Hi Everyone
I'm currently studying Computer Security with Forensics at university and im doing my dissertation, Im trying to analyse PAK and bin files to see if i can get any type of media file out or any other type of information but everytime I put the PAK and bin files into Encase and Autopsy all I get is just simple hex data and thats it. So im wondering am I doing something wrong or do these tools not have the ability to search through these tools? If they do, can someone guide me on how to search through them or provide me a link which explains how to. I'm using Encase 8 and the latest version of Autopsy and adding the files as local files.
If you need more information let me know
Regards
Obi
If you need more information let me know
You'll need to define both "PAK" and "bin" files.
If you are talking of file extensions
.pak is a file extension used often for packed files, but not necessarily it is of a given format, sometimes they are simply .zip files with the extension changed, but they could well be something else.
.bin is used (but again not necessarily) often to indicate "binary" (actually "raw hex") data.
If you don't know what actual file format they are or which program created them, you can try using file (Linux) or TriD (windows) to attempt identifying the file format.
https://
http//
I am not sure to understand the "generic approach" however, *any* file - unless it has a documented format and the specific tool (Encase, Autopsy, *whatever*) has a parser for that format (and the right parser is auto-detected) will appear to be "simple hex data".
jaclaz
Hi Jaclaz
I used the TrID tool but it seems to think that the PAK file is an ABR file which is strange and the .BIN file as an Inno setup archive, which is the tool i used to create an installer for the files. If it helps I used Unreal Engine to create the PAK file but not sure as to why its saying its an ABR file.
Hope this helps
Obi
Hi Jaclaz
I used the TrID tool but it seems to think that the PAK file is an ABR file which is strange and the .BIN file as an Inno setup archive, which is the tool i used to create an installer for the files. If it helps I used Unreal Engine to create the PAK file but not sure as to why its saying its an ABR file.
Hope this helps
Obi
I don't know.
I mean, I still don't understand what you are up to/trying to test/demonstrate.
You created yourself the files with some uncommon and specific software.
Then you threw Encase and Autopsy on these binary files (in a proprietary and uncommon format).
What would you have expected to happen?
How what happened differs from the expectations you had?
TriD, file (and similar) attempt to identify files based on "patterns", typically in "headers" and "footers", but not only.
Of course specific files may have a "very distinctive" header (or footer, or both) whilst other ones have very generic ones.
Namely, the ABR has a (if I am allowed) "ridiculous" header of 00 😯
http//
so it doesn't particularly surprise me that it came out as a possible filetype for the file you provided, most probably after having attempted to identify the file with the more "definite" patterns it used the "low-low-specific" one that happens to be connected with ABR files.
jaclaz