Data concealment and detection in Microsoft Office 2007 files

Bora Park, Jungheum Park, Sangjin Lee

Research output: Contribution to journalArticle

27 Citations (Scopus)

Abstract

As more offenders attempt to conceal incriminating data or stolen information, it is important for forensic examiners and computer security professionals to know where to look for concealed information. This paper demonstrates how data concealment in Microsoft Office 2007 files is possible. The Office Open XML (OOXML) format forms the basis of Microsoft Office 2007, and an individual can use OOXML to define customized parts, relationships, or both within a Microsoft Office 2007 file to store and conceal information. Fortunately for digital investigators, such concealed data can be detected by looking for the existence of unknown parts or relationships.

Original languageEnglish
Pages (from-to)104-114
Number of pages11
JournalDigital Investigation
Volume5
Issue number3-4
DOIs
Publication statusPublished - 2009 Mar

Keywords

  • Data concealment
  • Hidden data detection
  • Microsoft Office 2007 file
  • OOXML
  • Unknown part
  • Unknown relationship

ASJC Scopus subject areas

  • Pathology and Forensic Medicine
  • Information Systems
  • Computer Science Applications
  • Medical Laboratory Technology
  • Law

Fingerprint Dive into the research topics of 'Data concealment and detection in Microsoft Office 2007 files'. Together they form a unique fingerprint.

  • Cite this