O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

File Signatures

Another attribute or property of a file is the file signature. However, this property is not generally used to hide data; rather its more often used as a method for discovering hidden data. A file signature is a sequence of characters located within the first 20 bytes of a file. Files on Windows systems have specific signatures based on the type of file. Executable files, such as those with the file extension .exe, .dll, and .sys, for example, have the signature “MZ.” Many times, this sequence is located in the first two bytes of the file.

To see the file signature, choose an executable file, such as Solitaire, the executable image for the Solitaire game on Windows systems, and open it in Notepad. You can use the following command: ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required