±Your Account
Membership:
New Today: 7
New Yesterday: 3
Overall: 24203
Visitors: 50±Latest Webinar
±Latest Articles
· Android Forensics
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page Previous 1, 2
Hex editor and hiding data
Re: Hex editor and hiding data
Posted: Tue Jan 24, 2012 8:22 pm
To somewhat echo what Harlan has stated, I believe you're over-thinking this problem. If he's using a hex editor, it's most likely EXIF data or a sentence, such as, I hope you enjoyed this class.
-
danKillam - Newbie
Re: Hex editor and hiding data
Posted: Wed Jan 25, 2012 1:05 pm
To paraphrase IMHO a Forensic genius, eliminate first where it cannot be, and what remains, however impossible, where it is.
Remember an image file format is very specific and structured. for example, if this is a jpeg file, it contains segments, each beginning with a marker. Markers tell you the type of segment, and sometimes the length.
Remove the appropriate, and standard segments, and what you have left is the data you are looking for.
If this method does not work, then look at each segment and look for anomalies within the segments themselves.
Just an idea.
Remember an image file format is very specific and structured. for example, if this is a jpeg file, it contains segments, each beginning with a marker. Markers tell you the type of segment, and sometimes the length.
Remove the appropriate, and standard segments, and what you have left is the data you are looking for.
If this method does not work, then look at each segment and look for anomalies within the segments themselves.
Just an idea.
-
jhup - Senior Member