Friday, November 4, 2016

Performing Metadata Forensics Intelligently

Metadata Analysis is something very interesting and untried by most of bug bounty hunters and security researchers, and the Truth is that metadata stuff cold be found in each domain of the information security. See below a little introduction about metadata first before going towards analysis.

What is Metadata ?

metadata basically is something that let's know about details, type, functionality and a couple of other useful things about a specific data. Now this data could be anything, an image, document, binary file, webpage any stupid thing available in the domain of information security.

where to perform metadata forensic ?

as above mentioned we can perform metadata analysis on various things so here i'd like to add some.
  • doc, docx, xls, xlsx, ppt, pptx and almost all office files.
  • stickynotes
  • pdf files
  • images
  • binary files

and a lot more could be added. Let's without wasting time try to find out how we can perform metadata forensic analysis on this specific list given above.

Analyzing PDF Files at a glance

i hope if u landed here u might know what pdf files are if no please refer to wiki pages for that, now coming to the point we've a pdf viewing tool called xpdf which contains a library called pdfinfo. we're going to use exactly that library. below is the image illustrating how it's going to work out. 

pdf forensic analysis

you can get the help for the tool by adding pdfinfo -h or asking me in comments. now let's talk about another great tool that can analyse a huge list of file which u can see on wiki(i don't wanna spoil my post). okay tool name is obviously exiftool which many of you've already heard of, we'll analyze a doc & pdf file here for demo purpose.

exiftool forensic analysis
exiftool -Author winasmtut.pdf

okay, we can also perform some nasty stuff ;), like changing metadata headers and a lot more. just see below an example.

exiftool -Author="Handsome Guy" winasmtut.pdf

We can also play with exif a bit let's see some JPEG file operations. see below a list of tasks.

exif dead.jpg
exif hacking
exif --tag=0x132 dead.jpg

Below we'll see a hacky shacky trick for hacking image metadata.

exif --tag=0x132 --set-value="Prove Vanished For this Doc ;)" --ifd=0 dead.jpg

and Much More is waiting in this domain. We'll Soon Publish another detailed tutorial for various filetypes analysis including binary files and some others. so below is my final Question about this post.

Did you Enjoyed Reading This ? and what you'd Like to see Next ? Suggest in Comments.

- Author

No comments:

Post a Comment