Validating with Hexadecimal Editors
For this scenario, we are working with WinHex in validating hash values; this is important due to needing to verify the authenticity of any data that has been acquired. I began the assignment by downloading WinHex and researching what it is, what it can do, and how I could use it in my career. Per the assignment, I created a Word document containing a short sentence, then saved the document as test_hex.docx; this document is shown below.
Next, I ran WinHex as an administrator and opened the abovementioned Word document; the image shown below is the test_hex.docx document opened in WinHex.
Next, we were required to compute an MD5 hash (128 bit) of the document; the image below shows this.
Using the abovementioned MD5 hash dialog box, I copied the has value and pasted it into a text document labeled as test-hashvalue.txt; this is shown in the image below.
Next, I used the virtual environment (Toxic Lab) to open the Jeffersonian quotes.doc file.
By moving my mouse around and clicking certain bytes and selecting sectors, I was able to view the offset counter. Next, I selected Tools > Compute Hash > MD5 (128 bit > and copied the hash value. I then opened a Notepad and pasted the hash value, then saved it in a newly created work folder named Quotes_hashvalue.txt.
Hands-On Project 9-1
For this project, I used WinHex again to perform bit-shifting. I began by creating the folder, Work_Chap09_Projects folder, as shown below.
Next, I created a new text document with the following material, “This document contains very sensitive information. We do not want the competition to be able to read it if they intercept the message.” I then saved the document as correspondence.txt in my newly created work folder.
Then, I opened up the correspondence.txt file in WinHex (running as an administrator).
Next, I clicked Edit > Select All from the menu.
After selecting the data, I clicked Edit > Modify Data, and then selected Circular left rotation, then OK.
The below image shows the modified data.
Next, I saved the file as correspondence1.txt in the work folder I created before.
After saving the document, I closed WinHex and reopened the document to show the following screen.
Next, I selected Edit > Select All.
After selecting the data, I clicked on Edit > Modify Data, then selected the Circular left rotation option seven times.
On the seventh Circular left rotation, the original message was successfully converted to a readable format, shown below.
Finally, I saved the document as correspondence2.txt, completing the assignment.
Overall, this assignment was quite interesting as both tasks further honed my skills at both collecting and analyzing data.
Nelson, B., Phillips, A., & Steuart, C. (2019). Guide to Computer Forensics and Investigations. Boston, MA: Cengage Learning.