By Topic

Extraction of Residual Information in the Microsoft PowerPoint file from the Viewpoint of Digital Forensics considering PerCom Environment

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
JungHeum Park ; Center for Inf. Security Technol., Korea Univ., Seoul ; Bora Park ; SangJin Lee ; SeokHie Hong
more authors

Electronic documents made by some application (e.g. Microsoft PowerPoint application) have traces of work like editing, and these traces exist in the format of electronic documents. In digital forensic investigation, examiners have failed to notice traces of past work. It is because of that the traces of the past work cannot be identified by its application easily. However, identifying traces of the past work is important for digital forensic investigation because this data can be essential information which is created by culprit's intention not appeared in electronic document. This paper focuses on analyzing the Microsoft PowerPoint application (version 97 ~ 2003) which has the feature that it has traces of past work. In case of Microsoft PowerPoint file, it is possible to identify traces of past work by analyzing saving algorithm of application. To detect the traces automatically, PRIX (PPT residual information extractor) tool is developed.

Published in:

Pervasive Computing and Communications, 2008. PerCom 2008. Sixth Annual IEEE International Conference on

Date of Conference:

17-21 March 2008