Metadata

As an Incident Responder it's pretty common to analyse malicious emails, however finding the right tools, to safely pull apart an email, aren't always easy to find. I often find analysts struggle to pull apart an email once you explain the risks of using Microsoft Outlook as an analysis tool. This post will look at using open source tools within the SANS SIFT Workstation virtual machine to safely pull apart a native outlook email message. To start with, a native Outlook email message is in an .MSG file format. This format, unfortunately, can't be opened and viewed easily with a…

Ever wondered how much metadata is included within the PDF files you email or share with others. Well, believe it or not, there is a lot that can be determined from a PDF you've created. This post looks at how to clean the metadata from your PDF files before you send them, and how to protect them, so they aren't easily edited or copied by a recipient. These techniques are sometimes referred to anti-forensics with the goal to limit the amount of forensic information you provide within a file that you have produced. If you're after the quick copy and…