An Introduction to Hex Editing for Cybercrime Investigators
People interested in entering the growing field of cybercrime investigations can gain a leg up on the competition by learning how to use a hex editor. To “hex edit” means to make changes to the raw binary data — 1’s and 0’s — on a computer. “Hex” is short for “hexadecimal,” something I will discuss shortly. A hex editor is an application that presents the raw data of a file and allows the user to edit that data. This article will describe hexadecimal notation, the process of hex editing, and give some examples of how hex editing can be used by cybercrime investigators.
About Hexadecimal Notation
Hexadecimal notation can be a little disorienting for the uninitiated. It is based on multiples of 16, instead of 10. We are most familiar with a number system based on multiples of 10 — the decimal system. In a decimal system, we start with 0, 1, 2…up to 9, and then we add another digit and start over — so 10, 11, up to 19, and so on. Once you get to 99, you add another number and start over with 100.
A hexadecimal system starts with 0, and we count 15 spots past 9 (we do not use 10 because that would be adding another digit) by adding A, B, C, D, E, and F. In other words, A = 10, B = 11, C = 12, D = 13, E = 14, and F = 15. A new digit is added after F, and we start over with 10, 11…