For digital forensic investigators, files that use Microsoft Compound Document File Format (MCDFF) present a problem: It is easy to hide infonnation in MCDFF but hard to detect hidden data in them. Using an application downloaded from the internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted Streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.