Forensic Analysis of Residual Information in Adobe PDF Files
Hyunji Chung, Jungheum Park, Sangjin Lee
TL;DR
This paper investigates residual information in PDF files, explaining its origins, how to extract it, and its potential use in digital forensic investigations.
Contribution
It introduces methods to extract residual data from PDFs and discusses how PDF attributes can conceal information, aiding forensic analysis.
Findings
Residual data can reveal previous document states.
Extraction methods effectively retrieve hidden information.
PDF attributes can be exploited to hide data.
Abstract
In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDigital and Cyber Forensics · Advanced Steganography and Watermarking Techniques · Digital Media Forensic Detection