Skip to content

alekzandren/forensic-metadata-analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
modules
modules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Forensic Metadata Extractor

A robust Python-based tool designed for digital forensic investigators and security researchers. This tool automates the extraction of hidden metadata and digital artifacts from media files (JPEG) and documents (PDF), providing structured evidence for further analysis.

Key Features

  • Image Forensics: Extracts EXIF data including camera manufacturer, model, software versions, and original timestamps.
  • Geolocation Tracking: Automatically parses GPS coordinates from images (if available) to identify where media was captured.
  • Document Analysis: Retrieves PDF metadata such as Author, Creator software, Producer, and precise creation/modification dates.
  • Structured Reporting: Exports all findings into a clean, timestamped JSON report for easy integration with other forensic tools.
  • Error Handling: Built-in protection against corrupted files or files with missing headers to ensure continuous batch processing.

Project Structure

project/
- main.py                # Application entry point
- modules/               # Core analysis engines
- __init__.py        # Package initialization
- image_analyzer.py  # JPEG & EXIF extraction logic
- pdf_analyzer.py    # PDF metadata extraction logic
- requirements.txt       # Project dependencies
- .gitignore             # Git exclusion rules

Installation & Setup

  1. Clone the repository:

           git clone [https://github.com/alekzandren/forensic-metadata-extractor.git](https://github.com/alekzandren/forensic-metadata-extractor.git)
cd forensic-metadata-extractor

  2. Create and activate a virtual environment:

          python -m venv .venv

    Windows:

     .venv\Scripts\activate

    macOS/Linux:

     source .venv/bin/activate

  3. Install dependencies:

    pip install -r requirements.txt

Usage

Run the main script and provide the path to the directory you wish to scan:

python main.py

Example path input: C:\Users\Admin\Documents\Evidence_Folder Once the scan is complete, the tool will generate a report named forensic_report_YYYYMMDD_HHMMSS.json in the root directory.

Sample Output (JSON)

Each entry in the generated report follows a standardized format:

[
    {
        "filename": "evidence_sample.jpg",
        "type": "Image/JPEG",
        "metadata": {
            "Make": "Apple",
            "Model": "iPhone 15 Pro",
            "DateTimeOriginal": "2024:03:15 10:20:30",
            "GPS": {
                "GPSLatitude": "[34.0, 3.0, 0.0]",
                "GPSLongitude": "[118.0, 14.0, 0.0]"
            }
        },
        "status": "Success"
    }
]

Legal Disclaimer

This tool is intended for educational purposes and authorized forensic investigations only. Analyzing files without proper authorization may be illegal in certain jurisdictions. Use responsibly.

About

A modular Python-based Digital Forensics tool for automated metadata extraction from JPEG and PDF files.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages