In the cybersecurity and digital forensics field metadata of files is very important. We can get various information from metadata in files. This metadata may help us to get much more insider information while we are doing forensics testing. Also if we think about our privacy then metadata can harm our privacy in that case we can remove our metadata also.
In this detailed guide, we are going to discuss how we can read and remove metadata of any files using Kali Linux.
To view and remove metadata on Kali Linux (or any other Linux), we need to install the mat2 program. Mat2 (Metadata Anonymisation Toolkit 2) is a command-line metadata removal tool, supporting a wide range of commonly used file formats, written in python3. To install it on our system we need to apply the following command on our Terminal:
sudo apt install mat2In the following screenshot, we can see that mat2 is installed on our system. It is not so large (under 25MB) package and the installation time will depends on our internet connection speed and system performance.
After the installation is finished we can check the help of mat2 by using following command:
mat2 -hIn the following screenshot we can see the help of mat2.
Now we can read the help options to know all the works of this tool. As we can see there is a -s flag, which can show us harmful metadata detectable by mat2 without removing them. Lets use it.
Mat2 can view and remove metadata from files so we need files to perform it. Here we have an downloaded image which contains metadata. We had saved the image on our Desktop (home/kali/Desktop/IMG_20201007_102037.jpg ).
To view it's metadata we can use following command:
mat2 -s /home/kali/Desktop/IMG_20201007_102037.jpg
In the following screenshot we can see the metadata of this image with various useful information:
Now if we want to remove these metadata this file we need to enter following command on our terminal:
mat2 <location/of/file>In the following screenshot we can see that it is done.
Here the old files will remain unchanged, but new files will be created with the string .cleaned in the name and completely cleared metadata. As we can see in the following screenshot.
Now we can check if the there any metadata in the new cleaned file by using following command:
mat2 -s /home/kali/Desktop/IMG_20201007_102037.cleaned.jpgIn the following screenshot we can see that the new file (.cleaned) did not contain any kind of metadata.
This is how we can remove metadata of any file (not only images), if we need to clear metadata of all files in any particular folder then we can simply enter following command:
mat2 /home/kali/Desktop/*The above command will remove metadata from all files on our Desktop. If we want to clear metadata of files in other folders then we need put that directory with * . And it will create new .cleaned file for every old files, the .cleaned files will not contain any metadata.
Comments