Digital Forensics: What is Metadata and Why is it Important?
The simple definition of Metadata is that it is data that describes other data. Metadata is information stored within a document, but not visible by just looking at a file...a sort of electronic “fingerprint” that automatically adds identifying characteristics. Types of metadata can include: Time and date of creation Program or processes used for the creation of the data Purpose of the data Creator or author of the data Location on a device where the data was created Technical standards used File size Data quality Source of the data Modifications or programs used to modify the file Metadata can be found in different places. For example, Metadata from a digital photograph could include information such as the date/timestamp of the image, the camera make and model, image resolution, the location in latitude/longitude and much more and this data would be stored within the file itself. Additional metadata could reside in the device where the image is found such as the created, modified and accessed timestamps as well as the user or users that have permissions to access or modify the file. In addition, every time you create, open or save a Microsoft Word document, hidden information is created and stored within the document that you may not want others to obtain. Hidden information can also reside in other Microsoft applications such as Excel and PowerPoint. Additional Information: Digital Evidence Case Assessment Method IRIS LLC Digital Evidence Toolbox Digital Evidence Innocence Initiative