Sign in Subscribe
Writings

Metadata - Exiftool

Yani Diagne

4 min read
Metadata - Exiftool

During my Digital Forensics class, I came across a tool called "Exiftool". After researching what this tool is for and what you can do with it, I was pretty impressed. Not only do I think that understanding the functionalities behind it is easy to understand, but it also gave me a deeper insight into metadata which ultimately leads to a better understanding of both.

A common definition of metadata is that it represents general information about data. It identifies attributes and it sort of describes the structure of the specific dataset. These attributes represent the data the document was created, its author, the GPS locations, file size, and much more. To simplify, the metadata contains a description of the content of the data. Data is a very broad term, so to make it easier to understand, the following are examples that include metadata:

  • Web pages
  • Files on your computer
  • Videos
  • Pictures
  • Audio files

Those are only a few examples of data that contain metadata. Metadata is almost everywhere which is why it is so important to understand its purpose.  

It summarizes all the basic information of the data instance which, therefore, makes it easier to find. This means that is incredibly helpful if you are looking for specific data in your system. Let's say I am searching for a document that I stored on my laptop but I cannot remember where I stored the file. If I simply type in some attributes of that file, which is the metadata, then I can quickly locate the specific document, since the metadata is stored within the file.

It is not only used to find particular files on your computer. Search engines use metadata to decide a website's relevance. This is done with meta tags. If you do a google search you get a listings page. The first you will see is the title and then a meta description. The meta description is a meta tag. The information of a meta tag is written in an HTML document of the webpage.

Usually, metadata is created automatically. However, you have the possibility to create it manually, which can be beneficial since you are in control and you can accurately describe your file. The benefit of metadata being created automatically is that information such as creation date, author, or file size is already generated.  

Metadata is written in a way that humans and machines can both understand, which makes it easy to operate between various systems or applications.

There are various types of metadata including the following:

  • Structural metadata: Relates to the organizational frame of the data. Gives details about its structure and how similar bits of information are stored and what they mean. For example, information on how pages are organized in a book to form chapters.
  • Descriptive metadata: Identifies certain attributes of your data such as a title of a picture or video.
  • Administrative Metadata: This allows the administrator to govern access control, meaning he is the one that can change and distribute data access and user permission, Also he manages the data resources including details about date creation, file size, and more.
  • Legal metadata: Provides information on copyrights or licensing.

This is how metadata looks in a web browser:

So what does all of this has to do with Exiftool?

Exiftool is a tool that I personally use in Kali. You can use it to work with metadata, straight from the command line. Not only can you read the meta tags and the various attributes, but you can change the data as well.

For this blog post, we will use a simple approach and show you how you can change the metadata of your files.

I downloaded a picture on the internet and I want to see more information about the origin of this picture.

After downloading and locating the picture in my file system I use the following command to look at the metadata: exiftool <filename>

The information displayed above is the result we get from typing in the command.  As we can see, we were able to access the attributes of the data, showing us the date it was created, its file size, and much more.

Now, with Exiftool, we can change some of this data and manipulate the document. Let's change the dates and the file name.

Use AllDates:

Command: exiftool -AllDates="1999:01:01 10:00:00" <filename>

The command AllDates refers to the following Fields: Modify Date, Date/Time Original and Create Date.

As you can see we were able to successfully manipulate the picture.

I am getting a little tired of always typing in the name of the file. It is long and very unhandy when frequently using it. Let's change it!

Use FileName:

Command: exiftool -FileName="pic1" <filename>

We change the previous name of the file from "109128309_268e279da8_o.jpg" to "pic1".

As you can see, the previous name of our picture cannot be found by Exiftool, because it does not exist anymore.

When I look for "pic1" I see that the same picture is there, with the adjusted file name. Exiftool did not overwrite the original document, but it created a new file "pic1".

Sign up for more content.

Enter your email
Subscribe