File Signatures
Another attribute or property of a file is the file signature. However, this property is not generally used to hide data; rather its more often used as a method for discovering hidden data. A file signature is a sequence of characters located within the first 20 bytes of a file. Files on Windows systems have specific signatures based on the type of file. Executable files, such as those with the file extension .exe, .dll, and .sys, for example, have the signature “MZ.” Many times, this sequence is located in the first two bytes of the file.
To see the file signature, choose an executable file, such as Solitaire, the executable image for the Solitaire game on Windows systems, and open it in Notepad. You can use the following command: ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
