[KSCI] Korea Science Citation Index Service

Digital Forensics of Microsoft Office 2007-2013 Documents to Prevent Covert Communication

Fu, Zhangjie (College of Computer and Software & Jiangsu Engineering Center of Network Monitoring, Nanjing University of Information Science and Technology)
Sun, Xingming (College of Computer and Software & Jiangsu Engineering Center of Network Monitoring, Nanjing University of Information Science and Technology)
Xi, Jie (College of Computer and Software & Jiangsu Engineering Center of Network Monitoring, Nanjing University of Information Science and Technology)

Publication Information

Journal of Communications and Networks / v.17, no.5, 2015 , pp. 525-533 More about this Journal

Abstract

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

Keywords

Covert communication; digital forensics; Microsoft Office 2007-2013; OOXML format; security;

Citations & Related Records

Reference

1	G. Palmer, "A road map for digital forensic research," Tech. Rep. DTRT0010-01, DFRWS, 2001.
2	B. Carrier, "Defining digital forensic examination and analysis tools using abstraction layers," Int'l J. Digital Evidence, vol. 1, no. 4, pp. 1-12, 2003.
3	J. Li et al., "Segmentation-based image copy-move forgery detection scheme," IEEE Trans. Inf. Forensics Security, vol. 10, no. 3, pp. 507-518, Mar. 2015. DOI
4	Z. Pan, Y. Zhang, and S. Kwong, "Efficient motion and disparity estimation optimization for low complexity multiview video coding," IEEE Trans. Broadcast. (DOI: 10.1109/TBC.2015.2419824), 2015.
5	Microsoft Office Alternatives [Online]. Available: http://www.businessnewsdaily.com/5983-free-office-suites.html
6	G. Cantrell and D. D. Dampier, "Experiments in hiding data inside the file structure of common office documents: A steganography application," in Proc. Int. Symp. Inf. Commun. Technol., LasVegas, NV, USA, 2004, pp. 146-151.
7	A. Castiglione, A. De Santis, and C. Soriente, "Taking advantages of a disadvantage: Digital forensics and steganography using document metadata," J. Syst. Softw., no. 80, pp. 750-764, 2007. DOI
8	T. Y. Liu andW. H. Tsai, "A new steganographic method for data hiding in Microsoft word documents by a change tracking technique," IEEE Trans. Inf. Forensics Security, vol. 2, no. 1, pp. 24-30, 2007. DOI
9	J. Park, S. Lee, "Forensic investigation of Microsoft PowerPoint files," Digit. Investigation, vol. 6, no. 1-2, pp. 16-24, 2009. DOI
10	S. L. Garfinkel and J. Migletz, "The new XML office document files: Implications for forensics," IEEE Security Privacy, vol. 7, no. 2, pp. 1-13, 2009. DOI
11	B. Park, J. Park, and S. Lee, "Data concealment and detection in Microsoft Office 2007 files," Digit. Investigation, vol. 5, no. 3-4, pp. 104-114, 2009. DOI
12	Z. Fu et al., "Forensic investigation of OOXML format documents," Digit. Investigation, vol. 8, no. 1, pp. 48-55, 2011. DOI
13	Z. Fu et al., "Achieving efficient cloud search services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing," IEICE Trans. Commun., vol. E98-B, no. 1, pp. 190-200, 2015. DOI
14	Microsoft Word, [Online]. Available: http://en.wikipedia.org/wiki/Word_processor
15	M. A. Raffay, "Data hiding and detection in Office Open XML (OOXML) documents," University of Ontario Institute of Technology, 2011.
16	B. Gu et al., "Incremental support vector learning for ordinal regression," IEEE Trans. Neural Netw. Learn. Syst., (DOI: 10.1109/TNNLS.2014.2342533), 2015.
17	Z. Xia et al., "A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data," IEEE Trans. Parallel Distrib. Syst., 2015.
18	A. Castiglione, "Hiding information into OOXML documents: New steganographic perspectives," J. Wireless Mobile Netw., Ubiquitous Comput., Dependable Appl., vol. 2, no. 4, pp. 59-83, 2011. DOI