The BTK killer was caught with metadata. Geotagging can unintentionally help poachers find endangered animals, and metadata can reveal hidden layers in images.
What Is It?
Metadata is data about the data! Generally, it falls into three families: Structural, descriptive, and administrative. Structural metadata is about the conditions under which a picture was taken, or a document was made. When you take a picture, the information about the device (what kind and what camera, time, etc.) is stored in that picture. Video length and picture quality are also forms of structural metadata.
Descriptive metadata is data attached that doesn’t necessarily blend with the data inside the document: it’s data purely to make locating things easier. An ISBN is metadata about the book – it’s the book’s identification number, and it’s an identifier that humans have attached for the sake of control and ease of access. The Dewey Decimal system attaches even more data because under it, you can identify what a book is about based on it’s ID number alone.
Administrative metadata contains information about who created files, when they were moved, and when they were edited. When you type in an up-to-date word processing program, most of the time, the computer will know which user profile did the typing. It’s also the information about copyrights and where the picture came from originally, which is useful for tracking down leaked photos from services like Patreon. Keeping the art and comics exclusive to Patrons is what keeps it viable. This is administrative metadata.
EXIF DATA
EXIF data is data that’s stuck to an image, but it depends on file type – not all kinds of images have EXIF data. With the right program, you can see into the EXIF data, because the file essentially has layers hidden within it. This is great for the scenario above, where a Patreon content creator may be trying to track down a picture leaker. First, they gradually narrow down who receives a certain tag on their comic, and make those groups progressively smaller. Eventually they get to the specific tag and user who’s been posting their content elsewhere. There are other, more foolproof methods, such as putting something visually different (but minor!) in the comic so it can’t be deleted (EXIF data can be) but it’s certainly a good first option. It also helps with criminal investigations and copyright claims for similar reasons.
Geotagging
When you post a photo online, you should also check your phone’s settings to be sure Geotagging is off. Geotagging is another form of metadata, and it’s where the phone attaches a location to the image. Families on vacation taking a picture of a rhino and posting it right away can lead poachers to its location. The same applies to the inside of your house. Some apps, like SnapChat, will use geolocation tools that can tell friends where their buddies are on a map, but at least that’s much less subtle.
Instagram and Facebook both scrub the EXIF data from pictures before uploading them, but places like Flickr and Shutterfly do not. It’s a double edged sword – you’ll have to keep geotagging off for Flickr, but you won’t have to worry about the copyright info disappearing from the pic. Facebook strips all the location and photography info, but hidden copyright is gone too. Choose wisely – and maybe use a watermark.
Deleted Docs and Recovery
The reason data recovery is even possible is because stuff isn’t deleted deleted until it’s been written over with something else. Free space isn’t empty space, it’s just space the computer is allowed to write on. This is why you need to start the data recovery process as soon as possible after a major loss. The data’s not necessarily gone unless the drive itself was destroyed, and you may have a chance to recover it. This is metadata in action!
As mentioned above, metadata can also be used to identify the age, previous locations, and editors of a document. If a document is older than the event it’s supposed to be covering, you know for sure something’s wrong.
Document recovery tools and data forensics are two groups that go hand-in-hand. This article is very technical, but it goes over a lot of interesting information: here. It does a better job than I could of describing what the tools do. In basic terms, a metadata-based recovery tool finds where the file used to be stored using the directory. It then copies that entire chunk, including hidden bits, and reconstructs the file based on that. This isn’t a perfect explanation, so if you’re interested, go ahead and read that study.
BTK and Metadata
Metadata once famously led to the capture of Dennis Rader, the BTK Killer. He’d used a floppy disk that had previously held a document from the church he worked at. The last person to modify it (which would have been the person to delete the document) was “Dennis”. Between that and DNA evidence found at a scene he confessed to, he was trapped! He’d sent the floppy in after they told him he’d be anonymous still, and the police weren’t technically lying. They expected him to use a fresh disk, in which case they’d have never been able to track it back to the church.
Sources:
https://www.kaspersky.com/blog/exif-privacy/13356
https://www.theatlantic.com/technology/archive/2014/01/the-floppy-did-me-in/283132
What is Photo Metadata
https://eudl.eu/pdf/10.4108/eai.13-7-2018.163091
