03 File Metadata Demo

Topic Progress:

When we analyzed the timestamps on FileA, FileB, FileC and FileD, we were able to see a timeline of file events. Is there any other information we can get from these files? What can we learn from their metadata?

FileA

MAC times – we already have these from our image timeline analysis.
File type – we already have this from our file signature analysis.

Metadata Demo Pic 1

Image description – strange that it contains a lot of numbers; we’ll investigate this later.

Metadata Demo Pic 2

Make and camera info – Samsung, SM-G900V. This can be evidence if a suspect owns this camera.
Date/Time original + creation date – this refers to when the photo was originally taken; it stays the same even if photo is modified.

Metadata Demo Pic 3

GPS Latitude/Longitude: 38° 52’ 52.52” N, 77° 1’ 47.92” W. This can give us information on where a photo was taken.

Metadata Demo Pic 4

FileB

MAC times – we already have these from the image timeline analysis.
File type – we already have this from the file signature analysis.

Metadata Demo Pic 5

Description – like FileA, it contains a lot of numbers; we’ll investigate this later.
Source + software – camera information repeated.

Metadata Demo Pic 6

FileC

MAC times – we already have these from the image timeline analysis.
File type – we already have this from the file signature analysis.

Metadata Demo Pic 7

FileD

MAC times – we already have these from the image timeline analysis.
File type – we already have this from the file signature analysis.

This file was created from fileA, but it’s missing a lot of the same metadata.

Metadata Demo Pic 8