Forensic analysis of residual information in adobe PDF files

Hyunji Chung, Jungheum Park, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.

Original languageEnglish
Title of host publicationCommunications in Computer and Information Science
Pages100-109
Number of pages10
Volume185 CCIS
EditionPART 2
DOIs
Publication statusPublished - 2011 Jul 14
Event6th International Conference on Future Information Technology, FutureTech 2011 - Loutraki, Greece
Duration: 2011 Jun 282011 Jun 30

Publication series

NameCommunications in Computer and Information Science
NumberPART 2
Volume185 CCIS
ISSN (Print)18650929

Other

Other6th International Conference on Future Information Technology, FutureTech 2011
CountryGreece
CityLoutraki
Period11/6/2811/6/30

    Fingerprint

Keywords

  • Data hiding
  • Digital evidence
  • Information leakage
  • PDF
  • Residual Information

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Chung, H., Park, J., & Lee, S. (2011). Forensic analysis of residual information in adobe PDF files. In Communications in Computer and Information Science (PART 2 ed., Vol. 185 CCIS, pp. 100-109). (Communications in Computer and Information Science; Vol. 185 CCIS, No. PART 2). https://doi.org/10.1007/978-3-642-22309-9_12