±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36620
New Yesterday: 3 Visitors: 106

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

help needed regarding metadata analysis

Discussion of computer forensics employment and career issues.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

ksrece
Newbie
 

help needed regarding metadata analysis

Post Posted: Feb 07, 06 23:31

hello,
could you please tell me about the tools that are used for metadata analysis. i want to know about some tools that help me in finding the metadata that is hidden in the files, and also some tools to remove metadata. i mean i want a tool that can give me the 1)history of the file(when the file is created,modified,printed,edited anything that is useful) 2)time analysis(i want the tool to display the time it is created,modified,printed,edited anything that is useful) i mean i need the complete history of the file. please let me know as soon as possible.  
 
  

keydet89
Senior Member
 

Re: help needed regarding metadata analysis

Post Posted: Feb 08, 06 00:08

> ...some tools that help me in finding the metadata that is hidden in the files

What kinds of files? The metadata available depends upon the kind of file you're looking at. Metadata available in MSWord documents, for example, won't be available in PDF files, or PE files.

> ...also some tools to remove metadata

Again...depends on the file.

> 1)history of the file(when the file is created,modified,printed,edited anything that is useful)

Again, depends on the file. All files have MAC times associated with them, but some files have additional information embedded in them. MSWord documents have a "last modified" field embedded within the document itself. PE files have timestamps embedded within the headers, as well, which an independent of the MAC times.

> 2)time analysis(i want the tool to display the time it is created,modified,printed,edited anything that is useful)

Uh...okay.

> i mean i need the complete history of the file.

Such as what? Where it's been, who's run it, that sort of thing? Good luck.

Harlan  
 
  

mbinmd
Newbie
 

Re: help needed regarding metadata analysis

Post Posted: Feb 08, 06 00:30

If you are looking for Microsoft Office type of information I think that Metadata Assistant by Payne Consulting would do the trick. www.payneconsulting.co...ataretail/  
 
  

keydet89
Senior Member
 

Re: help needed regarding metadata analysis

Post Posted: Feb 08, 06 02:52

I've written a Perl module that pulls out metadata that Payne's tool misses, such as the platform that the document was created/edited on...

Harlan  
 
  

farmerdude
Senior Member
 

Post Posted: Feb 08, 06 06:41

Depending upon the file type the metadata varies. The MS Office metadata is fairly easy to retrieve, be it the MetaDataAssistant mentioned or PERL via the OLE stuff (Win32::OLE, OLE::Storage, OLE::StorageLight, etc.). Same with PDF metadata (via PERL). Not certain if you consider EXIF tags metadata, but that is easily pulled using the exiftags utilities.

regards,

farmerdude  
 
  

ksrece
Newbie
 

Re: help needed regarding metadata analysis

Post Posted: Feb 08, 06 10:51

please any of you send me more details on metadata analysis.  
 
  

keydet89
Senior Member
 

Re: help needed regarding metadata analysis

Post Posted: Feb 08, 06 18:34

> please any of you send me more details on metadata analysis.

It might help if you addressed my earlier question and specified the type of files you're interested in...which platform, what types of files, etc.

Speaking for myself, I'm not interested in writing an entire encyclopedia for you. I have no problem sharing what I know, but you're going to have to be more specific.

Harlan  
 

Page 1 of 1