Digital Forensics
Due Tuesday, January 21

Assignment 1: First Look at Windows Steganography

Your assignment is to analyze the file at examine.docx. When you try to read it into Office, Office should complain that it is corrupt but should also offer to "fix" it.

Investigate the structure of docx files (and other post-2007 Office files) in general. Once you understand how they are structured, you should be able to view the structure of this file.

Your analysis of "examine.docx" should include three things:

1) A description of post-2007 Office file structure (hint, there is an official Microsoft name for this file structure, but that name doesn't tell the whole story.)

2) The complete contents of examine.docx

3) What appears to be anomalous with respect to examine.docx as compared to a standard .docx file.

I would recommend doing your analysis on a Linux/Unix machine of some sort. They tend to be less opaque than Windows machines.

Please turn in your write-up at the beginning of class on Tuesday, January 21.