XmpMM:DerivedFrom: This section is a reference to the resource from which the current document was derived. It refers to each specific version of a resource. XmpMM:InstanceID: This property is also a GUID, and is updated each time a file is saved. XmpMM:DocumentID: This property is populated with a Globally Unique Identifier (GUID) which identifies all versions of a resource. Some of the XMP metadata properties in the XMP packet that can be interesting during PDF forensic analysis are as follows: Listing 1 – Example XMP Metadata Packet (Abbreviated) The listing below contains an XMP Packet-an instance of the XMP data model-which was extracted from the metadata stream of a sample PDF file. The format of the XML representing the metadata in a metadata stream is defined as part of the XMP framework. XMP allows metadata to be embedded into electronic documents, and enables software and systems to capture, share and utilize document metadata as well as maintain document context and relationships throughout the document lifecycle. XMP is a document labeling technology originally created by Adobe Systems. A metadata stream, whose contents are represented in Extensible Markup Language (XML), may contain metadata for an entire document, and for components within a document. Metadata can be stored in a PDF document in a document information dictionary and/or in one or more metadata streams. In the computer forensics context, PDF files can be a treasure trove of metadata. Consequently, we encounter them very often during e-Discovery processing, productions and PDF forensic analysis-especially during fraudulent document analysis. Due to its platform independent nature, numerous personal and business documents such as reports, agreements and operational documents are created and exchanged in PDF format. PDF is also an ISO Standard ( ISO 32000-1). It is used primarily to reliably exchange documents independent of platform-hardware, software or operating system. PDF is an electronic file format created by Adobe Systems in the early 1990s. I will provide a brief overview of these metadata sources and then provide an example of how they can be useful during PDF forensic analysis. In virtually all cases, I have found that the PDF metadata contained in metadata streams and the document information dictionary have been instrumental. The requests usually entail PDF forgery analysis or intellectual property related investigations. Portable Document Format (PDF) forensic analysis is a type of request we encounter often in our computer forensics practice.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |