I have a company that is getting e-mail from a disgruntled employee with file attachments. I have tracked the IP down to the city the company is in, but was wondering if anyone knew a way that I can tell from the PDF File attachments they are sending with the e-mails who the creator of the file is?
What you need to do is extract metadata from these pdf files. The metadata extractor below will extract metadata like author, create time, last modification time etc. from *.PDFs, *.XLS, *.DOC files etc.
My recommendation is to create a folder called 'pdfs'. Copy the pdfs that you want to analyze to this folder. Then point the program's folder path to th'pdfs" folders. This gets around the limitation of 10 files of this evaluation version. The interface is not user friendly.
http//
Other products
http//
http//
Note
You can also download demo version of FTK from Access Data. It has 5000 file limit, so only add files you need to analyze. FTK also provides metadata of documents.
My guess would be that it would depend greatly on what created the PDF files. I often use Latex to generate my PDFs and hence, I could set the author attribute to whatever I so wished or indeed not at all. I am not sure how Acrobat writer goes about it, it may store details of the registration of the software but unless the author has been stupid enough to enter those in correctly knowing what they were going to do you might be out of luck although, of course it is worth a try.
There's a Perl script on the CD accompanying my book that will pull the metadata from a PDF document.
H. Carvey
"Windows Forensics and Incident Recovery"
http//
http//windowsir.blogspot.com