File signature

File signature

so in this video I wanted to go over a little bit about file signatures of different files and things that you might encounter if you're ever doing forensic analysis of somebody's computer as you can see right here I've just set up a little folder here and filled it full of some JPEG images however one in particular kind of catches my attention right here it says this wildlife JPEG as you can see it's it's rather large in size and if I try to double click on it it says that Windows Photo Viewer can't open it because it could be damaged corrupt or too large so already a couple of things appear to me to be a little bit suspicious so as I mentioned I wanted to talk about file signatures so I've gone ahead and opened up a all of these files in just an open-source hex editor known as hxd I'll put the loop to the program down in the description and what we can see is just all of that all of the values of all of the the the bytes that make up these JPEG images as you can see right here it starts off f FD 8 FF e 0 so on so forth this portion right here let me just highlight it to about right here or so this is all going to be very standard and what you see whenever you open up any JPEG image as a matter of fact if I open if I just tab over to one of the other images you'll see that we have the exact same file opening for this one as we did for this from here and also if we scroll down all the way down to the bottom you'll see that it ends at a 3 f FF d9 if I scroll all the way down to this JPEG image we'll have a 3 FF d9 this one should have the exact same header and down at the bottom we have this FF d9 as well this is just kind of this is how your computer can recognize where the file a certain file of a file type starts and where it stops so since we know this we can go through and we can take a look at this wildlife JPEG file that I pointed out before as you can see it doesn't start out the same way anyone started off just going back up with an FFD 8ff this one is 30 28 b2 so already we know it's not a JPEG image because it doesn't have the same file signature as those other ones if we want to figure out what type of a file this is we can actually go and just take a look you can google this I've actually brought up a page just from Wikipedia if we go ahead and we just search right here or that 30:26 b2 we can see right...