Forensic analysis of residual information in adobe PDF files

Hyunji Chung, Jungheum Park, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.

Original languageEnglish
Title of host publicationCommunications in Computer and Information Science
Pages100-109
Number of pages10
Volume185 CCIS
EditionPART 2
DOIs
Publication statusPublished - 2011 Jul 14
Event6th International Conference on Future Information Technology, FutureTech 2011 - Loutraki, Greece
Duration: 2011 Jun 282011 Jun 30

Publication series

NameCommunications in Computer and Information Science
NumberPART 2
Volume185 CCIS
ISSN (Print)18650929

Other

Other6th International Conference on Future Information Technology, FutureTech 2011
CountryGreece
CityLoutraki
Period11/6/2811/6/30

Fingerprint

Application programs
Industry
Digital forensics

Keywords

  • Data hiding
  • Digital evidence
  • Information leakage
  • PDF
  • Residual Information

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Chung, H., Park, J., & Lee, S. (2011). Forensic analysis of residual information in adobe PDF files. In Communications in Computer and Information Science (PART 2 ed., Vol. 185 CCIS, pp. 100-109). (Communications in Computer and Information Science; Vol. 185 CCIS, No. PART 2). https://doi.org/10.1007/978-3-642-22309-9_12

Forensic analysis of residual information in adobe PDF files. / Chung, Hyunji; Park, Jungheum; Lee, Sangjin.

Communications in Computer and Information Science. Vol. 185 CCIS PART 2. ed. 2011. p. 100-109 (Communications in Computer and Information Science; Vol. 185 CCIS, No. PART 2).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chung, H, Park, J & Lee, S 2011, Forensic analysis of residual information in adobe PDF files. in Communications in Computer and Information Science. PART 2 edn, vol. 185 CCIS, Communications in Computer and Information Science, no. PART 2, vol. 185 CCIS, pp. 100-109, 6th International Conference on Future Information Technology, FutureTech 2011, Loutraki, Greece, 11/6/28. https://doi.org/10.1007/978-3-642-22309-9_12
Chung H, Park J, Lee S. Forensic analysis of residual information in adobe PDF files. In Communications in Computer and Information Science. PART 2 ed. Vol. 185 CCIS. 2011. p. 100-109. (Communications in Computer and Information Science; PART 2). https://doi.org/10.1007/978-3-642-22309-9_12
Chung, Hyunji ; Park, Jungheum ; Lee, Sangjin. / Forensic analysis of residual information in adobe PDF files. Communications in Computer and Information Science. Vol. 185 CCIS PART 2. ed. 2011. pp. 100-109 (Communications in Computer and Information Science; PART 2).
@inproceedings{6295ace72b724a7aac942939fb0d3f1f,
title = "Forensic analysis of residual information in adobe PDF files",
abstract = "In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.",
keywords = "Data hiding, Digital evidence, Information leakage, PDF, Residual Information",
author = "Hyunji Chung and Jungheum Park and Sangjin Lee",
year = "2011",
month = "7",
day = "14",
doi = "10.1007/978-3-642-22309-9_12",
language = "English",
isbn = "9783642223082",
volume = "185 CCIS",
series = "Communications in Computer and Information Science",
number = "PART 2",
pages = "100--109",
booktitle = "Communications in Computer and Information Science",
edition = "PART 2",

}

TY - GEN

T1 - Forensic analysis of residual information in adobe PDF files

AU - Chung, Hyunji

AU - Park, Jungheum

AU - Lee, Sangjin

PY - 2011/7/14

Y1 - 2011/7/14

N2 - In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.

AB - In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.

KW - Data hiding

KW - Digital evidence

KW - Information leakage

KW - PDF

KW - Residual Information

UR - http://www.scopus.com/inward/record.url?scp=79960122353&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79960122353&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-22309-9_12

DO - 10.1007/978-3-642-22309-9_12

M3 - Conference contribution

SN - 9783642223082

VL - 185 CCIS

T3 - Communications in Computer and Information Science

SP - 100

EP - 109

BT - Communications in Computer and Information Science

ER -