Add article: Removing Your PDF Metadata & Protecting PDF Files

2025-01-10 23:29:34 -05:00 · 2017-12-08 22:43:06 +07:00 · 2017-12-08 22:43:06 +07:00 · 27e1335020
commit 27e1335020
parent 76991d8b37
1 changed files with 36 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -7,6 +7,7 @@ My curated list of awesome links, resources and tools

 - [My Awesome](#my-awesome)
 - [Articles](#article)
+    - [Anti Forensics](#anti-forensics)
    - [Malware Analysis](#malware-analysis)
    - [Tutorials](#tutorials)
 - [Tools](#tools)
@ -28,6 +29,41 @@ My curated list of awesome links, resources and tools

 ## Articles

+### Anti Forensics
+
+- [Removing Your PDF Metadata & Protecting PDF Files](https://blog.joshlemon.com.au/protecting-your-pdf-files-and-metadata/)
+    - This guideline used `exiftool` to gather metdata. `qpdf` and `pdftk` for cleaning
+    - The function below can be used to remove metadata and create new encrypted PDF with 128-bit AES.
+
+```sh
+strip_pdf() {
+ echo "Original Metadata for $1"
+ exiftool $1
+
+ echo "Removing Metadata...."
+ echo ""
+ qpdf --linearize $1 striped1-$1
+ exiftool -all:all= striped1-$1
+ qpdf --linearize striped1-$1 striped2-$1
+ rm striped1-$1
+ rm striped1-$1_original
+
+ echo "New Metadata for striped2-$1"
+ exiftool striped2-$1
+ echo ""
+
+ echo "Securing striped2-$1...."
+ password=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 40 | head -n 1)
+ echo "Password will be: $password"
+ echo ""
+ qpdf --linearize --encrypt "" $password 128 --print=full --modify=none --extract=n --use-aes=y -- striped2-$1 striped-$1
+ rm striped2-$1
+
+ echo "Final status of striped-$1"
+ pdfinfo striped-$1
+}
+```
+
 ### Malware Analysis

 - CCleaner's backdoor analysis