Screencast: Employ the FOCA tool as a metadata extractor

Screencast: Employ the FOCA tool as a metadata extractor

Screencast: Employ the FOCA tool as a metadata extractor

Date: May 24, 2012

Users and enterprises often post documents, PDFs and other seemingly innocent files to their websites without so much as a second thought toward the security implications. Unfortunately, this leaves plenty of metadata, or "hidden" data, exposed to anyone with enough malicious intent to find it. A metadata extractor is needed to find this data, with FOCA Free being more than capable of performing such metadata analysis.

In this screencast, Mike McLaughlin shows viewers how to use the FOCA tool to extract metadata concerning user, system and software information, among others. The FOCA tool easily exposes sensitive information about passwords, emails, servers and more that could be invaluable to an attacker. FOCA Free also includes a tool to search caches and identify any files that may be indexed by search engines Google and Bing. When the need arises to figure out what data may be unintentionally available on a website, the FOCA tool is a powerful metadata extractor that is free to download.

About the expert:
Mike McLaughlin is a penetration tester working for First Base Technologies, an information security consultancy in the UK. Mike's daily work consists of both internal and external network based penetration testing, Web application penetration testing, and social engineering.

More on Security Testing and Ethical Hacking

  • canderson

    How to make penetration test results matter

    VIDEO - Voodoo Security founder Dave Shackleford details how enterprises can make penetration test results more meaningful than a compliance exercise.
  • canderson

    Trustwave sees emergence of on-demand pen testing services

    VIDEO - Trustwave's Charles Henderson spoke with Editorial Director Robert Richardson about the company's on-demand penetration testing services.
  • canderson

    Zed Attack Proxy tutorial: Uncover Web app vulnerabilities using ZAP

    VIDEO - Video: Keith Barker of CBT Nuggets offers a OWASP Zed Attack Proxy tutorial. Learn how to find and nullify Web application vulnerabilities using ZAP.
  • How often should businesses conduct pen tests?

    Answer - Depending on whom you talk to, pen tests should be done annually or monthly. Expert Kevin Beaver discusses how to find your organization's answer.
  • Sony Pictures hacking back: The ethics of obfuscation

    News - News roundup: Amid a devastating breach incident Sony Pictures is fighting back, raising legal and ethical questions. Plus: A big week in security acquisitions; Comcast sued over open Wi-Fi; and Yahoo announces vulnerability disclosure policy.

    ( Dec 12, 2014 )

  • Encryption everywhere: Debating the risks and rewards

    News - News roundup: As the industry responds to growing demand for end-to-end Internet encryption, some fear unintended consequences. Plus: Black hats wanted; Windows Phone survives Pwn2Own; webcam spying resurgence.

    ( Nov 21, 2014 )

  • Can NIST 800-115 help with penetration testing?

    Answer - Compliance with NIST 800-115 is important for enterprises to maintain while testing systems. Expert Mike Chapple explains the best way to do that.
  • ethical hacker

    Definition - An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: