Data concealment and detection in Microsoft Office 2007 files

Bora Park, Jungheum Park, Sangjin Lee

Research output: Contribution to journalArticle

25 Citations (Scopus)

Abstract

As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

Original languageEnglish
Pages (from-to)104-114
Number of pages11
JournalDigital Investigation
Volume5
Issue number3-4
DOIs
Publication statusPublished - 2009 Mar 1

Fingerprint

Computer Security
XML
Research Personnel
Security of data
examiner
offender

Keywords

  • Data concealment
  • Hidden data detection
  • Microsoft Office 2007 file
  • OOXML
  • Unknown part
  • Unknown relationship

ASJC Scopus subject areas

  • Law
  • Computer Science Applications
  • Medical Laboratory Technology

Cite this

Data concealment and detection in Microsoft Office 2007 files. / Park, Bora; Park, Jungheum; Lee, Sangjin.

In: Digital Investigation, Vol. 5, No. 3-4, 01.03.2009, p. 104-114.

Research output: Contribution to journalArticle

Park, Bora ; Park, Jungheum ; Lee, Sangjin. / Data concealment and detection in Microsoft Office 2007 files. In: Digital Investigation. 2009 ; Vol. 5, No. 3-4. pp. 104-114.
@article{d7844e9bd5bb421bb90c6878b5d8c5f8,
title = "Data concealment and detection in Microsoft Office 2007 files",
abstract = "As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.",
keywords = "Data concealment, Hidden data detection, Microsoft Office 2007 file, OOXML, Unknown part, Unknown relationship",
author = "Bora Park and Jungheum Park and Sangjin Lee",
year = "2009",
month = "3",
day = "1",
doi = "10.1016/j.diin.2008.12.001",
language = "English",
volume = "5",
pages = "104--114",
journal = "Digital Investigation",
issn = "1742-2876",
publisher = "Elsevier Limited",
number = "3-4",

}

TY - JOUR

T1 - Data concealment and detection in Microsoft Office 2007 files

AU - Park, Bora

AU - Park, Jungheum

AU - Lee, Sangjin

PY - 2009/3/1

Y1 - 2009/3/1

N2 - As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

AB - As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

KW - Data concealment

KW - Hidden data detection

KW - Microsoft Office 2007 file

KW - OOXML

KW - Unknown part

KW - Unknown relationship

UR - http://www.scopus.com/inward/record.url?scp=60649094708&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=60649094708&partnerID=8YFLogxK

U2 - 10.1016/j.diin.2008.12.001

DO - 10.1016/j.diin.2008.12.001

M3 - Article

AN - SCOPUS:60649094708

VL - 5

SP - 104

EP - 114

JO - Digital Investigation

JF - Digital Investigation

SN - 1742-2876

IS - 3-4

ER -