Colleagues,
I have two specific Excel files for analysis.
Allegedly one of the Excel files is a derivative of the other Excel file.
Both Excel files are extremely complex, multi-tabbed with apparently embedded custom code.
** I would like to somehow extract and examine the embedded custom code much as one would do in a software code comparison case.
Any suggestions on where I could extract such custom code from each Excel to compare side by side?
I have Blacklight/Forensic Explorer/OSForensics tools at my disposal.
I have two specific Excel files for analysis.
xls or xlsx? In the 2nd case, open the file with 7-Zip and the miracle begins. xls can be examined with Offvis for example (https://
regards, Robin
For .xls files, or any OLE format files, consider
https://
..or..
https://
You can use either one to locate and extract the OLE streams that contain the code.
Something else you might consider is that any of the folder or directory objects within the OLE file will likely have time stamps associated with them…these might be helpful in determining the nature of the derivation.
THANKS!!!
I used SSV yesterday to open an MSI file and extract a DLL from one of the streams…