WEBVTT 00:00.050 --> 00:07.520 In this video, we're taking a look at Exif tools and it can be found at Exif tools. 00:07.880 --> 00:14.420 Now, Exif Tools is a program that takes a look at the metadata of photos. 00:14.450 --> 00:15.380 Now. 00:16.050 --> 00:17.280 During your investigations. 00:17.280 --> 00:23.160 If you find photos, those photos might hold key information that might help your investigation. 00:23.340 --> 00:25.920 And also Trace Labs. 00:25.920 --> 00:33.330 Linux does have some access tools built in pre-installed on the virtual machine, but we're taking a 00:33.330 --> 00:37.080 look at the online tool that can help with this. 00:37.960 --> 00:42.100 This one makes a pretty easy to use because it is online. 00:42.100 --> 00:46.090 We can upload a file or we can upload a URL for it to scan. 00:46.090 --> 00:47.770 So let's take a quick look at it. 00:49.060 --> 00:49.930 So. 00:50.880 --> 00:55.860 Again, say, for example, we have a photo that we want to take a look at. 00:55.860 --> 00:58.740 So we have the photo already pre-installed. 00:58.740 --> 01:02.970 We're going to just click on browse here and then I'm going to choose a photo. 01:04.340 --> 01:06.890 And then I'm going to click on upload file. 01:11.430 --> 01:15.720 Now, once it finishes scanning, we can take a look at some basic information on it. 01:15.750 --> 01:18.480 We can see the file type is a PNG file. 01:18.840 --> 01:21.180 We can see the file size. 01:22.610 --> 01:25.370 We could see the file name. 01:27.290 --> 01:32.600 The modification date as change time file permission. 01:32.840 --> 01:36.350 We can see the file type is a PNG file. 01:37.100 --> 01:44.570 We can see the image width and height bit depth color type compression filtering. 01:44.870 --> 01:49.880 We can see the software was Adobe image ready Xmp Toolkit. 01:49.910 --> 01:51.350 Adobe Xmp core. 01:51.380 --> 01:57.380 We can see the version number creator tool instance ID, document ID, et cetera. 01:57.380 --> 01:58.160 ET cetera. 01:59.060 --> 02:02.930 So again, this gives a lot of information about the particular photo. 02:03.260 --> 02:08.810 Likewise, if this was, say, on a iPhone, we might potentially be able to get information that was 02:08.810 --> 02:14.030 from an iPhone or if there was geolocation data associated with it. 02:14.060 --> 02:20.210 Say someone took a photo with their smartphone, didn't turn off the geolocation information on it. 02:20.240 --> 02:23.450 We might be able to get that information too, which could be really handy. 02:24.360 --> 02:27.090 Say that we're trying to track someone down. 02:27.210 --> 02:30.450 They take a photo, they upload to social media. 02:30.480 --> 02:36.120 We could do certain things like do a reverse image search, potentially find out where that photo was 02:36.120 --> 02:43.530 taken, or even better, if we get lucky and they left that geolocation on on the phone, they take 02:43.530 --> 02:49.620 a photo, we could use this, potentially find the GPS coordinates where that photo was taken also. 02:50.400 --> 02:56.130 So again, a pretty easy tool to use and it is Exif tools. 02:56.490 --> 03:01.080 And if I go back here, we can also paste a URL in here to do the same thing. 03:01.080 --> 03:04.350 If there's a photo we find online, we don't want to grab the photo. 03:04.350 --> 03:08.070 For some reason we can put the URL in there and run a same type of scan. 03:08.660 --> 03:10.280 So pretty easy. 03:10.820 --> 03:14.000 Another alternative to take a look at Exif data. 03:14.300 --> 03:15.200 Thank you for watching. 03:15.200 --> 03:16.430 I'll see you in the next video.