FOCA is a tool that analyzes documents and extracts metadata, hidden information, and lost data that can be used to discover details about an organization's network structure and information systems. It uses metadata analysis and techniques like DNS records analysis, web crawling, and digital certificates to map internal servers, users, groups, file shares, and other details. The latest version of FOCA incorporates additional network discovery capabilities like DNS cache snooping to detect internal software and vulnerabilities. It provides automated and customizable reporting of findings to help security teams identify risks from information leakage.

1. FOCA 2.5.5Chema Alonso

2. What’s a FOCA?

3. FOCA on Linux?

4. FOCA + Wine

5. Previously on FOCA….

6. FOCA 0.X

7. A documentisWhatyousee…And whatyoudon´tTemplatepathsUsersworked in it.Departments.File & Printing ServersVersionHistoryEmbedded files…

8. What kind of data can be found?Metadata:Information stored to give information about the document.For example: Creator, Organization, etc..Hidden information:Information internally stored by programs and not editable.For example: Template paths, Printers, db structure, etc…Lost data:Information which is in documents due to human mistakes or negligence, because it was not intended to be there.For example: Links to internal servers, data hidden by format, etc…

9. MetadataMetadata LifecycleWrongmanagementBadformatconversionUnsecureoptionsWrongmanagementBadformatconversionUnsecureoptionsNew appsorprogramversionsSearchenginesSpidersDatabasesEmbeddedfilesHiddeninfoLost DataEmbeddedfiles

10. MetadataRisks“Secret” relationshipsGovernment & companiesCompanies & providersPiracy discoveryReputationSocial engineering attacksTargeting Malware

11. 2003 – MS Word bytes Tony Blair

12. Targeting Malware

13. Targeting Malware

14. Electing the entry point

15. Why you should be using FS

16. Linux installation guide

17. Social Engineering Attack

18. Metadatacreatedby Google

19. Lost Data

20. Lost data everywhere

21. Metadata in SearchEngines

22. Pictureswith GPS info..EXIFREADERhttp://www.takenet.or.jp/~ryuuji/

23. Even Videos withusers…http://video.techrepublic.com.com/2422-14075_11-207247.html

24. And of course, printedtxt

25. OLE StreamsIn MS Office binaryformat filesStoreinformationaboutthe OSAre notcleanedwiththese ToolsFOCA findsthisinfo

26. FOCA: File types supportedOffice documents:

27. Open Office documents.

28. MS Office documents.

29. PDF Documents.

30. XMP.

31. EPS Documents.

32. Graphic documents.

33. EXIFF.

34. XMP.

35. Adobe Indesign, SVG, SVGZ (NEW)What can be found? Users:

36. Creators.

37. Modifiers .

38. Users in paths.

39. C:\Documents and settings\jfoo\myfile

40. /home/johnnyf

41. Operating systems.

42. Printers.

43. Local and remote.

44. Paths.

45. Local and remote.

46. Network info.

47. Shared Printers.

48. Shared Folders.

49. ACLS.

50. Internal Servers.

51. NetBIOS Name.

52. Domain Name.

53. IP Address.

54. Database structures.

55. Table names.

56. Colum names.

57. Devices info.

58. Mobiles.

59. Photo cameras.

60. Private Info.

61. Personal data.

62. History of use.

63. Software versions.Demo:Single files

64. Sample: FBI.govTotal: 4841 files

65. Are theycleaned?

66. FOCA 1 v. RC3Fingerprinting Organizations with Collected Archives

67. Search for documents in Google and Bing

68. Automatic file downloading

69. Capable of extracting Metadata, hidden info and lost data

70. Cluster information

71. Analyzes the info to fingerprint the network.Metadata tracing

72. AlternativeDomains

73. AlternativeDomains

74. Sample: Printer info found in odf files returned by Google

75. Types of Engineers

76. DNS Prediction

77. Google Sets Prediction

78. IP Scanning

79. Manually-added Data

81. Demo:Mda.mil

82. What’s new in FOCA 2.5?Network Discovery

83. Recursivealgorithm