Extraction of metadata

6 May 2023 8 minutes Author: Cyber Witcher


Metadata is a means of classifying, organizing and characterizing data. Simply put, metadata is data about data (about its composition, content, status, origin, location, quality, formats, volume, access conditions, copyright, etc.). We send emails or files every day. Each such message has not only the content, but also the date and time of sending, indication of the sender and recipient, the type of attachment, its volume and other characteristics. This is metadata. Originally, this term meant a means of cataloging archival information: library catalog cards include systematized data about each book, including the title of the book, its author, genre, abstract, etc. peace. Essentially, you’re generating metadata right now. Any file, phone conversation, Facebook post, video, or money transfer through a banking application has metadata. We often overlook them because our attention is naturally focused on the content.

But metadata is inseparable from the data itself—it’s hard to imagine a document that doesn’t have a creation or edit date. Having the ability to filter metadata makes it much easier to find a particular document, file or content, because it contains more valuable information than it might seem at first glance. Metadata can be used to track down a person or to obtain incriminating information on him, completely changing his life. Different people and organizations have access to your metadata that is transmitted over the Internet. It can be both marketers and hackers with government agencies. For example, the headers of letters can be available not only to the sender and the addressee, but also to postal providers and even special services. The owner of the site you visit can learn not only your IP address, but also the version of your browser and operating system. This is because metadata is often publicly available and not protected.

Metadata is data about the data itself

Metadata — information about other information or data relating to additional information about content or an object. Metadata reveals information about features and properties characterizing any entities, allowing them to be automatically searched and managed in large information flows. Any type of file (sound, text, image, video) has its own metadata standard. For digital photos, mostly use:

  • File characteristics – parameters are stored and are an integral part of the photo;

  • IPTC (International Press Telecommunications Council) – photo description and copyright information;

  • EXIF (Exchangeable Image File Format) – technical information about the details of the shot taken by the camera;

  • XMP (eXtensible Metadata Platform) is a standard developed by Adobe that allows you to include any information.

The most widespread among metadata is the EXIF standard, which is an integral part of digital images and contains a complete description of the camera settings:


  • Витримку

  • Діафрагму

  • Значення ISO

  • Баланс білого

  • Розмір матриці

  • Фокусна відстань

  • Режим експозиції

  • Дату та час зйомки

  • Схему стискування

  • Значення яскравості

  • Інформація про автора

  • Дані про цифрове середовище

  • Географічні координати

  • Ім’я та версію ПЗ (камери)

  • Орієнтація камери

Any option listed and not included in this list has a specific category and format. A key factor in metadata is a clearly organized structure that allows both humans and machines to read the data. Such separation allows working with a huge amount of information in a short period of time, using the received metadata for automatic collection, storage, search, processing and merging. A clear example is, for example, the Google Images service. It is enough to add any photo and the search, thanks to metadata, will show identical or similar images in terms of objects, structure, content, color design, etc.

1. As an example, let’s take a photo and open its properties by pressing the PCM:

2. In the window that opens, go to the “Details” tab:

In addition to technical metadata, this window also contains a number of other sections:

  • Опис

  • Камера (EXIF)

  • Джерело (IPTC)

  • Файл (технічні дані)

  • GPS

  • Розміри зображення

In the GPS section (not displayed on all photos) you can see the coordinates:

The second option for viewing geographic coordinates is just as simple and even more accessible, because the map is loaded immediately and you do not need to take additional actions (on Windows 10, on others, maybe not everything is so rosy):

1. Download the photo to your computer.

2. Open the image in full screen mode. In the top menu, find settings and go to the “File info” section:

3. Now, in addition to the photo, a mixture of metadata, both technical and EXIF, is displayed:

At the bottom of this window, you can see the “Location” section, where the city in which the photo was taken is indicated and a map thumbnail with the coordinate point is displayed. If you click on the Open Map link below the thumbnail, the map will open in full screen mode and you can take a closer look at the shooting location. Metadata extraction on Linux through the terminal can be done using the ExifTool program, but first let’s talk about Metagoofil – a program for finding and downloading files from a target site:

And we look at the parameters available for use:

Administrators of state websites do not bother with their work at all, and therefore, for the sake of clarity, let’s try using the example of the state. website:

After the -d option, we specified the target domain. Then set a limit (-l) on the number of search results to 50, and the same number (-n) for downloading found files. Then we added the file extensions (-t) that are interesting to us, here it is worth choosing, depending on the specifics of the target site. That is, In my example, it is obvious that the most relevant for such a site are PDFs, documents and tables. And, at the end (-o), we indicate the folder where we will save the files. Start and wait for Metagoofil to download the found files.

And now we will launch ExifTool and get metadata from the found files. Here it is necessary to take into account that metadata will have to be extracted separately from each file extension.

The second option is that we first download documents from the target site, and then the utility will automatically analyze them and issue a file with a report. The directory and result file will be placed in the metagoofil folder:

How to catch a metadata maniac

Let’s start with one cinematic stupidity, which later became a stereotype. Many people think that maniacs kill and leave messages because they want to be caught. Take the same Jack “the Ripper”, who was the first in history to start correspondence with a citizen chief, or the “zodiac” – the most famous of the uncaught killers, who left encrypted messages. For example, one of its last ciphers was solved by programmers quite recently – in 2020, but unfortunately no useful data was found there.

Seems like they really want to get in, huh? Psychologists have concluded that this behavior occurs due to the long duration of murders committed by a maniac. He is so self-confident that he gradually gets rid of the fear of being caught and the feeling of his elusiveness increases. All this was a lead-up to the “S.P.U. strangler”, where the abbreviation in turn means “Tie, Try, Kill”.

Once he sent the following appeal to television:

In addition to this appeal, a diskette was also sent:

Well, the police took it, and calculated it according to metadata.

How to remove metadata

Now let’s talk about how to delete metadata so as not to become a victim of an attacker and leak personal data.

1. Right-click on the file and select “Properties”, then “Details”. Select “Delete properties and personal information”.

2. Click the button Create a copy with all possible remote properties. Select OK and that’s it.

Note that this option will create a copy of the image file without metadata. The original file will remain on your computer unchanged. If you don’t want to make a copy and just clean the file, select Remove the following properties from this file in step 3. Then select the items you want to remove individually, or click Select All to remove all items before clicking OK “. The creation date remains, while the other option replaces the creation date with the current date. If you want to make sure you remove the creation date, you’re better off creating a copied file and then deleting the original.

One of the popular programs for removing metadata in Windows is FileMind QuickFix. Here’s how to use this program: Download and install the program from a reputable software site. Drag and drop the files you want to clean up into the FileMind QuickFix interface. Click the Quick Metadata Fix button in the lower left corner. As soon as the program finishes cleaning the data, you will see that the new file will appear in the same folder as the original one. By default, the program creates a copy of the source file. This is fine if you want to have access to the metadata, but if you don’t want to keep the original, this can be changed in the app settings.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.