Taking advantages of a disadvantage: Digital forensics and steganography using document metadata

被引:49
作者
Castiglione, Aniello [1 ]
De Santis, A.
Soriente, C.
机构
[1] Univ Salerno, Dipartimento Informat & Applicaz RM Capocelli, I-84084 Salerno, Italy
[2] Univ Calif Irvine, Bren Sch Informat & Comp Sci, Dept Comp Sci, Irvine, CA 92697 USA
关键词
computer forensics; digital forensics; document metadata; information leakage; steganography;
D O I
10.1016/j.jss.2006.07.006
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
All the information contained in a plain-text document are visible to everybody. On the other hand, compound documents using opaque formats, like Microsoft Compound Document File Format, may contain undisclosed data such as authors name, organizational information of users involved, previously deleted text, machine related information, and much more. Those information could be exploited by third party for illegal purposes. Computer users are unaware of the problem and, even though the Internet offers several tools to clean hidden data from documents, they are not widespread. Furthermore, there is only one paper about this problem in scientific literature, but there is no detailed analysis. In this paper we fill the gap, analyzing the problem with its causes and then we show how to take advantage of this issue: we show how hidden data may be extracted to gain evidence in forensic environment where even a small piece of information may be relevant and we also introduce a new stegosystem especially designed for Microsoft Office documents. We developed FTA, a tool to improve forensic analysis of Microsoft Office documents, and StegOle, another tool that implements a new stegosystem for Microsoft Office documents. This is the first scientific paper to address the problem from both a steganographic and a forensic point of view. (c) 2006 Elsevier Inc. All rights reserved.
引用
收藏
页码:750 / 764
页数:15
相关论文
共 49 条
[1]   On the limits of steganography [J].
Anderson, RJ ;
Petitcolas, FAP .
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 1998, 16 (04) :474-481
[2]   How to sanitize data [J].
Bishop, M ;
Bhumiratana, B ;
Crawford, R ;
Levitt, K .
THIRTEENTH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS, 2004, :217-222
[3]  
BOURNE V, 2005, RISK SHARING
[4]  
BUCHHOLZ F, 2004, J DIGITAL INVESTIGAT, V1, P298
[5]   Information leakage caused by hidden data in published documents [J].
Byers, S .
IEEE SECURITY & PRIVACY, 2004, 2 (02) :23-27
[6]  
CACHIN C, 2005, ENCY CRYPTOGRAPHY SE, P129
[7]  
Casey E., 2002, Handbook of computer crime investigation forensic tools and technology
[8]  
Casey Eoghan., 2004, DIGITAL EVIDENCE COM, V2nd
[9]  
*CYPH MAIL LIST, 2000, M CIR INC
[10]  
*DATATEK ENG, 2004, FOR TOOLKIT