Difference between revisions of "Word Document (DOC)"

From Forensics Wiki
Jump to: navigation, search
m
Line 23: Line 23:
 
== Encryption ==
 
== Encryption ==
  
Versions of Word prior to 97 encrypted documents with a very weak algorythm. This password scheme can be broken easily by several different products. Versions from 97-2003 use industry standard 40 bit encryption. Because of this, only brute force attacks can be made.  
+
Versions of Word prior to 97 encrypted documents with a very weak algorithm. This password scheme can be broken easily by several different products. Versions from 97-2003 use industry standard 40 bit encryption. Because of this, only brute force attacks can be made.  
 
It is possible to decrypt the contents without discovering the password. This is done by testing all 65536 possible keys. Ultimate Zip Cracker by VDGSoftware is one utility that can perform this decryption.
 
It is possible to decrypt the contents without discovering the password. This is done by testing all 65536 possible keys. Ultimate Zip Cracker by VDGSoftware is one utility that can perform this decryption.
  
  
 
[[Category:File Formats]]
 
[[Category:File Formats]]

Revision as of 10:45, 19 April 2008

The DOC file format (document file format) usually has the .doc extension. Mostly these documents belong to Microsoft Word software files. However other word editing software can be used to display these files including WordPad, WordPerfect, OpenOffice and others.

MIME types

The following MIME types apply to this file format:

  • application/msword
  • application/doc
  • appl/text
  • application/vnd.msword
  • application/vnd.ms-word
  • application/winword
  • application/word
  • application/x-msw6
  • application/x-msword
  • zz-application/zz-winassoc-doc


File Header

MS Word documents begin with the hex string 0xd0cf11e0a1b11ae1 and end with the string "Word.Document.8".

Encryption

Versions of Word prior to 97 encrypted documents with a very weak algorithm. This password scheme can be broken easily by several different products. Versions from 97-2003 use industry standard 40 bit encryption. Because of this, only brute force attacks can be made. It is possible to decrypt the contents without discovering the password. This is done by testing all 65536 possible keys. Ultimate Zip Cracker by VDGSoftware is one utility that can perform this decryption.