An Introduction to Hex Editing for Cybercrime Investigators

Roderick Graham
8 min readSep 4, 2020
Photo by freestocks on Unsplash

People interested in entering the growing field of cybercrime investigations can gain a leg up on the competition by learning how to use a hex editor. To “hex edit” means to make changes to the raw binary data — 1’s and 0’s — on a computer. “Hex” is short for “hexadecimal,” something I will discuss shortly. A hex editor is an application that presents the raw data of a file and allows the user to edit that data. This article will describe hexadecimal notation, the process of hex editing, and give some examples of how hex editing can be used by cybercrime investigators.

About Hexadecimal Notation

Hexadecimal notation can be a little disorienting for the uninitiated. It is based on multiples of 16, instead of 10. We are most familiar with a number system based on multiples of 10 — the decimal system. In a decimal system, we start with 0, 1, 2…up to 9, and then we add another digit and start over — so 10, 11, up to 19, and so on. Once you get to 99, you add another number and start over with 100.

A hexadecimal system starts with 0, and we count 15 spots past 9 (we do not use 10 because that would be adding another digit) by adding A, B, C, D, E, and F. In other words, A = 10, B = 11, C = 12, D = 13, E = 14, and F = 15. A new digit is added after F, and we start over with 10, 11…

--

--

Roderick Graham
Roderick Graham

Written by Roderick Graham

Gadfly | Professor of Sociology at Old Dominion University | I post about social science, culture, and progressive politics | Views are my own

Responses (2)