Detect Forged PDF Documents With corma

electronic signature concept - man sign distance contract with digital pen in mobile phone

Table of Contents

Table of Contents

The world is going paperless. This process has been going on for quite some time, and documentation is no exception. What used to take a whole filing cabinet now fits right on your computer desktop – and that’s not necessarily a good thing. PDF documents are the industry standard for the official documentation in the virtual space, mostly due to their tight security, widespread use, and fantastic adaptability. Sadly, even the most secure documents aren’t completely malice-resistant, and many fraudulent documents are floating around. Determining whether a PDF document is a forgery or not can be extremely difficult, yet a fraudulent PDF document can be life-threatening. PDF documents are found all around the business world where they play a range of roles such as proof of contracts, transactions, and a selection of other things, not to mention their role in online documentation. Just one forged document can wind up costing millions of dollars. PDF documents aren’t nearly as safe from malpractice as people believe. Since the hazard is so apparent, what’s the solution? The solution to this is PDF forensics. Through PDF forensics, we can carefully analyze PDF documents, thus proving their authenticity or exposing their fraudulence. Below, we’ll talk about how we detect forged PDF documents, explain how and what we can do for you in the field of PDF forensics, and give you all the important insider information on the matter.

What are PDF Forensics?

PDF forensics is the process of detecting fake PDF documents. It’s one of the most intricate digital forensics processes around, as PDF files are, in essence, very well protected. To falsify these documents, forgers have to undergo a very special, tedious, and arduous process – which only makes detection that much harder. Through PDF forensics, specialists such as us over at corma can detect whether a PDF document and the digital signature that authenticates it has been forged, thus validating or disproving its authenticity.

Why do people fake PDF documents?

People fake PDF documents all the time. PDF documents serve as digital documentation, proof of transaction and contractual obligations, and they’re widespread across the business world. A forgery can wind up costing a company quite a lot of money, which is ultimately funneled elsewhere. That’s why businesses are prime targets for PDF forgeries and why PDF forensics is such an essential service in any business’s arsenal. What are the prime targets for forgery? The prime target PDF documents for forgery are:
  • Real-estate documents
  • Proof of transaction documents
  • Legal documentation
  • Security and protocol documents
  • Contracts
Almost anything that has to do with any business is prone to falsification, which only augments corporations’ risk across the world.

The Two Phases of corma PDF Forensics

PDF files aren’t the safest thing on the market, and we here at corma are well prepared to tackle any falsification attempts with our two-phase PDF forensics process. The first phase starts with a review and initial analysis of the PDF files provided to us. That includes:
  • Forensically handling the PDF file through the MD5 hash;
  • Visually inspecting the file;
  • Identifying the probable source of production through determining things such as the scanner type;
Afterward, we check the comparison material to determine if it can be obtained from similar devices, such as the same scanner used to scan the original document. We do that because higher-end forgeries tend to imitate the original as much as possible, using the same means to scan the document, including using the same make and model of scanner. The last step in phase one is identifying the possible manufacturing method, which lets us know how the document was created and detect forged PDF documents. The second phase is where we analyze the document at hand. The first step in this phase is the comprehensive analysis of the file that has been suspected of forgery. That means overviewing any common forgery characteristics and possible modifications to determine the authenticity of the document at hand. Afterward, the file is analyzed for any concealed and hidden changes and modifications. We do that by investigating the file’s metadata, which tells us whether the file has been tampered with or not. When the analysis is complete, the images are extracted from the PDF document for further examination. The examination includes reviewing the image files themselves and their EXIF data, which provides for color spaces, compression rates, and other image characteristics. Once the images are dealt with, the text is extracted for further examination. The text and font are analyzed to determine their authenticity. When that’s complete, we move on to the PDF inside verification, which includes examining private metadata, hidden images, and hidden text. Subsequently, we analyze the stream data, which means assessing the keyword stream, or sequence of bytes that make up the PDF file’s hidden data.

Is It Worth It to Check PDF Documents for Authenticity?

If you’re doing any business, transactions, or dealing with any important PDF documents, it’s crucial to confirm their authenticity. Fraudulent PDF documents could wind up costing millions of dollars, which is why any business that deals with these documents must check them regularly. While you don’t need to check every document from an age-old partner, it’s essential to have frequent checkups of PDF documents from new sources. Since businesses are continually changing partners and stepping into new territory, it’s crucial to detect forged PDF documents before they can do any actual harm.

Is this process expensive?

If you want to detect forged PDF documents, you’ll have to invest in a professional service that detects them for you. Here at corma, we take special care of your PDF documents and authenticate them to the pinnacle of industry standards, and we do so at an affordable price.

How corma Can Help

Our specific pricing is €390 per PDF file that isn’t larger than 10MB and doesn’t have more than ten pages. Compared to the competition, while we’re not the cheapest option on the market, we’re by far the best. What you pay for is what you get, but when you’re working with corma, we guarantee that the sophistication of our service exceeds the price tag. We’re very aware of your time restraints, and that’s why every submitted document will be analyzed thoroughly and delivered in a maximum of ten days after receiving the payment. If you’re in a special time crunch, we offer an express service, where we can submit the result in a maximum of 36 hours, for an additional cost. What you get out of our service is a thoroughly checked, professional, court-usable report in the form of an expert opinion, along with all the necessary attachments used for reporting, such as extracted images, text, and other data.

FAQ

A PDF file consists of metadata that dictates all the components that make up the PDF file. PDF metadata is all the searchable data within a document. It includes all supporting information such as document creation date, ref: numbers, authors, embedded files such as images, keywords, and language.

If you want to complete a PDF document, the metadata must be filled out. In this case, the metadata consists of five different metrics, which are:

  • Title
  • Author
  • Subject
  • Keywords
  • Subject

After all of these are filled out accurately, the document must be authenticated. If the data is correct, the document will receive a pass. If the information and metadata are lacking, the document will receive a Failure and won’t be verified.

A PDF document needs to have as accurate metadata as possible because it wouldn’t be easily searchable and won’t be verified without it. Unverified documents aren’t used for any transaction, contract, or documentation, making them less than suitable for business applications.

MD5 (Message-Digest Algorithm 5) hash is a cryptographic hash algorithm. This algorithm is used to create a 128-bit string value from a preset arbitrary hash string. It assigns a PDF document with a hash value that is further used for comparison when authenticating the document in question.

In layman’s terms – there can be two files with the same metrics such as name, size, subject, and other metadata, but different internal content.

If we were only to rely on the metadata, these two completely different documents would appear virtually the same. Each singular piece of content dictates a string value, which contributes to the overall MD5 hash. Unless the two documents are identical in every way, they’ll have a different MD5 hash value.

Through this hash value, we can determine whether a document has been doctored or not. We here at corma use it as a final measure to authenticate and verify our results.

Here at corma, we can analyze any kind of PDF document. According to digital intelligence, PDF documents can be classified into the three following categories, which are:

  • Searchable PDF Documents
  • Image-only PDF Documents
  • Digitally Created PDF Documents

Searchable PDF documents are the ones that contain typed text and full metadata, allowing them to be searched through as a regular document would.

Image-only PDF documents are scans of actual documents – in other words, they are digitized paper documents.

Lastly, digitally created PDF documents are the PDF documents that have been procured through computers. They don’t exist in the physical world but are just as valid as actual paper documents.

PDF documents are generally regarded as pretty safe, but that doesn’t mean that they’re not prone to malpractice. All kinds of PDf documents are faked regularly for an abundance of reasons, and nowhere is this practice more apparent than in the business world. All types of business documents such as contracts, invoices, and even proof of transaction documents are faked regularly.
Aside from actual business dealings, even things such as Curriculum Vitae are faked to boost the candidate’s chances of landing a position.
More often than not, the biggest victims of PDF fraud are companies that don’t check their documentation regularly. Depending on the company’s size and the amount of business they do, the threat of fraudulent PDf documents can be either larger or smaller. If there’s money to be made out of scamming a business, you can bet that PDF scams will be rampant.

In most cases, any serious PDF forensics company can analyze and assess the authenticity of most documents, but not all of them.
Sadly, there’s no guarantee that a fraudulent PDF file will always come to light. That’s because some forgeries tend to imitate the original, and detecting them is nearly impossible. There are particular cases where you can’t detect a fake document, most likely due to a high-end professional forgery of a PDF document.
High-end professional forgeries are extremely rare and notoriously costly, so they don’t appear nearly as much as more rudimentary forgeries. Another common reason why a fake PDF document can’t be exposed is if the document was created, printed, and then scanned. That hides the document’s true origin and masks its malicious creation, thus making authentication near impossible.

If you want to find out more about bullet-proof forgeries, make sure to contact us at corma, and we’ll do our best to explain what kinds of documents can or can’t be authenticated.

In most cases, any serious PDF forensics company can analyze and assess the authenticity of most documents, but not all of them.
Sadly, there’s no guarantee that a fraudulent PDF file will always come to light. That’s because some forgeries tend to imitate the original, and detecting them is nearly impossible. There are particular cases where you can’t detect a fake document, most likely due to a high-end professional forgery of a PDF document.
High-end professional forgeries are extremely rare and notoriously costly, so they don’t appear nearly as much as more rudimentary forgeries. Another common reason why a fake PDF document can’t be exposed is if the document was created, printed, and then scanned. That hides the document’s true origin and masks its malicious creation, thus making authentication near impossible.

If you want to find out more about bullet-proof forgeries, make sure to contact us at corma, and we’ll do our best to explain what kinds of documents can or can’t be authenticated.

We can and do extract all the images in any provided PDF file. There’s a lot of data in the images, which can give us essential pointers to determine whether the document is fraudulent or not. All the images and image documents are extracted in the process, and they’re examined for:

  • Image ID
  • Camera information
  • Image preview
  • File size
  • Dimensions in pixels
  • The color depth in bpp
  • Colorspacetype

All these data points are essential to our analysis process. Once we’ve deducted the images into their necessary data components, we can compare them to the visual PDF to identify any apparent differences between the two. If the differences are noticeable, then the document is a forgery. If the two match, that still does not assure us that the document is legitimate, and we have to move on over to the source code of the PDF.

Once we do so, we can determine if there are any “hidden images” in the PDF document. These hidden images also pass through an analysis process, which only adds to our comprehensive PDF document examination.

After the final analysis is done, we’ll provide you with the extracted resources you can use in court.

The PDF forensics process isn’t a simple one, as there are many things to pay attention to. The only reason why PDF documents are the digital equivalent of actual documentation is that they’re generally regarded as safe.
While they’re very secure, they’re still prone to malpractice and forgery. Passing through the safety restrictions can be quite tricky, making the analysis and detection of any possible fraud that much more challenging.
Many data points need to be extracted and thoroughly examined before we can conclude that the document is authentic or not, and this process takes up a lot of time. The examination itself is very time consuming, and getting all the data out there takes a lot of processing power, which directly translates to a lot of time.

If you want to dabble in a bit of PDF forensics yourself, there are a couple of simple ways to determine whether a document has been tampered with or not. However, the following only applies to amateur doctoring and shouldn’t be used as a means to professionally assess whether a document is fraudulent or not.
To determine whether a document has been edited, all you need to do is right-click on any part of the PDF document and go to the document properties.
In the document properties, you’ll find a Description tab in which the metadata is contained. In this tab, you can find all the essential data on the document, which includes the subject, keywords, when the document was created, whether it was edited, and if so, by whom.
If the date and time of creation and the date of modification don’t match, as well as the authors, the document has been edited by someone other than the original author.

No. There’s a lot of software floating around that promises to tell you whether a document has been edited, doctored, or falsified in any way, but it simply doesn’t work that way. Data intelligence is a vast field, and PDF forensics are incredibly complex, intricate, and time-consuming. No software will tell you whether a PDF document has been forged or not with just one click.
If you want to detect forged PDF documents, you’ll have to solicit a company such as corma to do so for you, unless you’re a PDF forensics expert yourself.
A PDF detection software will probably tell you whether the document has been edited or not, which is what you can find out on your own with a couple of simple clicks anyway.

Share this Information on:
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn