Data concealment and detection in Microsoft Office 2007 files

Bora Park; Jungheum Park; Sangjin Lee

doi:10.1016/j.diin.2008.12.001

Data concealment and detection in Microsoft Office 2007 files

Bora Park, Jungheum Park, Sangjin Lee

Research output: Contribution to journal › Article › peer-review

31 Citations (Scopus)

Abstract

As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

Original language	English
Pages (from-to)	104-114
Number of pages	11
Journal	Digital Investigation
Volume	5
Issue number	3-4
DOIs	https://doi.org/10.1016/j.diin.2008.12.001
Publication status	Published - 2009 Mar

Bibliographical note

Funding Information:
This work was supported by the IT R&D program of MKE/IITA [2007-S019-02, Development of Digital Forensic System for Information Transparency].

Keywords

Data concealment
Hidden data detection
Microsoft Office 2007 file
OOXML
Unknown part
Unknown relationship

ASJC Scopus subject areas

Pathology and Forensic Medicine
Information Systems
Computer Science Applications
Medical Laboratory Technology
Law

Access to Document

10.1016/j.diin.2008.12.001

Cite this

@article{d7844e9bd5bb421bb90c6878b5d8c5f8,

title = "Data concealment and detection in Microsoft Office 2007 files",

abstract = "As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.",

keywords = "Data concealment, Hidden data detection, Microsoft Office 2007 file, OOXML, Unknown part, Unknown relationship",

author = "Bora Park and Jungheum Park and Sangjin Lee",

note = "Funding Information: This work was supported by the IT R&D program of MKE/IITA [2007-S019-02, Development of Digital Forensic System for Information Transparency].",

year = "2009",

month = mar,

doi = "10.1016/j.diin.2008.12.001",

language = "English",

volume = "5",

pages = "104--114",

journal = "Digital Investigation",

issn = "1742-2876",

publisher = "Elsevier Ltd",

number = "3-4",

}

TY - JOUR

T1 - Data concealment and detection in Microsoft Office 2007 files

AU - Park, Bora

AU - Park, Jungheum

AU - Lee, Sangjin

N1 - Funding Information: This work was supported by the IT R&D program of MKE/IITA [2007-S019-02, Development of Digital Forensic System for Information Transparency].

PY - 2009/3

Y1 - 2009/3

N2 - As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

AB - As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

KW - Data concealment

KW - Hidden data detection

KW - Microsoft Office 2007 file

KW - OOXML

KW - Unknown part

KW - Unknown relationship

UR - http://www.scopus.com/inward/record.url?scp=60649094708&partnerID=8YFLogxK

U2 - 10.1016/j.diin.2008.12.001

DO - 10.1016/j.diin.2008.12.001

M3 - Article

AN - SCOPUS:60649094708

SN - 1742-2876

VL - 5

SP - 104

EP - 114

JO - Digital Investigation

JF - Digital Investigation

IS - 3-4

ER -

Data concealment and detection in Microsoft Office 2007 files

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this