Metadata - Telling the story

The objective of this post is to provide an understanding of the importance of metadata as part of forensics evidence gathering process and in inferring conclusions relating to the evidence at hand. In many cases, metadata can tell you enough about an individual to make you draw clear conclusions and understand patterns within his or her life. To clearly understand the importance of metadata, one can simply look at the role it plays in the operation of organizations such as the NSA. It is reported that the NSA stores metadata for millions of users, with the objective being to build profiles of US Citizens (Ball, 2013). To learn about metadata in images multiple tools can be used. Some of these tools are exiftool which is part of the Kali Linux distro, exif which is found at http://regex.info/exif.cgi and Windows Explorer file properties viewer, which is part of Windows, etc. For the purpose of this post, I will use
http://regex.info/exif.cgi.

By looking at this picture there is little you may be able to glean. However, by looking at the metadata, we can learn quite a lot more about this picture.

Let's answer the following questions


1.    Date and time the picture was taken?

From the above image we can see this image was taken on "2015:08:01 19:38:50"
2.    Device used to take the picture?
From the above we can see that the device used to take this photograph is a BlackBerry Z10.

3. Did the flash go off when the picture was taken?

From the above we see the flash did not fire along with it being configured to "Auto".

4. What city was the picture taken in? To understand this we need to look at the location data.

Now that we have the GPS data (note location services was on for this photo along with Geo Tagging was also enabled), we can see below that "http://regex.info/exif.cgi" has determined that the location guessed from the coordinates is "4741 Corfield Road, Niagara Falls, ON L2E 6X8, Canada"

Using the data from the location services it successfully pinpointed on the map where this photo was taken.

5.    What was the weather on that particular day in that location?
Now that we know where the photo was taken, along with the date and time it was taken, let's determine the weather at this location on that specific date.

Using data from The Weather Network we see that the average temperature on the date August 1, 2015 was 19.8 degrees celcius.

 














Conclusion

There is a lot more we can learn from this photo. However, the point to note is there is always more to what the eye sees when it comes to digital data. Be aware of what you don't see, it may actually be telling more of a story than what you actually see. By putting together multiples pieces of the metadata puzzle, you may be able to determine and or predict someone's next move.

References:

Ball, J. (2013, September 30). NSA stores metadata of millions of web users for up to a year, secret files show . Retrieved from theguardian.com: http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents
http://regex.info/exif.cgi.
http://www.theweathernetwork.com/weather/historical-weather/canada/ontario/niagara-falls