Hi,

I am trying to find information or definitions of metadata fields in PDF.
Specifically I am trying to determine how the following field is created

http://ns.adobe.com/pdfx/1.3/            pdfx:SourceModified:D:20180806072738

Please see attached screenshot.  The highlighted orange areas match with the information in Document Properties.

The yellow fields are of interest.  Do these indicate (reliably) that modifications have been made and is the field for the Application used set in stone once the document is created?

I have tried some internet searches and I can t find anything to point me in the right direction.

The purpose is to determine if this document is genuinely from 2004 or recently modified

Many Thanks

I am interested in finding out if a lawyer has manipulated the will of my mother, who has since passed. He sent me a copy of it by email and wondering if there is any way to forensically inspect the document? I saw a previous answer that said you could go into "inspect" the document to detect changes? Please any info appreciated!

Would facebook provide any evidence under any circumstances if copies of a users posts etc were required, and to whom would they release this information, e.g. only law enforcement?

Also if a user deleted a post - would FB be able to prove a post ever existed?

does anyone know of a free tool which can pass the internet explorer history stored in WebCacheV01.dat and WebCacheV24.dat files to see which sites a user has visited? there were loads of tools for older IE releases, with the index.dat format, but not found much for the newer ESE databases

Hi there,
Please can you help me? On my Android Samsung Galxy S6 are stored files under /userdata/data/com.microsoft.office.word/app-EmailAttachments.. So, I know what this files are but I don`t know how the names of the files are generated.
i.e. /app_EmailAttachmentseaa8ac15-baaf-4675-9f6a-9698e54f0108. This file name belongs to a pdf i have sent. What does the string "eaa8ac15-baaf-4675-9f6a-9698e54f0108" in the file name mean?
Thx

Greeting Experts,

I need help locating a software that is able to take a snapshot of a remote computers H/D without the end user knowing it. I have been searching the internet and have not found anything so far. Can somebody recommend software that is able to do this type of function?

are there any free tools which could scan a drive on a file server for potential inappropriate images, based on a nudity type calculation. I know these things exist in forensics communities but I have yet to see anything that is free. we need to do a quick scan to ensure one of our employees has not stored any inappropriate material on one of our file servers.

OSXPmem version 2.0.1 will successfully dump to AFF4. However, we need RAW. I found references to a -format flag in various blogs but "-format" is not evident in the OSXPmem man page and entering the flag throws errors. OSXPmem is not really designed to dump to RAW but supposedly it is possible. I just can't get it to work.

My AFF4 dumps are around 12 GB. I attempted to convert these AFF4 dumps to RAW using this command:

bash# osxpmem.app/osxpmem -e /dev/pmem -o Memory_Captures/mem.raw Memory_Captures/mem.aff4

Multiple different copies of my AFF4 memcaps converted to new files sized at exactly 2.06 GB and then stalled with “Imaging failed with the error: -8”. Googling this error yields nothing.

There's very little documentation on OSXPmem and virtually zero support. It looks like you can only use OSXPmem dumps with Rekall. Any suggestions appreciated.

Let's say there's malware running on the Mac in OS 10.9. This malware launches whenever the computer is booted and/or connected to the Internet. Will upgrading the operating system to 10.11 have any effect on the malware, that is, will the upgrade force the removal of the malware?

If there's no other change to the system other than the OS installation, will the malware continue to launch on boot after the upgrade is installed?