Tuesday, November 26, 2013

Introducing MetaDiver!

I'm pleased to share a program I have been working on for the past few months. MetaDiver extracts metadata from known files such as Office Docs and PDF's using the Windows Shell. Really anything Shell has a dll registered for in theory... It spits out a nice spreadsheet or delimited document with the attributes you are interested in. With more features planned in future releases I'm really excited about the simplicity and power of this product! This isn't a forensic tool in that it doesn't parse the file but it's a great way to take metadata that is a pain to review in most Forensic and IR tools and make it much easier to work with. It's also a great sanity check against your tools. You should be able to mount an image with your favorite tool and point this guy to the files your are interested in. However I have only tested against data on my hard drives that has already been exported using my favorite forensic tools. If it's more than 10-20 documents it could take a while to finish which it percolates so just be patient, grab a beer or coffee and give it time to get through everything. It will tell you when it's done!



Download v1.0.7 or click here.

Info: Right now it's just zipped up without an installer, I hope to add one soon. Just download, unzip and keep the files in the directory with the exe.

Requirements: Windows 7 or later and .NET 4.0.

Please send feedback if you like it, hate it, whatever.

Enjoy!
ddym@redrocktx.com