Are you redacting PDF documents properly?

There was recently another news story about a PDF document not being redacted properly. As a result, sensitive information leaked out. We’ve covered this topic before, but we’ll cover it from a different angle this time…


PDF files can be created from a number of applications. If you intend to publish the document publicly, you should pay careful attention to potentially hidden content – especially when redacting.In the recent incident, Adobe products were not used to create the PDF (as verified by the Application: tag as well as PDF Producer: tag in the published PDF). Further, the publisher did not remove the sensitive content from the document, they simply visually covered it up. This still left the data inside the document, subject to copy & paste, as well as search. example: This is not proper redaction!.

If you would like to examine any PDF file, produced by any application, for sensitive content – Adobe Acrobat has a great feature called “Examine Document”. It’s under the Document menu item:ExamineDocument.pngWhen that process runs, it looks for hidden data that may not be visible. In this case, it found hidden text on 5 pages.ExamineDocumentResults.pngThe “Show preview” item will then show the hidden text in context of the visible text.HiddenTextSample.pngAdobe Acrobat also includes native redaction capabilities that allow you to mark and then permanently extract sensitive information from a document.For more commentary on the subject, check out my recent interview with Focus Washington below.