Data concealment and detection in Microsoft Office 2007 files

  • Authors:

  • Bora Park;Jungheum Park;Sangjin Lee

  • Affiliations:

  • Center for Information Security Technologies (CIST), Korea University, Anam-Dong, Seonbuk-Gu, Seoul, Republic of Korea;Center for Information Security Technologies (CIST), Korea University, Anam-Dong, Seonbuk-Gu, Seoul, Republic of Korea;Center for Information Security Technologies (CIST), Korea University, Anam-Dong, Seonbuk-Gu, Seoul, Republic of Korea

  • Venue:
  • Digital Investigation: The International Journal of Digital Forensics & Incident Response
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.