AS WE MOVE FURTHER ALONG, as we dive deeper into exploring and gaining an understanding of the science behind cyber forensics, our goal is to provide useable materials to the reader, materials that will sustain the evolutionary creep of technology, materials that will not become dated or obsolete before they are published.

In order to accomplish our goal, it is necessary to explore general or broad concepts (although perhaps complex) while refraining from addressing specific software, programs, or even generalized forensic tools, which can quickly become dated and obsolete over time.

As we examine further the building blocks of cyber forensics, special attention has been made to focus on tools that will not quickly become dated, expire, or no longer be vendor supported. We spend more time, for example, discussing a tool such as a HEX editor, versus discussing the Windows NT operating system. A HEX editor has been around for as long as well—since HEX itself—whereas Windows NT is quickly becoming less and less relevant.

Read on as we continue with our exploration of the science behind cyber forensics, focusing here on files, file signatures, and their role and relevancy in cyber forensic investigations.


In Chapter 3 the following topics were addressed:

1. Discussed HEX and the steps involved with converting this binary representation to ASCII.

2. Covered the actual conversion process in an effort to better understand the HEX character representation. ...

Get Cyber Forensics: From Data to Digital Evidence now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.