• DocumentCode
    2860655
  • Title

    A Tool for the Detection of Hidden Data in Microsoft Compound Document File Format

  • Author

    Kwon, Hyukdon ; Kim, Yeog ; Lee, Sangjin ; Lim, Jongin

  • Author_Institution
    Korea Univ., Seoul
  • fYear
    2008
  • fDate
    10-12 Jan. 2008
  • Firstpage
    141
  • Lastpage
    146
  • Abstract
    For digital forensic investigators, files that use Microsoft compound document file format (MCDFF) present a problem: It is easy to hide information in MCDFF but hard to detect hidden data in them. Using an application downloaded from the Internet and Win32 API (Application programming interface), it is possible for a criminal to hide information in MCDFF which might be important to an investigation. Prior to our research, no tool existed to detect data hidden in MCDFF, making analysis of MCDFF for investigations a difficult process. This paper presents an analysis of MCDFF features exploited in order to hide data and a tool ("DOCdetector") to detect hidden data using these exploits. Studying methods used to hide data in unused space and inserted streams led us to develop DOCdetector tool to aid in the detection and examination of hidden data.
  • Keywords
    data encapsulation; security of data; Internet; Microsoft compound document file format; Win32 API; application programming interface; digital forensic investigator; hidden data detection; Computer crime; Cryptography; Data security; Digital forensics; Information management; Information science; Information security; Internet; Paper technology; Steganography;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Science and Security, 2008. ICISS. International Conference on
  • Conference_Location
    Seoul
  • Print_ISBN
    978-0-7695-3080-2
  • Type

    conf

  • DOI
    10.1109/ICISS.2008.19
  • Filename
    4438224
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2860655