PDF Forensics:
Well-founded PDF analyses
to detect forged or modified PDF files

In today’s business world, PDF files are used for many different purposes. They can serve as proof of a variety of transactions and contracts, or they can function as the digital equivalent of paper documents. It is a widespread misconception, however, that PDF files are digitally unalterable and thus forgery-proof. Even PDF documents that have a digital signature can be forged. Scientists at the Ruhr University in Bochum, Germany, found that 21 of 22 of the most popular PDF readers did not recognize the manipulation of electronically signed PDF files (e.g. official letters, Amazon invoices, and legal texts).

Table of Contents

Do you suspect document forgery or would you like to have the authenticity of PDF documents checked?

Please contact us. The analysis of possibly forged PDFs is an essential part of our daily investigative work. We are your leading partner when it comes to detecting counterfeit or manipulated PDF documents.

PDF analysis: Our offer

Starting now, you have the opportunity with corma to have a unique, professional PDF analysis carried out for only 390 EUR (incl. VAT) on a PDF document up to the following maximums:

10 Pages

10 MB of data in size

After an intensive examination of the documents, you will receive the PDF analysis as a report. The delivery time is a maximum of 10 days from receipt of payment.

Examine multiple PDF documents & larger files

Do you have more than one suspicious PDF document that you would like to have checked by corma GmbH? No problem. For larger files or multiple documents, we will be happy to provide you with a customized offer.

Send us an e-mail, use our online form, or

Identifying counterfeit PDFs:
What kinds of documents are targets for manipulation?

Certificate forgeries and document fraud are everywhere—and this is completely independent of the size of a company or its industry. Just as diverse are the types of forged PDF documents. The following are particularly frequently affected:

  • Applications
  • Damage reports submitted to insurance companies
  • Invoices
  • Contracts
  • Anything that is presented as evidence in a dispute, such as
    • Accounting statements
    • Orders
    • Bank account statements
    • Handover protocols

and many others.

PDF analysis:
Identify counterfeit PDF documents

The falsification of application documents, salary statements, bank statements, and electricity bills is now practiced worldwide. In the course of their daily work, our PDF forensic experts have found numerous PDF forgeries, mainly in the form of assessments or certificates.

In practice, this means that PDF files are not nearly as secure as is generally assumed.

Especially during an application process and when outsourcing contracts, the relevant documents should be checked in detail for authenticity and accuracy; otherwise, there is a risk of irreparable damage. Our PDF forensics is a sensible and comparatively inexpensive solution for ruling out document falsification and application fraud from the outset.

When is it worthwhile to have a PDF checked?

PDF analysis can be important in a variety of areas. For example, the experts at corma frequently examine invoice documents for insurance companies in order to prevent attempts at fraud. In another case, the business partner of a client had submitted a fake BWA (financial transaction analysis). During the forensic PDF analysis by corma, it was discovered that the file had been assembled from various images. One image per scanned page is normally expected (if OCR is not used), but we found 4–5 images per page—a clear indication that the PDF was manipulated or falsified.

If you want to know exactly

    1. what kinds of documents or records you have received from your business partner
    2. whether these files are genuine or have been manipulated

then you should contact us now. We are at your disposal at +49 2163 349 00 80 or via our form.

Detect manipulated PDFs:
Business contracts, documents, invoices

corma’s aim is to protect your organization against document falsification, application fraud, and the risky situations associated with these. Our service for identifying forged PDF files helps you detect whether your business environment contains false or manipulated documents.
We proactively protect your company against application fraud, falsified contracts, and other criminal activities. Our PDF analyses are a simple and economical solution.

The PDF analyses created in this context can, of course, also be used as evidence in legal proceedings. We are happy to help you analyze PDF documents of all kinds and to verify the information contained therein.

The workflow for identifying forged PDF documents is as follows:

  • Completion of documentation in a way that can be used in court
  • Creation of a forensic copy, including MD 5 hash, of each file
  • Visual inspection of the files for anomalies
  • PDF metadata analysis
  • Source identification
  • PDF analysis:
    • Safety features
    • Internal data
    • Embedded pictures
    • Textual content
    • Text analysis
    • PDF standards
  • Forensic investigation of all file components
  • Extraction and forensic examination of embedded images
  • Check of source and stream data
  • Identification and comparison with reference material, if available (e.g. PDF from the same source)
  • Analysis of RDF / XMP data
  • Check for private metadata, hidden images, or hidden text
  • Determination of whether the document has been modified subsequent to the creation date
  • Writing of a detailed investigation report

In the first step, we check the authenticity of the PDF file and its origin. Then we analyze the individual components of the document and carefully check the source code of the PDF. Often, changes by external programs can already be detected here—for example, the insertion of screenshots with signatures or stamps from other documents. As an illustration, here is an example with 21 (!) inserted images:


If the file had actually been just a scanned document saved as a PDF, only three images would be expected here.

Below is another (anonymized) example. In this case, there are 19 image files in a scanned three-page PDF document:

pdf forensic corma gmbh

Assessment of PDF files:
corma, the leading expert for PDF analysis

PDF forensics is a complex workflow that involves a variety of analysis steps and software tools. This specialized field of document verification requires meticulous manual investigative work and extensive technical know-how.

One-time PDF analysis at a fixed price

Our PDF forensics specialists will perform a unique, professional PDF analysis for you. The offer includes the analysis of a PDF file for 390 EUR (incl. VAT). The following restrictions apply:

  • 10 pages per PDF document
  • 10 MB of data in size

You will receive the results of the PDF analysis approximately 10 days after receipt of payment.

Scan multiple PDF documents & larger files

Do you suspect that several PDF documents are fraudulent documents or falsified certificates? No problem. For larger documents or several files, we will be happy to provide you with individualized pricing.

We are there for you when it comes to detecting manipulated PDFs and preventing damage to your company.

Send us an e-mail, use our online form, or