ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.
Metadata is data about data. Metadata plays a number of important roles in computer forensics:
- It can provide corroborating information about the document data itself.
- It can reveal information that someone tried to hide, delete, or obscure.
- It can be used to automatically correlate documents from different sources.
Since metadata is fundamentally data, it suffers all of the data quality and pedigre issues as any other form of data. Nevertheless, because metadata isn't generally visible unless you use a special tool, more skill is required to alter or otherwise manipulate it.
Kinds of Metadata
Here are some kinds of metadata that are interesting in computer forensics:
- File system metadata (e.g. MAC times, access control lists, etc.)
- Digital image metadata. Although information such as the image size and number of colors are techncially metadata, JPEG and file formats store additional data about the photo or the device that acquired it.
File types that support metadata and extraction tools
- The Exchangeable image file format describes a format for a block of data that can be embedded into JPEG and TIFF image files, as well as RIFF WAVE audio files. Information includes date and time information, camera settings, locaiton information, textual descriptions, and copyright information. For more information, see  and the Wikipedia entry.
- JPEG image files
- Support the EXIF metadata format. 
- The Tagged Image File Format allows one or more images to be bundled in a single file. Multiple compression formats are supported. EXIF files can be stored inside TIFFs.
Wikipedia has a nice entry on metadata.