Join Jungwoo Ryoo for an in-depth discussion in this video Hex editor analysis of a file with a wrong extension, part of Learning Computer Forensics.
…Criminals often simply change the extensions of files to…mislead computer forensic investigators.…With a changed file extension,…it is difficult to know exactly what the original file type is.…To find out the true type of a file,…you could use a hex editor such as Hex Workshop.…We have a mystery file here called secret.jpg.…And I'll try to open it with the Windows built-in Photo Viewer.…Click on Preview.…The Windows Photo Viewer is complaining because this is not a picture file, and…we know something's not right with the file extension.…So let's close the Photo Viewer.…And then we'll open this in a hex editor this time, Hex Workshop.…So I'm going to open Hex Workshop here, right-click, Run as Administrator.…Choose file under File > Open and we see secret.jpg there.…Select it.…Click on Open.…Pay attention to the beginning bits of the file.…These are all in hex numbers.…These beginning bits of file is called the file signature.…The file signature of this file is 50, 4B,…03, 04, 14, 00, 06, 00.…
There is a clue here.…
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report
Skill Level Intermediate
Q: Which operating systems support built-in write blocking?
Q: Are there other ways to access deleted files in the usbimage.001 file?
Small Office Networking to Connect, Share, and Printwith Garrick Chow3h 23m Appropriate for all
Heartbleed Tactics for Small IT Shopswith David Gassner16m 43s Beginner
1. Understanding Computer Forensics
2. Preparing for a Computer Forensics Investigation
3. Preserving Data
4. Acquiring Data
5. Analyzing Data
Next steps1m 1s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.