Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Physical Sciences and Mathematics
Forensic And Anti-Forensic Techniques For Object Linking And Embedding 2 (Ole2)-Formatted Documents, Jason M. Daniels
Forensic And Anti-Forensic Techniques For Object Linking And Embedding 2 (Ole2)-Formatted Documents, Jason M. Daniels
All Graduate Theses and Dissertations, Spring 1920 to Summer 2023
Common office documents provide significant opportunity for forensic and anti-forensic work. The Object Linking and Embedding 2 (OLE2) specification used primarily by Microsoft’s Office Suite contains unused or dead space regions that can be over written to hide covert channels of communication. This thesis describes a technique to detect those covert channels and also describes a different method of encoding that lowers the probability of detection.
The algorithm developed, called OleDetection, is based on the use of kurtosis and byte frequency distribution statistics to accurately identify OLE2 documents with covert channels. OleDetection is able to correctly identify 99.97 percent of …