Accession Number : ADA549420

Title :   New XML-Based Files: Implications for Forensics

Descriptive Note : Journal article


Personal Author(s) : Garfinkel, Simson L ; Migletz, James J

Full Text :

Report Date : Apr 2009

Pagination or Media Count : 8

Abstract : For more than 20 years, programs such as Microsoft Word have stored their documents in binary file formats. That s changing as Microsoft, Sun Microsystems, and other developers migrate to new XML-based formats for document files. Document files are of critical interest to forensic practitioners because of the data they contain; they re also a rich topic for forensic research. Although most investigations concern themselves solely with a document s surface content, some examinations dive deeper, examining the metadata or deleted material that s still present in the file. Investigators can, for instance, use metadata to identify individuals potentially responsible for unauthorized !le modi!cation, establish text plagiarization, or even indicate falsification of evidence. Unfortunately, metadata can also be modified to implicate innocent people and the ease of modifying these new files means that it s far easier to make malicious modifications that are dfficult (if not impossible) to detect. With so many aspects to consider, we present a forensic analysis of the two rival XML-based of- !ce document !le formats: the Oce Open XML (OOX) that Microsoft adopted for its Oce software suite and the OpenDocument Format (ODF) used by Sun s OpenOce software. We detail how forensic tools can exploit features in these !le formats and show how these formats could cause problems for forensic practitioners. For additional information on the development and increased use of these two !le formats, see the Background sidebar.


Subject Categories : Information Science

Distribution Statement : APPROVED FOR PUBLIC RELEASE