Data concealment and detection in Microsoft Office 2007 files

    Research output: Contribution to journalArticlepeer-review

    31 Citations (Scopus)

    Abstract

    As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

    Original languageEnglish
    Pages (from-to)104-114
    Number of pages11
    JournalDigital Investigation
    Volume5
    Issue number3-4
    DOIs
    Publication statusPublished - 2009 Mar

    Bibliographical note

    Funding Information:
    This work was supported by the IT R&D program of MKE/IITA [2007-S019-02, Development of Digital Forensic System for Information Transparency].

    Keywords

    • Data concealment
    • Hidden data detection
    • Microsoft Office 2007 file
    • OOXML
    • Unknown part
    • Unknown relationship

    ASJC Scopus subject areas

    • Pathology and Forensic Medicine
    • Information Systems
    • Computer Science Applications
    • Medical Laboratory Technology
    • Law

    Fingerprint

    Dive into the research topics of 'Data concealment and detection in Microsoft Office 2007 files'. Together they form a unique fingerprint.

    Cite this