Вы находитесь на странице: 1из 7

Disclaimers

• Law Firm or Corporate Client?


The Risks of Metadata
• Not Applications Specific
• Forensics Viewpoint

Precedents Agenda
• Metadata stripping policies for business • Metadata Basics
purposes can be legitimate
(Anderson v. United States, 544 U.S. 696 [2005])
• What and How?
• Metadata stripping may be regarded as • Risks
spoliation
(Williams v. Sprint/United Management Company, 2005
WL 2401626 [D. Kansas, September 29, 2005])

Metadata Basics Two Main Types


Data about Data • Windows
Information embedded by software or “System”
applications into its created
documents

1
Two Main Types
• File
or “Deep”
Live Example

Different Applications…
…Have Different Metadata
Examples
Live Example

MS Office & Windows OpenOffice.org

2
HTML PDF

Graphics Files Graphics Files

Dublin Core & Adobe Tools

3
Tools

Live Example

Live Example Questions??

MD5 Hashing MD5 Hashing

4
Live Example Questions??
and Exercise

What are the Risks? Comments


• Producing confidential information • MS Word has tracking changes capabilities –
may not be visible to the user
– Comments/Hidden Texts/Hidden Slides
• Can be included in any forwarded or produced
– File structures file
– Authors • “FastSave”: deleted text and data can remain in
– Security the file even though it is no longer visible or
accessible from within the application
• Can be used to transfer confidential information
through documents in a way that will circumvent
most content filtering technologies

Hidden Slide Hidden Slides


Action Risk
We could do this deal at half • Allows individual • Hidden slide may
the price!!! What a moron!!! slides to be hidden contain data not
during the slide show intended for the target
and printing of audience, creating a
PowerPoint risk of leaking
presentations sensitive information

5
Presentation Notes
Action Risk
Live Example • Allows notes to be • Distributing or
associated with each publishing a
slide in a presentation presentation that
includes speaker
notes carries the risk
of disclosing
unintended or even
confidential
information

File/Directory Structures
• Sensitive information may be contained in
Live Example the directory hierarchy exposed by the
path
• Path information can provide a view into
the corporate network topology

File/Directory Structures File/Directory Structures


• Embedded objects, such as audio or video
\\uncpath\\abccompany\\files\
files
• Hyperlinks
• Printer setup information
• Template names

\\uncpath\\abccompany\\files\

6
File/Directory Structures Author History
Action Risk
\\uncpath\\abccompany\\files\
• Up to the last 10 • May identify new
authors that saved a custodians in a legal
document are stored matter
in an area of the • File paths
document that is • Possible audit trails
inaccessible using the
Word application

\\uncpath\\abccompany\\files\

Security Other Gotchas


• Protected documents may have • ZIP/PST/etc. files
unprotected embedded objects • Scrubbing not complete
• Information may include a file path or URL • Metadata may still be on the hard drive
reference to the database server, SQL
query strings that identify the requested
data, and the password required to access
the database

How Do You Protect Yourself? Thank you!


• Don’t email electronic files
• Metadata scrubbing Malcolm Wells
• Convert doc to PDF mwells@lsilegal.com
(214) 708-
708-9596

Вам также может понравиться