Checking file types

If you are a forensic investigator, you would need to know how to study files byte by byte understanding their signatures.  You need to check their header or magic number.  For example, executables magic number would be the ASCII value “MZ” or hexadecimal value “5A4D”.  By using hex editors such as Hex Workshop, you are capable of reading files in their bytes.  If you doubt a file of it’s actual extension you can always use Hex Workshop and check with, an online website that helps you see what magic number files have!  Search the file extension in and look at its magic number and compare with the one you saw in Hex Workshop.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: