From 0c9706aa00c98418554567b1df6dcf2344f592af Mon Sep 17 00:00:00 2001
From: stephensottosanti <63934523+stephensottosanti@users.noreply.github.com>
Date: Mon, 8 Mar 2021 22:13:18 -0600
Subject: [PATCH] Update README.md
---
Crimson_Defense/Skills/File_Analysis/README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Crimson_Defense/Skills/File_Analysis/README.md b/Crimson_Defense/Skills/File_Analysis/README.md
index e7cf45a..e5cf84c 100644
--- a/Crimson_Defense/Skills/File_Analysis/README.md
+++ b/Crimson_Defense/Skills/File_Analysis/README.md
@@ -8,7 +8,7 @@ One of the more common activities in digital forensics is the recovery of delete
Below is a screenshot of the output of the Sleuth Kit file listing tool (fls) which shows two files that have been “deleted” by the user but are still recoverable. The ability to recover and save what was previously thought to be deleted files can be very valuable in an investigation.
-
+
Specifically, when looking at the analysis of files, an investigator needs to start with the file header. File headers are information about a file that the computer stores so that it knows what type of file it is. Typically, file headers are stored in the first 4 or 5 bytes of a file. By using the hexdump tool, the hexadecimal version of a file can be viewed. Hexdump is available on most Linux distributions and there are many Windows interfaces to Hexdump (ex. https://sourceforge.net/projects/hexdump/).
@@ -16,7 +16,7 @@ Specifically, when looking at the analysis of files, an investigator needs to st
One of the more interesting items that occur during an investigation is when a suspect tries to disguise a file by changing an incriminating file’s signature. Having a good understanding of file signatures is important. Below is an exert from a larger list of file signatures of the more common files seen during investigations. A larger list can be seen at the following location: https://en.wikipedia.org/wiki/List_of_file_signatures
-
+
[BACK TO UACTF](/UACTF)