±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36768
New Yesterday: 0 Visitors: 133

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

hex editing and file carving issue

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts


hex editing and file carving issue

Post Posted: Oct 27, 18 12:23

Hello good day.. pls i am new to network forensics and currently working on Ann Aim Case In Network forensics tracking hacker through cyberspace book..... i used wireshark to follow a TCP stream then i saved the tcp stream in raw format then and tried to carve out a docx file but i noticed that dot sign "." in hex value was "2E" which was suppose to be "00"..then i ignored that. ..after i got the start and end of file of the docx file and carved the docx file out.. it couldnt open showing that the file is corrupted or some part are missing....so i concluded thar the 2E hex value representing the dot sign instead of 00 might be the problem.... i opened the TCP stram raw data with other hex editor but it was still the same..... but the hex dump of wireshark Tcp stream shows that the 2E is representing 00....anyway to re tify this issue  


Re: hex editing and file carving issue

Post Posted: Oct 28, 18 09:36

Got a solution to the problem.... I'm saved the tcp stream as ASCII instead of raw format.....saving as raw format produced the real hex value  

Page 1 of 1