Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Week 3 Understanding Data: Lab 1 - File Signature Investigations

Learning Objectives

  • Apply appropriate practices, tools, and techniques in the context of a given investigative scenario.
  • Investigate file headers and file signatures.

Employability Skill Objectives

  • Use a Hex Editor tool such as HxD to examine and interpret file headers.

Scenario

Several files have been seized as part of a corporate investigation. However, to disguise their contents, the suspect removed the file extensions and renamed them. Your task is to identify the true file types so they can be accessed in their original formats.

Cyber Lab Shared Folder All required files are available in the CyberLab shared folder.

  1. Open File Explorer.
  2. In the address bar, type \\cyberlab and press Enter.
  3. If prompted for login details, use:
    Username: student
    Password: Student4
  4. Navigate to Cyber Share , then Digital Forensics – Ali Jaddoa Folder.

Setup

You will need a Hex Editor such as:

  • Login to you PC, username:student, password Student4 o
    • in case you need admin permmission, use this user .\cyberstaff and pw is Cyberlecturer1
  • You can use eitherof the follwing
    • HxD Hex Editor (desktop version), and it should be alreadu intalled on your pc.
    • HexEd.it (online version).
      .

Task 1 - Lab Activity

  1. Use this folder W3-Lab1-Forensic_Investigation_Lab.zip that

  2. Extract the zip file to your machine.
    Note: You must extract the zip file for this lab to work properly.

  3. Open the extracted folder Forensic_Investigation_Lab, which contains six files:

  4. Your task is to determine for each file:

  • File signature (also known as the magic number)
  • Correct file extension (e.g., .jpg, .pdf, .docx, etc.)

To do so:

  1. Open HxD Editor, and load each file one by one.

  2. In HxD, copy the first 4-6 bytes (the hex values at the beginning of the file).

  3. Look up the values on Gary Kessler’s File Signatures Reference: https://filesig.search.org to identify the possible file type.

  4. When you believe you have identified the correct file type:

  • Choose File - Save As in HxD,
  • Save the file using the correct file extension,
  • Then try opening it using the appropriate application to confirm your findings.

Repeat the process for all six files.

Record Your Results

File NumberSignature (Magic Number)File ExtensionContent Description / Notes
File01
File02
File03
File04
File05
File06

Additional Challenges

  • File 05 contains a secret message - can you locate it?
  • File 06 hides a secondary file with the same extension.
    Try to extract, save, and open the hidden content successfully.

Copyright © 2026 • Created by Ali Jaddoa

Page last updated: Wednesday 28 January 2026 @ 14:18:54 | Commit: b70563e