暂无分享,去创建一个
In recent years, as electronic files include personal records and business activities, these files can be used as important evidences in a digital forensic investigation process. In general, the data that can be verified using its own application programs is largely used in the investigation of document files. However, in the case of the PDF file that has been largely used at the present time, certain data, which include the data before some modifications, exist in electronic document files unintentionally. Because such residual information may present the writing process of a file, it can be usefully used in a forensic viewpoint. This paper introduces why the residual information is stored inside the PDF file and explains a way to extract the information. In addition, we demonstrate the attributes of PDF files can be used to hide data.
[1] Xueqi Cheng,et al. Data Hiding in a Kind of PDF Texts for Secret Communication , 2007, Int. J. Netw. Secur..
[2] Sangjin Lee,et al. Forensic investigation of Microsoft PowerPoint files , 2009, Digit. Investig..
[3] Matthew Ryan Davis,et al. Faith in the Format : Unintentional Data Hiding in PDFs , 2008 .