Compiled PDF tamper...
 
Notifications
Clear all

Compiled PDF tampering  

  RSS
Lupin
(@lupin)
New Member

Good evening all.

 

Was hoping to get some guidance/knowledge as to the following topic:

 

I know a PDF was altered after the fact. It was then compiled in to a larger PDF document.

 

Is there any way, software or otherwise, in the larger document, to see the evidence of the tampering for the one specific PDF I'm talking about?

 

It would absolutely be of vital importance to someone I know to have this information.

 

Thank you for any help you can offer.

Quote
Posted : 06/10/2020 4:44 am
athulin
(@athulin)
Community Legend
Posted by: @lupin

I know a PDF was altered after the fact. It was then compiled in to a larger PDF document.

 Is there any way, software or otherwise, in the larger document, to see the evidence of the tampering for the one specific PDF I'm talking about?

 

In general ... only a) if the method of tampering left indisputable artifacts in the first PDF file, and b) if the 'compilation method' retained those traces, and didn't produce any such traces itself. 

However, in order to show that this may have been done you almost certainly have to repeat it. Which probably means you have to know the tools used.

ReplyQuote
Posted : 06/10/2020 10:40 am
Lupin liked
Lupin
(@lupin)
New Member

@athulin I'm quite positive that I know the tools that were used.

ReplyQuote
Posted : 06/10/2020 10:25 pm
Lupin
(@lupin)
New Member

So, at this point, could someone point me in the direction of a set of apps/programs that will help me?

ReplyQuote
Posted : 08/10/2020 1:14 am
athulin
(@athulin)
Community Legend

@lupin

Well, then use tool 1 (the tampering tool) to see if you get any solid artifacts from its use) always, or only for certain types of tampering), and if you do, use tool 2 (the compiling tool) to see if those artifacts remain, and if it also adds any artifacts of its own.  If they do, check your evidence file for such traces.

Basically, in a question like yours, you have to do the research yourself.  If you state the tools, there may be someone who has already researched them, and give you suggestions and ideas. You would still have to repeat the tests, to verify that the same software versions, possibly in the same configurations behave the same way.

It used to be possible to find traces from Adobe-tools to identify modifications.  To save time, the modifications were added at the end, and then page or object pointers in the original document were just relinked to point to the new changes instead of the old pages/objects.  But that used to work only for the 'Save'  command.  With 'Save as ...' (if I recall), the file was rebuilt, and anything that was not referenced was thrown away. 

But my impression is that Adobe dropped this a long time ago, because of privacy concerns, and because it was possible to retrace redactions, and find sensitive information. (Imagine the Mueller report redacted in that reversible way, for example. Newspapers loved that stuff ...)

This post was modified 1 week ago by athulin
ReplyQuote
Posted : 08/10/2020 6:09 am
Share: