Thursday, March 21, 2013

The Microsoft Office Visualization Tool (OffVis) - "The Microsoft Office Visualization Tool (OffVis) allows IT professionals, security researchers and malware protection vendors to better understand the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks. The unique, easy-to-use tool offers a comprehensive view of any Microsoft Office binary file format sample simply by hovering a cursor over it. The tool then graphically shows important data structures and records for Microsoft Office Word, Microsoft Office PowerPoint and Microsoft Office Excel. Users can then browse and click through each record." - Download the fact sheet/instructions and within it there is the download link:

This program is new to me. I guess it is like the OLE Readers listed on my S2 Services site I found it hard to use to extract text. I will post more later if I figure out how it can be useful dealing with corrupt files.

According to this page on  "...More generally useful, though, is the program's ability to pick out malicious code. If your document contains any of 16 known exploits then you'll be warned. This isn't a substitute for a real antivirus tool - it's not been updated in a while - but can still provide worthwhile information about a file...", so the program will detect older virus corruption and post a message.

Postscript: Aha! OffVis will do a repairs if you ask it to. Again from the same page: "Create a copy of your document first, then open and parse this in OffVis. Click Tools > Repair and Defragment, then click File > Save Data File As, give it a unique name, and try opening the document in Office again. OffVis will have tried to fix various file structure-related problems, and it's possible that you'll be able to view the document now, or at least more than you did before. But there are no guarantees and it might have made the situation worse, which is why you must use a copy of the original file. Try it, anyway, see how the program works for you."

No comments:

Hasleo Data Recovery FreeV3.2 - Free as in Freeware - Permanently from Hasleo Software "Hasleo Data Recovery FreeV3.2 100% Free Data Recovery Software...