PDF Forensics: Identifying Fake PDF Documents

Why should you know that it is possible to detect forged PDF documents? In the business world, PDF files are used for many different purposes. For instance, they act as proof for transactions, contracts, or as a stand-in for paper documents. But it is a widely spread misconception that PDF files cannot be digitally altered and are therefore tamper-proof. Digitally signing documents provides more security, but this practice is only rarely used. Examination of possibly phoney PDFs is part of our daily investigative work.

Need Immediate Help?
Use our “Code Red” service! Get immediate help from an investigation team you can count on.

Detect Manipulated and Modified PDF Documents

In fact, there are many possibilities to alter a PDF file. For example, it is entirely possible to manipulate the analog original by cutting pieces out, gluing them together and scanning the product afterward. But of course, the PDFs can also be altered using an image editing software or free office software tools. Even the original software to create PDF files allows several ways of retroactively editing the files. The bottom line is: PDFs are much less secure than the average person thinks.
In the course of our pre-employment screenings, we found many fake PDF documents. These are often forged certificates or assessments.


Supporting Investigations through PDF Forensics

PDF Forensic corma GmbH

Making sure a PDF file is real can be important in several areas.
For instance, corma’s experts can examine invoice documents for insurance companies or bills to detect cases of warranty fraud.
We are often contracted to investigate suspicious PDF documents as part of corporate security investigations.

In another case, a business partner of a client submitted a phoney “BWA” PDF document (financial business analysis). With the forensic investigation of the PDF file by corma, it was determined that the file was composed of different images. One expects one image per scanned page, but we found 4-5 images per page. If you are interested to know if we can detect forged PDF documents in your special case, please contact us!

This information plus evidence from the documents metadata made it very clear: it was clearly not a correct scan of the original document. This document was manipulated. See the image with a snapshot from the investigation.

The corma Approach to Detect Forged PDF documents

If you’re interested in PDF forensics, our experienced corma investigators can help you. We developed a special workflow for these cases:
  • Documentation in a manner that will stand up in court
  • Forensic copy & MD 5 hash for all files
  • Visual examination of the file to detect anomalies
  • Review and analyse document metadata
  • Source detection
  • Forensic examination of the components
  • Extract images from PDF
  • Forensic examination of these images
  • Examination of source / stream data
  • Identify reference material (PDF from same source)
  • Analyse RDF / XMP data
  • Examine and compare reference material
  • Detailed report about the results

PDF forensics is a complex workflow of several steps with a number of professional tools. It is manual investigative work, not performed by just using a single software tool.
For further information or a proposal, please do not hesitate to contact us at +49 2163 – 349 00 80. Or, use our  . We will answer you right away!

How can we help you?

Want to discuss a confidential matter in more detail?
Need a private investigator in Germany or Europe?

Get in touch and we’ll work out a free tailor-made proposal for you.