Forums
Main Category
General (Technical,...
Examining PDF Files
 
Notifications
Clear all

Examining PDF Files

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by MDCR 10 years ago
6 Posts
4 Users
0 Reactions
615 Views
RSS
 DigitalKiwi
(@digitalkiwi)
New Member
Joined: 10 years ago
Posts: 3
Topic starter 23/12/2015 1:50 am  

Hello All,

I have been asked to examine a number PDF files that have been given to my client as part of a legal discovery.

The files are heavily redacted, but my client has observed that there are some inconsistencies in the page numbering and page headers and footers that leads him to question the authenticity of the documents.

I am able to gather the files' metadata using the exiftool, but other than examining the content of the files and noting the inconsistencies, is there anything else I could do? Are there any other tools that might reveal something about these files?

Thanks and regards.


   
Quote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
23/12/2015 2:39 am  

Without understanding a bit more about what it is you're trying to determine, it's difficult to really make any recommendations.

For example, are you interested solely in the actual contents of the files themselves, or are you concerned that they contain malicious content?

For pointers to looking for malicious content, I'd suggest https://zeltser.com/analyzing-malicious-documents/


   
ReplyQuote
 DigitalKiwi
(@digitalkiwi)
New Member
Joined: 10 years ago
Posts: 3
Topic starter 23/12/2015 6:01 am  

Without understanding a bit more about what it is you're trying to determine, it's difficult to really make any recommendations.

For example, are you interested solely in the actual contents of the files themselves, or are you concerned that they contain malicious content?

For pointers to looking for malicious content, I'd suggest https://zeltser.com/analyzing-malicious-documents/

Thanks for the quick response. I realize that my question is pretty open, but this is because I do not have any very specific suspicions. I do not think the files are malicious, but I do think that they may not be what they purport to be. I am looking for any way of gathering information about the files that might help me to confirm or deny this.

As I said, I already have the metadata provided by exiftool but wonder if there is any more that I might be able to do?


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
23/12/2015 6:22 am  

I do not think the files are malicious, but I do think that they may not be what they purport to be. I am looking for any way of gathering information about the files that might help me to confirm or deny this.

Maybe you can look at some of the analysis tools listed and try them out…list objects in the files, that sort of thing.

Good luck.


   
ReplyQuote
Passmark
 Passmark
(@passmark)
Reputable Member
Joined: 14 years ago
Posts: 376
23/12/2015 6:26 am  

In various PDF viewers you can also view the document properties (File –> Properties in Adobe Reader). This will for the most part be a duplicate of the Exif information, but there might be something extra, like the security settings.


   
ReplyQuote
MDCR
 MDCR
(@mdcr)
Reputable Member
Joined: 15 years ago
Posts: 376
03/01/2016 9:44 pm  

Late response, but you may want to look at Didier Stevens PDF utilities

Link pdf-tools/


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: