Forensic FOCA - Power of Metadata in digital forensics
The Hacker News

Most of the e ort in today's digital forensics community lies in the retrieval and analysis of existing information from computing systems. Metadata is data about data. Metadata plays a number of important roles in computer forensics. It can provide corroborating information about the document data itself. It can reveal information that someone tried to hide, delete, or obscure. It can be used to automatically correlate documents from different sources.

More simply, electronic information about a file but not seen on a printed copy of the file. It is embedded and provides additional information, including when and by whom it was created, accessed, or modified.

Informatica64 release Forensic FOCA (Fingerprinting Organizations with Collected Archives) , tool for forensic analysts focused on the use of metadata files to generate a forensic case. Several other metadata extraction tools exist but FOCA is combination of all their features and much more.
Cybersecurity

Office applications like Microsoft Office or Star Office (including Word, Excel & PowerPoint) are not the only applications that create and embed metadata. In fact, most applications do. PDF files often have embedded author, title, and other information. Digital photographs and movies often contain large amounts of information about the image or film, often including the make, model and serial number of the device they were created on. In fact just about any data object can have metadata.

Forensic FOCA is capable of analyzing the metadata of a different document formats Microsoft Office 2007and later, Microsoft Office 97 to 2003, OpenOffice, PDF documents, EXIF information in JPG, WordPerfect , SVG images, InDesign documents. It's possible to see the number of computers in an office, which ones are connected to printers and get a good idea for how a network is structured.

Forensic FOCA allows you to view the metadata for each document analyzed, ideal for an analysis of an interest document. Provide two types of view tree or files explorer and timeline. In timeline view it will show the events related to files organized by date. This makes it possible to quickly view the events of a certain date.The different events that exist are creating, modifying and printing documents.
The Hacker News

FOCA can also identify OS versions and application versions, making it possible to see if a particular computer or user has up-to-date patches. That information is of particular use to hackers, who could then do a spear phishing attack, where a specific user is targeted over e-mail with an attachment that contains malicious software.

Recent Example, Last week we reported about arrest of an Anonymous Hacker Higinio O Ochoa III aka w0rmer , member of CabinCr3w, after he posted the image of his Girl Friend , which included a gloating message to his online victims. Specifically, the picture includes meta data and GPS information. The GPS information identifies the location as 37° 51' 25.20" S, 145° 15' 1.20" E. That's a suburb of Melbourne, Australia. Using Metadata Information FBI was able to trace the Hacker.

Forensics and security were not design objectives for the most commonly used file systems. Some of our desired information could be easily obtained by, for example, recording more information on one-time events such as the creation of a file. The "create" timestamp, the user who created a file,and the user agent path could be recorded in a fixed amount of space.

Forensic FOCA allows you to export all information obtained in XML or HTML to use this information as more appropriate, and print this data.

You can download a Forensic FOCA Trial version. This version It is limited to one document type (only Microsoft Office Word supported). We recommend , buy the full version available just at Price 20 € per year to Feel the power of Metadata with Forensic FOCA!

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.