PDF Forensics

We can try to read the metadata of a pdf doc using the Python script pdfinfo.

Pdfinfo displays various metadata related to a PDF file, such as title, subject, author, creator, and creation date.

KALI LINUX

But you need to use kali linux for this tool so if you dont have it, use Gitpod.io

sign up for github and gitpod and then go to the following utl:

https://gitpod.io/new/#https://github.com/caherrera/pdfinfo

USING PDFINFO

Using Kali Linux you can install PDFinfo with the commands

sudo apt install poppler-utils

Then, using the example of a pdf doc named “DOCUMENT.pdf” type the command

pdfinfo DOCUMENT.pdf

Here is an example of some info you might obtain

Creator: Microsoft® Word for Office 365 Producer: Microsoft® Word for Office 365

CreationDate: Wed Oct 10 21:47:53 2018 EEST ModDate: Wed Oct 10 21:47:53 2018 EEST Tagged: yes UserProperties: no Suspects: no Form: none JavaScript: no Pages: 20 Encrypted: no Page size: 595.32 x 841.92 pts (A4) Page rot: 0 File size: 560362 bytes Optimized: no PDF version: 1.7

The PDF metadata clearly shows that it was created using MS Word for Office 365 on October 10, 2018.

that’s it