As part of my course, we've been given some files without extensions and have to figure out what the files are. For the most part, it has been straight forward, however, I've come across one file with a hex header beginning with 4d 65 73 73 61
It seems to have descendant emails and it's clearly something to do with outlook express 5 because filtered text shows this.
How can I find out what file it is? Any other methods I can try?
Many thanks
As part of my course, we've been given some files without extensions and have to figure out what the files are. For the most part, it has been straight forward, however, I've come across one file with a hex header beginning with 4d 65 73 73 61
What does that tell you, and what is the rest of the header?
Header is 4d 65 73 73 61 67 65 2d 49 44 3a 20 3c 32 30 30
The hex header should give me a hint as to what file ext it is, but after looking around, I can't make sense of it yet. I'm a bit confused. Sorry!
Not all files have headers, not all file signatures are at the start of the file either.
thanks for the reply. That makes sense, but in that case, how would you find the extension?
I've looked at the file again in native format and it says "This is a multi-part message in MIME format"
So I assume that's my answer, but I still don't know the extension.
Header is 4d 65 73 73 61 67 65 2d 49 44 3a 20 3c 32 30 30
What does that spell out?
Have you tried just opening the file in a hex editor, or even something like Notepad?
Spells out Message-ID <200
in hex.
I am using AccessData's Forensic Toolkit to look at the files
http//
http//
thanks for the info much appreciated