════════════════════════════════════════════════════════════════════════════════
The keel is the backbone of the ship, the lowest structural element, running prow to stern along the bottommost line of the hull. Every voyage deposits barnacles on it: mineral accretions, organic growth, layers of accumulated contact with the sea. Left unchecked, they slow the ship down and expose it. The solution was careening, hauling the vessel onto its side on a beach and scraping the hull raw. KEELHAUL does the same to your files. Every piece of identifying information that attached itself during creation, editing, and transit, GPS coordinates, author fields, revision trails, device fingerprints, software signatures, scraped off. The file goes back in the water clean.
Files are not neutral objects. The moment a document is created, the operating system and the application begin attaching information to it: author identity, software version, creation timestamp, edit history, device model, revision count. In the case of images, GPS coordinates precise enough to locate the room you were standing in. None of this is visible to anyone reading the file. All of it is visible to anyone reading the file with a forensic tool, or a basic metadata viewer.
KEELHAUL was built for two distinct threat scenarios that both trace to the same root cause: files that carry more information than their contents alone.
The first scenario is publication. A photo published to the press that still contains GPS metadata. A PDF released under a pseudonym with the author's legal name in the document properties. A source document shared with the wrong party because no one checked what the revision history contained. KEELHAUL strips all of it before the file leaves the machine, every EXIF field, every XMP tag, every IPTC record, every embedded thumbnail and revision trail, and hands you a clean copy confirmed by hash comparison.
The second scenario is handover. A device being turned over to legal counsel. A document being submitted to a counterparty. Equipment being surplused. The question in this scenario is not what the file contains. It is what the file's metadata and structure reveal about how it was made, who made it, what machine it lived on, and what the document looked like at earlier stages. KEELHAUL deep-sanitizes document structure, not just surface properties. Revision history, track changes, embedded thumbnails, hidden layers, embedded scripts, and all version artifacts are removed.
Both scenarios can also run in reverse. KEELHAUL scans files you receive for statistical anomalies consistent with steganographic encoding, hidden payloads embedded in carrier media. Before you open, forward, or store a file from an untrusted source, you know what it is actually carrying.
The file surfaces clean. What you do with it from there is your operation.
────────────────────────────────────────────────────────────────────────────────
PROTOCOL 01: METADATA EXPOSURE
THREAT ▸ File published or shared publicly. Embedded metadata reveals GPS location, author identity, device model, or creation environment.
KEELHAUL strips all embedded metadata standards, EXIF, XMP, IPTC, ICC profiles, from every target file before it leaves the machine. GPS coordinates, author fields, software signatures, device identifiers, and creation timestamps are scraped entirely. Output is a clean copy with hash-verified content integrity. Your identity is not in the file.
PROTOCOL 02: DOCUMENT HANDOVER
THREAT ▸ File or device turned over to a third party. Revision history, track changes, embedded thumbnails, and version artifacts remain inside the document structure.
KEELHAUL deep-sanitizes the document structure, not just surface properties. Track Changes markup, comment threads, version history, embedded preview thumbnails, hidden PDF layers, embedded scripts, and edit trails are purged entirely. What remains is the visible final state of the document with no forensic record of how it got there.
PROTOCOL 03: CONCEALED PAYLOAD
THREAT ▸ File received from an untrusted source. May contain a hidden payload embedded in the carrier media.
KEELHAUL performs statistical analysis on image, audio, and video files for anomalies consistent with steganographic encoding: LSB substitution, DCT coefficient manipulation, palette modification. Files that pass are confirmed clean. Files that trigger anomaly thresholds are flagged before you open, forward, or store them.
────────────────────────────────────────────────────────────────────────────────
NIST CERTIFIED — THE SAME STACK FEDERAL AGENCIES ARE CURRENTLY SCRAMBLING TO ADOPT
STANDARDCERTIFICATIONCLASSIFICATIONOPERATIONAL DETAIL
Full Metadata CoverageEXIF 2.3 / XMP 1.0 / IPTC IIMFULL STRIPComprehensive removal across all major embedded metadata standards: EXIF 2.3, XMP 1.0, IPTC IIM, ICC profiles, GPS tags (including altitude, speed, and bearing), author fields, software signatures, and device identifiers. No standard excluded.
In-Memory ProcessingNo temp file writesZERO DISK EXPOSURESanitized output is never staged through the OS temporary directory. Files are processed in heap memory and written directly to the designated output path. No intermediate plaintext representation touches the filesystem.
SHA-256 Integrity VerificationNIST FIPS 180-4CONTENT INTEGRITYClean copy mode computes SHA-256 hashes of source and sanitized output to confirm that visible content is identical and only metadata has been removed. Mismatch aborts the operation and raises an error.
Steganalysis EngineLSB / DCT / Palette AnalysisPAYLOAD DETECTIONStatistical analysis across three steganographic encoding domains: LSB substitution (pixel-level), DCT coefficient manipulation (JPEG frequency domain), and palette index modification. Anomaly scores above threshold trigger a flag with a confidence level and the encoding method suspected.
No Network CallsFully OfflineAIR-GAP SAFEAll sanitization, scanning, and analysis runs entirely on-device. No cloud processing, no external metadata lookup services, no telemetry. Safe for air-gapped environments.
────────────────────────────────────────────────────────────────────────────────
EXIF / XMP / IPTC strip: removes all embedded metadata standards from images (JPEG, PNG, TIFF, HEIC, WebP, RAW formats); GPS coordinates, altitude, device model, software version, and all identifying tags removed
PDF deep sanitization: strips hidden layers, embedded JavaScript, form field history, revision history, embedded fonts carrying author data, digital signature artifacts, and document property fields; outputs a clean flat PDF
Document property scrub: removes author, company, revision number, total editing time, last-saved-by field, and template references from Word, Excel, PowerPoint, Pages, Numbers, and Keynote files
Revision history purge: eliminates Track Changes markup, comment threads, version history, and edit trails from document formats; the output contains only the final visible state
Embedded thumbnail removal: Office and image applications embed small previews that can contain earlier document states; KEELHAUL detects and destroys all embedded preview artifacts
Software signature scrub: removes application version strings and software identifiers from file headers and structure
Identifier scrub: scans text files and source code for embedded developer paths, machine names, usernames, and environment variables baked in during authoring or build
Steganography scan: statistical analysis of image, audio, and video files for anomalies consistent with LSB substitution, DCT coefficient manipulation, and palette modification; flags suspicious carrier files before forwarding or storage
Metadata audit: inspect any file before sanitizing; receive a complete inventory of every metadata field present and what it reveals about the author, machine, and editing history
Clean copy mode: sanitized output written to a new file; original preserved; SHA-256 hash comparison confirms content integrity before and after
Destructive mode: sanitization applied in-place with optional cryptographic shred of the original after the clean copy is confirmed
Batch sanitize: drop an entire folder; KEELHAUL recursively processes every file and delivers clean copies to a designated output directory in one operation
────────────────────────────────────────────────────────────────────────────────
⚠ Single-operator license. Not for redistribution. Clean copy mode preserves originals. Verify output before destroying source files. No warranty expressed or implied.
════════════════════════════════════════════════════════════════════════════════
ACQUISITION_COST: $34.99 USD
SECURE PAYMENT VIA STRIPE · INSTANT DIGITAL DELIVERY · VERIFIED PRIVATEERS ONLY