Files Chapter 4.

Slides:



Advertisements
Similar presentations
Computers: Tools for an Information Age Writing Your Own Web Page: Using HTML and Web Authoring Tools.
Advertisements

DOCUMENT TYPES. Digital Documents Converting documents to an electronic format will preserve those documents, but how would such a process be organized?
CHS GRAPHICS GDP UNIT 01 FILE FORMATS Understanding File Formats.
Information Representation
BMP Hide ‘n’ Seek What is BMP Hide ‘n’ Seek ? –It’s a tool that lets you hide text messages in BMP files without much visible change in the picture. –Change.
Chapter 3: Editing and Debugging SAS Programs. Some useful tips of using Program Editor Add line number: In the Command Box, type num, enter. Save SAS.
CAPTURE SOFTWARE Please take a few moments to review the following slides. Please take a few moments to review the following slides. The filing of documents.
Adobe Photoshop CS Design Professional FOR THE WEB CREATING IMAGES.
HTML Hypertext Markup Language –First proposed by CERN in 1989 –It is non-linear so it allows you to jump from place to place –Markup refers to the structure.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 A Balanced Introduction to Computer Science, 2/E David Reed, Creighton University ©2008 Pearson Prentice Hall ISBN Chapter 12 Data.
Guilford County SciVis V106.01
V Obtained from a Guildford County workshop-Summer, 2014.
Glencoe Digital Communication Tools Create a Web Page with HTML Chapter Contents Lesson 4.1Lesson 4.1 Get Started with HTML (85) Lesson 4.2Lesson 4.2 Format.
File Formats and Extensions © Copyright William Rowan 2007.
Nat 4/5 - Software Design and Development – Low Level Operations - 1 National 4/5 – Computing Science Information Systems Design and Development Media.
Lesson 6: Working with Layout and Graphics
Computer Skills /1436 Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Place photo here 1.
Prepared by George Holt Digital Photography BITMAP GRAPHIC ESSENTIALS.
Internet Skills An Introduction to HTML Alan Noble Room 504 Tel: (44562 internal)
Sem 1 v2 Chapter 14: Layer 6 - The Presentation layer.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.
Copyright © Texas Education Agency, All rights reserved.1 Principles of Information Technology Identifying File Types, Purposes & Extensions.
1Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall. Exploring Microsoft Office Access 2010 by Robert Grauer, Keith Mast, and Mary Anne.
Chapter 4 Adding Images. Chapter 4 Lessons Introduction 1.Insert and align images 2.Enhance an image and use alternate text 3.Insert a background image.
Institute of Technology Sligo - Dept of Computing Sem 1 Chapter 14: Layer 6 - The Presentation layer.
XP Mohammad Moizuddin Creating Web Pages with HTML Tutorial 1 1 New Perspectives on Creating Web Pages With HTML Tutorial 1: Developing a Basic Web Page.
Chapter 2 Computer Hardware
Copyright 2006 South-Western/Thomson Learning Chapter 17 Creating and Linking Web Pages.
Chapter Three The UNIX Editors. 2 Lesson A The vi Editor.
Principles of Information Technology
USING WINDOWS EXPLORER File Management. What is a file? A stored collection of data on a computer. The data may be:  A text document created in a word.
Common file formats  Lesson Objective: Understanding common file formats and their differences.  Learning Outcome:  Describe the type of files which.
Chapter 11 File Systems and Directories. 2 File Systems File: A named collection of related data. File system: The logical view that an operating system.
File Systems (1). Readings r Reading: Disks, disk scheduling (3.7 of textbook; “How Stuff Works”) r Reading: File System Implementation ( of textbook)
File Formats Different applications (programs) store data in different formats. Applications support some file formats and not others. Open…, Save…, Save.
File Format. Graphic file Format GIF –cross-platform compatibility –developed by CompuServe as a common format for exchanging bitmapped images between.
Unit 1: Task 1 By Abbie Llewellyn. Vector Graphic Software (Corel Draw) Computer graphics can be classified into two different categories: raster graphics.
Adobe Photoshop CS3 Revealed – Chapter 16 FOR THE WEB CREATING IMAGES.
Practical PC, 7 th Edition Chapter 4: File Basics.
Chapter Three The UNIX Editors.
File Analysis Dr. John P. Abraham Professor UTPA.
Chap 14 Presentation Layer Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
Files Chapter 4. What is a File? Questions: – How are files stored? – How do we retrieve them? 2 A computer file is a block of arbitrary information,
Chapter 3 The Power of HEX Finding Slivers of Data.
Chapter 8 Recovering Graphics Files
Organizing Your Computer: How to Use Files & Folders Cyberspace Explorations November 17, 2004.
Windows and Mac OSX.  Formatting a disk prepares it to accept data  NTFS on Windows  HFS+ on the Mac  There are lots of different formatting options.
Chapter 11 File Systems and Directories. 2 File Systems (Chapter 11.1) File: 1. A named collection of related data. 2.smallest amount of information that.
Chapter 8 File Systems FAT 12/16/32. Defragmentation Defrag a hard drive – Control Panel  System and Security  Administration tools  Defrag hard drive.
Layer 6 Presentation Layer. Overview Now that you have learned about Layer 5 of the OSI model, it is time to look at Layer 6, the presentation layer.
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.
Part 1 File Formats Definition: A file format is a way to write the code of information for storage of an electronic file on a computer. Different software.
Corey Rausch, Dae Park, Mark Bailey, Bianca Sande, Shealinna Ge Microsoft Excel 2007 Adding Images, Clip Art, and Smart Art.
Chapter 2: The Visual Studio.NET Development Environment Visual Basic.NET Programming: From Problem Analysis to Program Design.
Tech Acodemy Highline College August 20, 2015 Cybersecurity Steve Simpson S2 Forensics.
Glencoe Introduction to Web Design Chapter 4 XHTML Basics 1 Review Do you remember the vocabulary terms from this chapter? Use the following slides to.
Analysing Image Files Michael Jones. Overview Images and images Binary, octal, hexadecimal File headers and footers Example (image) files Looking for.
9.1 The Need for Integrating Data among Different Types of Software Tasks of composing a project.
Windows 7 and file management
About SharePoint Server 2007 My Sites
3.01F Publishing Animated Videos
Chapter 2 Adding Web Pages, Links, and Images
Chapter 2: System Structures
Interpreting Binary Data
Lesson 5: Multimedia on the Web
System Software: Operating system, Utility Programs, & File Management
HIBBs is a program of the Global Health Informatics Partnership Learning the Basics of Microsoft Word 2019 and Microsoft office support TFN
Lesson 6 File Types.
Presentation transcript:

Files Chapter 4

Files HEX is useful when attempting to view a file that is partially deleted. Which lends us to two questions: Why would a partially deleted file have difficulties being opened or viewed normally? What parts of a file does a HEX editor allow us to see, which otherwise would not be visible?

Files, File Structures, and File Formats To answer the questions on the other slide, we need to investigate the basics of a file, file structure, and file format. A partially deleted file in many cases may be missing part of its formatting data, the data that identifies the file. It is the formatting file that identifies the file to its parent or native software. If a file doesn’t contain the formatting information, the software or Operating System will most likely not be able to access or execute the file. It is this formatting information that uniquely identifies a file.

Different Formats There are hundreds of different formats for data. There are also formats for executable programs on different platforms. (Windows, Linux, Mac, Unix, etc.…) Each format defines how the sequence of bits and bytes are laid out, with ASCII based text files being one of the simplest formats for humans to decipher.

Other Formats Some file formats are designed to store very particular sorts of data: JPEG formats – is designed to store photo images. Gifs formats – is designed for both photo images and animation. QuickTime format – can act as a container for many different types of multimedia.

Text Files Formats A Text File is simply one that stores any text. Format such as ASCII or UTF-8, with few if any control characters. Other file formats, such as HTML, or the source code of some particular programming language, are in fact also text files, but follows more strict rules for specific purposes. Parent program, meaning the program or software that is used to create, execute, or otherwise access the file. In most cases a file will contain data , its file signature, from which its parent software will be able to identify and handle its operation.

File Signatures File Signature – contained in the file header. File Header – Not see by the user of the software, but very important for the file to function as designed. It is this data contained within the file header that is used to identify the format of the file. File Headers – may also contain data regarding the integrity of the file as well as information about itself and its contents. This data is often referred to as Metadata.

File Format Structures There is no one specific file format structure that fits all file types. File formats will vary as well as file content. The contents of an image, as well as its format, for example, will be different from the contents and format of a word processing document.

File Extensions File formats are easily identified by file extensions. Windows Operating System uses file extensions to bind an application to a specific file type. Example: Windows binds Adobe Reader to the .PDF file extension. Whereas, MS WORD to the .Doc or .DocX file extension. File extensions are specific to the Window Operating System and without an extension the Window Operating System would not know how to open, process, or handle a file.

Question: What would occur if the file extension of an executable (.EXE) file was changed to that of an Adobe file extension (.PDF)???? ANSWER: Windows would look at the file extension and see that it’s a .PDF; it would therefore hand that file over to Adobe to open. Adobe would attempt to launch or open the file and report an error since the file, regardless of its name, is not actually an Adobe file.

Registry Window stores this application binding information in a section of the Operating System (OS) called the registry. Each file type contains a corresponding file extension; this correlation stored within the registry tells the OS what type of program is needed to access a certain file type. This is Window’s way of organizing the many different types of files to their corresponding software.

OS When the OS identifies an extension say .CSV (Comma Separated Values), the OS looks to the registry and finds which application is bound to this extension. In most cases, MS Excel is bound to CSVs, so Windows will hand it over to Excel. A file extension and/or its corresponding registry information can be manipulated by a savvy user.

Changing File Extensions Suppose a change was made to the registry so that the .CSV file extension was associated to and therefore opened with an image viewer such as Window Picture Viewer. This will cause an error because the file was an Excel file and not an image. A file with an incorrect file extension would open as long as the Window Registry had that “incorrect” file extension associated with the correct software. Remember, changing or renaming a file extension does not change the content of the file; it only changes the way in which Windows OS handles the file (i.e. which application the file is sent to).

Computer Criminals So why is the way the OS handles the interpretation of a file’s extension important to a cyber forensic investigator? Computer criminals can use file extensions to hide files simply by changing the file extension. Example:

Changing A File’s Extension To Evade Detection The process to change a file’s extension to evade detection is quite simple: Step 1: Create a legitimate looking folder into which you wish to place your files. Use a name that will not be conspicuous.

Creating a file extension to evade detection Step 2: Open the folder that you created Select Organize menu, select layout and select Menu Bar Step 3: Open the Tools tab and select Folder Options, and select the View Tab

Removing the file extension Step 4: Uncheck “Hide extensions for known file types” File extension type is revealed Step 5: Right-Click on the file name to Rename the file, including providing any valid file extension type (.doc,.xls, .exe,.txt) The file name is changed based upon the extension provided (Do this to 4 images)

Removing the file extension Step 6: Click “Hide extensions for known file types, to hide the new file extensions. Notice where there was once 10 image files there are now only six. Scanning simply for image files will results in missing the four files with modified extensions!

Notes about Hiding Files Remember Windows looks at a file’s extension first, and hands that file over to the appropriate application to open. A Microsoft Word application attempting to open a .JPEG or .TIF file would attempt to launch or open the file and report an error since the file, regardless of its name, is not actually a Microsoft Word file

File Signature File Signature – also known as the “Magic Number”. File Signature – is the binary that identifies a particular file: the data that will aid in the identification of the file to its native or parent software.

HEX Editor For common file formats, the file signatures conveniently represent the names of the file types. Example: Image file GIF87a format in HEX equals 0x474946383761. GIF89a format in HEX equals 0x3474946383961. GIF (Graphic Interchange Format) First 6 Bytes of the file.

JPEG JPEG – Joint Photographic Expert Group image file is 0x4A464946, which is the ASCII equivalent of JFIF (JPEG File Interchange Format) JPEG begin at the seventh byte

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.