Capturing and preserving media content is an essential part of most OSINT investigations. There are a number of tools available to do this, but my favourite my far is YouTube-dl. Despite it’s name, YouTube-dl is capable of grabbing videos quickly from a range of different websites including YouTube, Facebook, Twitter, LiveLeak, and many others. It’s a command line tool and it comes with a lot of options (and I mean a lot) for downloading videos from the web. You can bypass geographical restrictions, download entire playlists at once, extract the audio separately, or specify which format you’d like the downloaded file to be in. This post will show you how to set up YouTube-dl and a few usage examples.
Snaps
YouTube-dl runs best in a Linux environment, although it can also be installed on Mac OS and Windows (albeit it isn’t updated as regularly from what I can tell). If you’re not familiar with using Linux for OSINT, then I recommend reading through my guide to building a Linux OSINT virtual machine that I wrote a few months ago. YouTube-dl is available in the repositories of most popular Linux builds like Ubuntu or Mint, but for this tutorial I’m going to use a snap package. You can find a list of currently available snaps here.
Snaps are a fantastic way to install, run , and maintain software on Linux. Instead of installing a program in the usual way and running into conflicts with software dependencies and occasional update issues, a snap is a container that includes everything that the program needs to run without having to worry about additional or conflicting software libraries. This makes life a lot easier for developers as they only have to develop one snap that runs on all different systems without having to make separate versions.
Even more importantly, snaps are self-updating. By default each snap will check once a day if there are any updates available for it, and if there are, it will silently update itself in the background with any action being required from the user or with any additional computer restarts.
This guide will show you how to install and run YouTube-dl as a snap package that will be stable, won’t conflict with any other programs on your system, and will always be up to date.
Installing snapd
Open up a terminal in Linux and enter the following:
sudo apt install snapd(If you’re running Ubuntu, you may find that snapd is already installed and you can skip this check)
Next type:
sudo snap install youtube-dlYour computer will now download and install the most up to date version of YouTube-dl.
To check it’s working correctly just type in the console as follows:
youtube-dl -h
This will show you all the available options for how you’d like the video to be downloaded. There are dozens of available options, and you probably won’t need most of them, but I’m going to show some useful examples below.
YouTube
For the first example, I’ll show how to download this video of this week’s riots in Belfast.
YouTube-dl commands are always entered in the same format:
youtube-dl [OPTION] [VIDEO URL]
So to download the riot video, the command would be as follows (no option specified in this case):
youtube-dl https://www.youtube.com/watch?v=B9xE-40c2Oc
(To paste into the terminal, use Ctrl + Shift + V, not Ctrl + V as on the desktop).
By default YouTube-dl saves videos to your Home folder in an mp4 format, but it’s possible to change that with a few other option. Use -o to specify a location to save the file:
youtube-dl -o ~/Videos/riotfootage https://www.youtube.com/watch?v=B9xE-40c2OcThis will now save the clip to your Videos folder with the file name riotfootage.mp4
If you’d like to save the video in a different format simply add the –recode-video option. This case it will be downloaded in avi format, although webm, mkv, and other formats are available:
youtube-dl -o ~/Videos/riotfootage --recode-video avi https://www.youtube.com/watch?v=B9xE-40c2Oc
If you couldn’t access a video due to geographic restrictions, it’s possible to bypass these adding the appropriate ISO 3166-2 country code along with the –geo-bypass-country option. For example if I wanted to download a video that was only available in Germany (ISO code DE) I’d use the following command:
youtube-dl --geo-bypass-country DE https://www.youtube.com/watch?v=B9xE-40c2Oc
As you can see from the full options list, there are many different tools available to customise your downloaded videos/playlists and their metadata as needed.
YouTube-dl also works with Twitter. In this case I’m going to show how to grab this video of some Dutch sunbathers taking some sudden exercise. Copy the URL of the Tweet into the terminal with the following command:
youtube-dl https://twitter.com/i/status/1159811569045295104Notice that you do not have to supply the exact URL for the video, simplying pointing YouTube-dl at the Tweet is enough. The program is able to pick out the video content from the provided link and ignore everything else.
The same principle applies to Facebook. Simply copy the link to the relevant post and YouTube-dl is able to extract the video content e.g.:
youtube-dl -o ~/Videos/facebookvideo https://www.facebook.com/watch/?v=328211061465570
LiveLeak
LiveLeak content can be extracted in a similar way to Twitter. It isn’t necessary to provide the exact URL for a video, simply pointing the program at the post URL will be enough to allow the video content to be extracted. In this case the URL for this article about the Dayton Shooting will be enough for YouTube-dl to identify and extract the video e.g.:
youtube-dl -o ~/daytonshooterresearch/cctvfootage https://www.liveleak.com/view?t=C4uCL_1565289483GUI
There is a GUI version of YouTube-dl that runs on Windows. It can be downloaded here and there’s a demo of it here. It doesn’t have quite the same number of options as the latest command-line version and lacks the self-updating ability that the snap version has, but it’s still pretty useful for most purposes.