Data concealment and detection in Microsoft Office 2007 files

Research output: Contribution to journalArticlepeer-review

31 Citations (Scopus)

Abstract

As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

Original languageEnglish
Pages (from-to)104-114
Number of pages11
JournalDigital Investigation
Volume5
Issue number3-4
DOIs
Publication statusPublished - 2009 Mar

Bibliographical note

Funding Information:
This work was supported by the IT R&D program of MKE/IITA [2007-S019-02, Development of Digital Forensic System for Information Transparency].

Keywords

  • Data concealment
  • Hidden data detection
  • Microsoft Office 2007 file
  • OOXML
  • Unknown part
  • Unknown relationship

ASJC Scopus subject areas

  • Pathology and Forensic Medicine
  • Information Systems
  • Computer Science Applications
  • Medical Laboratory Technology
  • Law

Fingerprint

Dive into the research topics of 'Data concealment and detection in Microsoft Office 2007 files'. Together they form a unique fingerprint.

Cite this