Every digital file carries attributes beyond its visible content. This module teaches deep-dive analysis of file metadata, hidden layers, and structural properties that reveal a file's true history.
File Structure Analysis
Different file formats store metadata in different ways. JPEG uses EXIF segments, PNG stores text chunks, PDF has an info dictionary, and DOCX embeds XML properties. Knowing where to look in each format is the first step in thorough examination.
Image Formats
EXIF, XMP, IPTC, ICC profiles, thumbnail data, GPS coordinates, camera settings, lens info.
Document Formats
Author, creation date, revision count, editing time, application version, template source.
Video/Audio
Container metadata, codec info, creation timestamps, encoding software, chapter markers.
Identifying Synthetic Content Markers
AI-generated images and documents often carry telltale metadata signatures. Generative models may embed model identifiers, lack camera-specific data, or show impossible timestamp patterns. Learning these markers helps distinguish authentic content from synthetic.
Metadata Consistency Checks
Authentic files show internally consistent metadata. A photo claiming to be from a Canon EOS R5 should have lens data, autofocus info, and a color profile matching that camera. Inconsistencies between metadata fields are strong indicators of manipulation or fabrication.
Warning
Metadata can be stripped or edited. The absence of metadata is itself significant — most legitimate photos retain their EXIF data, while manipulated or AI-generated images frequently have stripped metadata.
This deep-dive builds on Metadata & Provenance Analysis and provides the investigative skills needed for Forensic Image Analysis.