Notifications

Clear all

Unintentional metadata in .jpg and .pdf with hexviewer?

General (Technical, Procedural, Software, Hardware etc.)

Last Post by jhup 12 years ago

8 Posts

5 Users

0 Reactions

345 Views

RSS

k7rill

(@k7rill)

Posts: 3

New Member

Topic starter

Hello everyone

I am working on a case where I'd like to know as much as possible about the person who created jpg- and pdf-files. I analysed the jpgs with exiftool and an online exifviewer. Both just showed regular information about color components Encoding Process etc. on some of the pictures there was text in the Comment, which was put there intentionally and doesn't give away any hints on the creator's identity.

The pdfs and the jpgs I opened as well in a hexviewer I've seen all the meta-data, I found before. The pdf-files unluckily were created with an api, which doesn't include any metadata besides the creator information (it's cairographics).

So my question is Is there a way to find metadata which is unintentionally included in those filetypes, like the username or the computer name, something like that, besides the obvious information. I found a filetype-description of jpg-files, which says how they begin and where they end, which is useful for data recovery, but I need something like the header begins here, then comes all the metadata and here is some additional information included here. Is something known to you, maybe someone who's gathered experience in fighting child pornography where such methods would be very useful as well.

Any hint is highly appreciated.

Posted : 25/08/2012 4:41 pm

joachimm

(@joachimm)

Posts: 181

Estimable Member

Just updated the links on the page
http//www.forensicswiki.org/wiki/JPEG

Posted : 25/08/2012 7:26 pm

k7rill

(@k7rill)

Posts: 3

New Member

Topic starter

Thanks a lot. I'll check that source. Maybe I'll get something out of that. Cheers!

Posted : 25/08/2012 9:13 pm

flyingorgan

(@flyingorgan)

Posts: 2

New Member

you can try this free software FOCA which means fingerprinting online collected archives. this tool is very powerful and you can download it from http//www.downloadcrew.com/article/22211-foca_free IT analyses metadata from pdf, jpg or any filesystem you want .

and if u want video tutorial i suggest you please go through this link
http//www.defcon.org

Posted : 27/08/2012 11:06 am

ner0

(@ner0)

Posts: 3

New Member

Probably not a great idea to be uploading evidence to an Online EXIF Viewer…

Posted : 27/08/2012 8:45 pm

k7rill

(@k7rill)

Posts: 3

New Member

Topic starter

Probably not a great idea to be uploading evidence to an Online EXIF Viewer…

In general I fully agree with your point. But those documents are online anyway and the content of the pictures themselves isn't the criminal act we are investigating. So they are basically just a possible source of information about the author.

Posted : 27/08/2012 8:55 pm

flyingorgan

(@flyingorgan)

Posts: 2

New Member

No in that FOCA software ,its not compulsary to upload it online. generally you have to download that software into pc and you are dragging and dropping that pdf or any fileformat into foca and you are analysing metadata in your own pc in offline mode not in online mode. It works for me great in my cases and whenever I analyses I switch off my network.

waiting for your reply

Posted : 28/08/2012 1:15 am

jhup

(@jhup)

Posts: 1442

Noble Member

Tangential tool - I have used TinEye with some success when it came to finding an image online.

It assisted with proving prior existence on other sites.

Posted : 28/08/2012 2:52 am

8 Forums
15.5 K Topics
92 K Posts
5 Online
40.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed