Download PDF User Manual
Transcript
274 | P a g e Chapter 22 - File Signature Analysis 22.1 FILE SIGNATURE ANALYSIS Signature analysis is the process of identifying a file by its header rather than by other means (such as the file extension). The International Organization for Standardization (ISO) has published standards for the structure of many file types. The standards include a “file signature”, a recognizable header which usually precedes the file data and assigns a file to a specific type, e.g. a jpeg. For example, shown Figure 214, JPEG file signature Figure 214 below, is the beginning of a photo taken with a digital camera. It is identified as a JPEG by the file header ÿØÿà· (or in Hex: FF D8 FF E0 00). Figure 214, JPEG file signature Identifying a file by its signature is a more accurate method of classification than using the file extension (e.g. .jpg), as the extension can easily be altered. 22.2 WHY RUN FILE SIGNATURE ANALYSIS? File signatures are an important part of the examination process because gives the investigator a confidence that they are seeing files for what they actually are. It is recommended that a File Signature analysis is one of the first steps performed by the investigator in each new case. A file signature analysis with Forensic Explorer will: Flag files for which the file extension does not match the file signature. These files may have been deliberately manipulated to hide data; Empower other components of Forensics Explorer, such as the Categories view, to see files based on file signature, rather than extension; 22.3 RUNNING A FILE SIGNATURE ANALYSIS To run a file signature analysis in Forensic Explorer: 1. Click on the Signature Analysis button in the File System toolbar (shown below) to open the Signature Analysis Options window shown in Figure 216, Selecting file types for signature analysisFigure 216 below: Copyright GetData Forensics Pty Ltd 2010 - 2015, All rights reserved.
Related documents
User Manual - Forensic Explorer
Windows 8 Forensic Guide
PictMaster User Manual
Method of providing duplicate original file copies of a searched topic
For Dummies Hacking, 3rd Edition
Recover My Files v5 is data recovery software
Mooberry Book Manager User Manual
Mooberry Book Manager User Manual
User Guide - DataChambers
X-Ways Forensics & WinHex Manual - X
vfc user guide - MD5 Limited
Nero Kwik Media