This lines up with something I’ve also seen a lot — most failures aren’t clever reconstruction attacks, they’re just leftover text layers or metadata that never got removed.

I took a simpler approach and built a small browser-only audit tool that just answers one question: is this PDF still leaking extractable content at all?

It doesn’t try to unredact or guess text, just flags whether text layers, hidden characters, or metadata are still present so you know whether the redaction actually worked.

https://audit.reactpdf.app

Curious if you’ve run into cases where PDFs look clean at the layer/metadata level but still leak via other mechanisms.

If you’ve ever had to prove which dollars in a drained bank account belong to you vs. a spouse, you’ve run into the Lowest Intermediate Balance Rule (LIBR). It’s a 50-year-old legal precedent (See v. See, 1966) that is a nightmare to calculate manually.

I’m a dev who got frustrated seeing forensic accountants charge $500/hr to do this in spreadsheets. So I built Exit Protocol to automate the forensic tracing and "impeachment" of financial lies.