Metadata

Metadata is data about data.

Computer forensics

Metadata plays a number of important roles in computer forensics:

• It can provide corroborating information about the document data itself.
• It can reveal information that someone tried to hide, delete, or obscure.
• It can be used to automatically correlate documents from different sources.

Governmental surveillance

The Snowden leaks (see timeline masters of the internet) revealed a massive surveillance program including interception of email and other internet communications and phone call tapping. Some of it appears illegal, while other documents show the US spying on friendly nations during various international summits, and on its citizens. The programs are enabled by two US laws, the Patriot Act and the FISA Amendments Act (FAA), and a side dish called Surveillance#Executive_Order_12333_.28EO12333.29Executive Order 12.333.

I'm sure there are dozens of other clever analyses you can perform with a database like this. We need more researchers thinking about the possibilities. I can assure you that the world's intelligence agencies are conducting this research.

[[Surveillance#Upstream_collection|Upstream collection], Hemisphere and XKeyScore by way of wealthycluster2 gobble up our metadata, and with interconnected systems, such as ICReach that data can be shared and associated to other data. There are dozens of clever analyses you can perform with such linked databases. I'm sure that is what they're doing right now.

And whatever you think of the NSA or the other five-eyes countries, these techniques are being used by many countries to intimidate and control their populations.

Corporate surveillance

Metadata is collected by corporations for psychological manipulation -- persuasion or advertising.

Removing metadata from images

Did you know that your photos contain hidden information, including the GPS coordinates of the location they were taken at, the date and time, camera shutter setting details, and possibly even the name of the program you used to edit them? This type of metadata can be useful, but you may want to remove it from your photos before sharing them online.

Reading and removing exif metadata with exiftool

Reading exif metadata with jhead

Removing exif metadata with imagemagick

Removing metadata from documents

Document metadata is information about one or more aspects of a document, spreadsheet, pdf file, that is not always visible to the person creating them, but can be found by the person who receives them next. Comments, track changes, hidden text, markups, properties, attachments and bookmarks are all examples of document metadata. Metadata removal software identifies and removes the metadata contained within a document so it cannot be shared.

Scrubbing pdf metadata with hexedit

Scrubbing pdf metadata with pdftk and sed

PDF exploit cleaning with pdf2ps and ps2pdf

PDF exploit cleaning with pdftops

Shredding files and deleting data

Even when you erase everything on your hard disk, sometimes it is possible to recover (pieces of) data with forensics software and/or hardware. If that data is confidential, delete files and data securely so that no-one will recover them. Solid State Drives (SSD) may have introduced dramatic changes to the principles of computer forensics ...

When encrypting and compressing files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. There may also be "temp" files left behind. Unless you purge — not just delete — those clear-text files.

Echoes of your personal data — swap files, temp files, hibernation files, erased files, browser artifacts, etc — are likely to remain on any computer that you use to access (encrypted) data. It is a trivial task to extract those echos. A hidden access trap. Purge – not just delete – echoes.

Shredding files with shred

Making deleted data hard to recover with dd

Permanently delete files with secure-delete tools (including data stored in your RAM or swap space)

Bleachbit

Removing malware

And then of course, there is the possibility of people having visited without explicit invitation, without explicit consent, that may have left things lying about in odd places. And burglars leaving a payload or two to maintain access for continued pillaging and plundering of your private space.

I think my machine is infected. Now what?