Wednesday, November 27, 2013

Daily Blog #157: Metadiver!

Hello Reader,
            Another tool from our lab has escaped into the light of day. David Dym on his RedRock blog has posted up the first version of Metadiver, http://redrocktx.blogspot.com/2013/11/introducing-metadiver.html. Metadiver was born out of the frustation of most forensic suites inability to display all the relevant metadata embedded with many of the file format available today.

What metadiver does is call shell32 to query all the metadata fields the driver for that file type makes available, recurses through directories in doing so and then writes it all out so you can quickly review for the metadata your interested in. You should give the tool a shot and see if you find some metadata your tools aren't showing you.