A tool for the detection of hidden data in microsoft compound document file format

Hyukdon Kwon, Kim Yeog, Lee Sangjin, Lim Jongin

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    7 Citations (Scopus)

    Abstract

    For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.

    Original languageEnglish
    Title of host publicationProceedings of the International Conference on Information Science and Security, ICISS 2008
    PublisherIEEE Computer Society
    Pages141-146
    Number of pages6
    ISBN (Print)076953080X, 9780769530802
    DOIs
    Publication statusPublished - 2008
    EventInternational Conference on Information Science and Security, ICISS 2008 - Seoul, Korea, Republic of
    Duration: 2008 Jan 102008 Jan 12

    Publication series

    NameProceedings of the International Conference on Information Science and Security, ICISS 2008

    Other

    OtherInternational Conference on Information Science and Security, ICISS 2008
    Country/TerritoryKorea, Republic of
    CitySeoul
    Period08/1/1008/1/12

    ASJC Scopus subject areas

    • General Computer Science
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'A tool for the detection of hidden data in microsoft compound document file format'. Together they form a unique fingerprint.

    Cite this