Running head: WEEK FIVE HANDS-ON 1
Pawan Adhikari
SEC-350
Week 5 Hands-on
Activity 9-1 File Signature Analysis
To complete this activity, I had to examine several files to determine their signature and then
look up those values online to determine the file’s type. At first, I had to download and install
WinHex and then I downloaded File_Signature-Examples.zip from the digital forensics’
workbook web site. I launched WinHex and following window appeared.
After this step, I opened “File 1” in WinHex and the window appeared as shown below:
,Running head: WEEK FIVE HANDS-ON 2
From this screenshot we can conclude the first eight bytes are 50 4B 03 04 14 00 06 00.
While browsing the website www.garykessler.net, I searched the first eight bytes of the file as
shown in the following window:
,Running head: WEEK FIVE HANDS-ON 3
The file extension associated with the extension is a Microsoft Open XML format
(OOXML) file. All Office files, including Word documents, Excel spreadsheets, and PowerPoint
presentations contain the same signature. To determine which type of Microsoft Office file it
could be, one of two approaches can be taken: Either review the metadata in the file’s header to
determine the actual filetype or use trial and error. In trial and error, an examiner would add an
Office extension to the file, e.g., docx, xslx, .pptx, and attempt to open it. This file is specifically
a Microsoft Word documents.
Additional Exercises:
a) The file signature, file type and file extension associated with File2 are as follows:
, Running head: WEEK FIVE HANDS-ON 4
File signature: D0 CF 11 E0 A1 B1 1A E1
File Type: Microsoft Excel Spreadsheet
File extension: .xls
b) The file signature, file type and file extension associated with File3 are as follows:
File signature: 25 50 44 46 2D 31 2E 33
File Type: Adobe Acrobat Portable Document Format
File extension: .pdf
c) The file signature, file type and file extension associated with File4
are as follows:
Pawan Adhikari
SEC-350
Week 5 Hands-on
Activity 9-1 File Signature Analysis
To complete this activity, I had to examine several files to determine their signature and then
look up those values online to determine the file’s type. At first, I had to download and install
WinHex and then I downloaded File_Signature-Examples.zip from the digital forensics’
workbook web site. I launched WinHex and following window appeared.
After this step, I opened “File 1” in WinHex and the window appeared as shown below:
,Running head: WEEK FIVE HANDS-ON 2
From this screenshot we can conclude the first eight bytes are 50 4B 03 04 14 00 06 00.
While browsing the website www.garykessler.net, I searched the first eight bytes of the file as
shown in the following window:
,Running head: WEEK FIVE HANDS-ON 3
The file extension associated with the extension is a Microsoft Open XML format
(OOXML) file. All Office files, including Word documents, Excel spreadsheets, and PowerPoint
presentations contain the same signature. To determine which type of Microsoft Office file it
could be, one of two approaches can be taken: Either review the metadata in the file’s header to
determine the actual filetype or use trial and error. In trial and error, an examiner would add an
Office extension to the file, e.g., docx, xslx, .pptx, and attempt to open it. This file is specifically
a Microsoft Word documents.
Additional Exercises:
a) The file signature, file type and file extension associated with File2 are as follows:
, Running head: WEEK FIVE HANDS-ON 4
File signature: D0 CF 11 E0 A1 B1 1A E1
File Type: Microsoft Excel Spreadsheet
File extension: .xls
b) The file signature, file type and file extension associated with File3 are as follows:
File signature: 25 50 44 46 2D 31 2E 33
File Type: Adobe Acrobat Portable Document Format
File extension: .pdf
c) The file signature, file type and file extension associated with File4
are as follows:
