Screenshot forensics


2390570910_09a697ffee_o One of the interesting thing I like to do when reading (security) blog posts, is to try to deduce details about the machine setup used. You can find some very interesting tidbits of information, like Sunbelt using Symantec AV on some of their machines.

A couple of current examples:

If you want to avoid exposing such details, try the following:

  • Crop the screenshot as much as possible. This has other advantages as well (smaller image size which leads to quicker display for example)
  • Remember that identification can be done in any number of ways:
    • Using prominent OS features (like the Mac OS X dock or the Windows start menu)
    • Using window “chrome” (title bar, frames, buttons on them, their color, etc)
    • Colors and fonts
    • Metadata in the image (if it was edited with Paint .NET for example, it is very probable that it happened on a Windows machine)
    • Never use “blur” or similar effects to hide information, since they can be reversed (given that they are completely deterministic)

If you are really paranoid, you might want to consider taking the screenshot on an entirely different OS (Haiku for example :-).

Got fun “screenshot archeology” findings? Share them in the comments!

Picture taken from DeusXFlorida’s photostream with permission.

, ,

One response to “Screenshot forensics”

  1. I did get caught like this when I included a screenshot in a paper commissioned by one vendor that clearly showed that I was using a different vendor's product on that particular laptop at that time. Happily, it was caught pre-production. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *