Meta, which means
"beyond," is a prefix that denotes a notion that is an abstraction of
another entity. This translates to indicate that metadata is "data beyond
the data." Metadata, then, is data about data or information about information.
In order to make other data easier to find, understand, and use, metadata
organises and characterises that data.
The details of other
data may include the creator of a certain piece of data, the date it was
created, the file size, and the date it was edited. Finding a specific
document is made simpler with the help of this information.
Usage for Metadata
- Metadata enables users to:
- Locate resources using pertinent criteria
- Determine resources
- Converge comparable resources
- Differentiate between resources; and
- Find the location of the information
Typical forms of Metadata
Metadata may be
divided into the following categories:
Descriptive Metadata
Author, title,
abstract, and keywords are frequently included in descriptive metadata, which
provides information about a file's contents.
Structural Metadata
The link between
various pieces of data and how they are put together are both areas covered by
structural metadata.
Administrative Metadata
Administrative
metadata includes information about ownership, rights administration, and other
technical details like the application that was employed.
Preservation metadata
Metadata preservation
assists in the administration and preservation of information resources. These
sorts of metadata also include processes like data transfer and refreshing that
are required to preserve both the digital and physical copies of resources, as
well as record of the physical state of a specific piece of information.
Documenting modifications that take place during preservation or digitisation
is another use of preservation metadata.
Technical Metadata
Technical metadata is
data that demonstrates how a system or piece of metadata acts. Technical
digitization data like as formats, scaling procedures, and compression ratios
are included in such metadata, as well as documentation for software and
hardware. Technical metadata also includes data on security and authentication,
such as encryption keys and passwords, as well as tracking of system response
times.
How are Metadata Produced?
How are Metadata used in Forensic?
Metadata essentially
enables digital or computer forensic investigators to comprehend the
"traces" and history of an electronic file. These digital traces must
be appropriately kept because they are delicate. Consider how carefully genuine
physical evidence must be handled at a crime scene to prevent contamination,
missed cues, and evidence manipulation. The same care must be taken with
metadata.
The following are
some instances of metadata that might be useful in a criminal investigation:
- Recover file names, extensions, creation, modification, and access dates for each file.
- History of executions, errors, records read and written, etc.
- Dates of the file's creation, modification, and access
- Access all of the data included in a document.
- See a document's hidden information
- Show evidence of your collaboration
When using digital
forensic analysis as the basis for a lawsuit, the legitimacy of the evidence
must be reliable, and metadata can assist establish its provenance. For
example, files that have been relocated from their original contexts are seen
as less reliable since there is a chance that the data may be altered if it is
not present on the original device. Because of this, the majority of digital
forensic professionals picture devices before evaluating the data they contain
in order to preserve everything in its original setting. Additionally, having
imaged copies of the original devices enables experts to evaluate the
reliability and effectiveness of files generated from other sources in court by
contrasting and contrasting them with those from the original devices.
Forensic Analysis of Metadata
Data may take on a
variety of shapes. Databases, word documents, photos, full websites, emails,
and chat sessions may all include data. The list might go on forever, but this
is what necessitates the use of metadata. In addition to having access to a
range of software, forensic scientists may investigate metadata using it. FTK,
Paraben, or Metadata Assistant are a few Windows-compatible
applications for metadata software. MacQuisition is frequently
used by those who favour Macs to carry out searches and other tasks on metadata.
Conformity of Metadata
The information made available by metadata may be crucial to an investigator in spotting any alterations or manipulation, and it aids lawyers in drawing conclusions about the case. When evidence is not properly verified or subjected to enough scrutiny during the inquiry, the investigation may also fail. Use of inappropriate tools, systems, or application errors during the collection of evidence, failure to report exculpatory evidence, misrepresentation of evidence, inability to recognise pertinent evidence, and falsification of evidence resulting in misdirection are some of the various factors that could affect the validity of the evidence. The legal professional must thus comprehend how digital evidence is gathered, as well as the connection between the gathering process and the validation of possible evidence.
Examples of situations where metadata might be crucial include:
It can assist in offering an alibi: Say you have to
provide evidence that your client was at home at 6 o'clock. She recalled
looking at a few emails on her own computer and downloading their attachments.
These would provide evidence that she was at home since the metadata would show
that the files were saved to her machine at that time.
Recognizing fraud: Due to some of the subpar design work
that was ordered, your customer is leery. When you look at the file's
information, you discover that the designer didn't work on it at all; rather, a
separate studio produced and worked on it, going against their agreement and
charging the designer's higher charge.
Proof of foreknowledge: A customer asserts
they were dismissed as a result of a colleague's deceptive email sent to their
supervisor. Their employer says that the correspondence didn't influence her
decision and that she just received it after your client was let go. But you
can see from the metadata that she received and read the email before your
customer was let go.
Finding the origin of a data leak: Tim insists that
despite having access to the papers, he didn't provide trade secrets to a
company's rival. You find out from the system's metadata that certain files
were transmitted while Tim was logged in and that a USB drive was connected in
for a short duration.
Metadata is brittle
- Launch a file
- Add a file to a different computer
- Put a file on a CD or DVD.
- Send an email
In reality, by just
starting a computer with evidence on it, you may change hundreds of files. If
you're attempting to establish when a privileged document was last accessed,
this might be an issue.
References
[1] S. Raghavan and
S. V. Raghavan, 2014. “AssocGEN:Engine for analyzing metadata based
associations in digital evidence,” Int. Work. Syst. Approaches Digit. Forensics
Eng., SADFE,
[2] J.Riley, 2017
Understanding Metadata: What Is Metadata, and What is it for?.
[3] A. Spore,
2016.“Report Information from ProQuest,” no. June,
[4] Subli, Sugiantoro
& Prayudi, 2017. “ Forensic Metadata to support the investigation process
of the "scientific journal DASI
[5] S. Raghavan and
S. V Raghavan, 2013. “A study of forensic & analysis tools,” 2013 8th Int.
Work. Syst. Approaches to Digit. Forensics Eng., pp. 1–5,
[6] F. Alanazi and A.
Jones, “The Value of Metadata in Digital Forensics,” Proc. - 2015 Eur. Intell.
Secur. Informatics Conf. EISIC 2015, vol. 8, no. 2011, p. 182,
[7] P. R. Kumar, C.
Srikanth, and K. L. Sailaja, 2016. “Location Identification of the Individual
based on Image Metadata,” Procedia Comput. Sci., vol. 85, no. Cms, pp. 451–454,
2016.
[8] L. Drive, M.
Hall, C. Hill, K. Woods, A. Chassanoff, and C. a Lee, 2013. “Managing and
Transforming Digital Forensics Metadata for Digital Collections,” 10th Int.
Conf. Preserv. Digit. Objects, no. November, pp. 203–208,
[9] R. Sharma and S.
Koshy, 2011. “Promoting Open Source Technology in Education : NetBeans : The
Perfect Open Source IDE,” vol. 4333, pp. 571–575,
[10] Y. Prayudi, 2014
“Problema Dan Solusi Digital Chain Of Custody Dalam Proses Investigasi,”April,
[11] U. Salama, V. Varadharajan, M.
Hitchens, and DUMMY, 2012. “Metadata Based Forensic Analysis of Digital Information
in the Web,” Annu. Symp. Inf. Assur. Secur. Knowl. Manag., pp. 9–15,