Camera Serial Numbers and OSINT: How Investigators Use Photo Metadata

Open source intelligence (OSINT) practitioners use photo metadata as a routine investigative tool. Understanding the techniques used to extract identifying information from image files helps you make informed decisions about what you share and how.

How OSINT Investigators Use Photo Metadata

OSINT investigation is the practice of gathering and analysing publicly available information to build an intelligence picture. Photo metadata is a particularly rich data source because it is hidden from casual view but accessible to anyone with the right tools.

GPS Coordinate Extraction

The most direct technique: extract GPS coordinates from a photo's EXIF data and verify the location.

Investigators use this to: - Confirm or deny that a photo was taken where the subject claims - Identify facilities, buildings, or locations that were not named in the accompanying narrative - Geolocate leaked or anonymous photos to a specific country, city, or address - Build a timeline of movements by correlating GPS data from multiple photos

The tools required are freely available. ExifTool (command-line), Jeffrey's Exif Viewer (web-based), and multiple other tools extract GPS coordinates from JPEG files in seconds. Coordinates are then mapped in Google Maps, Google Earth, or specialist tools for verification.

Camera Serial Number as a Device Fingerprint

This is the less obvious but often more powerful technique.

A camera serial number embedded in EXIF data provides a unique, persistent identifier for a specific device. Investigators use this to:

Link anonymous content to identified sources — if a journalist or researcher has previously published photos under their own name using a specific device, and later publishes anonymously using the same device, the serial number links both sets of work.

Connect multiple identities — content published under different usernames, across different platforms, can be connected if the same camera serial number appears in the EXIF data of photos on each account.

Verify claimed authorship — if someone claims to have taken a photo but the serial number matches a different device from their previous published work, this is evidence against the claim.

Group photos by source — in investigations involving multiple leaked documents, photos with matching serial numbers come from the same device and therefore the same source.

Timestamp Analysis

EXIF timestamps record the exact date and time of capture. Investigators use these to:

• Verify whether a photo was taken when and where it was claimed to have been taken
• Contradict alibis or narratives based on temporal evidence
• Build timelines of events when multiple photos from the same device are available
• Identify inconsistencies between stated creation dates and actual capture dates

Combined Metadata Analysis

The most powerful investigative use combines multiple fields. GPS coordinates alone tell you where. Timestamps tell you when. Serial numbers tell you which device. Together, across multiple photos, they can reconstruct a detailed picture of movements, relationships, and identity.

This is standard practice in investigative journalism, human rights documentation, and law enforcement forensics.

Real-World Examples of OSINT Metadata Investigation

Bellingcat, the open-source investigative organisation, has published extensively on using EXIF metadata as part of verification workflows for conflict imagery, political disinformation, and war crimes documentation.

Intelligence agencies in multiple jurisdictions have used EXIF GPS data to identify whistleblowers who photographed documents before leaking them.

Law enforcement routinely extracts EXIF data from photos uploaded to criminal marketplaces and social media to identify location and device information of persons of interest.

Journalists have used camera serial numbers to link multiple social media accounts to the same individual, exposing coordinated inauthentic behaviour and sockpuppet operations.

Defensive Measures

Understanding how these techniques work informs effective defence.

Strip all metadata before publishing anything — ExifVoid removes all EXIF, XMP, and IPTC data through canvas re-encoding. The re-encoded image contains no serial number, no GPS, no timestamps from the original capture.

Use a dedicated device for sensitive work — a separate phone or camera used only for one context cannot create cross-context links through shared serial numbers.

Screenshot instead of sharing originals — a screenshot creates a new file with your device's metadata at the time of screenshotting, not the original photo's metadata. This breaks the serial number and GPS chain.

Verify before publishing — drag any image you are about to publish into ExifVoid and confirm that no identifying metadata remains. A 15-second verification step before publication prevents an irreversible disclosure.

Sanitise received images before forwarding — photos received from sources, leaked documents, or whistleblowers should be stripped before transmission to any third party. You become responsible for any metadata that travels with images you forward.

Frequently Asked Questions

Is extracting metadata from an image illegal?

No. Reading EXIF data from a file you have legitimately received or downloaded is not illegal in most jurisdictions. How you use the information may be subject to laws governing harassment, privacy, or data protection.

Can stripping metadata defeat all OSINT investigation techniques?

Stripping metadata removes machine-readable hidden data. It does not affect the visual content of the image. Reverse image search, visual geolocation (identifying locations from visual content), and face recognition are separate techniques that operate on the image itself rather than its metadata.

Does a screenshot preserve the original image's metadata?

No. A screenshot creates an entirely new file. The new file contains your device's metadata at the time of screenshotting — not any metadata from the original image.

How do investigators access EXIF data if it is hidden?

EXIF data is not encrypted or protected. It is embedded in the image file in a standard format that any compliant tool can read. The barrier to access is awareness, not technical difficulty.