IMINT: Image Intelligence and Geolocation for Investigations

Last updated: April 26, 2026

IMINT (Imagery Intelligence) techniques applied to OSINT — geolocating photos from visual cues, identifying subjects, dating images. From investigating leaked content to verifying information in a fast-moving incident, IMINT is the bridge between “we saw this image” and “we know where, when, who”. This article covers practical IMINT for security investigations.

The geolocation pipeline

1. EXIF metadata first — many images contain GPS coordinates, camera model, timestamp. Strip via exiftool image.jpg
2. If EXIF stripped — visual analysis

# Extract all EXIF
exiftool -a -u -G1 image.jpg

# Specific fields
exiftool -GPSLatitude -GPSLongitude -DateTimeOriginal image.jpg

# Strip EXIF (defender side, before publishing images)
exiftool -all= image.jpg

Visual geolocation cues

• Languages on signs — narrows to country / region
• Vehicle license plates — country format reveals jurisdiction
• Architectural style — building materials, roof styles, window patterns
• Vegetation — climate / latitude clues
• Sun position + shadow length — chronolocation (time of day + season + latitude)
• Recognisable landmarks — buildings, mountains, distinctive features
• Power infrastructure — utility pole types vary by country
• Clothing / signage — cultural / regional

The toolchain

• Google reverse image search — finds where else the image appears
• Yandex reverse image — often outperforms Google for non-Western locations
• TinEye — historical appearances and earliest seen-on-internet date
• Google Earth + Street View — manual geolocation refinement
• SunCalc — given sun position, calculate possible (lat, time) combinations
• Mapillary — street-level imagery alternative covering more locations than Google

Chronolocation

Date a photo without timestamp:

• Sun position + shadow direction → time of day at known latitude
• Vegetation state → season
• Construction / billboard advertisements visible → era bounds
• Vehicle models visible → era bounds
• Weather conditions → cross-reference with weather records

Image authenticity verification

For incident response to leaked images / video:

• Reverse search — has this image appeared before?
• EXIF analysis — software, camera, edit history
• Forensic image analysis — error-level analysis (FotoForensics), copy-paste detection
• Deepfake detection — for video/face-swapped content (Sentinel, Microsoft Video Authenticator, manual artefact analysis)

# Forensic analysis
exiftool image.jpg | grep -i 'software\|create\|modify'

# Online tools
# fotoforensics.com — error-level analysis
# tineye.com — reverse search with timeline
# images.google.com → upload → search

OPSEC for investigators

• Use sock-puppet accounts when reverse-searching sensitive imagery (search history may leak to data brokers)
• Use Tor or VPN if investigation might be observable to the subject
• Don’t upload sensitive imagery to free online tools — they retain copies

Compliance angle

• DPDP §8(5) — investigations involving personal data must have lawful basis
• Evidence chain of custody — for any image used in legal proceeding, document acquisition + analysis

The takeaway

IMINT for security teams turns leaked images into actionable intelligence — location, time, subject identity. The toolchain is largely free (reverse search, mapping). The practitioner skill is reading visual cues. For incident response involving leaked imagery, IMINT plus reverse search verifies authenticity and contextualises the leak within hours.