PDF Forensic with MPeePDF
Summary
This documentations goal is to illustrate the use of the tool MPeePDF which can be used to do PDF forensic work. The goal of PDF forensic is to analyse documents and determine if a malicious activity is conducted.
Requirements
- Operating system: Ubuntu 20.04
- Packages: git, python2
In order to complete these steps, you must have followed python2 install guide before.
Description
Step 1
Enter these commands in the shell to start an analysis of a document.
python2 mpeepdf.py [your.pdf]
This will scan the document and output general information about the document and their contents. You can also go into the console to execute further commands. Just add the -i parameter.
python2 mpeepdf.py -i [your.pdf]
Step 2
While inside the console, you can lookup more things like metadata, specific information about streams and objects and much more. To see all available command type in help into the console.
Step 3
Inside the console are many options to analyse your document. You can start by looking at the metadata of the file by typing in:
metadata
If you want to look at specific objects or stream typ in:
object [1] stream [1]
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)