Quick Note: Although I never messed with the headers / meta data, the contents of the file itself have minimal modification checks added to it such that if the file has bytes added or deleted [at least from the content fields], word will refuse to open it. If the file opens in word, then unless they know the structure of word files [does anyone?], you can at least have a 90% assurance that nothing was added or deleted to the file; however, they may have chosen to overwrite parts of the file [i.e. replacing], but that's another story. I guess the best way would be to try it yourself for the header fields, see if the same checks apply, that way you can have minimal assurances the file has not been quick tampered with. i.e. they would have to have done a little work to remove or alter header information for the file. nick ----- Original Message ----- From: "Seth Arnold" <sarnoldat_private> To: <forensicsat_private> Sent: Thursday, January 17, 2002 12:13 Subject: Re: Tracing MS Word documents ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 21 2002 - 06:02:16 PST