Adversarial Process

Document Forensics

Document Forensics digs into the metadata of PDFs and other documents to verify their authenticity. It identifies the software used to create them, the author field, modification timestamps, font inconsistencies, and chain-of-custody gaps. When institutions submit documents that were supposed to come from labs, agencies, or official sources — this tool tells you where they actually came from.

AvailableAccess: public listing — execution path may still be local or gatedDifficulty: moderateSetup: 5 minutes

Use case: This is how I proved that seven lab reports were created on a desktop computer — not in a laboratory.

Audience: Investigators and litigants who suspect documents have been forged or altered.

Access note: read access is public; execution, private distribution, or heavier inference-backed runs may still depend on membership, verification, and profile completion.

How it works

What this tool needs

A file you received electronically, or the earliest copy you can obtain. The more generations away from the original (resaves, forwards), the less metadata may mean.

What you upload or prepare

Drop the file into the analyzer (or run the command your operator gives you). Keep a copy untouched in case you need to prove chain of custody later.

What runs automatically

Reads embedded PDF properties: creation and modification times, producer software, author fields, and related technical flags when present.

What you review manually

Compare those fields to the story about the document. Ask: does “Created with Microsoft Word at home” match “generated by Lab X”? Flag mismatches for your lawyer.

What you get at the end

A structured report you can attach to a declaration draft or give to counsel—it explains what the file says about itself, not what a witness says.

When to stop and ask for help

Stop if you might break a protective order or discovery rule by analyzing a file, or if you need an expert affidavit—use counsel or a qualified forensic examiner for court.

What you need

  • The original digital PDF when possible—not a photo of a printout (metadata is often lost in photos)
  • What the other side claims about the document (who made it, when, and on what system)
  • A safe place to store reports that may describe sensitive case material

Example output

  • A 'Digital Fingerprint' report of the document
  • A list of all hidden metadata fields (Author, Software, Timestamps)
  • A red-flag report highlighting common signs of document alteration
Metadata summary (illustrative — not from a real case)
------------------------------------------------------
File: lab-report-2024.pdf
Producer: Adobe Acrobat 23.x / macOS PDF engine
Creator tool: Microsoft Word for Microsoft 365
Created (claimed): 2024-02-10 14:22 UTC
Modified: 2024-02-11 09:05 UTC
Author field: J. Doe (home account)
Flags for review: consumer authoring tool vs. stated institutional origin

Limits and distribution

  • No public download or hosted runner is linked from this site yet—see distribution note below.
  • Cannot detect changes made to a physical paper document that was then scanned
  • Some privacy-focused software can strip metadata before you receive the file
  • Requires the original digital file for most accurate results
  • Standalone Command Line Tool
  • Python Package

CLI/package distribution is not linked from this public page. Contact through Join or Community if you need the tool or a guided run.

Visual reference

Conceptual wireframe of Document Forensics — not a live product screenshot
Conceptual wireframe of Document Forensics — not a live product screenshot This is a conceptual proof asset, not a live product capture.
Back to suiteApply for membershipResearch access →
Support the work →