I recorded a video for my diary entry "Detecting (Malicious) OneNote Files".

It shows how I familiarized myzelf with the .one file format, enough to know how to extract embedded files, wrote a tool (onedump.py) and take a look at detection rules.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com