Digital InvestigationThese pages outlines some digital forensics examples showing the magic number which identifies the file:
|
The following are network traces with file types contained in them:
- PDF. For this use a filter of http contains "%PDF" or http contains "\x25\x50\x44\x46": Here
- GIF. For this use a filter of http contains "GIF89a" or http contains "\x47\x49\x46\x38": Here
- PNG. For this use a filter of http contains "\x89\x50\x4E\x47": Here
- MIME. For this use a filter of smtp contains "/9j/4AAQSkZJRgA": Here
- SMTP Trace with email number. For this use a filter of smtp matches "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9._%+-]": Here
- SMTP Trace with credit card number . To detect Visa credit card number, use a filter of smtp matches "5\\d{3}(\\s|-)?\\d{4}(\\s|-)?\\d{4}(\\s|-)?\\d{4}": Here