Digital Forensics
Due Wednesday, February 7

Assignment 1: A very simple example of steganography

Your assignment is to analyze the file at examine.docx. If you try to read it into Office 2016, Office will likely complain that it is corrupt but should also offer to "fix" it. If you use a recent version of LibreOffice, it probably won't even complain; if you use an older one, it might not open at all.

Investigate the structure of docx files (and other post-2007 Office files) in general. Once you understand how they are structured, you should be able to view the structure of this file.

Your analysis of examine.docx should include three things:

1) A description of post-2007 Office file structure (hint, there is an official Microsoft name for this file structure, but that name doesn't tell the whole story.)

2) The complete contents of examine.docx

3) What appears to be anomalous with respect to examine.docx as compared to a standard .docx file.

I would recommend doing your analysis on a Linux/Unix machine; the linprog machines would be highly suitable for this. Linux machines tend to be less opaque than Windows machines, as we have mentioned many times in class.

Please turn in your write-up at the beginning of class on Wednesday, February 7.