exiftool is the ffmpeg of metadata tools, a billion options (most of which you'll never even comprehend exist), decent guides if you look hard enough for them, and will most likely copy commands from a website into your terminal to use this utility (hopefully this guide makes it so you don't have to do that as much.)
Before diving in, much like that last metadata guide I did on mat2, don't trust what I do completely for inputting commands if the data you're working on is of vital importance to you or someone else, make a backup (3, 2, 1 rule if it's that serious please.) before you continue reading. But if you don't care about what you do to the data you're working on, go right ahead and continue!
[NOTE] exiftool.org/examples.html is a really solid website which probably has all of the information query commands you would ever want to know with nice little descriptions based on what you want to enter given the little html buttons. This site is awesome for this and I won't gatekeep this information and just pick out what I think is useful from the manual, this course intends to give you a jumping point and throw the kitchen sink of resources your way to go further, I don't know who you are and you may need this tool for a different purpose than what I outline, so to cover all my bases, it's there. Also read the manual, or learn to read it. I mention how you can learn to read and navigate man-pages in the mat2 section ("man man")
Additionally, if you are reading the man-pages and are wondering to yourself, "Hmm, I want to see the tags with their ID's, but I don't know where the heck 'Image::Exiftool::TagNames(3pm)' even is! Well, fear not. All you have to do read these pages, much like man 7 man to read the 7'th page of the man manual as an example, you can do man 3pm Image::Exiftool::TagNames to see the tag information and any other pages that you might want with this format."
Final warning, back up the data you're running exiftool on if it is of importance to you. Once you get the hang of it, then you can get a little less cautious.. But I didn't tell you that. Safety first!
exiftool is available in most debian repositories and can probably be installed using the command:
sudo apt install exiftool
This is probably going to get really rambly, and will 1000% be updated as I read this massive man-page more and more, but before I go into the tagging system I'd like to acknowledge how insanely packed this utility is with features you'll probably never use, it's awesome.
As far as the tagging system goes, from what I can see so far, if you run the man command above to show the image tags, you'll eventually stumble upon a massive list(s) with the table in the format of the following:
This page contains probably every Exif, IPTC, XMP, GPS, GeoTiff, PLUS, ICC_Profile, PrintIM, Photoshop, Apple, NikonSettings, Canon, CanonCustom, CanonVRD, Casio, DJI, FLIR, FujiFilm, GE, HP, JVC, Kodak, Leaf, etc, etc, (I haven't made it past 35% of the man-page yet by the way) tag you will ever have the possibility of seeing in your lifetime and the lifetime of everyone else on planet Earth until the heat death of the universe.
The entire tag page for this utility is 30k+ lines long (and that's just the tag page), it's insane when you look at the Author section of the man-page and see a single name. Phil Harvey.
So appreciate the author, if you ever make it in forensics and have some money to spend, donate some of it to him at exiftool.org
Now, after you've comprehended how bananas this tool is for metadata extraction, I'll show you how to utilize the unique tags for viewing metadata.
If you want to read specific exif sections on a file, you can do the following:
exiftool -s -Make -Orientation <yourfile>
Notice how I specified the tags in title case as shown in the 3pm Image::Exiftool::TagNames man-page under EXIF Tags. I'm making this clear to you because the formatting is different from the internal tags used compared to what gets shown to you on standard output in the terminal, namely tags involving spaces. In the above command, -s means shorten output (and -S means remove whitespace!) you don't need these options, as long as you specify those tags, It'll show those tags.
To view most of the metadata with exiftool, we can use the command:
exiftool -a -u -g1 <yourfile>
this pulls a lot of the metadata in the file, but does not pull all of it for performance reasons, if you want to pull absolutely everything exiftool can get from the file, you can run the following:
exiftool -a -u -g1 -ee3 -api RequestAll=3 <yourfile>
Would you like to output your metadata in HTML, JSON, XML, a PHP array, or even add it to a csv file? Well do I have something for you! -j for json, -h for html, -X for XML, -php for php, and -csv >$(pwd)/<yourcsv> to output the meta into a csv! (if you don't know what $(pwd) does, then look it up, it shouldn't be too hard to figure out. I'd love to refer you to my linux course, but sadly. It's not made.... Yet.... Maybe.)
Much like reading the metadata using exiftool, to write to specific tags they need to be specified, from reading the manual I can see that the important writing modes are "-", "+", and "=". Just specify the specific tag you want to edit using the specific tag you want with a tag in front of it and the specific operation you want to do with that tag after it.
exiftool -Comment="Hello there, this is a metadata test!" <CoolFile>
exiftool -Comment-="Hello there, this is a metadata test!" <CoolFile>
exiftool -createdate+=8 <yourfile>
If you look through the man-page where all the tags are listed (find the command at the top of the page), you can also find larger metatags which when used can modify multiple elements at the same time, meaning that for example you could add all the IFD0 tags to a file at the same time. This functionality should be 99% of what you need for the basic tasks of writing or editing metadata to a file for plain forensic lab purposes.
I almost forgot the most important part, you can remove all metadata from a file like:
exiftool -all= <yourfile>
Now that's something I don't think you can do with mat2, exiftool is able to rip the metadata out of a file and put it into another, you can do so like this:
exiftool -tagsfromfile <yourfile_1> <yourfile_2>
This will copy all of the metadata out of the first file and write it to the second file. In the manual examples page it also states how you can copy certain metadata tags individually from one file to another, it's kind of hard to find though so I will add an example of how to do it below:
exiftool -TagsFromFile <yourfile_1> -CommonIFD0 <yourfile_2>
exiftool is such a massive utility that I obviously won't be able to cover everything it can do, but hopefully the exiftool.org forums and the man-pages will be enough for you to find what you need if it wasn't outlined here, but if you're doing forensics what I've written here is probably all you'll need for reading metadata for an investigation.
Let's have a little throw back to 2012 when this fun image showed up on a little web forum back in the day. It has the metadata and GPS location in it still (Cartwheel76 and Zubes, thank you!). To complete this challenge, follow these guidelines (or don't, figure something else out that solidifies all this learning!)
sudo apt install gpg
gpg BKFLAG.gpg4) Modify the phone model to a different model of phone (or just say something funny or mess with the cat photo's metadata in whatever way you want)