Search:

Microsoft Word Metadata - Last 10 Authors Explained

Many computer forensic examiners and attorneys are aware that metadata is valuable to many corporate cases. Metadata is the information stored within Microsoft Office and other files that can tell when files were created, edited, printed, stored and dozens of other facts.

An area of a Microsoft Word file commonly referred to as metadata is 'Last 10 Authors'. Last 10 authors/locations and the data captured can be valuable in a computer forensic examination or electronic discovery project.

Many don't realize that last 10 authors isn't normally displayed or made available when metadata is extracted or viewed through computer forensic software, electronic discovery extraction or metadata viewer utilities. The reason that last 10 authors remains hidden is that it doesn't fall into the OLE stream metadata category.

What is OLE stream metadata? OLE stream metadata is what is commonly viewed through a metadata viewer or sometimes extracted during electronic discovery and contain fields such as Title, Author, Date Last Printed, Date Last Saved etc. Because the last 10 authors is stored in a different location and not easily accessible this information isn't normally extracted during the electronic discovery process.

Many scrubbing applications don't remove the data contained in the last 10 authors. Because this informaiton is not included in the standard metadata fields it is often forgotten and becomes available for others to view and possibly use to their advantage.

In a recent computer examination I was examining a USB drive which contained the current working files of the suspect. We were also provided access to a laptop which the suspect claimed was the only computer used in addition to the office computer.

Because of the age of the laptop, size of the hard drive and user log files we doubted that the suspect had used the laptop for much of anything for awhile. Additionally, there were two older operating systems intalled which haven't been used for many years.

When we reviewed the last 10 authors information on dozens of current working files located on the USB drive we were able to determine that none of the files were created or recently modified on the laptop. In fact, we were able to determine the employee had access to two other systems which had been used to edit the working files.

In addition to saving the location of the last 10 authors and locations when the user saves the file, it is also possible that the last 10 authors was updated during an autosave process. Microsoft Word will often autosave the contents of a file while the users is working on a document. Autosave will store this information in the background as the user works.

To seasoned computer forensic examiners and attorneys the last 10 authors information is used to support their case or they may insure it is scrubbed before producing documents to opposing counsel.

It is important to remember that not all metadata scrubbing applications remove the last 10 authors information, nor do most electronic discovery applications extract this content. Programatically, last 10 authors can be difficult to access and even more difficult to overwrite or remove.

Pinpoint Labs has created several applications which help attorneys and computer forensic examiners analyze metadata including the last 10 authors fields. It is important to remember that although many people refer to last 10 authors as metadata is isn't accessible through most electronic discovery, computer forensic and metaviewer utility applications. MetaDiscover from Pinpoint Labs can access as well as scrub the last 10 authors details.

By: Jon Rowe..

About the author: Jon Rowe is the President of Pinpoint Labs and a Certified Computer Examiner. To learn more about Pinpoint Labs click herePinpoint Labs Website - Computer Forensics Software and Services
Don't reprint this article. Instead, reprint a free unique content version of this same article.

Article Directory: http://www.articlewisdom.com

Please Rate this Article

Not yet Rated

Click the XML Icon Above to Receive Data Recovery Articles Via RSS!

Additional Articles From - Home | Computer | Data Recovery

Outlook Express DBX repair tool - By : Recovery Toolbox Inc
RAR repair tool - By : Recovery Toolbox Inc
Secret tips to become a landscape designer - By : Jessica Thomson
What are the features and benefits of using dedicated servers? - By : Jessica Thomson
Question - Answer websites - By : Mike Singh
Microsoft Outlook password recovery software - By : Recovery Toolbox Inc
Repair DBX files of Microsoft Outlook Express - By : Recovery Toolbox Inc
Purchasing An Ipod At A Cheap price - By : Innomax Solutions
Recovery PST files Microsoft Outlook - By : Recovery Toolbox Inc
Zip files recovery tool - By : Recovery Toolbox Inc

Authors

	Print This Article
	Post Comment
	Add To Favorites
	Email to Friends
	Ezine Ready

Publishers

Resources

Reduce your carbon footprint!