Required Tools

The first thing we need to do is obtain a range of free, open-source tools that we can use to geolocate, then analyse YouTube videos of intelligence interest. The tools we will use are as follows:

1. Ruby (gems jekyll and bundler) – A programming framework which supports multiple programming paradigms: https://rubyinstaller.org/downloads/
2. YouTube Data API – This will be used to extract metadata from target YouTube videos: https://developers.google.com/youtube/v3
3. YouTube GeoFind – A Javascript web application developed by Matt Wright that is deployed via the Ruby framework: https://github.com/mattwright324/youtube-geofind
4. YouTube Metadata – Another very effective Javascript-based web application developed by Matt Wright that is also deployed via the Ruby framework: https://github.com/mattwright324/youtube-metadata
5. YouTube Comment Search – A lightweight, but very effective Google Chrome Extension that can query all YouTube video comments and transcripts: https://chrome.google.com/webstore/detail/ycs-youtube-comment-searc/pmfhcilikeembgbiadjiojgfgcfbcoaa?hl=en
6. Sublime Text – An open-source code editor that supports many programming languages and markup languages: https://www.sublimetext.com/blog/articles/sublime-text-4

Ruby

The first thing we need to do is to install the required components that we will run our tools on. For this, we need to download Ruby from https://rubyinstaller.org/downloads/ and select the latest Ruby installer with DevKit. For those using Linux distributions, you can find the required installation package via https://jekyllrb.com/docs/installation/. With the Ruby installation package now downloaded, it can be installed just like any other normal programme. However, be sure to run with the default options when prompted. With Ruby installed, we can now go ahead and install the prerequisite packages by opening Ruby in the command-line interface and invoking the command gem install jekyll bundler.

With the required framework and prerequisites now installed, we can now go ahead and begin installing and deploying our required tools.

YouTube GeoFind

We are going to start the process by downloading, configuring, and installing YouTube GeoFind. First, we will either use Git to clone the Github repository by invoking the command git clone https://github.com/mattwright324/youtube-geofind.git. Otherwise, we can go ahead and download the repository directly from the Github page (https://github.com/mattwright324/youtube-geofind) and unpack the contents to our local drive. In our case, we cloned the repository and placed its contents into D:\scripts\ruby\youtube-geofind.

Now, it is time to configure the API that will be used to query metadata from YouTube videos. By now, you should have obtained a YouTube Data API from your Google Developer Console (https://console.cloud.google.com/). If not, it is time to do so otherwise the tools will not work!

First, we will navigate to the folder containing the cloned repository – in our case at D:\scripts\ruby\youtube-geofind. Find the folder named js and open it, then open the Javascript file named youtube-api-v3 in Sublime Text. Scroll down to the bottom of the file and you will see youtube.setDefaultKey followed by a series of alphanumeric characters contained within the brackets. This is where you should paste your YouTube Data API in-between the single quote marks; for example, (‘YOUR API HERE’).

However, please note that depending on the version of Ruby that you are using, you may need to apply a tweak to the line containing your API so that it reads youtube.setDefaultKey("YOUR API HERE"); instead of youtube.setDefaultKey(atob("YOUR API HERE"));. Should you install the tool and see API error messages, you can try the fix that we have just described and reinstall the tool once more.

With YouTube GeoFind now configured. We can go ahead and build the web application by once again running Ruby within our command-line interface and navigating to the folder containing our cloned repository. Next, invoke the command bundle install in the command line interface. This will now install the tool alongside all of the necessary components that it needs in order to run.

Once complete, we can now start the web application by invoking the command bundle exec jekyll start in the same command-line interface. Looking very carefully, we will now see in the command-line interface that the tool is running locally. Simple copy the localhost IP address and open it up in your browser – you will now see the web application running in your browser window.

Within the web application, we see a toolbar on the top of the page with three search options – by channel, topic, and location. In our case, we will choose to search by location and we will now use the map to navigate to our target location. We chose to navigate to the city of Mariupol and then placed the marker on that city by right-clicking and selecting ‘Move marker here‘. Scrolling a little further down on the web application, we find various search settings that we can use to narrow down the focus of our search. Here, we can see that the ‘Location‘ field has already been filled out based on the position of our marker and the default radius is set to 10km. However, we can change the location of the marker should you have specific latitude and longitude coordinates. Also, we can expand the radius of our search depending on our requirements. In our case, we chose to set a radius of 50km. Additional filters include ‘Sort By‘, ‘Duration‘, ‘Timeframe‘, and ‘Page Limit‘. Also, a series of advanced search options are available should we only want to search for live events, high-quality videos, creative content, and so forth.

When we apply our search, we can see a list of results populated a little further down in the window. For each video result, we can see the caption associated with the video, the user who posted it in addition to a time / date stamp. Within the search result, there is a hyperlink that will enable us to view the video result on the map.

As you can see from the animated image, we discovered a video showing what appears to be Russian soldiers in the area of Melitopol. The geo-location seeming pointing towards the rail station located within the centre of the city. However, as discussed in previous OSINT Workflow articles, GPS data is not always 100% accurate. So, we will analyse this video closer in order to determine the exact location of where it was taken. Additionally, the developer of this great tool – Matt Wright – makes refence to search operators pertinent to the military situation in Ukraine via the YouTube GeoFind wiki page. These can be accsessed via this link: YouTube Keyword Operators > Geofind Examples. He further explains that it is good to keep in mind (and is in those examples) when searching particular areas is to include translated versions of keywords in both Ukrainian and Russian as they can have slightly different spellings for words and are likely to return better results than using English.

YouTube Comment Search

From YouTube GeoFind, we opened the targeted video in YouTube to see whether we could find any additional information. Unfortunately, we could not find any user comments – most likely because the video had only been online for a few minutes. Additionally, unless we were native Russian or Ukrainian speakers, we wouldn’t understand what was being said by the person who had filmed the video. However, we can use YouTube Comment Search to produce a transcript of the video.

Downloading and installing YouTube Comment Search as a Google Chrome Extension is very straightforward and should not require any detailed instructions. Once installed, we can see beneath the YouTube video in question a frame containing results collected by YouTube Comment Search. As we indicated, there were no comments; however, YouTube Comment Search has provided us with a transcript of the video that we opened up in a new window by clicking ‘open‘. With the transcript we can now select it, copy, and paste it into Google Translate. From the results, we can see that the person who filmed the video indicated that the video was filmed near the statue of Taras Shevchanko. To verify this, we used Google Street View to compare prominent features in that location with those identified on the YouTube in question. As the animated image shows, the location was confirmed.

YouTube Metadata

So, we have now confirmed the location of the video to be near the statue of Taras Shevchanko in central Melitopol. Our next mission is to see what more information we can find with regards to the video and the user who posted it on YouTube. To accomplish this, we will use another fantastic web application developed by Matt Wright called YouTube Metadata to see what we can get.

The first thing we need to do is end the YouTube GeoFind process within our command-line interface either by closing it or selecting ctrl+c. Next, navigate to the Github repository containing the YouTube Metadata web application and repeat the exact process we did for YouTube GeoFind – paying careful attention to inputting our API credentials in the correct file and then using the command-line interface to invoke bundle install.

Once installed, we can run the web application by invoking in the same interface the command bundle exec jekyll serve. The web application will now start and run on the same localhost IP address previously used by YouTube GeoFind – hence why we closed the application down, though it is possible to have both applications running at the same time by configuring the ports in the settings!

With the web application open in our browser, we can simply copy and paste the target YouTube video URL into the search bar and then begin the metadata extraction process. As you can see from the animated image, a wide range of information is extracted with regards to the video in question in addition to the user. Some information can be deemed helpful such as a link to a GundFundMe page.

Next Steps

By this point, we have proven that YouTube GeoFind can be used to geolocate YouTube videos showing Russian military forces in Ukraine. We can then apply YouTube Comment Search and YouTube Metadata to further analyse the video, confirm its geolocation, and obtain additional detail of interest. From here, we can now apply our own analytical skills to gauge the likely composition of Russian military forces involved and the equipment they are using. In the case of the aforementioned video we analysed from Melitopol, we can see from the notorious ‘Z’ marking on the trucks that they are from the eastern group of forces and likely to be a company in strength. Looking even closer, we can see that this military force consists of several ‘Ural’ utility trucks; therefore representing a logistical unit. Each Russian motorised rifle of tank brigade is usually supported by a logistical battalion that is equally distributed among each of the combat / manoeuvre elements – often in company-sized groupings.

Conclusion

To bring this OSINT Workflow article to a conclusion, we have shown a variety of very effective tools that can be used to locate and analyse YouTube videos that may be of intelligence interest. Whilst we know too well that GPS-based data is not always 100% accurate, it does provide us with the ability to identify the general location of significant activity. However, using our analytical skills – supported by other tools – we can obtain a more accurate location concerning YouTube videos and obtain a greater understanding of the Russian military forces involved. Whilst we do appreciate that this OSINT Workflow article is very technical in focus – especially with regards to the installation and deployment of YouTube GeoFind and YouTube Metadata – but our readers are strongly encouraged to get in touch with us directly for support.