METADATA ANALYSIS TOOLS AND TECHNIQUES

Dear Readers!

Welcome to eForensic Magazine! We are proud to present our new issue entitled ‘’Metadata Analysis Tools and Techniques’’. We decided to focus on a topic that each and every one of us encounters on a daily basis and that we believe will be of your interest and beneficial to read and learn more about it. Metadata is crucial and is being used in various investigations, storage, processing, intelligence etc. and can be found in almost any device.
The authors in this issue will describe the Metadata from the very basics of what it is to more concrete examples of programs and usage. They will show what tools are good to use in metadata and how to analyze them. The authors who wrote these articles are professionals in this area and who have agreed to share their expertise with us.
Our primal goal is to provide you a high quality of information and satisfaction. We are eager to hear your comments and suggestions for future publications and what YOU would like to read more about. With high hopes and excitement, we invite you to enter the world of Metadata!

Check what you can find inside:

1. NEARLY EVERYTHING IN YOUR CASE IS METADATA by Trent Struttman

There are many forensic tools to help an analyst find out what happened in a case. The most common are the most popular automated forensic tools: EnCase and FTK. Each program provides a wealth of tools for the examiner through both built-in and external scripts. EnCase provides the analyst many tools for metadata analysis within the Case Processor script and great support for third party scripts. FTK has great email and document file analysis tools.

2. A PRIMER ON METADATA ANALYSIS by Jeffrey Lewis

In the example from Bush’s life, the memo is the data and the font is the metadata. Metadata is data about data. Anything that describes data is metadata. There are different metadata standards for different types of data. Information is not searchable and accessible without metadata. For example, without metadata you do not know who took a photograph, when they took it, what tool they used to capture the image, any feedback on the image, topics and subjects as well as other pertinent information.

3. UNDERSTANDING FILE METADATA by Chris Sampson

Metadata exists throughout data storage systems, from the creation and modification dates stored within the file system, through to specific information embedded within the content of a file. Metadata can be hugely important to any forensic investigation, knowing how to extract this information and spot when it has been manipulated can prove very important. This article, aimed at those new to forensics, looks at various forms of metadata and provides examples of the way in which we can manually retrieve this information using the information that is available within our operating systems and moving on to other tools which can be used to extract this data from many different file types.

4. DEMYSTIFYING METADATA by Mark Garnett

Metadata are those often quoted, but sometimes misunderstood, attributes of a file that can sometimes provide the sought after breakthrough in determining what happened when on a computer system with respect to particular documents. They are of paramount importance in those investigations involving the theft of intellectual property, electronic discovery, fraud and misconduct investigations and patent disputes.

5. EXTRACTING AND USING METADATA FOR A DIGITAL FORENSIC INVESTIGATION: A STEP-BY_STEP PROCESS by Marc Bleicher

Metadata can often contain that needle in the haystack you’re looking for during a forensics investigation; in fact it has helped me out in the past quite a few times. One particular case that stands out the most was an internal investigation I did for the company I was working for at the time. Most of the cases I dealt with in this role related to employee misconduct, which included wrongful use, inappropriate behavior, harassment, etc. In this situation, metadata was the key piece of evidence in the case of a lost smart phone.

6. VIEWING THE TREES IN SPITE OF THE FOREST by Robert Reed

With recent events in the news there is an increased interest into metadata and how it may be used. What is metadata and what can it tell us? Forensics examiners have known for some time now about metadata and have probably used it to assist in investigations. Meta data can be used for a great many tasks from file attribution and intelligence gathering, to revealing manipulation of time and date stamps. The manner in which metadata can be used is really a matter of the approach and creativity of the examiner. To get a better hold on what metadata is, a definition is needed. Bert Moss on Metadata

7. TOP METADATA CONSIDERATIONS FOR NETWORK SECURITY by Brian Contos

In June 2013 the term “metadata” which is most generally defined as data about data, went mainstream following the Guardian’s NSA Prism program article. For many years the security industry has been working with metadata and developing best practices around handling metadata and even choosing the right technology for specific use cases. This article will focus on key areas of consideration when looking to leverage metadata to improve network security.

8. METADATA: WHAT IS IT AND WHY SHOULD YOU CARE? by Dr. Johnette Hassell & Jack Molisani

Until Edward Snowden unleashed his allegations about the US and UK collecting phone information on millions of their citizens, the word metadata was the providence of attorneys and computer forensic/eDiscovery nerds, such as these authors. And while the world may be aware of the term, few truly understand the breadth and pervasiveness of computer metadata.
In this article we will discuss what computer metadata is, explain its importance in investigations and litigation, and provide a variety of examples.

9. THE METADATA ANALYSIS TOOLS AND TECHNIQUES (HOW TO…) by Dr. Sameera de Alwi

Metadata is organized information that pronounces, clarifies, discovers, or else brands it laid-back to recover, custom, or achieve an information resource. Metadata is frequently termed data about data or information about information. An imperative motive for forming evocative metadata is to expedite discovery of germane information. In adding to resource discovery, metadata can assist consolidate electronic resources, enable interoperability and bequest resource amalgamation, deliver digital identification, support archiving and conservation. Metadata scrutiny is one of countless diverse types of analysis. The interpretation of consequences from whichever solitary examination process might be indecisive. It is imperative to authenticate verdicts with supplementary analysis modus operandi and algorithms.

10. METADATA IN DIGITAL FORENSICS by Bert Moss

In this article I will write about what is Metadata, some metadata analysis / extraction tools and the various techniques that can be utilized in extracting and analyzing metadata mainly from a Digital Forensics standpoint. As you may already know, data is usually described as a collection of facts, such as values or measurements. It can be numbers, words, measurements, observations or even just descriptions of things.