• Posted by: Eng. Donya Bino
• February 03, 2026

ExifTool Practical Guide

ExifTool is a free, open-source command-line tool written by Phil Harvey that reads, writes, and edits metadata in hundreds of file types, especially images (JPEG, PNG, TIFF, HEIC), videos (MP4, MOV), PDFs, audio files, RAW photos, and even some executables.

It is one of the most powerful and widely used metadata analysis tools in digital forensics, OSINT, cybersecurity investigations, photo journalism verification, and privacy auditing.

Requirements associated with the functional use of ExifTool for typical end users
1. To disclose concealed data found within images contains geographic data, tool used to create a file, file creation date, software used to create a file; 
2. To identify manipulated material or documents that have been modified (handled) through an editing process; 
3. To allow you to delete any identifying information about you from the recording of a photograph when sharing photographs online; 
4. ExifTool is beneficial for identifying questionable material (i.e. email images from phishing sites); 
5. There is no charge for using ExifTool and works on all major platforms (Windows, mac os, Linux, and android).

Installation (Choose One)
Windows Download the .exe from https://exiftool.org → rename to exiftool.exe → put in C:\Windows or any folder in PATH.
macOS
brew install exiftool

Linux / Kali
sudo apt update && sudo apt install exiftool

Android (Termux)
pkg install exiftool

Basic Practical Commands
1. Read all metadata from a file
exiftool photo.jpg
Shows everything: camera model, GPS coordinates, date taken, software, lens info, etc.

2. Read only important fields
exiftool -DateTimeOriginal -GPSLatitude -GPSLongitude -Make -Model photo.jpg

3. Remove all metadata (clean a photo before sharing)
exiftool -all= photo.jpg
Creates photo.jpg_original backup — use -overwrite_original to skip backup.

4. Check if a file was edited (look at ModifyDate vs CreateDate)
exiftool -time:all photo.jpg

5. Extract GPS location as Google Maps link
exiftool -c "%.6f" -p "https://www.google.com/maps/search/?api=1&query=%GPSLatitude%,%GPSLongitude%" photo.jpg

6. Scan an entire folder recursively
exiftool -r -DateTimeOriginal -GPSPosition /path/to/photos/

Practical Examples in Real Life
Example 1: Authenticating Image - OSINT & Journalism You received a news photo stating it happened yesterday in Amman.
exiftool -DateTimeOriginal -GPSPosition -Make -Model claim.jpg

The outputs that are displayed would provide the following information:
1. DateTimeOriginal: 2023:11:15 14:30:00
2. GPS Position: 31.9566 N; 35.9454 E -- Amman Area (Assuming Amman)
3. Make: Samsung, which means that it may be true, however if you see 2022 for the date or Cairo for the GPS Position, it is likely that the photo is not authentic or re-cycled.

Example 2: Removing Metadata Prior to Posting on Social Media You want to post an image of your family on social media.
exiftool -all= -o clean_image.jpg family.jpg

Now you have the clean version of the image with no GPS location or camera model and date, protecting your privacy.

Example 3: Verifying an Image from Email That Looks Suspicious You receive an invoice with an attached image; hence to check if it is a fake you would do the following:
exiftool invoice.png 

If the results show the image was created in 2020, however the image is being promoted as recently updated then the image may be a fake. Another example of a fake image is if the image contains any embedded software like ''Photoshop".

Example 4: Bulk Rename Image Files Based on Date and Location 
exiftool '-FileName

This command will rename all the .jpg images in the folder to the date as well as the location based on the timestamp included in the original image.

Hands-On Exercises (Do These Yourself)
Exercise 1 – Basic Read Take any photo from your phone/camera → run exiftool yourphoto.jpg → write down 3 interesting pieces of information you see (e.g., exact time, camera model, GPS).

Exercise 2 – Privacy Clean Take a photo with GPS/location data → run
exiftool -gps:all= yourphoto.jpg
Compare before/after with exiftool yourphoto.jpg → see GPS fields gone.

Exercise 3 – Suspicious File Check Download a random PNG/JPG from the internet (e.g., meme or news photo) → run
exiftool image.png | grep -i "software\|date\|location\|author"
Ask: Does the metadata make sense for this image?

Exercise 4 – Batch Folder Scan Put 5–10 photos in a folder → run
exiftool -r -DateTimeOriginal -GPSPosition *.jpg > scan.txt
Open scan.txt — see if any photos have unexpected locations or dates.

Summary
The ExifTool is a free, extremely capable command-line program that reads and writes metadata in many different types of files, particularly pictures. With it, you can:
1. View hidden (often sensitive or private) information about a picture (such as location, what type of camera was used to take it, and the history of editing).
2. Remove your own personal information from a picture before sending it to someone (for example, on social media).
3. Check the content of suspicious files (such as those you receive via email or download).
4. Organise and make photos private using ExifTool’s batch processing feature.

Use the following command to start using ExifTool: exiftool [your filename].jpg; this will give you access to many more features than most users expect. Test out ExifTool on your own files before trusting its results with anything you find online.