Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/enferex/pdfresurrect
Analyze and help extract older "hidden" versions of a pdf from the current pdf.
https://github.com/enferex/pdfresurrect
forensic-analysis pdf
Last synced: 25 days ago
JSON representation
Analyze and help extract older "hidden" versions of a pdf from the current pdf.
- Host: GitHub
- URL: https://github.com/enferex/pdfresurrect
- Owner: enferex
- License: bsd-3-clause
- Created: 2013-07-01T12:49:44.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2022-09-10T17:21:03.000Z (over 2 years ago)
- Last Synced: 2024-08-04T22:14:42.076Z (4 months ago)
- Topics: forensic-analysis, pdf
- Language: C
- Size: 270 KB
- Stars: 79
- Watchers: 6
- Forks: 13
- Open Issues: 1
-
Metadata Files:
- Readme: README
- Changelog: ChangeLog
- License: LICENSE
Awesome Lists containing this project
- awesome-anti-forensic - PdfResurrect
README
pdfresurrect
------------
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows
for previous document changes to be retained in a more recent version of the
document, thereby creating a running history of changes for the document. This
tool attempts to modify the PDF so that a reading utility will be presented with
the previous versions of the PDF. The modified "versions" will be generated
as new files leaving the original PDF unmodified.Notes
-----
The scrubbing feature (-s) should not be trusted for any serious security
uses. After using this experimental feature, please verify that it in fact
zero'd all of the objects that were of concern (those objects that were to be
zero'd). Currently this feature will likely not render a working pdf.This tool relies on the application reading the pdfresurrect extracted versions
to treat the last xref table as the most recent in the document. This should
typically be the case.The verbose output, which tries to deduce the PDF object type (e.g. stream,
page), is not always accurate, and the object counts might not be 100%
accurate. However, this should not prevent the extraction of the versions.
This output is merely to provide a hint for the user as to what might be
different between the documents.Object counts might appear off in linearized PDF documents. That is not truly
the case, the reason for this is that each version of the PDF consists of the
objects that compose the linear portion of the PDF plus all of the objects that
compose the version in question. Suppose there is a linearized PDF with 59
objects in its linear portion, and suppose the PDF has a second version that
consists of 21 objects. The total number of objects in "version 2"
would be 59 + 21 or 80 objects.Building
--------
From the top-level directory of pdfresurrect run:
./configure
makeTo install/uninstall the resulting binary to a specific path
the '--prefix=' flag can be used:
./configure --prefix=/my/desired/path/Debugging mode can be enabled when configuring by using the following option:
./configure --enable-debugThe resulting binary can be placed anywhere, however it can also be
installed/uninstalled to the configured path automatically. If no path was
specified at configure time, the default is /usr/local/bin
To install/uninstall:
make install
or
make uninstallThanks
------
The rest of the 757/757Labs crew.
GNU (www.gnu.org).
All of the contributors: See AUTHORS file.Contact / Project URL
---------------------
[email protected]
https://github.com/enferex/pdfresurrect