I am studying computer forensics at uni and we are examining hdds in a hex editor. Can anyone point me too any articles or books that can help me when searching for files and deleted files in hex?
You may want to check out
Hi PCvirus,
just a few ideas…
Book File System Forensic Analysis (Carrier) - Wesley
Carving filext dot com - input a filename and then check Identifying Characters column for header info.
test-urself dftt.sourceforge.net/ for tool test images.
checkout how some tools search for headers/footers to find files. usually the nittygritty is in the conf file associated with the programs. look for foremost, scalpel, photorec, magicrescue for headers and how they catch the tail end, or limit filesize if there is no footer.
hth
Kern
hi,
try to find this pdf document (in google). it contains very interresting informations for beginners the first part discuss the logical analysis of forensic evidence and the second one discuss physical analysisthis part explains how to examine a hdd using a hex editor.
the name of the pdf is
craiger.forensics.methods.procedures.final.pdf
if u don't find it i will send it to you by mail. wink
good luck wink