exiftool REMNANTS/LOG yes or no?

cakeboss · April 09, 2010, 01:51:07 PM

just wondering if (the standalone version at least) there is any kind of trace left after using exiftool, whether it be hidden or not, or some logfile somewhere (besides windows event viewer) that it was used or more importantly, what was changed, files processed, etc.?

Phil Harvey · April 09, 2010, 03:00:07 PM

ExifTool does not generate any log files like this. It does generate some files in your temporary directory the first time it is run, but these are the Perl libraries that exiftool needs to run, and contain no information about which files you processed.

However, it may be possible through a careful analysis of the edited file to determine that exiftool has been used to change some metadata in the file.

- Phil

alvin1101 · July 04, 2023, 01:35:07 AM

"However, it may be possible through a careful analysis of the edited file to determine that exiftool has been used to change some metadata in the file."

Where can I find out from?

krzysiu · July 05, 2023, 08:11:23 AM

I'd say by exact comparing quirks in Exif edit tools, i.e. eliminating some tools to give probable hint it was processed by Exiftool. I doubt Exiftool itself has many own quirks, as it rather does things by the book. I'd start with editing data with Exiftool and comparing file byte by byte with result of other tools.

StarGeek · July 05, 2023, 11:26:19 AM

Quote from: alvin1101 on July 04, 2023, 01:35:07 AMWhere can I find out from?

Take courses in digital forensics. This is far beyond the scope of this forum.

Phil Harvey · July 10, 2023, 08:04:58 PM

You can learn a lot by looking at the metadata using the exiftool -htmldump option if you are dealing with JPEG or TIFF-format images.

- Phil

ExifTool Forum

News:

exiftool REMNANTS/LOG yes or no?

cakeboss

Phil Harvey

alvin1101

krzysiu

StarGeek

Phil Harvey