Corpus ID: 114536074

Forensic Analysis of OOXML Documents

  title={Forensic Analysis of OOXML Documents},
  author={Espen Didriksen},
  • Espen Didriksen
  • Published 2014
  • Engineering
  • Microsoft Office 2007 and subsequent versions use an XML-based file format called Office Open XML (OOXML) for storing documents, spreadsheets and presentations. OOXML documents are often collected in forensic investigations, and is considered one of the main sources of evidence by the National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway (Norwegian: Økokrim). OOXML documents are zipped file containers which upon extraction reveals a file structure… CONTINUE READING


    Publications referenced by this paper.
    Forensic investigation of OOXML format documents
    • 22
    • Highly Influential
    On the role of file system metadata in digital forensics
    • 83
    • Highly Influential
    • Open Access
    Lessons learned writing digital forensics tools and managing a 30TB digital evidence corpus
    • 41
    • Open Access
    Digital forensic research: current state of the art
    • 88
    • Open Access
    New XML-Based Files Implications for Forensics
    • 29
    • Highly Influential
    • Open Access
    Qualitative Analysis Techniques for the Review of the Literature
    • 339
    • Open Access
    Timestamp evidence correlation by model based clock hypothesis testing
    • 28
    OOXML File Analysis of the July 22nd Terrorist Manual
    • 3
    • Highly Influential
    • Open Access
    Methods for Visual Understanding of Hierarchical System Structures
    • 1,170
    • Open Access
    Practical Research: Planning and Design
    • 9,301
    • Highly Influential
    • Open Access