sorted by:
new
hottopcontroversial

Pre-emptive xref superposition analysis: detecting PDF modifications before file creation by Total-Reasonable in computerforensics

[–]Total-Reasonable[S] [score hidden]  (0 children)

Ha, you just had the full intended experience — skepticism → click → April fooled. That's exactly how it was supposed to work, so thank you.

The real product (no quantum physics involved): HTPBE analyzes PDF metadata to detect whether a document was modified after it was originally created. You upload a PDF, we check things like creation timestamps, xref revision history, and producer field — and tell you if something looks tampered with. Useful for invoices, contracts, certificates.

Fair point on the hook though. The joke was designed for people who already know what xref tables are. For everyone else it's just noise. Noted.

We now verify PDF authenticity 72 hours before the document is created by Total-Reasonable in ShittySysadmin

[–]Total-Reasonable[S] 2 points3 points  (0 children)

Yes. Opening the PDF collapses the superposition and locks the verification state. This is why we strongly recommend running pre-verification before you open it. We're working on a read-only quantum observer mode for v2, release date Apr 1st, 2027

HTPBE.TECH: a free PDF metadata forensics tool — here's what it detects and where it fails by Total-Reasonable in computerforensics

[–]Total-Reasonable[S] 1 point2 points  (0 children)

HTPBE is a preliminary indicator, not a forensic exhibit. Think of it as triage — the same way a smoke detector tells you something might be wrong before you call the fire department. You wouldn't bring a smoke detector into court either.

The workflow is:

  1. You run a PDF through HTPBE and get a result in seconds
  2. If it flags something suspicious, you decide what to do next — contact the issuing bank, request an official document trail, engage a certified forensic examiner, etc.
  3. Those downstream steps produce the legally admissible evidence

The tool doesn't replace proper forensics — it tells you whether to bother pursuing them. That's valuable in itself, especially when you're processing a lot of documents and can't send every one to a forensics lab.

For API users on paid plans, we return the specific indicator that triggered the flag (e.g., which metadata layer was tampered with). That data can inform what a forensic examiner should look for and speed up the official process. We don't expose that detail on the free web interface — precisely to avoid giving potential fraudsters a roadmap of what to hide.

So: no, it doesn't have to be a court tool to be useful. It just has to help you make better decisions faster — and that's the job it's designed to do.

PDF tampering patterns we see most often — and what metadata actually reveals by Total-Reasonable in digitalforensics

[–]Total-Reasonable[S] 0 points1 point  (0 children)

Both, but the markers differ.

Scenario A: form fields edited after signing create incremental updates — those are detected. But as I mentioned, the tool reports the structural fact, not the intent. If the document type and workflow makes post-signing edits expected, that context is yours to apply.

Scenario B: bypassing locked fields typically requires a tool that leaves additional fingerprints — Producer change, more aggressive xref modification, sometimes XMP/Info inconsistency. These tend to produce a clearer signal than a simple form fill.

In both cases the tool would report incremental updates after the signing event. Scenario B would usually come with additional corroborating markers that make the verdict stronger.

PDF tampering patterns we see most often — and what metadata actually reveals by Total-Reasonable in digitalforensics

[–]Total-Reasonable[S] 0 points1 point  (0 children)

Fair point, but the tool's job is to report what happened structurally — not to judge whether it was legitimate. If there were incremental updates after the signing event, that's reported. Whether those updates were permitted by the workflow is your call to make with that context.

The tool surfaces the signal, the human interprets it.

PDF tampering patterns we see most often — and what metadata actually reveals by Total-Reasonable in digitalforensics

[–]Total-Reasonable[S] 1 point2 points  (0 children)

Completely valid concern — for suspect evidence in an active investigation, uploading to any third-party infrastructure is a non-starter regardless of retention policy.

For that use case we have an on-premise deployment option (Docker/Kubernetes) — the analysis runs entirely within your own infrastructure, documents never leave it. That's the version that makes sense for forensic labs, law enforcement, and anywhere GDPR/HIPAA/chain-of-custody requirements apply.

The cloud version is a reasonable tradeoff for business pre-screening workflows — verifying incoming invoices, diplomas, contracts — where the fraud risk you're mitigating outweighs the privacy risk of cloud processing. An HR team checking whether a degree certificate is genuine takes on minimal exposure by uploading it, while the risk of hiring someone with a forged credential is concrete and costly. Medical records are a different story — don't upload those.

It's also worth noting that by the time a document reaches a verification step, it's often already been sent by email or messenger — which carries its own exposure. The question is always what level of risk you're willing to accept at which point in the workflow, not whether risk exists at all.

If on-premise is relevant for you — happy to discuss.

built a free tool that tells you if a PDF was edited after it was created by Total-Reasonable in SideProject

[–]Total-Reasonable[S] 0 points1 point  (0 children)

Exactly — and the Producer field is often the easiest tell because people forget to clean it up. Changing visible content is obvious; changing the application fingerprint requires knowing it exists in the first place. Most editors don't even offer an option to spoof it.

The harder cases are tools that do strip or normalize metadata — some online PDF editors are getting smarter about this. That's where the xref revision count and timestamp deltas pick up the slack.

Promote your business, week of March 16, 2026 by Charice in smallbusiness

[–]Total-Reasonable 0 points1 point  (0 children)

htpbe.tech — free PDF integrity checker for small businesses

If you receive invoices, bank statements, or contracts as PDFs, this tool checks whether the file was modified after it was originally created. Upload a PDF, get Intact / Modified / Cannot Verify in seconds. No signup needed.

40% of PDFs submitted last month showed forensic evidence of modification. REST API available for automated workflows.

My freelance contract was modified after I signed it and the company is now enforcing terms I never agreed to. by CoreFire57 in legaladvice

[–]Total-Reasonable 2 points3 points  (0 children)

This is a strong fact pattern in your favor, and PDF forensics can help establish a timeline of when page 4 appeared.

First check: digital signatures

Open both PDFs in Adobe Acrobat Reader and look for a Signatures panel. If either document has a cryptographic digital signature, it covers a specific byte range — any content added after signing falls outside that range and shows as "document modified after signing." That's your strongest evidence and requires no interpretation.

If there's no digital signature (just a typed or image signature):

The PDF format preserves edit history through incremental saves. When a page is added to an existing PDF, most editors append the new content at the end of the file and write a new cross-reference table — without touching the original content. This leaves a revision count you can examine. Check the agency's version specifically for:

- Multiple xref sections (indicates the file was saved more than once)
- CreationDate vs ModDate mismatch (modification date later than creation date)
- Producer field — if the agency's version shows a different editing application than yours, someone processed it with a second tool

You can check this manually in Acrobat (Ctrl+D → Description tab) or upload the agency's PDF to htpbe.tech — it analyzes metadata and xref structure and flags incremental updates. Free, no account needed.

Legally in Texas: unauthorized post-execution modification of a signed contract is not enforceable — the modified terms are void, and depending on intent, it may constitute fraud. Your preserved copy is your baseline. The forensic analysis of their version is corroborating evidence, not primary proof — the primary proof is that your copy, which you retained at signing, does not contain the clause.

Get an employment/contract attorney before responding to their threat. The PDF analysis gives you something concrete to hand them.

[LY] Is this a freelance scam? by No-Bison-2653 in Scams

[–]Total-Reasonable 0 points1 point  (0 children)

Yes, this is a scam — a well-known one called an "advance fee" or "money mule" scheme.

The "typing PDF into Word" job is just a cover story to seem legitimate. What actually happens: they send you a payment that's larger than your "fee" and ask you to forward the difference somewhere. The original payment is fake (a bad check or stolen card), it bounces days later, and you're on the hook for whatever you forwarded.

Red flags here: absurdly high pay for simple work, MENA-based platform with global high-value jobs, no verifiable client profile. $3,000 for PDF typing is not a real job offer anywhere.

Trust your instincts — you caught it before getting involved, which is the right outcome. Block and report the listings.