Microsoft Office Document Metadata in Incident Response

Igor Kuksov touched on a topic that most people do not know about or do not think about. Metadata can turn a normal digital document into compromising intel. Immersion in this topic, Igor begins with theory. Namely, that American law defines three categories of metadata (App metadata, System metadata, Embedded metadata).

Microsoft Office files offer a rich tool set for collecting private data. Ultimately, attempts to hide data without knowing how to do it properly tends not to work. Igor gives vivid examples on this topic. In addition to examples, such subtopics are raised: Harvesting metadata, Documented oddities, Security.

A built-in feature in Microsoft Office called Document Inspector. In any case, security systems should manage leak prevention.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.