Extracting this data is incredibly easy with ExifTool. The internal metadata inside office documents has been key evidence in more cases than can be counted. Product Name : Microsoft┬« Windows┬« Operating System ![]() Legal Copyright : ┬⌐ Microsoft Corporation. exe files, we get very similar data from them.įile Description : Multi-User Windows USER API Client DLLįile Version. Legal Copyright : Copyright (c) 2003-2014, Phil HarveyĪnd, since. Object File Type : Executable applicationįile Description : Read and Write meta information Machine Type : Intel 386 or later, and compatibles Again, keep in mind, I’m trimming the output down to what is “forensically interesting”. There is a lot of really good info in executable files, and with ExifTool you don’t need a debugging skillz to get to it. Almost all the fields are the same, but there are a couple that appear to be interpreted slightly differently and ExifTool is producing some data that isn’t mentioned at all by Irfanview. SensingMethod – One-chip color area sensorīut, ExifTool against the same file produces 72 data points. The rest were photography related, such as f/stop, expose time, etc or JPEG stats, such as resolution, etc. ![]() For our sample it produces 38 data points. Irfanview has long been my go to program for viewing images one of the main reasons for that is the way it extracts EXIF data. Let’s look at some examples of how to use it. It also has some very powerful formatting and processing capabilities in it, making bulk extraction of just the data you want an easy task. It is still actively maintained and has grown to encompass so many metadata types beyond EXIF that it has well outgrown its name. Don’t have to, I said…ĮxifTool is a extremely powerful command line utility that has been around since 2003. Can you script that so I can do that to several hundred files, he said. ![]() ![]() I then proceeded to walk through how to use EnCase’s View File Structure feature to see inside certain file types. I was asked not too long ago about how to extract metadata from inside a file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |