Figura 1: Vídeo-Tutorial de Forensic FOCA
For this exercise will form part of the example of forensic metadata people assume that they are all different - until proven otherwise - and just make metadata analysis exercise to see what comes up. Of course, to make the data analysis task over 5GB Forensic FOCA is nothing better than that for this set.
Compressed files
The documents were posted on the file. ZIP compressed, which appeared thumbnail Thumbs.db file, which could mean that they have created with Windows XP or earlier. In the latter, accounting in 2011 emerged, however, between the complex folder structure, DS_Store., Mac OS X operating system is typical, so it seems they can do it from a computer box document. So we must assume that the person who packaged, or one with two different teams, or two different people.
Los file uncompressed
If the file is decompressed them, appearing more than 400 documents in PDF format. All ellos are scanned copies of the documents but te la ventaja originales which has in limpiados metadata, by which you can sign up mucha ellos extract information. To analizarlos Forensic FOCA with all extracted and crawl to Tools pull. It is a land hace break.
Appear compressed files with thumbnails files and PDF documents with metadata could make us think that the person who leaked the documents online or not is the same as scan and compressed - and therefore do not mind the info that there can be removed - or do not have a high technical profile, what you think about the leak from someone with access to the documents in place hacktivist attacks.
Path to the folder
If we look at the structure of folders displayed, curious to see units like m: ot:, which means you are using some sort of NAS network storage system to store all the documents when scanning. If there are people who speculate on the system, such as eating scanner / digital / multifunctional and generate PDF documents, but there are things that make a difference later.
The software used
This is highly relevant information, as well as common software such as Adobe Acrobat or Adobe Distiler, is a very specific version of software such as EFI Cyclone or Developer Express Inc.
The first one is extraordinary, such as professional print software that is used in high-end printers used in document CRDS. This list of equipment incorporating EFI library can be found on the manufacturer's website. Nitro PDF Professional is a software that is not too common, and version 6 is quite old.
Document creation date
After analyzing when a document is created and modified can be viewed as you create and modify PDF files. This is typical of documents created page to page, ie page 1 and digitize documents created, then scanned page 2, and change the PDF document before.
Creation date scanned documents began to be serialized from February 8, 2013 and so on, which seemed to be made aware of, because there are thousands of pages in all documents.
users
No users appear in nearly documents, but there are 4 of them in that way. In one of them emerged from the generic Administrator, but three other documents is the name of a user MAGomezc.
This name, which looks like Miguel Ángel Gómez C., Marco Antonio Garmendia Crespo or that style, appeared in three scanned documents in 2008, ie five years ago, but could indicate a particular person.
Of course, this just says that the metadata scan of the computer in 2008, in which users work with Adobe Acrobat 7.0 PDF maker is MAgomezc.
In the end, the researchers will in this case the software will have to marry someone with a personal computer or printer model shop / digitizer with the owner, and the names of those users, but it is because police work is still far from our goal for now .
For this exercise will form part of the example of forensic metadata people assume that they are all different - until proven otherwise - and just make metadata analysis exercise to see what comes up. Of course, to make the data analysis task over 5GB Forensic FOCA is nothing better than that for this set.
Compressed files
The documents were posted on the file. ZIP compressed, which appeared thumbnail Thumbs.db file, which could mean that they have created with Windows XP or earlier. In the latter, accounting in 2011 emerged, however, between the complex folder structure, DS_Store., Mac OS X operating system is typical, so it seems they can do it from a computer box document. So we must assume that the person who packaged, or one with two different teams, or two different people.
Los file uncompressed
If the file is decompressed them, appearing more than 400 documents in PDF format. All ellos are scanned copies of the documents but te la ventaja originales which has in limpiados metadata, by which you can sign up mucha ellos extract information. To analizarlos Forensic FOCA with all extracted and crawl to Tools pull. It is a land hace break.
Appear compressed files with thumbnails files and PDF documents with metadata could make us think that the person who leaked the documents online or not is the same as scan and compressed - and therefore do not mind the info that there can be removed - or do not have a high technical profile, what you think about the leak from someone with access to the documents in place hacktivist attacks.
Path to the folder
If we look at the structure of folders displayed, curious to see units like m: ot:, which means you are using some sort of NAS network storage system to store all the documents when scanning. If there are people who speculate on the system, such as eating scanner / digital / multifunctional and generate PDF documents, but there are things that make a difference later.
The software used
This is highly relevant information, as well as common software such as Adobe Acrobat or Adobe Distiler, is a very specific version of software such as EFI Cyclone or Developer Express Inc.
The first one is extraordinary, such as professional print software that is used in high-end printers used in document CRDS. This list of equipment incorporating EFI library can be found on the manufacturer's website. Nitro PDF Professional is a software that is not too common, and version 6 is quite old.
Document creation date
After analyzing when a document is created and modified can be viewed as you create and modify PDF files. This is typical of documents created page to page, ie page 1 and digitize documents created, then scanned page 2, and change the PDF document before.
Creation date scanned documents began to be serialized from February 8, 2013 and so on, which seemed to be made aware of, because there are thousands of pages in all documents.
users
No users appear in nearly documents, but there are 4 of them in that way. In one of them emerged from the generic Administrator, but three other documents is the name of a user MAGomezc.
This name, which looks like Miguel Ángel Gómez C., Marco Antonio Garmendia Crespo or that style, appeared in three scanned documents in 2008, ie five years ago, but could indicate a particular person.
Of course, this just says that the metadata scan of the computer in 2008, in which users work with Adobe Acrobat 7.0 PDF maker is MAgomezc.
In the end, the researchers will in this case the software will have to marry someone with a personal computer or printer model shop / digitizer with the owner, and the names of those users, but it is because police work is still far from our goal for now .
No comments:
Post a Comment