Nicole Haywood <N.Haywoodat_private> writes: > BTW thanks everyone for their suggestions. And yes the windows strings > utility came in very handy, as I didn't have access to unix to examine > files. > > For those that are interested I am investigating a case of academic > misconduct. Basically two students handed in the same assignment, and one > is claiming the other student stole it, so I was trying to work out if > there was any evidence in the word document itself which might indicate > which student is telling the truth. Um. There are a multiplicity of ways in which the contents of one .doc file could've wound up in the other; someone could've cut & paste the content, or exported it via RTF and converted it back, in which case the metadata from the *destination* installation of Word would be present, and that metadata only. Hence, if can miss a positive. One thing that comes to mind is that if `quick save' is enabled, you get edits appended after the body text - ie it's no longer a bulk all-in- one-place linear thing. You could tell if that was different between the two docs, although I'm not sure that's any use for checking if it's been copied. I think that nothing can be gained by going via `strings' that couldn't have been seen by looking at the doc in Word itself to check properties and author information, and by running a complete print-out and looking for areas of extreme similarity or obvious duplication. ~Tim -- They did a dance called America |pigletat_private They danced it round |http://spodzone.org.uk/ And waited at the turns | ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 10:59:04 PDT