Taking advantages of a disadvantage: Digital forensics and steganography using document metadata

Journal of Systems and Software

Volumn 80, Issue 5, 2007, Pages 750-764

  Castiglione, A ^a   De Santis, A ^a   Soriente, C ^b  

^a UNIVERSITY OF SALERNO   (Italy)

^b Irvine   (United States)

Author keywords

Computer forensics; Digital forensics; Document metadata; Information leakage; Steganography

Indexed keywords

INFORMATION ANALYSIS; INFORMATION RETRIEVAL SYSTEMS; INTERNET; METADATA; PROBLEM SOLVING;

COMPUTER FORENSICS; DIGITAL FORENSICS; DOCUMENT METADATA; INFORMATION LEAKAGE; STEGANOGRAPHY;

SECURITY SYSTEMS;

EID: 33847656645     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2006.07.006     Document Type: Article

References (49)

1. Anderson R.J., and Petitcolas F.A.P. On the limits of steganography. IEEE J. Select. Areas Commun. 16 4 (1998) 474-481
2. Bishop, M., Bhumiratana, B., Crawford, R., Levitt, K., June 2004. How to sanitize data. In: Proceedings of 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'04). pp. 217-222.
3. Bourne, V., January 2005. The risk of sharing. Available from: .
4. Buchholz F., and Spafford E. On the role of file system metadata in digital forensics. J. Digital Invest. 1 December (2004) 298-309
5. Byers S. Information leakage caused by hidden data in published documents. IEEE Security Privacy 2 2 (2004) 23-27
6. Cachin, C., 2005. Digital steganography. In: Encyclopedia of Cryptography and Security. pp. 129-168.
7. Calipari Incident at Wikipedia Online Encyclopedia, May 2005. The Calipari Incident. Available from: .
8. Casey E. Handbook of Computer Crime Investigation (2002), Academic Press, San Diego, CA
9. Casey E. Digital Evidence and Computer Crime. second ed. (2004), Academic Press, San Diego, CA
10. Cypherpunks mailing list, October 2000. The Mike Ciresi Incident. Available from: .
11. DataTek Engineering, 2004. The Forensic ToolKit. Available from: .
12. Davis Wright Tremaine LLP, October 2005. Privacy and Security Law Blog: The New Dictionary is Here ... Available from: .
13. Dornseif, M., December 2004. Far more than you ever wanted to tell - hidden data in document formats. Available from: .
14. Farmer, D., Venema, W., 2004. The Coroner's Toolkit. Available from: .
15. Free Software Foundation, June 2005. GNU binutils. Available from: .
16. Garfinkel S., and Shelat A. Remembrance of Data Passed: A Study of Disk Sanitization Practices. IEEE Security and Privacy 1 1 (2003) 17-27 January/February
17. Guidance Software, 2005. Encase forensic software. Available from: .
18. Gutmann, P., July 1996. Secure Deletion of Data from Magnetic and Solid-State Memory. In: Proceedings of the Sixth Usenix Security Symposium. pp. 77-90.
19. Kessler G.C. An overview of steganography for the computer forensics examiner. J. Forensic Sci. Commun. - Federal Bureau Invest. 6 3 (2004). http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm Available from:
20. Kraft, M.S., Kennedy, P.D., Lesser, P.E., 2004. Ezclean. Available from: .
21. McCarthy, K., May 2005. The Calipari/Sgrena Incident. Available from: .
22. Microsoft Corporation, 1999. OLE Concepts and Requirements Overview. Available from: .
23. Microsoft Corporation, 2004a. Remove hidden data tool. Available from: .
24. Microsoft Corporation, 2004b. Remove personal or hidden information. Available from: .
25. National Institute of Standards and Technology (NIST), November 2001. Advanced Encryption Standard (AES) (FIPS PUB 197). Available from: .
26. National Institute of Standards and Technology (NIST), March 2002a. The Keyed-Hash Message Authentication Code (HMAC) (FIPS PUB 198). Available from: .
27. National Institute of Standards and Technology (NIST), August 2002b. The Secure Hash Signature Standard (SHS) (FIPS PUB 180-2). Available from: .
28. OpenDocument Format, January 2006. The OpenDocument format. Available from: .
29. Pang, R., Paxson, V., August 2003. A high-level programming environment for packet trace anonymization and transformation. In: Proceedings of the ACM SIGCOMM 2003. pp. 339-351.
30. Payne Group, 2005. Metadata Assistant. Available from: .
31. Peuhkuri, M., November 2001. A method to compress and anonymize packet traces. In: Proceedings of the ACM SIGCOMM Internet Measurement Workshop '01. pp. 257-261.
32. Provos N., and Honeyman P. Hide and seek: an introduction to steganography. IEEE Security and Privacy 1 3 (2003) 32-44
33. Rentz, D., September 2004. Microsoft Compound Document File Format. Available from: .
34. Roelofs, G., Gailly, J.L., 2004. Compression library. Available from: .
35. Rogers M., and Seigfried K. The future of computer forensics: a needs analysis survey. Computers and Security 23 1 (2004) 12-16
36. RSA Lab., March 1999. PKCS #5 v2.0: Password-Based Cryptography Standard.
37. Sadeghi, A.R., Stuble, C., April 2004. Taming Trusted Platforms by Operating System Design. Lecture Notes in Computer Science, 2908, pp. 286-302.
38. Schwartz, M., 2004. LAOLA. Available from: .
39. Sinofsky, S., June 2005. Microsoft Makes XML the File Format for the Next Version of Microsoft Office. Available from: .
40. Smith, R.M., June 2003. Blair's Iraq Dossier. Available from: .
41. Smith, R., 2004. Word Dumper. Available from: .
42. Soft Experience, 2005. Catalogue. Available from: .
43. StegoArchive, January 2006. Available from: .
44. Telematics between Administrations Committee (TAC) of the European Community, June 2004. European public sector advised to use open document formats. Available from: .
45. US Department of Defense, 1995. Cleaning and Sanitization Matrix. DOD 5220.22-M.
46. US National Security Agency, December 2005. Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF. Available from: .
47. Workshare, 2005. Trace. Available from: .
48. Xu, J., Fan, J., Ammar, M., Moon, S.B., November 2001. On the design and performance of prefix preserving IP traffic trace anonymization. In: Proceedings of the ACM SIGCOMM Internet Measurement Workshop '01. pp. 263-266.
49. Zalewski M. Silence on the Wire - A field Guide to Passive Reconnaissance and Indirect Attacks (2005), No Starch Press, San Francisco, CA. Available from: