Posted on January 28, 2021 in Uncategorized

Metadata: What is it?

The BTK killer was caught with metadata. Geotagging can unintentionally help poachers find endangered animals, and metadata can reveal hidden layers in images. Metadata. What is it?

What Is It?

Metadata is the data about the data. Generally, it falls into three families: Structural, descriptive, and administrative. Structural metadata is what it sounds like, it’s data that has to do with the structure of the data. When you take a picture, the information about the device (what kind and what camera, time, etc.) is stored in that picture. Video length and picture quality are also forms of structural metadata.

Descriptive metadata is data attached that may or may not have to do with the data inside the document: it’s data purely to make locating things easier. An ISBN is metadata about the book – it’s the book’s identification number, and it’s an identifier that humans have attached for the sake of control and ease of access. The Dewey Decimal system attaches even more data by describing what kind of book the number’s attached to.

Administrative metadata contains information about who created files, when they were moved, and when they were edited. When you type in an up-to-date word processing program, most of the time, the computer will know which user profile did the typing. It’s also the information about copyrights and where the picture came from originally, which is useful for tracking down leaked photos from services like Patreon. Keeping the art and comics exclusive to Patrons is what keeps it viable. This is administrative metadata.


EXIF data is data that’s stuck to an image, but it depends on file type – not all kinds of images have EXIF data.  With the right program, you can see into the EXIF data, because the file essentially has layers hidden within it. This is great for the scenario above, where a Patreon content creator may be trying to track down a picture leaker. First, they gradually narrow down who receives a certain tag on their comic, and make those groups progressively smaller. Eventually they get to the specific tag and user who’s been posting their content elsewhere. There are other, more foolproof methods, such as putting something visually different (but minor!) in the comic so it can’t be deleted (EXIF data can be) but it’s certainly a good option. It also helps with criminal investigations and copyright claims for similar reasons.


When you post a photo online, you should also check your phone’s settings to be sure Geotagging is off. Geotagging is another form of metadata, and it’s where the phone attaches a location to the image. Families on vacation taking a picture of a rhino and posting it right away can lead poachers to its location. The same applies to the inside of your house. Don’t post pictures of valuables if people can find out where the picture was taken!

Instagram and Facebook both scrub the EXIF data from pictures before uploading them, but places like Flickr and Shutterfly do not. It’s a double edged sword – you’ll have to keep geotagging off for Flickr, but you won’t have to worry about the copyright info disappearing from the pic. Facebook strips all the location and photography info, but hidden copyright is gone too. Choose wisely – and maybe use a watermark.

Side Note: Don’t %#*& With Cats – and Metadata

It only took one unscrubbed photo from the Cat Strangler featured in Netflix’s documentary “Don’t %#*& With Cats” for his location to be compromised. Internet sleuthing leads to false convictions as often as it does real ones (see Sunil Tripathi) but in this case, metadata was one of the few pieces of the puzzle the online folks had that wasn’t circumstantial.

For those of you who haven’t seen the documentary, a Facebook group begins tracking down a serial animal abuser. The Cat Strangler eventually escalated to killing a man, and while seems like the police had been ignoring the Facebook group before, it’s more likely that the evidence was just… not that great. A blanket bought off of eBay that ships overseas isn’t the rock-solid proof the documentary portrays it as, but the metadata was! The Cat Strangler’s repeated comments in the actual group were also compelling evidence. That was incriminating, and it was info the police could use. Ultimately the group did help track the man down, and evidence gathered helped get him convicted, so it didn’t all go to waste.

Deleted Docs and Recovery

The reason data recovery is even possible is because stuff isn’t deleted deleted until it’s been written over with something else. Free space isn’t empty space, it’s just space the computer is allowed to write on. This is why you need to start the data recovery process as soon as possible after a major loss. The data’s not necessarily gone unless the failure was catastrophic, and you may have a chance to recover it. This is metadata in action!

As mentioned above, metadata can also be used to identify the age, previous locations, and editors of a document. If a document is older than the event it’s supposed to be covering, you know for sure something’s wrong.

Document recovery tools and data forensics are two groups that go hand-in-hand. This article is very technical, but it goes over a lot of interesting information: here. It does a better job than I could of describing what the tools do. In basic terms, a metadata-based recovery tool finds where the file used to be stored using the directory. It then copies that entire chunk, including hidden bits, and reconstructs the file based on that. This isn’t a perfect explanation, so if you’re interested, go ahead and read that study.

Side Note: BTK and Metadata

Metadata once famously led to the capture of Dennis Rader, the BTK Killer. He’d used a floppy disk that had previously held a document from the church he worked at. The last person to modify it (which would have been the person to delete the document) was “Dennis”. Between that and DNA evidence found at a scene he confessed to, he was trapped! He’d sent the floppy in after they told him he’d be anonymous still, and the police weren’t technically lying. They expected him to use a fresh disk, in which case they’d have never been able to track it back to the church.