Sys Forensics Tools
Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.
Any digital forensics practitioner will have a wide variety of tools in their kit. At one end of the spectrum you have single-purpose open source tools like the packet sniffer Wireshark or HashKeeper, a free-to-use program that can speed the examination of database files. At the other end, you have powerful commercial software platforms with multiple functions and slick reporting capabilities like Encase, or CAINE, an entire Linux distribution dedicated to forensics work.
Today I will present you some powerful free tools you can play with
- Hex File Headers
- grep/egrep
- sort
- awk
- sed
- uniq
- date
- Windows findstr
Hex File Header and ASCII Equivalent
File headers are used to identify a file by examining the first 4 or 5 bytes of its hexadecimal content.
Filetype | Start | Start ASCII | Translation |
ani | 52 49 46 46 | RIFF | |
au | 2E 73 6E 64 | snd | |
bmp | 42 4D F8 A9 | BM | |
bmp | 42 4D 62 25 | BMp% | |
bmp | 42 4D 76 03 | BMv | |
cab | 4D 53 43 46 | MSCF | |
dll | 4D 5A 90 00 | MZ | |
Excel | D0 CF 11 E0 | ||
exe | 4D 5A 50 00 | MZP | (inno) |
exe | 4D 5A 90 00 | MZ | |
flv | 46 4C 56 01 | FLV | |
gif | 47 49 46 38 39 61 | GIF89a | |
gif | 47 49 46 38 37 61 | GIF87a | |
gz | 1F 8B 08 08 | ||
ico | 00 00 01 00 | ||
jpeg | FF D8 FF E1 | ||
jpeg | FF D8 FF E0 | JFIF | |
jpeg | FF D8 FF FE | JFIF | |
Linux | bin 7F 45 4C 46 | ELF | |
png | 89 50 4E 47 | PNG | |
msi | D0 CF 11 E0 | ||
mp3 | 49 44 33 2E | ID3 | |
mp3 | 49 44 33 03 | ID3 | |
OFT | 4F 46 54 32 | OFT2 | |
PPT | D0 CF 11 E0 | ||
25 50 44 46 | |||
rar | 52 61 72 21 | Rar! | |
sfw | 43 57 53 06/08 | cws | |
tar | 1F 8B 08 00 | 00 | |
tgz | 1F 9D 90 70 | ||
Word | D0 CF 11 E0 | ||
wmv | 30 26 B2 75 | ||
zip | 50 4B 03 04 | PK | |