A tool for the detection of hidden data in microsoft compound document file format

Hyukdon Kwon, Kim Yeog, Sangjin Lee, Jong In Lim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.

Original languageEnglish
Title of host publicationProceedings of the International Conference on Information Science and Security, ICISS 2008
Pages141-146
Number of pages6
DOIs
Publication statusPublished - 2007 Dec 1
EventInternational Conference on Information Science and Security, ICISS 2008 - Seoul, Korea, Republic of
Duration: 2008 Jan 102008 Jan 12

Other

OtherInternational Conference on Information Science and Security, ICISS 2008
CountryKorea, Republic of
CitySeoul
Period08/1/1008/1/12

Fingerprint

Application programming interfaces (API)
Internet
Digital forensics

ASJC Scopus subject areas

  • Computer Science(all)
  • Computer Networks and Communications

Cite this

Kwon, H., Yeog, K., Lee, S., & Lim, J. I. (2007). A tool for the detection of hidden data in microsoft compound document file format. In Proceedings of the International Conference on Information Science and Security, ICISS 2008 (pp. 141-146). [4438224] https://doi.org/10.1109/ICISS.2008.19

A tool for the detection of hidden data in microsoft compound document file format. / Kwon, Hyukdon; Yeog, Kim; Lee, Sangjin; Lim, Jong In.

Proceedings of the International Conference on Information Science and Security, ICISS 2008. 2007. p. 141-146 4438224.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kwon, H, Yeog, K, Lee, S & Lim, JI 2007, A tool for the detection of hidden data in microsoft compound document file format. in Proceedings of the International Conference on Information Science and Security, ICISS 2008., 4438224, pp. 141-146, International Conference on Information Science and Security, ICISS 2008, Seoul, Korea, Republic of, 08/1/10. https://doi.org/10.1109/ICISS.2008.19
Kwon H, Yeog K, Lee S, Lim JI. A tool for the detection of hidden data in microsoft compound document file format. In Proceedings of the International Conference on Information Science and Security, ICISS 2008. 2007. p. 141-146. 4438224 https://doi.org/10.1109/ICISS.2008.19
Kwon, Hyukdon ; Yeog, Kim ; Lee, Sangjin ; Lim, Jong In. / A tool for the detection of hidden data in microsoft compound document file format. Proceedings of the International Conference on Information Science and Security, ICISS 2008. 2007. pp. 141-146
@inproceedings{49380debaa584fa0ae1e01ad088976ed,
title = "A tool for the detection of hidden data in microsoft compound document file format",
abstract = "For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ({"}DOCdetector{"}) to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.",
author = "Hyukdon Kwon and Kim Yeog and Sangjin Lee and Lim, {Jong In}",
year = "2007",
month = "12",
day = "1",
doi = "10.1109/ICISS.2008.19",
language = "English",
isbn = "076953080X",
pages = "141--146",
booktitle = "Proceedings of the International Conference on Information Science and Security, ICISS 2008",

}

TY - GEN

T1 - A tool for the detection of hidden data in microsoft compound document file format

AU - Kwon, Hyukdon

AU - Yeog, Kim

AU - Lee, Sangjin

AU - Lim, Jong In

PY - 2007/12/1

Y1 - 2007/12/1

N2 - For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.

AB - For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.

UR - http://www.scopus.com/inward/record.url?scp=48349100694&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=48349100694&partnerID=8YFLogxK

U2 - 10.1109/ICISS.2008.19

DO - 10.1109/ICISS.2008.19

M3 - Conference contribution

AN - SCOPUS:48349100694

SN - 076953080X

SN - 9780769530802

SP - 141

EP - 146

BT - Proceedings of the International Conference on Information Science and Security, ICISS 2008

ER -