Forums
Main Category
General (Technical,...
Unintentional metad...
 
Notifications
Clear all

Unintentional metadata in .jpg and .pdf with hexviewer?

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jhup 13 years ago
8 Posts
5 Users
0 Reactions
529 Views
RSS
 k7rill
(@k7rill)
New Member
Joined: 13 years ago
Posts: 3
Topic starter 25/08/2012 4:41 pm  

Hello everyone

I am working on a case where I'd like to know as much as possible about the person who created jpg- and pdf-files. I analysed the jpgs with exiftool and an online exifviewer. Both just showed regular information about color components Encoding Process etc. on some of the pictures there was text in the Comment, which was put there intentionally and doesn't give away any hints on the creator's identity.

The pdfs and the jpgs I opened as well in a hexviewer I've seen all the meta-data, I found before. The pdf-files unluckily were created with an api, which doesn't include any metadata besides the creator information (it's cairographics).

So my question is Is there a way to find metadata which is unintentionally included in those filetypes, like the username or the computer name, something like that, besides the obvious information. I found a filetype-description of jpg-files, which says how they begin and where they end, which is useful for data recovery, but I need something like the header begins here, then comes all the metadata and here is some additional information included here. Is something known to you, maybe someone who's gathered experience in fighting child pornography where such methods would be very useful as well.

Any hint is highly appreciated.


   
Quote
 joachimm
(@joachimm)
Estimable Member
Joined: 17 years ago
Posts: 181
25/08/2012 7:26 pm  

Just updated the links on the page
http//www.forensicswiki.org/wiki/JPEG


   
ReplyQuote
 k7rill
(@k7rill)
New Member
Joined: 13 years ago
Posts: 3
Topic starter 25/08/2012 9:13 pm  

Thanks a lot. I'll check that source. Maybe I'll get something out of that. Cheers!


   
ReplyQuote
 flyingorgan
(@flyingorgan)
New Member
Joined: 13 years ago
Posts: 2
27/08/2012 11:06 am  

you can try this free software FOCA which means fingerprinting online collected archives. this tool is very powerful and you can download it from http//www.downloadcrew.com/article/22211-foca_free IT analyses metadata from pdf, jpg or any filesystem you want .

and if u want video tutorial i suggest you please go through this link
http//www.defcon.org


   
ReplyQuote
 ner0
(@ner0)
New Member
Joined: 13 years ago
Posts: 3
27/08/2012 8:45 pm  

Probably not a great idea to be uploading evidence to an Online EXIF Viewer…


   
ReplyQuote
 k7rill
(@k7rill)
New Member
Joined: 13 years ago
Posts: 3
Topic starter 27/08/2012 8:55 pm  

Probably not a great idea to be uploading evidence to an Online EXIF Viewer…

In general I fully agree with your point. But those documents are online anyway and the content of the pictures themselves isn't the criminal act we are investigating. So they are basically just a possible source of information about the author.


   
ReplyQuote
 flyingorgan
(@flyingorgan)
New Member
Joined: 13 years ago
Posts: 2
28/08/2012 1:15 am  

No in that FOCA software ,its not compulsary to upload it online. generally you have to download that software into pc and you are dragging and dropping that pdf or any fileformat into foca and you are analysing metadata in your own pc in offline mode not in online mode. It works for me great in my cases and whenever I analyses I switch off my network.

waiting for your reply


   
ReplyQuote
jhup
 jhup
(@jhup)
Noble Member
Joined: 16 years ago
Posts: 1442
28/08/2012 2:52 am  

Tangential tool - I have used TinEye with some success when it came to finding an image online.

It assisted with proving prior existence on other sites.


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: