Notes - MCS
Computer Systems Forensic Analysis
Notes - MCS
Computer Systems Forensic Analysis
  • Computer Systems Forensic Analysis
  • Overview of Cybercrime
    • Cyberspace
    • Information Security Principles
    • Cybercrime vs. Computer Crime
    • Cybercrime slang
      • Images
    • Digital Evidence
  • Introduction to Digital Forensics
    • Concepts
    • Digital Forensic
    • Digital Investigation
    • Digital Crime Scene Investigation Methodology
    • Digital Evidence Handling
    • Ethical Code
  • Obtaining Evidences
    • Introduction
    • Boot Process
    • Secuere Boot Process
    • Windows Boot Process
    • Forensic Boot Tools
    • Bootable CD-ROMS - Linux Based
    • ADS
    • Forensic Sorting Tools
    • Forensic Acquisition
    • Dealing With Media Errors
    • Hidden Areas
    • Write Protection of Evidence Media
    • Storing Acquired Data
    • Image File Acquisition
    • Hash Values
  • Data Organization
    • Data Organization
    • File System
    • File Content
    • Endianness
    • Character Encoding
    • Data Structures
    • Date and Time
    • Encoding
  • Storage Devices
    • BIOS versus direct access
    • Hard Disk Geometry
    • Advanced Technology Attachment Interface
      • Device Configuration Overlay
    • Small Computer Systems Interface
    • NAND Flash memory
    • Level wearing
    • HDD vs SSD
    • Pen USB vs SSD Comparison
    • SSD Connectors, Interfaces, and Transfer Protocols
  • Volumes and Partitions
    • Concepts
    • Partition Tables
    • Sectors Addresses
    • Logical addresses
    • Volume Analysis
    • Types of Partition Tables
    • Common Partition Tables (MBR)
    • Boot Code
    • MBR examination
    • Removable Storage
    • Common Partition Tables (GPT)
    • Common Partition Tables (BSD)
    • Volumes’ Aggregation
  • RAM Analysis
    • RAM Analysis
    • General Computer Architecture
    • DMA – Direct Memory Access
    • Paging
    • Memory Acquisition
  • Mobile Forensics
    • Forensic value of phones
    • International Mobile Equipment Identifier
    • Potential Evidence
    • Forensics Dangers
    • Data Acquisition
    • Logical acquisition
    • Physical acquisition
    • Hashing
    • Software tools
  • Open Source INTelligence
    • Classical sources of information and intelligence
    • Evolution of OSINT - Open Sources Intelligence
    • Information sources
    • Closed source of information
    • Open sources
    • Information to Intelligence Cycle
    • Skills of the Analyst
    • Open Source Possibilities
    • Automated Processing
    • DarkNet
  • Documentation and Reporting
    • Introduction
    • Physical examination
    • Examining a computer
    • Media Examination
    • Examples of things to write in the report
    • Forensic Report
Powered by GitBook
On this page
  1. Data Organization

Encoding

Binary-to-text encoding:

  • is encoding of data in plain text, or in other words it is an encoding of binary data in a sequence of printable characters.

  • the encoding is necessary for transmission of data when the channel does not allow binary data (e. g. email).

  • encoding inflates the original data size, the inflate rate depends on the used technique encoding is a reversible operation.

  • it can also be applied to plain text.

Not to be confused with encrypting, it’s not encryption:

  • encryption requires a key, usually secret.

  • encoding doesn’t depend on a key.

Common Encoding Techniques

  • hexadecimal (also known as base16)

    • used chars: [0..9] and [A..F] (or [a..f]).

    • hash values (MD5, SHA245, etc) are usually displayed in hexadecimal.

    • example: “Hello World” → 48656c6c6f20776f726c64

  • base64

    • used chars: [A..Z, [a..z], [0..9], and [+,/]

    • base64 string size must be a multiple of 4, so char = can be used at the end as padding.

    • used on: email servers (MIME), OpenPGP, etc.

    • example: “Hello World” → SGVsbG8gV29ybGQ=.

  • base58

    • similar to base64, but modified to avoid both non-alphanumeric characters and letters which might look ambiguous when printed.

    • used on bitcoins.

    • example: bitcoin public key 1ZNz2KDm8epACBA5bjgKQbRyaGcDt3XV2

    • bitcoin private key: Ky1ZcCSMziFtdxfDEjANw3PZUZQQLjh6hKpX1CinVtJscnAFnvcn

Last updated 1 year ago