How does HTPBE determine whether a PDF was modified?

HTPBE analyzes four layers of evidence: metadata (creation and modification timestamps, creator/producer applications), file structure (incremental update sections, cross-reference tables), digital signatures (presence, validity, post-signature modifications), and embedded content (JavaScript, hidden file attachments).

What you see is one of three results: Intact (no modification detected), Modified (modification detected), or Cannot Verify (the PDF was created with consumer software such as Microsoft Word, LibreOffice, or a print-to-PDF driver). The detailed metadata and findings on the result page explain the reasoning behind each outcome.

What are the file size limits for PDF checking?

Can the PDF authenticity checker detect all types of modifications?

How does HTPBE determine whether a PDF was modified?

Related Questions

Can the PDF authenticity checker detect all types of modifications?

How long does PDF analysis take?

What is PDF metadata and why does it matter for authenticity?

How does HTPBE determine whether a PDF was modified?

Related Questions

Can the PDF authenticity checker detect all types of modifications?

How long does PDF analysis take?

What is PDF metadata and why does it matter for authenticity?