Dear All,
does anybody can suggest me an opensource tool to search for a sequence of hexadecimal digits into a disk raw image?
I would like to have as output the blocks in which the sequence has been found.
Best Regards
Andrea Liguoro
The SIFT workstation comes with Bless Hex Editor installed.
Dear HexDrugsRockNRoll,
thank you very much for your answer.
I will install Bless Hex Editor on my Ubuntu-based analysis computer.
Just a question this tool is able to analyze a raw disk having a size of 500 MB and perform an hexadecimal search on it?
Best Regards,
Andrea Liguoro
I haven't used it, I'm afraid, so can't confirm whether or not it will. I can only suggest you try it on a copy of your evidence once you've installed.
Hope this helps.
I'll try and give you a feedback.
Thanks a lot
Feedback would be great. Thanks a lot.
I installed BlessHex editor on my analysis virtual machine (based on Deft 8.2 distribution) and opened the raw image file.
This tool has a good usability and I have easily found hexadecimal data on the file.
The raw image file was quite small (98,4 MB), since it was a test data set downloaded from http//
I found some interesting information about hexadecimal editor on http//
I also downloaded and installed wxHexEditor http//
"It uses 64 bit file descriptors (supports files or devices up to 2^64 bytes , means some exabytes but tested only 1 PetaByte file (yet). ).
It does NOT copy whole file to your RAM. That make it FAST and can open files (which sizes are Multi Giga < Tera < Peta < Exabytes)
…..
Memory Usage Currently ~25 MegaBytes while opened multiple > ~8GB files"
I hope it could be useful
Best Regards,
Andrea Liguoro
This is really excellent feedback. Thanks a lot for taking the time to write back.