Metadata
(OBJ 4.9)
Metadata
-
Information about a file, application, or other data
-
Example:
'invoice.pdf' file metadata
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250725180200.png)
- Using the "invoice.pdf" keyword is often associated with phishing campaign
- File Name, File Size, File Type
- Ensure matching file type and file name
- In Linux and Mac systems we do not need to use a "." extension
- Creation, Modified, Accessed Dates
- If the creation date of this file was actually 2012, but we received the invoice today, that probably is not an accurate file and it would be something you want to treat as suspicious
- Similar to having accessed it 2 minutes ago for example
- Owner
- Ensure the sender is explained
- File Path
- If this is located in the
C:\TEMP\directory, that would be something that is suspicious or malicious because a lot of times malware tried to run from that Temporary directory as opposed to running from a trusted directory like a User's home directory.
- If this is located in the
MD5/SHA256 Checksum
- Serves as unique digital fingerprint for file identification, including potential malware
- We can use this as a way to add this into our system and use these file hashes as something that can be checked, as something that entering in or out of our network, and if it sees that hash, it will block those files from being downloaded in the future.
- Block these hash values from being able to be executed or opened on our systems.