Metadata is data about data, i.e. information about other information. Metadata erasure is the removal of metadata. Metadata resistance is the ability of a digital system not to create metadata in the first place, or to encrypt the metadata it creates so that it cannot be read by an adversary.
Examples of metadata include:
- An image file can embed information about when it was taken and the camera or phone that took it.
- A PDF file can embed information about the computer that created it.
- An email embeds the email address that sent it and the email address that received it.
- A printed document often has an invisible watermark[1] that identifies the make and model of the printer that printed it.
For digital files, metadata erasure can be accomplished using MAT2[2] or similar software. Some security-oriented operating systems include metadata erasure tools by default.
Examples of metadata resistance include:
- Using a dedicated operating system (e.g. a Tails[3] stick) to create or modify digital files so that information about the operating system you normally use is not embedded in the metadata of the files.
- Using metadata-resistant messaging applications.
See AnarSec's guide “Remove Identifying Metadata From Files”[4] on how to remove metadata from digital files.
Techniques addressed by this mitigation
| Name | Description | |
|---|---|---|
| Forensics | ||
| Digital | An adversary can use digital forensics to retrieve and analyze metadata. To mitigate this, you can erase metadata from files before publishing them online or sending them to others. | |