Difference between pages "Template:Neutral" and "Word Document (DOCX)"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Document properties - core)
 
Line 1: Line 1:
<div style="border:1px solid #aaaaaa; color:#000000; text-align:center;">
+
DOCX is the file format for Microsoft Office 2007 and later.  
<table border="0" align="center"><tr><td>
+
[[Image:Ambox_content.png]]
+
</td><td>
+
'''This article needs to edited to a neutral point of view.'''
+
<br>
+
Further information might be found on the [[{{TALKPAGENAME}}|discussion page]].
+
</td></tr></table></div>
+
[[Category:Articles that need a neutral point of view]]
+
Comparison review of Data copy king and Ninja
+
  
The comparison table will help the potential customer to compare and make a choice with one single sight between Data copy king and Ninja duplicator.
+
DOCX should not be confused with [[DOC]], the format used by earlier versions of Microsoft Office.
+
  
Data copy king Ninja
+
= Container Format =
Review results
+
General
+
Picture
+
Time to market 2010 N/A
+
Price 1,998USD 1,590 USD
+
Drive connectivity  One to one One to one
+
Potable design  Stand-alone/potable Option
+
Drive capacity supported TB-level hard drives( up to 131072TB) Mostly target to small capacity hard drives
+
Drive supported IDE/SATA
+
RAID/external hard drive / SSD / flash storage media (USB, SD, CF, memory stick etc) with optional adaptor IDE/SATA
+
  
Duplication functions
+
DOCX is written in an XML format, which consists of a [[ZIP archive]] file containing [[XML]] and binaries. Content can be analysed without modification by unzipping the file (e.g. in WinZIP) and analysing the contents of the archive.
Coping rate 6.0GB/min 4GB/min
+
Test, wipe repair functions
+
Erasing transfer rate 6.6GB/min 2-5 GB/min
+
Data wiping Yes ⑧
+
Optional(charge $700 to forensic version with hdd test)
+
HDD test Yes Optional (charge $400 to ninja kaze together with data wiping)
+
Test without altering HDD data Yes No
+
Control the imaging process ⑤
+
Yes
+
Yes
+
  
Data recovery functions
+
The file _rels/.rels contains information about the structure of the document. It contains paths to the metadata information as well as the main XML document that contains the content of the document itself.
Bad sector repair ①
+
Yes No
+
Clicking noises handling ②
+
Yes
+
No
+
Physical read-only Yes Yes
+
Forensic functions
+
Access to HPA and doc hidden area Yes Yes
+
Smart drive reset/reboot
+
Yes
+
N/A⑨
+
  
Backdoor design ⑩
+
Metadata information are usually stored in the folder docProps.  Two or more XML files are stored inside that folder, app.xml that stores metadata information extracted from the Word application itself and core.xml that stores metadata from the document itself, such as the author name, last time it was printed, etc.
No N/A
+
verification CRC32 /SHA-256 CRC
+
Data erasing standard Yes with DoD--5220.22-M/PRC-- BMB21-2007⑥
+
No
+
  
DD image Available in upgrade No
+
Another folder contains the actual content of the document, in a Word document, or an .docx document the folder's name is word.  A XML file called document.xml is the main document, containing most of the content of the document itself.
MD5 hash calculation Available in upgrade No
+
Log auto generation Yes Yes
+
Log export and print Yes No
+
Others
+
Touch Screen User Interface Yes Yes
+
User authority⑦
+
three-level password No
+
Language English (Customized to other languages) Only English
+
Upgradable free lifelong software upgrade No
+
Technique support Free lifelong support Limited free support
+
Warranty One year with 3 year optional N/A
+
+
NOTE: Words in green refers to the distinguishing features of DCK
+
① Traditional disk imaging tools and methods are designed to deal with intact hard drives, not the unstable ones with bad sectors that are your stock-in-trade. Bad sector handling is capable of the patient Drives with stop responding, disks degrade or fail under intensive reading, valuable files remain locked in bad sectors.
+
② Hard drive suffered clicking noises, only if the patient drive is still recognized in the bios, Data copy king is able to clone 300% more data than other data image tools from the patient drive
+
③ Data loss due to accidental deletion, accidental format, file corruption, software bugs, file system corruption, viruses, etc
+
④ Automatically resets/reboots drives that become unresponsive to continue imaging process
+
⑤ Stop or continue the imaging process as you need
+
⑥ DOD—Department of Defense
+
PRC--the People's Republic of China
+
⑦ Three-level user password setting to secure the confidential data
+
⑧ YES – available
+
⑨ N/A—NOT Available
+
⑩ A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.
+
  
Info provided in the review comes from following two websites:
+
= Relationship to OOXML =
SalvationDATA Technology          http://www.salvationdata.com/data-recovery-equipment/data-copy-king.htm
+
  
Ninja                           
+
Office Open XML is an open XML standard developed by Microsoft for word processing documents, spreadsheets, presentations and charts. The OOXML standard was submitted to the ISO for approval.  After initially being rejected over technical concerns, the ISO approved a modified version as ISO/IEC 29500:2008. Microsoft intended to use the OOXML standard for its Office suite. However, Office does not support the standard that the ISO approved, it only supports the standard that was originally rejected by the ISO[http://arstechnica.com/microsoft/news/2010/04/iso-ooxml-convener-microsofts-format-heading-for-failure.ars]. As of Office 2010, Microsoft has still not brought its software into compliance with the standard.
http://www.hdd.ji2.com/products/ninja.html
+
 
 +
For most purposes OOXML may be considered a subset of DOCX (DOCX contains additional features, like OLE serialization).
 +
 
 +
Documentation on OOXML may provide a guide to analysing a DOCX file.
 +
 
 +
= Metadata =
 +
 
 +
== Content types ==
 +
<pre>
 +
[Content_Types].xml
 +
</pre>
 +
 
 +
<pre>
 +
&lt;?xml version="1.0" encoding="UTF-8" standalone="yes"?&gt;
 +
&lt;Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"&gt;
 +
&lt;Default Extension="emf" ContentType="image/x-emf"/&gt;
 +
&lt;Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/&gt;
 +
&lt;Default Extension="xml" ContentType="application/xml"/&gt;
 +
&lt;Override PartName="/word/document.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"/&gt;
 +
&lt;Override PartName="/word/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"/&gt;
 +
&lt;Override PartName="/word/stylesWithEffects.xml" ContentType="application/vnd.ms-word.stylesWithEffects+xml"/&gt;
 +
&lt;Override PartName="/word/settings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/&gt;
 +
&lt;Override PartName="/word/webSettings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"/&gt;
 +
&lt;Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"/&gt;
 +
&lt;Override PartName="/word/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/&gt;
 +
&lt;Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/&gt;
 +
&lt;Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/&gt;
 +
&lt;/Types&gt;
 +
</pre>
 +
 
 +
== Relationships ==
 +
<pre>
 +
_rels/.rels
 +
</pre>
 +
 
 +
<pre>
 +
&lt;?xml version="1.0" encoding="UTF-8" standalone="yes"?&gt;
 +
&lt;Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"&gt;
 +
&lt;Relationship Id="rId3" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/&gt;
 +
&lt;Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/thumbnail" Target="docProps/thumbnail.emf"/&gt;
 +
&lt;Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/&gt;
 +
&lt;Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/&gt;
 +
&lt;/Relationships&gt;
 +
</pre>
 +
 
 +
Other relationship files:
 +
<pre>
 +
word/_rels/document.xml.rels
 +
</pre>
 +
 
 +
== Document properties - core ==
 +
<pre>
 +
docProps/core.xml
 +
</pre>
 +
 
 +
<pre>
 +
&lt;?xml version="1.0" encoding="UTF-8" standalone="yes"?&gt;
 +
&lt;cp:coreProperties
 +
    xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties"
 +
    xmlns:dc="http://purl.org/dc/elements/1.1/"
 +
    xmlns:dcterms="http://purl.org/dc/terms/"
 +
    xmlns:dcmitype="http://purl.org/dc/dcmitype/"
 +
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"&gt;
 +
&lt;dc:creator&gt;User 1&lt;/dc:creator&gt;
 +
&lt;cp:lastModifiedBy&gt;User 2&lt;/cp:lastModifiedBy&gt;
 +
&lt;cp:revision&gt;3&lt;/cp:revision&gt;
 +
&lt;dcterms:created xsi:type="dcterms:W3CDTF"&gt;2012-11-07T23:29:00Z&lt;/dcterms:created&gt;
 +
&lt;dcterms:modified xsi:type="dcterms:W3CDTF"&gt;2013-08-25T22:18:00Z&lt;/dcterms:modified&gt;
 +
&lt;/cp:coreProperties&gt;
 +
</pre>
 +
 
 +
== Document properties - extended: application ==
 +
<pre>
 +
docProps/app.xml
 +
</pre>
 +
 
 +
<pre>
 +
&lt;?xml version="1.0" encoding="UTF-8" standalone="yes"?&gt;
 +
&lt;Properties
 +
    xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties"
 +
    xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"&gt;
 +
&lt;Template&gt;Normal.dotm&lt;/Template&gt;
 +
    &lt;TotalTime&gt;1385&lt;/TotalTime&gt;
 +
    &lt;Pages&gt;1&lt;/Pages&gt;
 +
    &lt;Words&gt;2&lt;/Words&gt;
 +
    &lt;Characters&gt;13&lt;/Characters&gt;
 +
    &lt;Application&gt;Microsoft Office Word&lt;/Application&gt;
 +
    &lt;DocSecurity&gt;0&lt;/DocSecurity&gt;
 +
    &lt;Lines&gt;1&lt;/Lines&gt;
 +
    &lt;Paragraphs&gt;1&lt;/Paragraphs&gt;
 +
    &lt;ScaleCrop&gt;false&lt;/ScaleCrop&gt;
 +
    &lt;HeadingPairs&gt;
 +
        &lt;vt:vector size="2" baseType="variant"&gt;
 +
            &lt;vt:variant&gt;
 +
                &lt;vt:lpstr&gt;Title&lt;/vt:lpstr&gt;
 +
            &lt;/vt:variant&gt;
 +
            &lt;vt:variant&gt;
 +
                &lt;vt:i4&gt;1&lt;/vt:i4&gt;
 +
            &lt;/vt:variant&gt;
 +
        &lt;/vt:vector&gt;
 +
    &lt;/HeadingPairs&gt;
 +
    &lt;TitlesOfParts&gt;
 +
        &lt;vt:vector size="1" baseType="lpstr"&gt;
 +
            &lt;vt:lpstr&gt;&lt;/vt:lpstr&gt;
 +
        &lt;/vt:vector&gt;
 +
    &lt;/TitlesOfParts&gt;
 +
    &lt;Company&gt;&lt;/Company&gt;
 +
    &lt;LinksUpToDate&gt;false&lt;/LinksUpToDate&gt;
 +
    &lt;CharactersWithSpaces&gt;14&lt;/CharactersWithSpaces&gt;
 +
    &lt;SharedDoc&gt;false&lt;/SharedDoc&gt;
 +
    &lt;HyperlinksChanged&gt;false&lt;/HyperlinksChanged&gt;
 +
    &lt;AppVersion&gt;14.0000&lt;/AppVersion&gt;
 +
&lt;/Properties&gt;
 +
</pre>
 +
 
 +
= External Links =
 +
 
 +
* [http://msdn.microsoft.com/en-us/library/aa338205.aspx Introducing the Office (2007) Open XML File Formats], by [[Microsoft]], May 2006
 +
* [http://dublincore.org/documents/2012/06/14/dcmi-terms/?v=elements# DCMI Metadata Terms]
 +
* [http://www.simson.net/clips/academic/2009.IEEE.DOCX.pdf The new XML Office Document Files: Implications For Forensics], [[Simson L. Garfinkel]] and James Migletz
 +
* [http://blog.kiddaland.net/2009/06/office-2007-metadata/ Perl script that displays metadata information that is extracted from an OpenXML document], by [[Kristinn Gudjonsson]], June 2009
 +
* [http://blog.kiddaland.net/2009/07/antiword-for-office-2007/ Perl script that displays the content of a Docx document, similar to Antiword], by [[Kristinn Gudjonsson]], July 2009
 +
* [http://computer-forensics.sans.org/blog/2009/07/10/office-2007-metadata/ Office 2007 Metadata], by [[Kristinn Gudjonsson]], July 10, 2009
 +
 
 +
[[Category:File Formats]]

Latest revision as of 23:42, 30 September 2013

DOCX is the file format for Microsoft Office 2007 and later.

DOCX should not be confused with DOC, the format used by earlier versions of Microsoft Office.

Container Format

DOCX is written in an XML format, which consists of a ZIP archive file containing XML and binaries. Content can be analysed without modification by unzipping the file (e.g. in WinZIP) and analysing the contents of the archive.

The file _rels/.rels contains information about the structure of the document. It contains paths to the metadata information as well as the main XML document that contains the content of the document itself.

Metadata information are usually stored in the folder docProps. Two or more XML files are stored inside that folder, app.xml that stores metadata information extracted from the Word application itself and core.xml that stores metadata from the document itself, such as the author name, last time it was printed, etc.

Another folder contains the actual content of the document, in a Word document, or an .docx document the folder's name is word. A XML file called document.xml is the main document, containing most of the content of the document itself.

Relationship to OOXML

Office Open XML is an open XML standard developed by Microsoft for word processing documents, spreadsheets, presentations and charts. The OOXML standard was submitted to the ISO for approval. After initially being rejected over technical concerns, the ISO approved a modified version as ISO/IEC 29500:2008. Microsoft intended to use the OOXML standard for its Office suite. However, Office does not support the standard that the ISO approved, it only supports the standard that was originally rejected by the ISO[1]. As of Office 2010, Microsoft has still not brought its software into compliance with the standard.

For most purposes OOXML may be considered a subset of DOCX (DOCX contains additional features, like OLE serialization).

Documentation on OOXML may provide a guide to analysing a DOCX file.

Metadata

Content types

[Content_Types].xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types">
<Default Extension="emf" ContentType="image/x-emf"/>
<Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/>
<Default Extension="xml" ContentType="application/xml"/>
<Override PartName="/word/document.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"/>
<Override PartName="/word/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"/>
<Override PartName="/word/stylesWithEffects.xml" ContentType="application/vnd.ms-word.stylesWithEffects+xml"/>
<Override PartName="/word/settings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/>
<Override PartName="/word/webSettings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"/>
<Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"/>
<Override PartName="/word/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/>
<Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/>
<Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/>
</Types>

Relationships

_rels/.rels
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId3" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/>
<Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/thumbnail" Target="docProps/thumbnail.emf"/>
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/>
<Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/>
</Relationships>

Other relationship files:

word/_rels/document.xml.rels

Document properties - core

docProps/core.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<cp:coreProperties
    xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dcmitype="http://purl.org/dc/dcmitype/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<dc:creator>User 1</dc:creator>
<cp:lastModifiedBy>User 2</cp:lastModifiedBy>
<cp:revision>3</cp:revision>
<dcterms:created xsi:type="dcterms:W3CDTF">2012-11-07T23:29:00Z</dcterms:created>
<dcterms:modified xsi:type="dcterms:W3CDTF">2013-08-25T22:18:00Z</dcterms:modified>
</cp:coreProperties>

Document properties - extended: application

docProps/app.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Properties
    xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties"
    xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes">
<Template>Normal.dotm</Template>
    <TotalTime>1385</TotalTime>
    <Pages>1</Pages>
    <Words>2</Words>
    <Characters>13</Characters>
    <Application>Microsoft Office Word</Application>
    <DocSecurity>0</DocSecurity>
    <Lines>1</Lines>
    <Paragraphs>1</Paragraphs>
    <ScaleCrop>false</ScaleCrop>
    <HeadingPairs>
        <vt:vector size="2" baseType="variant">
            <vt:variant>
                <vt:lpstr>Title</vt:lpstr>
            </vt:variant>
            <vt:variant>
                <vt:i4>1</vt:i4>
            </vt:variant>
        </vt:vector>
    </HeadingPairs>
    <TitlesOfParts>
        <vt:vector size="1" baseType="lpstr">
            <vt:lpstr></vt:lpstr>
        </vt:vector>
    </TitlesOfParts>
    <Company></Company>
    <LinksUpToDate>false</LinksUpToDate>
    <CharactersWithSpaces>14</CharactersWithSpaces>
    <SharedDoc>false</SharedDoc>
    <HyperlinksChanged>false</HyperlinksChanged>
    <AppVersion>14.0000</AppVersion>
</Properties>

External Links