Hexdump or hexadecimal dumping is a way to represent a file in hexadecimal format which helps the investigators to find out some basic things about the file and its contents. This is a primitive way to find out details regarding a file, but this can be helpful if you are doing a black box investigation on a file. The major draw back about this trick is that hexadecimal format is hard to read.
How to?
How to?
- To do an hexadecimal dump on any Linux machine just open the terminal and type hexdump <filename>. This will generate a flow of hexadecimal stream which keeps on going. To get this stream in a proper representation you might have to pipe it with less or more like hexdump <filename> | less.
- A better version of this command is hexdump -c.
- There is no predefined package in windows to get the hexdump value, thus you might have to download & install the application Hxd which is a hex editor.
- Now select open under the file menu and select your file and that's all.
This is the most easy way to find out some basic properties of the file. But this is not effective for more descriptive analysis.