DeepAI AI Chat
Log In Sign Up

Forensic Analysis of Residual Information in Adobe PDF Files

by   Hyunji Chung, et al.

In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.


5W1H-based Expression for the Effective Sharing of Information in Digital Forensic Investigations

Digital forensic investigation is used in various areas related to digit...

A Retrieval Framework and Implementation for Electronic Documents with Similar Layouts

As the number of digital documents requiring investigation increases, it...

Hierarchical Bloom Filter Trees for Approximate Matching

Bytewise approximate matching algorithms have in recent years shown sign...

A GPU Register File using Static Data Compression

GPUs rely on large register files to unlock thread-level parallelism for...

Forensic Analysis of the exFAT artefacts

Although keeping some basic concepts inherited from FAT32, the exFAT fil...

Exploitation and Sanitization of Hidden Data in PDF Files

Organizations publish and share more and more electronic documents like ...

Automated Artefact Relevancy Determination from Artefact Metadata and Associated Timeline Events

Case-hindering, multi-year digital forensic evidence backlogs have becom...