Geolocation for OSINT Practitioners: A Detailed Overview

With the unstable state of the world and how drastically unpredictable the future is, it makes sense that more people are turning towards technology and the stability it can provide. Be it weather reports, hiking on an unknown trail, or finding a good restaurant, the internet is the one-stop solution, or rather Geolocation is. It is a technique for detecting geographical details using digital details such as videos and photographs. Over the years, from journalists to war crime investigators, several professionals have started incorporating this technique.

Did you know that Geolocation via satellite tracking was how they caught the famous drug lord Pablo Escobar? Fortunately, Geolocation has come a long way and has become far more precise. One such example is OSINT.

OSINT represents Open Source Intelligence, which uses data gathered from different public sources for future use. Practitioners produce intelligence and apply OSINT techniques in fields like the military, hiring managers, and law enforcement officials. It is because it effectively collects valuable details like location and identity.

What is GeoLocation OSINT

Simply put, Geolocation is how the geographical position of an electronic gadget is detected using innovative data collection methods. One of the most prevalent examples of this is GPS. For an electric gadget to be precisely pinpointed, it must have internet access. However, only the gadget’s location is shown, not the person’s. For instance, if you leave your car on a trail for an hour, the Geolocation shows where your car has been, not you.

When geolocation research uses publicly available information, it is known as geolocation OSINT.

Sources of GeoLocation data

But the question arises as to how the data for Geolocation is collected. This is done through several factors.

As the name suggests, Device based data counts on cellular and GPS networks. A very good example of this is websites that ask for a visitor’s location (such as Google Pay). Of course, over the years, these have raised issues about privacy breaches.

Server-based Geolocation, as the name suggests, uses server-based data linked to the IP address of your device via either an Ethernet or Wi-Fi connection. This also happens to be the least invasive form of location detection.

Some websites incorporate both types to provide the best user experience. This is because neither of the above-mentioned location providers is entirely accurate, primarily if Proxys or VPNs are being used.

Exif Data

EXIF (Exchangeable Image File Format) is the metadata related to digital images. These are especially helpful in law enforcement departments and criminal investigations.

 Imagine a crime scene photo recovered through cameras. However, an investigator cannot decide on the next course of action until he knows the place and time of capturing the photos. For this reason, he can rely on Exchangeable Image File Format data. EXIF data details the place of capturing the image, the time of capturing, the kind of equipment used to take the picture, lens depth, and shutter speed, among other things.

EXIF data is the easiest and fastest technique to check image locations. Specific browsers like Chrome let you check EXIF data. A good step towards privacy protection is copyrighting information already present in your EXIF data when registering your camera through the original manufacturer. If your camera supports GPS, you can add the location of where the photo was taken (think of Instagram posts where you add locations to your pictures).


Do you ever wonder how sometimes the radio station tells you in which area of the city you are, the traffic, and tells you of the upcoming events in that specific place? That’s signage.

Digital signage players are inserted in vehicles. Once the device enters a specific area, screens show location-based content, such as sales in department stores, tourist attractions along the route, etc.

Captcha codes are excellent examples of this.
Captcha codes are excellent examples of this.


Geolocation services can be used to create a geocode, a map, or even update existing maps. The easiest example of this is Google Maps. It can specify a location to help people let you know where they are at the current moment or even where they have found something significant. You can also find historical photos, which are not available in the latest version.

Such services are especially helpful after natural disasters when people must be informed of blocked roads etc.


Another great use of Geolocation is weather apps. Depending on the accuracy, weather apps will determine where you live and show your weather predictions for up to an entire week. When you download these apps, they start collecting information from your smartphone’s passive sensors, such as barometers, accelerometers, battery temperatures, and magnetic flux.

How do I geolocate an image in OSINT?

An image captured by a photographer
An image captured by a photographer

To the untrained eye, the image may be something ordinary. On closer inspection, viewers can see it has been taken from an adjacent elevated position. It overlooks a few buildings and a water tower to the right and left sides. It is a flat landscape with different parking lots. Moreover, it confirms that the photographer snapped the image in the morning or late evening. The sun’s position indicates his camera westward/eastward based on the time.

NERS GROVE- A clue from the image
NERS GROVE- A clue from the image

Unfortunately, while movies have you believing that geolocating happens with the click of a finger, it is a little more complicated. Not every photo will be set in the vicinity of the Eiffel Tower or the Taj Mahal, which means pinpointing will take a little more Sherlock-ing.

Find the GPS coordinates of where the image was taken.

This is the easiest step. Unfortunately, most websites remove their metadata to protect privacy. Instances such as this require you to work with an original image. From here, you’ll extract information, do your research, and verify it. Here is how you can do that.

Written words, names, or locations are the most indispensable clues in pictures. For instance, you can pick the phrase NERS GROVE and browse Google to find relevant results.

Of course, Google will show you associated images such as Myers grove, Meyers grove, runners grove, and downers grove. After some research, Downers Grove will be revealed to be located in Chicago. Although other options are essential, Downers is more relevant.

Different towers with the name Downers Grove
Different towers with the name Downers Grove

With an image search in Google, you can find photos of several Downers Grove towers, and you will find one that corresponds to your original image. It looks like a giant green tree with the name Downers.

Similarly, professionals can narrow their search based on a particular town, city, state, and country.

Comparing images to find the right one
Comparing images to find the right one

The above image displays the right water tower, which is close to the parking lot and road. There is also a tall building adjacent to it, leading to the inference that this is the location of the original photo.

It is the way to geo-locate a photo in OSINT.

How do you identify a location?

The two primary markers needed to identify a location are latitudes and longitudes. These are angles measured from the earth’s center in an ellipsoidal coordinate system. You can quickly locate the place on Google Earth if you know both the coordinates. Here’s how to do it.

  • Go to Reverse Image Search and upload the original image.
  • If the image is of a famous location or has a significantly popular landmark such as a national park, Google will shortlist several places.
  • You will be shown the image’s source. This can give you enough hints to help you find the location.

Best Geolocation Tools

Collecting data for Geolocation has become easier than ever with the use of specific feature-rich tools. The best ones will go through many hosts and derive data from multiple sources to produce the most exact result. In light of that, today, we have shortlisted the most reliable and easily accessible geolocation tools for OSINT professionals.


A clear interface of Metagoofil shows metadata.
A straightforward interface of Metagoofil shows metadata.

Metagoofil is an innovative tool to derive metadata of different public documents stored in formats like PPT and PDF.

It will perform a Google search based on the given domain name, wherein any publicly accessible document will be downloaded to the disk and analyzed. For this, it uses libraries such as PdfMiner, Hachoir, etc. Developed by Christian Martorella, it includes valuable details such as username, software versions, hostnames, etc.

Unfortunately, the major drawback is that the only OS that it can run on is Linux.


Spiderfoot collected comprehensive data.
Spiderfoot collected comprehensive data.

This tool helps automate OSINT processes such as asset discovery, security assessment, threat intelligence, and attack surface monitoring. Perhaps one of the best reconnaissance tools of 2022, it has more than 200 modules to collect and analyze data. You need to state the account, page, or phenomenon you want to scrutinize and select which modules to allow. SpiderFoot will then collect data to understand all the entities and how they are interrelated.

With SpiderFoot, it will be easy to move the data into CSV, JSON, and other formats. Because it can provide an insight into possible data leaks, you can always use this as a test measure on your system.


GeoNames displaying a big list of details.
The tool GeoNames displays an extensive list of details.

GeoNames is a free platform that presents you with a comprehensive geographical database. Also, it has been made accessible since 2005. Think of it as Wikipedia for geography. It contains information and details of more than 11 million places. It collects data from national mapping agencies, national statistical offices, national postal services, and the US Army. Everything that you may need to know about a location – zip codes, time zones, postal codes, population, coordinates, GeoNames has it! Besides, it lets you download them with no charges.

The major red flag with an open database like GeoNames is that anyone can edit the interface. With no cross-refers, this can create errors and generate incorrect information.


Geo Recon best for security analysts
Geo Recon is best for security analysts

Geo-Recon is one of the reliable OSINT CLI tools. It helps to track Geolocation and IP reputation for professional security analysts. However, it is not compatible with the Python version, which is below 3.0.


Tool for advanced searches.
Tool for advanced searches.

TLOxp is an innovative tool to let you identify essential facts within the shortest period. Did you know that a recent market review showed that TLOxp is one of the most famous search engines private investigators use?

You can also instantly find connection points between businesses and assets. Besides, TLOxp can present you with a comprehensive Social Media Report that gives you a better insight into the person or company you are investigating. Law enforcement officials and other professionals have found this tool valuable with affordable costs and an easy user interface.


Creepy showing location on the map
Creepy showing location on the map

GeoCreepy is an OSINT tool that gathers information through social media platforms and other online sources, with the search filtering feature based on date and location. A clear presentation on the map is one of the features of Geocreepy.  Available in the latest version, v1.4.1, the tool lets you move your file in CSV format.

Let’s recall:

Geolocation has become such a big part of our lives already. Besides, the corporate world will surely keep harnessing it to improve our online experiences. As technology improves with each passing day, visitor engagement with websites, apps, and tools will also increase, making each visit more meaningful than the last, based on location.

We can estimate that in a post-pandemic world, even medical professionals and hospitals will begin to use OSINT technologies to find someone’s location and provide emergency medical services to people in remote locations.