Add to collection(s) Add to saved
  1. Business

Computer Forensics: File Signature Analysis.

advertisement 
Candid Tech Talk
With...
© May 2006
Monthly
Tech Tip
IT Professionals Providing Business Solutions
Issue 9
Hold down the Ctrl key on your key board and turn the wheel on your mouse, either towards
you or away from you. The print size will change, the print will get larger or smaller
depending on which way you turn the wheel. -Pete Keenan
Computer Forensics: File Signature
Analysis
What’s in a name? A person pretending
to be someone they are not will often use
a fake signature—or a forgery. In a
similar way, data in files can be hidden
by changing the
file name to make
the data in the file
appear to be
something it is
not.
For example, if
there was an inventor that wanted to keep
an AutoCAD design document hidden,
she may decide to use the document’s
filename to hide the contents. All
AutoCAD documents end in the file
suffix .dwg. The .dwg suffix on the end
of the filename is used by Windows to
automatically start AutoCAD when a file
ending in .dwg is selected.
If the inventor did not want someone to
know the file was an AutoCAD
document, instead of naming the
AutoCAD file invention.dwg, that person
may decide to name it BdayWishList.doc.
Not only has the main filename been
changed, but also the suffix. The intent is
to try to make the AutoCAD invention
drawing look like a birthday wish list
written in Microsoft Word. By changing
the filename, it does not change the
contents of the file, only how it appears
from the outside.
In this example, the inventor had good
reason to mask the contents of the file. It
may contain valuable information
someone else would want to get their
hands on. Someone with malicious intent
could also employ a similar scheme to
hide the contents of data files. It appears
to be a simple, yet foolproof way for
someone to cover their tracks.
But not so fast! There is much more
information stored in a data file than just
a filename. Every file also has what is
called a “file signature”. The file
signature is a unique sequence of bytes
inside a file that indicate what type of
data is stored in the file. The signature is
created by the program being used, in this
case AutoCAD. The typical user has no
way to access this information and most
users know nothing about “file
signatures.”
When a forensic investigator begins a
new investigation, one of the first
searches completed is typically a “file
signature” verification. This is a program
that is run to scan the entire contents of a
hard drive and verify that all files on the
hard drive actually contain what the
filenames indicate they contain. For
example, all Word documents should end
in .doc. If a
mismatch is
found, the
name is
reported to
the
investigator
for further analysis.
Similar methods can be used to detect
any file type that has been misnamed. It’s
a quick technique that can be used to
easily determine what’s behind a
filename.
General Announcements from Keilman Business Consulting:
A new place to call home. We have moved our offices and are now located in downtown South Bend on the
third floor of the Anderson, Agostino and Keller property immediately south of Tippecanoe Place. Our
group has been in need of more space and we were lucky enough to find some in a beautifully maintained
building. Mike Anderson, Pete Agostino and Scott Keller have made the transition a smooth one and have been very generous in
helping us furnish our larger and very empty offices. Please continue to use our PO Box for all business correspondence. Our
official mailing address is
Keilman Business Consulting, Inc.
PO Box 10002
South Bend, IN 46680
Finally, we wanted to express very warm appreciation to our friends at Eaton Corporation for providing us with office space for
the last few years. -Steve Keilman
Upcoming newsletter topics:
June: Corporate policies- what can you do to secure your network? It may not
necessarily be an employee who steals intellectual property from your PCs or
network- it could be a complete stranger. Shut off USB ports, install read-only CDROMs and DVD’s, eliminate floppy drives and save data to a server (rather than
locally).
July: Summer is here! Here’s an introduction to some of the hottest technologies for
Forensics, Networking, and Programming. All of the new gadgets are there for
enhancing productivity and security, while not breaking the bank.
Aug: The new version of Microsoft Windows, called Vista is due to be released late
2006/early 2007. Decisions can be made today to incorporate that technology into
your business tomorrow.
Current events in the IT world:
Desperate for good things to watch online? Disney to the rescue! Entire episodes of Desperate Housewives is
able to be downloaded from ABC.com, the Disney-owned television network. This new way of distributing
television shows provides yet another opportunity to increase advertising revenue.
(http://news.bbc.co.uk/2/hi/business/4897742.stm)
AT&T and Comcast competitors? You bet! Both are trying to provide bundled services including telephone,
television programming and Internet Access. They are each targeting specific geographic areas with the intent
of making these services generally available. (http://news.zdnet.com/2100-1035_22-6066038.html)
Microsoft has delayed releasing the next version of Windows until late 2006 for businesses and early 2007 for
consumers. If released by 2007, it will have been six years since Windows XP was released—the longest period
between versions of Windows. With PC hardware and software vendors weathering difficult times, the new
release of Windows will bring a welcome boost to these businesses. (Wall Street Journal, March 22, 2006)
If you would prefer to receive this publication on-line or if you would like to be taken off our mailing list, please
email us at info@keilman.com. We will always keep your personal information confidential.
PO Box 10002
South Bend, IN 46680
«AddressBlock»
Related documents
Job Description – Structural Engineer
Job Description – Structural Engineer
Curtins Consulting Engineers
Curtins Consulting Engineers
Manufacturing Engineering
Manufacturing Engineering
Manufacturing Engineering - University of Wisconsin
Manufacturing Engineering - University of Wisconsin
Survey Technician
Survey Technician
Program - Danville Area Community College
Program - Danville Area Community College
Client Individualized Care Plan
Client Individualized Care Plan
Clinical Agency Specific Orientation
Clinical Agency Specific Orientation
Reasons to use DWG Overlay
Reasons to use DWG Overlay
What data is available in CAD format? - Digimap
What data is available in CAD format? - Digimap
Going Back and Forth Between Inventor & ACAD
Going Back and Forth Between Inventor & ACAD
by Evaluation of Lotus Notes and Autocad for Collaborative Design
by Evaluation of Lotus Notes and Autocad for Collaborative Design
DWG TrueConnect - widom
DWG TrueConnect - widom
Download
advertisement