Microsoft Office Document Metadata in Incident Response
Igor Kuksov touched on a topic that most people do not know about or do not think about. Metadata can turn a normal digital document into compromising intel. Immersion in this topic, Igor begins with theory. Namely, that American law defines three categories of metadata (App metadata, System metadata, Embedded metadata).
Microsoft Office files offer a rich tool set for collecting private data. Ultimately, attempts to hide data without knowing how to do it properly tends not to work. Igor gives vivid examples on this topic. In addition to examples, such subtopics are raised: Harvesting metadata, Documented oddities, Security.
A built-in feature in Microsoft Office called Document Inspector. In any case, security systems should manage leak prevention.