Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

  1. Home
  2. Psst! Your Metadata Is Showing!

Psst! Your Metadata Is Showing!

Information about a document's authors, creation, and history can be a source of data leaks
February 06, 2008

4:10 PM -- While catching up on my computer forensics blogs recently, I came across an interesting post from Mark McKinnon of RedWolf Computer Forensics regarding some tests he was conducting concerning the metadata in a Microsoft Word document.

If you've ever performed forensic investigations or managed security investigators, you know the important part that metadata plays in the process. Metadata can help you identify the authors of a document, what machines have saved it, and even the last time it was printed.

McKinnon's blog made me wonder what users know about metadata. Are they aware of the information they could be leaking when they send documents to customers, prospects, and business partners? Security awareness programs should educate them on metadata -- such programs should include some hands-on testing to show users what their document trail looks like.

Pinpoint Labs has a free Metaviewer tool which features an easy-to-use graphical interface that shows metadata information such as author, comments, company, last saved by, and more. If you're familiar with Perl and you want to scan a large repository of Word documents, you can use a script from Harlan Carvey. There are some commercial tools for document metadata as well, but I can’t vouch for them -- I’ve only used the two above, along with forensic suites like FTK and Encase).

After a few high-profile blunders made the headlines about four years ago (search for Tony Blair and metadata), Microsoft published a free tool for cleaning Office 2003 documents and has included the same capability in Office 2007. There are other commercial tools for cleaning documents as well.

When you train your users, show them what the metadata looks like in their documents -- before and after cleaning them. Also, remember that Microsoft Office documents aren’t the only sources of metadata. PDFs and other office document suites include similar information.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Tags:

News
Networking