Imago: A forensic tool to find Digital evidence from images

  • Post author:
  • Post comments:0 Comments
  • Reading time:58 mins read

Imago is a forensic tool that will help to find Digital evidence from images. It is a command-line tool that is compatible with Windows, Linux, and macOS operating systems. In this article, we will take a closer look at Imago Forensic Tool, how it works, and its benefits in forensic investigations.

This tool will help you to store collected information about the image in a CSV file or in an SQLite database. This tool can help to extract more data like longitude, latitude, city, nation, and zip code.

Installing imago

Now let’s look at how can we install the imago tool on your computer. You can do this by the following command.


pip install imago

You can find the GitHub repo here

once you successfully installed the imago tool by the above command now let’s look at how can we use this tool to find digital evidence from an image

Once installed, one new binary should be available: 


imago

And then it should output the imago’s banner

Requirements


python 2.7

exifread >= 2.1.2

python-magic >= 0.4.15

argparse >= 1.4.0

pillow >= 5.2.0

nudepy >= 0.4

imagehash >= 4.0

geopy >= 1.16.0

Usage


usage: imago.py [-h] -i INPUT [-x] [-g] [-e] [-n] [-d {md5,sha256,sha512,all}]
                [-p {ahash,phash,dhash,whash,all}] [-o OUTPUT] [-s]
                [-t {jpeg,tiff}]

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
                        Input directory path
  -x, --exif            Extract exif metadata
  -g, --gps             Extract, parse and convert to coordinates, GPS exif
                        metadata from images (if any)It works only with JPEG.
  -e, --ela             Extract, Error Level Analysis image,It works only with
                        JPEG. *BETA*
  -n, --nude            Detect Nudity, It works only with JPEG, *BETA*
  -d {md5,sha256,sha512,all}, --digest {md5,sha256,sha512,all}
                        Calculate perceptual image hashing
  -p {ahash,phash,dhash,whash,all}, --percentualhash {ahash,phash,dhash,whash,all}
                        Calculate hash digest
  -o OUTPUT, --output OUTPUT
                        Output directory path
  -s, --sqli            Keep SQLite file after the computation
  -t {jpeg,tiff}, --type {jpeg,tiff}
                        Select the image, this flag can be JPEG or TIFF, if
                        this argument it is not provided, imago will process
                        all the image types(i.e. JPEG, TIFF)

Example


$ imago -i /home/solvent/cases/c23/DCIM/ -o /home/solvent/cases/c23/ -x -s -t jpeg -d all
Publisher
Latest posts by Publisher (see all)

Publisher

Publisher @ideasorblogs

Leave a Reply