// BTLO · Threat Intelligence

Meta

BTLO Easy [exiftool, reverse image search]

proof of completion → challenge page → ← all labs

Overview

A fugitive posts images online taunting investigators. Using metadata forensics and reverse image search, we prove him wrong. The investigation chain is straightforward: extract EXIF metadata → identify the camera → pull the timestamp → read the embedded comment → geolocate via reverse image search.

Metadata Extraction — Exiftool

The attached images were posted publicly by the suspect. Running Exiftool against the first image pulls all embedded EXIF data:

exiftool uploaded_1.JPG

Filtering for date and comment fields specifically:

exiftool uploaded_1.JPG | grep -i "date"
exiftool uploaded_1.JPG | grep -i "comment"

This reveals:

Camera Model: Canon EOS 550D
Date Taken: 2021:11:02 13:20:23
Comment: relying on altered metadata to catch me?

The comment is a taunt — the suspect attempted to alter metadata to mislead investigators but missed fields. The camera model and timestamp remain intact.

Geolocation — Reverse Image Search

Running the image through a reverse image search identifies the location as a historical temple in Kathmandu, Nepal — placing the suspect’s location despite their attempts at evasion.

What is the camera model?

Click flag to reveal Canon EOS 550D

When was the picture taken?

Click to reveal answer 2021:11:02 13:20:23

What does the comment on the first image says?

Click flag to reveal relying on altered metadata to catch me?

Where could the criminal be?

Click to reveal answer Kathmandu