Topic
Hex editor
About: Hex editor is a research topic. Over the lifetime, 6 publications have been published within this topic receiving 70 citations. The topic is also known as: binary editor & binary file editor.
Papers
15 Sep 2008
TL;DR: Design principles for file analysis are presented which support meaningful investigation when there is little or no knowledge of the underlying file format, but are flexible enough to allow integration of additional semantic information, when available.
Abstract: The analysis of computer files poses a difficult problem for security researchers seeking to detect and analyze malicious content, software developers stress testing file formats for their products, and for other researchers seeking to understand the behavior and structure of undocumented file formats. Traditional tools, including hex editors, disassemblers and debuggers, while powerful, constrain analysis to primarily text based approaches. In this paper, we present design principles for file analysis which support meaningful investigation when there is little or no knowledge of the underlying file format, but are flexible enough to allow integration of additional semantic information, when available. We also present results from the implementation of a visual reverse engineering system based on our analysis. We validate the efficacy of both our analysis and our system with case studies depicting analysis use cases where a hex editor would be of limited value. Our results indicate that visual approaches help analysts rapidly identify files, analyze unfamiliar file structures, and gain insights that inform and complement the current suite of tools currently in use.
99 citations
1 Jan 2007
TL;DR: Traditional digital forensics started with the seizure of a computer or some media, but nowadays there are more user-friendly programs available that present data in a graphical user interface (GUI), and automate much of the extremely technical work that used to require in-depth knowledge and expertise with a hex editor.
Abstract: Digital forensics is regarded as the most intricate part of the cyber crime investigation process. It is often where the strongest evidence can come from. It is the scientific acquisition, analysis, and preservation of data contained in electronic media whose information can be used as evidence in a court of law. Traditional digital forensics started with the seizure of a computer or some media. The drives and media were duplicated in a forensically sound manner bit by bit. The forensic practitioner essentially undeleted files, searched for temporary files, recovered e-mail, and performed other functions to try and find the evidence contained on the media. However, nowadays there are more user-friendly programs available that present data in a graphical user interface (GUI), and automate much of the extremely technical work that used to require in-depth knowledge and expertise with a hex editor.
8 citations
TL;DR: XFT is a utility that will mount an image of a FATX file system, allowing full traversal of the directory structure, and record sessions for playback in a court of law.
Abstract: The array of electronic storage devices is staggering in both number and type. The most common of these are in the form of fixed and removable media. Included are cell phones, PDA's and game consoles. These devices not only provide a convenient means to store data of all kinds, but they also provide a way for criminals to possess and hide illegal material. XFT is a utility that will mount an image of a FATX file system, allowing full traversal of the directory structure. Once the Xbox file system is mounted, the analyst can use shell commands to browse the directory tree, open files, view files in hex editor mode, list the contents of the current directory in short or long mode and expand the current directory to list all associated subdirectories and files. XFT will also record sessions for playback in a court of law.
2 citations
Patent•
22 Oct 2014
TL;DR: In this article, a data hiding method and device based on a bitmap is described, where the data to be hidden are stored by means of data storage bits of the bitmap, the problems that a method for data hiding using means of images is used in the prior art, and data hidden at the tail are easily and directly found by a hex editor are solved, the data size of the images after the data are hidden is kept unchanged, and the hidden data not easy to found.
Abstract: The invention discloses a data hiding method and device based on a bitmap, and belongs to the field of data hiding. The method includes the steps that a data area of the bitmap is read and stores color information of each pixel point in the bitmap; the space formed by a part of binary bits in all bytes used for storing the color information in the data area serves as a data storage space; data to be hidden are written into the data storage space. The data to be hidden are stored by means of data storage bits of the bitmap, the problems that a method for data hiding by means of images is used in the prior art, the data size of the images is obviously increased, and data hidden at the tail are easily and directly found by a hex editor are solved, the data size of the images after the data are hidden is kept unchanged, and the hidden data are not easy to found.
1 citations
1 Jan 2008
TL;DR: The purpose of this project is to create a decoder program in C that can interpret bit streams from .JPG files and display the result to the screen using the Windows API.
Abstract: The purpose of this project is to create a decoder program in C that can interpret bit streams from .JPG files and display the result to the screen using the Windows API. Since there are multiple steps in this process, modular programming will be practiced. That is, each stage of the decoding process will be a component that has well-defined input and output. As such, the project will serve as a good review both for ELE 201 and COS 217. Someone who has taken both of these courses should be able to understand my code and report. NOTE: During incremental development and debugging, the GCC c complier was used under Cygwin, and the opensource hex editor “Hack” was used to make sure I was on the right track understanding JPG files. The final executable program was compiled with Dev C++ for Windows, linking with the Windows API libraries. NOTE ALSO: In this discussion, I will precede hex values with the notation 0x (e.g. 0x18 is really 24 in base 10). This notation is also convenient since each hex value is a nibble. 2. Background Information
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2015 | 1 |
| 2014 | 1 |
| 2009 | 1 |
| 2008 | 2 |
| 2007 | 1 |