A tool for the detection of hidden data in microsoft compound document file format

Hyukdon Kwon; Kim Yeog; Lee Sangjin; Lim Jongin

doi:10.1109/ICISS.2008.19

A tool for the detection of hidden data in microsoft compound document file format

Hyukdon Kwon, Kim Yeog, Lee Sangjin, Lim Jongin

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.

Original language	English
Title of host publication	Proceedings of the International Conference on Information Science and Security, ICISS 2008
Publisher	IEEE Computer Society
Pages	141-146
Number of pages	6
ISBN (Print)	076953080X, 9780769530802
DOIs	https://doi.org/10.1109/ICISS.2008.19
Publication status	Published - 2008
Event	International Conference on Information Science and Security, ICISS 2008 - Seoul, Korea, Republic of Duration: 2008 Jan 10 → 2008 Jan 12

Publication series

Name	Proceedings of the International Conference on Information Science and Security, ICISS 2008

Other

Other	International Conference on Information Science and Security, ICISS 2008
Country/Territory	Korea, Republic of
City	Seoul
Period	08/1/10 → 08/1/12

ASJC Scopus subject areas

Computer Science(all)
Computer Networks and Communications

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/ICISS.2008.19

Cite this

Kwon, H., Yeog, K., Sangjin, L., & Jongin, L. (2008). A tool for the detection of hidden data in microsoft compound document file format. In Proceedings of the International Conference on Information Science and Security, ICISS 2008 (pp. 141-146). Article 4438224 (Proceedings of the International Conference on Information Science and Security, ICISS 2008). IEEE Computer Society. https://doi.org/10.1109/ICISS.2008.19

A tool for the detection of hidden data in microsoft compound document file format. / Kwon, Hyukdon; Yeog, Kim; Sangjin, Lee et al.
Proceedings of the International Conference on Information Science and Security, ICISS 2008. IEEE Computer Society, 2008. p. 141-146 4438224 (Proceedings of the International Conference on Information Science and Security, ICISS 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kwon, H, Yeog, K, Sangjin, L & Jongin, L 2008, A tool for the detection of hidden data in microsoft compound document file format. in Proceedings of the International Conference on Information Science and Security, ICISS 2008., 4438224, Proceedings of the International Conference on Information Science and Security, ICISS 2008, IEEE Computer Society, pp. 141-146, International Conference on Information Science and Security, ICISS 2008, Seoul, Korea, Republic of, 08/1/10. https://doi.org/10.1109/ICISS.2008.19

Kwon H, Yeog K, Sangjin L , Jongin L. A tool for the detection of hidden data in microsoft compound document file format. In Proceedings of the International Conference on Information Science and Security, ICISS 2008. IEEE Computer Society. 2008. p. 141-146. 4438224. (Proceedings of the International Conference on Information Science and Security, ICISS 2008). doi: 10.1109/ICISS.2008.19

@inproceedings{49380debaa584fa0ae1e01ad088976ed,

title = "A tool for the detection of hidden data in microsoft compound document file format",

abstract = "For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ({"}DOCdetector{"}) to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.",

author = "Hyukdon Kwon and Kim Yeog and Lee Sangjin and Lim Jongin",

year = "2008",

doi = "10.1109/ICISS.2008.19",

language = "English",

isbn = "076953080X",

series = "Proceedings of the International Conference on Information Science and Security, ICISS 2008",

publisher = "IEEE Computer Society",

pages = "141--146",

booktitle = "Proceedings of the International Conference on Information Science and Security, ICISS 2008",

note = "International Conference on Information Science and Security, ICISS 2008 ; Conference date: 10-01-2008 Through 12-01-2008",

}

TY - GEN

T1 - A tool for the detection of hidden data in microsoft compound document file format

AU - Kwon, Hyukdon

AU - Yeog, Kim

AU - Sangjin, Lee

AU - Jongin, Lim

PY - 2008

Y1 - 2008

N2 - For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.

AB - For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.

UR - http://www.scopus.com/inward/record.url?scp=48349100694&partnerID=8YFLogxK

U2 - 10.1109/ICISS.2008.19

DO - 10.1109/ICISS.2008.19

M3 - Conference contribution

AN - SCOPUS:48349100694

SN - 076953080X

SN - 9780769530802

T3 - Proceedings of the International Conference on Information Science and Security, ICISS 2008

SP - 141

EP - 146

BT - Proceedings of the International Conference on Information Science and Security, ICISS 2008

PB - IEEE Computer Society

T2 - International Conference on Information Science and Security, ICISS 2008

Y2 - 10 January 2008 through 12 January 2008

ER -

A tool for the detection of hidden data in microsoft compound document file format

Abstract

Publication series

Other

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this