I was reading the article below about how the police caught the BTK killer and the following information about the metadata embedded in the file intrigued me.
Bind, Torture, Kill: The BTK Investigation
If I create a MS word document on my PC how can I access this “metadata” to see what it says?
Communicating with the Killer
With guidance from the FBI’s Behavioral Analysis Unit, the task force implemented a carefully crafted plan to open a dialogue with BTK. The police responded to communications from BTK using media releases designed to keep the killer communicating—albeit unknowingly—with investigators. The strategy paid off.
In January 2005 BTK left a cereal box containing a message to the police in the back of a pickup truck belonging to a Home Depot employee. In the message he wrote:
Can I communicate with Floppy and not be traced to computer. Be honest. Under miscellaneous Section, 494, (Rex, it will be OK), run it for a few days in case I’m out of town-etc. I will try a floppy for a test run some time in the near future—February or March. 3216912.
Investigators acted quickly and responded by placing a classified ad in the Eagle. The ad read: “Rex, it will be ok, Contact me PO box 1st four ref. Number at 67202.”
DNA and Computer Forensics
The computer disk BTK sent to the department was turned over to a detective assigned to the Computer Crimes Section. The examination of the disk located a valid file labeled “Test A.RTF.” The file contained a message: “This is a test. See 3x5 Card for details on communication with me in the newspaper.” The message referred to a card that was also included in the package sent to the television station.
Additional investigation showed the disk was opened in computers at the Christ Lutheran Church and Park City Community Public Library. The file document had been created on February 10, modified on the February 14, and printed that same day. It has been revised four times and was last saved by user “Dennis.”
Most of the information from the disk was found in its properties domain. Such information is automatically written by the software and is based on software registration information and the identity of the user logged on at the time of the activity on the document. After locating the name “Dennis” and “Christ Lutheran Church” in the properties domain of the RTF document, the detective conducted a Google search on the Internet. Through a hit on the site for the Christ Lutheran Church, he found a link to people associated with the church. In that list the detective found the name “Dennis Rader” listed as the president of the congregation. Dennis Rader, a Park City compliance officer, then became the primary suspect in the BTK investigation.
Do you write .docx files? If so, they’re pretty much a zipped folder of the document and a host of .xml files. You can open those in a text browser. You can even change some of the data in there (“some,” because all I’ve ever had to change was comment and change attribution to our corporate rather than freelancer names).
Which version of Word? In Word 2010, it’s File -> Info, and in Word 2003 (from memory) I think it’s File -> Properties
And in, I think it’s Word 2007, click on the big Windows/Word logo in the upper left corner, then “Prepare”; you can check for, or edit, metadata and properties.