Time
4 minutes
Difficulty
Intermediate

Video Transcription

00:07
Welcome to breaking stuff with Robert today. We're going to be going over. Pdf I d. Now pdf I d. Is a tool that's used for looking through pdf documents for characteristics, like whether or not John the script is built into it and could be executed or some type of action that could happen upon opening
00:25
number of pages, kind of a high level
00:28
metadata view of the pdf documents in, like, a directory or a single file. It's not a poor sir, So there is a separate tool that you can use for parts in pdf once you identify that, the documents that you want to look for certain characteristics or words in
00:43
and things of that nature. But this tools really to kind of get you started a CZ you're identifying potential pdf that you want to use the parcel against. Now target on Ian's here. Network administrators looking too quickly search for PdF so certain characteristics
00:58
and digital forensic analysts looking to identify pdf that could be used as evidence and that they would want to do further testing on
01:04
some prerequisites. Here would be some basic I t terminology. So we're gonna talk, you know, using some acronyms and things of that nature. And if you're not for me, it was my job description. What that is or what you know, pdf is there's nothing wrong with that. It's just that that might be beneficial and better understanding the content of this video
01:22
and then some funding mental knowledge of the Cali Lennix command line
01:26
and how it could be utilized. So with those things in mind, let's go ahead and jump into our demo.
01:33
All right, everybody, welcome to our handy dandy lab environment. Today we're going over P F I D. Again, this is a PDF forensic tool that does some basic gathering of information within, like, a directory or a single pdf file to kind of help you understand whether or not you're gonna need to use some type of
01:53
parsing tool or what have you within those documents. But this is kind of a high level tool that can give you a rundown on some of the characteristics.
02:00
If we had a large number of PdF documents that we needed to look through, so let's go ahead.
02:05
I've already created a directory here and some test PDF documents to give you an idea
02:09
of how we can use the tool.
02:14
And if you do PDS I d
02:16
and then help Dash H gives you some syntax here. As you can see, you can scan a given directory, display all the names, show on this health message again, et cetera. So a few things here you can even output the information.
02:32
So in this case, I want to scan that directory. So we're gonna do PT f i D.
02:38
And then we're gonna do scan directory. Uh, this is in the desktop
02:46
hand. As we can see here,
02:49
it gives us two things. So for the test dot pdf, which is here tells us it's not a pdf document and for dot pdf to it gives some information. So looking at this,
02:59
you can see here we created this in a manner that it wasn't an actual PdF. It just looks like it.
03:04
And then
03:06
this document actually functions.
03:07
So, looking over some of this data, it tells you like,
03:12
uh, some information regarding the content of the pdf at a high level.
03:16
And so the page is an indicator of the number of pages within the document.
03:22
The encrypt indicates of course encryption you that Java script. So it indicates whether or not that's there, so it could be a malicious. Pdf has some Java script built into it.
03:32
Rich media kind of fur embedded flash things of that nature. Um,
03:38
so there's just a number of items here. These were just basic because I didn't do much with these documents. But again, if you've got 2030 40 50 p d efs and you need to maybe output a number of things and you're looking for Java script specifically or for things that are encrypted and require password to open, those might be flags
03:55
to get you started in your investigative activities.
03:59
So with that in mind, let's go ahead and jump back over to our slides.
04:04
All right, well, I hope you enjoy that demo, a pdf I d. And some of the things that it could be useful with respect of finding specific characteristics and PdF documents and even identifying documents that may be posing is PDS. But they're actually not. So with those things in mind, I want to thank you for your time today, and I look forward to seeing you again soon

How to Use PDFiD (BSWR)

This tool scans a PDF file for certain keywords and identifies PDF documents that contain executable code inside the file eg, JavaScript.

This Python-based tool is easy to use and also handles name obfuscation.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor