Data leak prevention (DLP) solutions are capable of inspecting incoming and outgoing traffic to detect and prevent potential data leaks. One type of DLP solution includes removing sensitive, private, and/or traceable information from metadata fields in the files. Removing such information helps to protect potentially sensitive information as well remove “hidden” data that may have been included in the files' metadata fields.
Although a DLP solution can remove or overwrite data contained in metadata fields of a file, there are other ways in which a data leak can occur. One such case involves Portable Document Format (PDF) files that are re-encoded to conceal hidden information in the body of the document using a null space coding steganographic technique. As PDF files are a widely-used format for corporate environments, as well as for individuals, they provide an ideal communication channel for cybercriminals.