Checking file types


If you are a forensic investigator, you would need to know how to study files byte by byte understanding their signatures.  You need to check their header or magic number.  For example, executables magic number would be the ASCII value “MZ” or hexadecimal value “5A4D”.  By using hex editors such as Hex Workshop, you are capable of reading files in their bytes.  If you doubt a file of it’s actual extension you can always use Hex Workshop and check with Filext.com, an online website that helps you see what magic number files have!  Search the file extension in Filext.com and look at its magic number and compare with the one you saw in Hex Workshop.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: