1 00:00:00,05 --> 00:00:01,04 - [Instructor] Throughout the course, 2 00:00:01,04 --> 00:00:03,05 we've seen a few different ways that information could be 3 00:00:03,05 --> 00:00:06,02 leaked accidentally through various kinds of metadata, 4 00:00:06,02 --> 00:00:07,02 and consequently, 5 00:00:07,02 --> 00:00:08,08 we've seen how we can discover information in metadata 6 00:00:08,08 --> 00:00:12,00 that might not have been intended for us to know. 7 00:00:12,00 --> 00:00:13,09 Embedded metadata while very useful, 8 00:00:13,09 --> 00:00:16,09 can contain sensitive data like geolocation information 9 00:00:16,09 --> 00:00:19,00 and custom or internal tags that clients 10 00:00:19,00 --> 00:00:21,01 and others shouldn't see. 11 00:00:21,01 --> 00:00:23,04 So this kind of sensitive information should be carefully 12 00:00:23,04 --> 00:00:26,04 removed or stripped before sharing files outside 13 00:00:26,04 --> 00:00:28,00 of a secure perimeter. 14 00:00:28,00 --> 00:00:30,08 We've also seen that metadata can be maliciously falsified, 15 00:00:30,08 --> 00:00:32,05 or simply be incorrect, 16 00:00:32,05 --> 00:00:35,01 and that it shouldn't be trusted on critically. 17 00:00:35,01 --> 00:00:37,07 Metadata stored by file systems can also present a risk 18 00:00:37,07 --> 00:00:41,00 of information loss or exposure in a variety of ways. 19 00:00:41,00 --> 00:00:43,08 Copying files secured with an ACL to a file system 20 00:00:43,08 --> 00:00:45,06 without ACL support, for example, 21 00:00:45,06 --> 00:00:47,07 can expose those files to the effects 22 00:00:47,07 --> 00:00:50,03 of that security control not being applied. 23 00:00:50,03 --> 00:00:54,00 Unauthorized users could access files and authorized users 24 00:00:54,00 --> 00:00:56,06 could simply alter or delete a file that was intended to be 25 00:00:56,06 --> 00:00:58,09 protected from those changes. 26 00:00:58,09 --> 00:01:01,06 Sometimes our systems and tools will warn us if metadata 27 00:01:01,06 --> 00:01:03,08 or extended attributes are not going to be copied 28 00:01:03,08 --> 00:01:06,00 to a destination, but not always. 29 00:01:06,00 --> 00:01:08,08 So it's up to us to be aware of how those tools, systems, 30 00:01:08,08 --> 00:01:10,08 and file systems interact, 31 00:01:10,08 --> 00:01:13,08 and we should always double check our results. 32 00:01:13,08 --> 00:01:16,02 If we're not careful about how metadata is treated, 33 00:01:16,02 --> 00:01:19,05 we could lose information that we didn't intend to lose. 34 00:01:19,05 --> 00:01:21,01 For getting a specific option when using 35 00:01:21,01 --> 00:01:23,00 a file copying tool or doing a bit 36 00:01:23,00 --> 00:01:25,02 of overly aggressive digital housekeeping 37 00:01:25,02 --> 00:01:26,08 could sweep away categories, 38 00:01:26,08 --> 00:01:29,07 notes, and other information stored as metadata. 39 00:01:29,07 --> 00:01:31,08 We might forget that we have a folder somewhere flagged 40 00:01:31,08 --> 00:01:33,08 as hidden, or we could drive ourselves up 41 00:01:33,08 --> 00:01:35,02 a wall troubleshooting an issue 42 00:01:35,02 --> 00:01:38,00 that relates to otherwise semi-invisible characteristics 43 00:01:38,00 --> 00:01:41,05 like ACLs or immutability if we don't know where to look. 44 00:01:41,05 --> 00:01:43,08 While metadata can be easy to overlook, 45 00:01:43,08 --> 00:01:46,02 it's really important that we treat it just as seriously 46 00:01:46,02 --> 00:01:48,06 as we do the data it describes. 47 00:01:48,06 --> 00:01:50,01 If you're interested in a deeper dive 48 00:01:50,01 --> 00:01:51,06 about security forensics, 49 00:01:51,06 --> 00:01:54,05 be sure to check out the course Operating Systems Forensics 50 00:01:54,05 --> 00:01:56,00 here on LinkedIn Learning.