Forums
Main Category
General (Technical,...
PDF Manipulated
 
Notifications
Clear all

PDF Manipulated

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by moga 2 years ago
16 Posts
9 Users
0 Reactions
14.4 K Views
RSS
 Cults14
(@cults14)
Reputable Member
Joined: 17 years ago
Posts: 367
10/09/2019 3:06 pm  

Thanks

Yes, but can we say for sure who manipulated it? UserA has 3 different versions of the same PDF in outgoing mail attachments, but that's the only place they appear "live". One version (the last one) exists in all Volume Shadow Copies

But there is no record of any application accessing the PDF anywhere, not even on external media or network shares

Cheers


   
ReplyQuote
 Cults14
(@cults14)
Reputable Member
Joined: 17 years ago
Posts: 367
16/09/2019 12:01 pm  

Same subject but different, does anyone know of a tool that you can point at a bunch of PDFs and get a CSV or other report on all the metadata fields which you see in Properties of PDF documents in Reader?

It's the Date fields I'm after, BEC seems to do that for M$ Office docs but not PDF

Cheers


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
16/09/2019 1:04 pm  

Same subject but different, does anyone know of a tool that you can point at a bunch of PDFs and get a CSV or other report on all the metadata fields which you see in Properties of PDF documents in Reader?

It's the Date fields I'm after, BEC seems to do that for M$ Office docs but not PDF

Cheers

Doesn't the "simple" exiftool provide what you need/want?

https://www.sno.phy.queensu.ca/~phil/exiftool/

https://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/PDF.html

Like many similar tools, sintax (for anything more that "plain-plain") is a bit complex
https://sno.phy.queensu.ca/~phil/exiftool/exiftool_pod.html

but of course it can be managed with a little of dedication/patience, simple use is simple wink and there are examples.
https://owl.phy.queensu.ca/~phil/exiftool/examples.html
https://www.crossref.org/blog/exiftool/

Again, remember that metadata in info dictionary and XMP metadata are different sets.

jaclaz


   
ReplyQuote
 Cults14
(@cults14)
Reputable Member
Joined: 17 years ago
Posts: 367
16/09/2019 8:52 pm  

Thanks as always Jaclaz (in both threads D

Peter


   
ReplyQuote
 Sachin999
(@sachin999)
New Member
Joined: 6 years ago
Posts: 2
14/12/2019 11:11 am  

The suspected forged pdf document that I am working on has the Modified date (Filesystem) lesser than the Pdf creation date (info). Is this a clue for the forgery?

More details

The pdf file is found in two different computers with the same "anomaly". It is "produced by" MS Word 10 and does have the section of XMP metadata XML (must be manually removed).

modified time (MFT) of two different copies of the same file
Thu Apr 27 205453.0000000 UTC+0530 2017

creation and modified time (info) (both are equal)
2017-04-27 222429

I have tested saving a word file as pdf, the creation and modification for MFT and Pdf info are exactly same.

I am new to such analysis, any help or comment is highly appreciated.


   
ReplyQuote
 moga
(@moga)
New Member
Joined: 2 years ago
Posts: 1
25/10/2023 11:45 pm  

One expert have done forensic on original document which he keep doing various lab test last 35 years, And another person done using medatata at PDF file and also extract this information.

WE have original document with us. For two of the method which is more reliable in this case?

I need to understand which is better way. As result came out different.

if we have original document for Forensic checking for modification (added additional text) timing or we can do such forensic checking on PDF document to check added information later on. Purpose is to check hand written note added after one person signed and need to find out the truth. 

 

Thank for your feedback in advance. 


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: