality and reliability of OSINT investigations. Their capabilities – ranging from metadata extraction and geolocation to advanced deepfake detection – highlight the importance of a professional, standards-based approach in criminal investigations, human rights inquiries, and beyond. Ultimately, combining sound investigative methods with these specialized solutions empowers decision-makers to act on credible, thoroughly verified intelligence in an ever-evolving digital landscape.
- UNITED NATIONS OFFICE ON DRUGS AND CRIME – “Criminal Intelligence – Manual for Analysts” ↩︎
- Harro von Senger, “Meister Suns Kriegskanon (Sun Zi Bingfa)” ↩︎
- “Berkeley Protocol on Digital Open Source Investigations – A Practical Guide on the Effective Use of Digital Open Source Information in Investigating Violations of International Criminal, Human Rights and Humanitarian Law” “Evaluating digital open source imagery: A guide for judges and fact-finders (2024)” ↩︎
