Digital Forensics:How to View and Remove Metadata from Images?

What is Metadata ?

Metadata refers to data that provides information about other data. In other words, it's data about data. Metadata describes various aspects of the primary data, such as its content, context, structure, and other attributes. It serves to provide additional context, facilitate organization, and enhance the understanding and usability of the primary data.

Examples of metadata include:

1. File Metadata: Information about a file, such as its name, size, type, creation date, and last modified date.
2. Document Metadata: Information about a document, such as its author, title, subject, keywords, and language.
3. Image Metadata: Information embedded within an image file, such as the camera settings used to capture the image, location coordinates (if available), and creation date.
4. Web Page Metadata: Information embedded within a web page's HTML code, such as the page title, description, keywords, and author.
5. Database Metadata: Information about the structure and contents of a database, such as table names, column names, data types, and relationships between tables.

Photo Credit by : ianaré sévi

Whit is EXIF data ?

EXIF (Exchangeable Image File Format) data is a type of metadata that is commonly associated with image files, particularly those captured by digital cameras and smartphones. EXIF data contains a variety of information about the image and how it was captured. Some common types of information found in EXIF data include:

1. Camera Settings: This includes details such as the make and model of the camera or smartphone, the lens type, focal length, aperture, shutter speed, and ISO settings used to capture the image.

2. Date and Time: The date and time when the image was captured.

3. Geolocation: GPS coordinates indicating the location where the image was captured, if the device supports geotagging.

4. Orientation: Information about the orientation of the camera when the image was taken (e.g., portrait or landscape).

5. Camera Manufacturer Information: Details about the manufacturer of the camera or smartphone, such as the camera's serial number.

6. Copyright Information: Copyright information entered by the photographer, including their name, contact details, and copyright status.

Photo Credit by : opanda

Image Description = Door to the Soul
Make = Nikon
Model = Nikon F5
Software = Opanda PowerExif
Artist = Kenneth Garrett

Copyright = Kenneth Garrett

Why Should You Remove Metadata?

There are several reasons why you might want to remove metadata from files:

1. Privacy Concerns: Metadata can contain sensitive information that you may not want to share publicly, such as your location, author name, or comments. Removing metadata helps protect your privacy and prevents inadvertent disclosure of personal or confidential information.

2. Security Risks: Metadata can potentially reveal information that could be exploited by malicious actors. For example, geolocation metadata in photos could disclose your whereabouts, posing a security risk if shared unintentionally. Removing metadata reduces the risk of exposing sensitive information to unauthorized individuals.

3. Reducing File Size: Metadata can add to the size of files, especially in documents or images with extensive metadata fields. Removing metadata can help reduce file size, making it easier to store, share, or transmit files, particularly in environments with limited bandwidth or storage capacity.

4. Protecting Intellectual Property: Metadata often includes information about the creator or owner of a file. Removing metadata can help protect the intellectual property rights of the content creator by preventing unauthorized use or attribution.

5. Enhancing Anonymity: In certain contexts, such as whistleblowing or journalistic activities, removing metadata from files can help maintain the anonymity of sources or contributors, protecting them from potential retaliation or identification.

Analyzing EXIF data:

The ways to analyze the metadata in a photo is through a free application Exiftool. 

Let's take a look at File A's metadata with exiftool:

Exiftool on Windows

GPS Latitude/Longitude

#H:\exiftool-12.76>"exiftool(-k).exe" "C:\Users\...\Downloads\DSCN0042.jpg"

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information

From the snapshot, we can gather the following useful information:

1. File Size: 157 KB

2. File Creation Date: 2008:10:22 17:00:07

3. File Type: JPG

4. File Name: DSCN0042.jpg

5.GPS Date/Time                   : 2008:10:23 14:57:41.37Z

6.GPS Latitude                       :  43 deg 27' 52.04" N

7.GPS Longitude                   : 1 11 deg 52' 53.32" E

8.Make                                   : NIKON

9.Camera Model Name          : COOLPIX P6000

How to Remove Metadata in Images?

#exiftool(-k).exe -all=

How to View   Metadata in Images?
#H:\exiftool-12.76>"exiftool(-k).exe" "C:\Users\...\Downloads\DSCN0042.jpg"

• Meta Information
• IMAGE FILE METADATA AND GPS 
• Metadata Part II
• Metadata
• Remove hidden data and personal information

Reference:

https://eforensicsmag.com/download/metadata-analysis-tools-and-techniques/
https://en.wikipedia.org/wiki/Metadata


* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WindowsForensic #computerforensic #ComputerForensics #dfir #forensics
#digitalforensics #investigation #cybercrime #fraud