PDF Forensic with MPeePDF

From Embedded Lab Vienna for IoT & Security
Revision as of 11:11, 20 December 2021 by EDogan (talk | contribs) (→‎Step 3)
Jump to navigation Jump to search

Summary

This documentations goal is to illustrate the use of the tool MPeePDF which can be used to do PDF forensic work. The goal of PDF forensic is to analyse documents and determine if a malicious activity is conducted.

Requirements

  • Operating system: Ubuntu 20.04
  • Packages: git, python2

In order to complete these steps, you must have followed python2 install guide before.

Description

Step 1

Enter these commands in the shell to start an analysis of a document. 

python2 mpeepdf.py [your.pdf]

This will scan the document and output general information about the document and their contents. You can also go into the console to execute further commands. Just add the -i parameter. 

 python2 mpeepdf.py -i [your.pdf]
alt text

Step 2

While inside the console, you can lookup more things like metadata, specific information about streams and objects and much more. To see all available command type in help into the console.

All Options available

Step 3

Inside the console are many options to analyse your document. You can start by looking at the metadata of the file by typing in: 

 metadata
alt text

If you want to look at specific objects or stream typ in: 

 object [1]
 stream [1]
alt text

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

References

Retrieved from "https://wiki.elvis.science/index.php?title=PDF_Forensic_with_MPeePDF&oldid=8593"