Asset Tracing using EXIF Data

Geolocation Verification was a topic in this blog last week. The previous post presented one method to geolocate a picture based on different reference points within the picture.

In some cases geolocating a picture is even easier, provided the picture contains georeferenced EXIF metadata. EXIF (Exchangeable Image File Format) is a standard ancillary tag used by digital cameras. Next to various camera settings, such as focal length and exposure time, EXIF metadata could include descriptions of the picture and be geotagged with GPS coordinates as well. Many smartphone users have the so-called ‘location services’ constantly switched on, thus resulting in their pictures being enriched with GPS coordinates.

The following example is based on a real investigation. The names and locations were altered to ensure the safety of the involved persons.

An asset tracing case has us looking for financial and property assets belonging to a German banker named Hans P. Extensive OSINT research on Hans P. remains unsuccessful.  The focus of this investigation will now be on family and friends of Hans P. We identified two of Hans’ children on Facebook. His eldest daughter, Anna H., recently married and had set a wedding webpage using the platform ZOLA. This website reveals that the wedding took place at a large unknown estate. The actual location of this estate was not easily given away on the website. The overall information, however, points towards the mediterranean region. On this site, Anna also thanks her father for financing this wedding and providing his estate for the celebration.

website5.png

Example of a ZOLA wedding site

This is an indication that Hans P. is in fact in possession of the aforementioned estate. The website also features many professional pictures, as well as the possibility for wedding guests to upload their own pictures. We look at each picture using a browser extension which shows if the picture contains EXIF data or not. Luckily, one of them does.

IMG_1242

Our next step is to extract the EXIF data using fotoforensics.com. The EXIF data extracted from the picture contains information on the type of phone used and also the exact GPS coordinates from which it was taken. This location is directly displayed on Google Maps.

fotoforensics

The estate  is located near the Italian city of Tuscania. After figuring out the specific street address, we check this in the local real estate and property register.

Bingo! The estate was purchased four years ago and currently belongs to Hans’ wife. Since Hans’ wife does not originate from a wealthy family, nor has she ever worked, we assume that this asset was in fact purchased with money provided by Hans P.

By the way: The wedding picture contains the EXIF data shown. Feel free to try this out yourself!

Matthias Wilson / 12.09.2018

One thought on “Asset Tracing using EXIF Data

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s