PDF Forensic Check
HTPBE.tech is an online tool that performs a forensic check on PDF documents and tells you whether a PDF has been edited (yes/no). Five layers of analysis. Results in seconds.
Used by finance teams, HR departments, legal professionals, and compliance officers to verify document authenticity.
What the Forensic Analysis Covers
Every PDF carries hidden evidence of its history. Here is what to look for.
Metadata layer — timestamps and application fingerprints
Creation date, modification date, creator application, and producer application are extracted and cross-referenced. Inconsistencies between these fields indicate the document was processed after creation.
Structure layer — revision history in the file
The internal architecture of the PDF is examined for incremental update sections and cross-reference table count. Each additional revision layer represents a post-creation edit.
Signature layer — digital certificate integrity
The analysis checks for the presence, validity, and integrity of digital signatures — including whether a signature was removed from the document after it was applied.
Content layer — embedded executable content
The document is scanned for embedded JavaScript, hidden file attachments, and other content that may indicate malicious modification or security risk.
The Easy Way: Use HTPBE
All checks run automatically in seconds — no technical knowledge required.
Upload any PDF
Drop the document on the checker at htpbe.tech — up to 10 MB.
Five-layer forensic analysis
All layers — metadata, structure, signatures, content, risk scoring — run simultaneously in under 5 seconds.
Receive the forensic report
A risk score (0–100), confidence level, binary verdict (edited/not edited), and a plain-language list of specific findings.
Frequently Asked Questions
What does a forensic PDF check include?
HTPBE's analysis covers five layers: metadata (timestamps and application names), structure (incremental update sections and cross-reference tables), signatures (digital certificates and removal detection), content (embedded JavaScript and file attachments), and an overall risk score with confidence level.
How is this different from just checking PDF metadata?
Metadata is only one layer. HTPBE also examines the file's internal structure for revision history, checks for removed or invalidated digital signatures, and scans for embedded executable content. Metadata alone can be spoofed — structural analysis provides additional evidence that is harder to fake.
Can I use HTPBE results as legal evidence?
No. HTPBE provides a preliminary technical assessment for informational purposes. Legal proceedings require qualified forensic experts who can produce court-admissible analysis and testimony.
Is forensic PDF analysis 100% accurate?
No automated tool provides 100% certainty. HTPBE detects structural and metadata evidence of modification. Deliberate sophisticated forgeries may evade detection. The tool is designed to catch the most common real-world editing methods reliably.