Description: FOCA (Fingerprinting Organizations with Collected Archives) is a Windows only forensic tool used to extract and analyze metadata from common file types. Metadata is basically descriptive information about data. For example, if you created a Word file in Microsoft Word, Microsoft Word would automatically include metadata in your Word file that would give out information like – when the file was created, using what program, what operating system was used to run the program, the username of the person creating the file, etc.. FOCA can extract this type of meta data from most common file types and analyze it, spitting back a report of very valuable information that can aid hackers during penetration tests.
- Extracts metadata from Open Office, MS Office, PDF, EPS and Graphic documents.
- Uses Google, Bing and Exalead to find and examine the following file types on a target website – doc, ppt, pps, xls, docx, pptx, ppsx, xlsx, sxw, sxc, sxi, odt, ods, odg, odp, pdf, wpd, svg, svgz, indd, rdp , and ica.
- From the extracted metadata, FOCA can find information on users, folders, printers, software, emails ,operating systems, passwords, servers and more.
- Network Discovery
- DNS Cache Snooping – discover what websites the internal users of a network are browsing on.
- Exports data into a Report
Video Demonstration: There was no need for me to create a video because the creators did a great job presenting the tool at the DEFCON hacker conference. There’s three videos, but don’t worry, they are very entertaining.