Sherloq: An Open Source Image Forensic Toolset

In my OSINT book, I spoke very favorably of Foto Forensics (http://fotoforensics.com) as an online tool which could examine details of a photo including metadata and image analysis. This could help identify areas of an image which have been manipulated plus many other features. Foto Forensics has been blocking VPN addresses lately, and I have always been a bit uncomfortable uploading images associated with my investigations. This is where Sherloq (https://github.com/GuidoBartoli/sherloq) enters our arsenal of tools.

Sherloq includes the same features, but runs 100% locally on your machine. It works within Windows, Mac, and Linux. Since I use Linux VM's within my book and my investigations, I will only focus on Linux installation. Furthermore, I have created a desktop launch script which matches the other apps within my OSINT VM. I have updated the linux.txt file within the book resources page (link included in your book) with the full directions, but I will also include them below. These are modified from the instructions at the source to match the needs of the VM from my book. Images of the tool with sample photos is at the end of this post.

Installation:

cd ~/Downloads/Programs
mkdir Sherloq
cd Sherloq
sudo apt install python3-distutils python3-dev python3-testresources subversion -y
sudo python3 -m pip install virtualenv virtualenvwrapper
echo -e "\n# Python Virtual Environments" >> ~/.bashrc
echo "export WORKON_HOME=$HOME/.virtualenvs" >> ~/.bashrc
echo "export VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3" >> ~/.bashrc
echo "source /usr/local/bin/virtualenvwrapper.sh" >> ~/.bashrc
source ~/.bashrc
mkvirtualenv sq -p python3
git clone https://github.com/GuidoBartoli/sherloq.git
cd sherloq/gui
sudo python3 -m pip install -r requirements.txt

Add a launch icon:

curl -u UsernameFromBook:PasswordFromBook -O https://inteltechniques.com/osintbook8/vm-files/shortcuts/sherloq.desktop
sudo mv sherloq.desktop /usr/share/applications/
cd /usr/share/applications/
sudo chown --reference=usertool.desktop sherloq.desktop
sudo chmod +x sherloq.desktop

This will add a new shortcut in your Applications menu to launch Sherloq.