1 / 21

Computer Forensics BACS 371

Computer Forensics BACS 371. Computer System Basics 1 Number Systems & Text Representation. Computer System Basics. Number Systems Decimal (base 10) Binary (base 2) Octal (base 8) Hexadecimal (base 16) Conversions Little Endian vs. Big Endian Text Representation ASCII EBCDIC

mikko
Télécharger la présentation

Computer Forensics BACS 371

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer ForensicsBACS 371 Computer System Basics 1 Number Systems & Text Representation

  2. Computer System Basics • Number Systems • Decimal (base 10) • Binary (base 2) • Octal (base 8) • Hexadecimal (base 16) • Conversions • Little Endian vs. Big Endian • Text Representation • ASCII • EBCDIC • Unicode

  3. Number Systems • Decimal – base 10 • Binary – base 2 • Octal – base 8 • Hexadecimal – base 16

  4. Decimal Number System • Base 10 • Uses digits 0~9 • Based on powers of 10 3 * 105 = 300,000 2 * 104 = 20,000 7 * 103 = 7,000 1 * 102 = 100 9 * 101 = 90 4 * 100 = 4 ------------------------------- TOTAL = 327,194

  5. Binary Number System • Base 2 • Uses digits 0~1 • Based on powers of 2 1 * 25 = 32 1 * 24 = 16 0 * 23 = 0 1 * 22 = 4 0 * 21 = 0 1 * 20 = 1 ------------------------------- 1101012 = 5310

  6. Octal Number System • Base 8 • Uses digits 0~7 • Based on powers of 8 7 * 84 = 28,672 0 * 83 = 0 2 * 82 = 128 6 * 81 = 48 5 * 80 = 5 ------------------------------- 702658 = 28,85310

  7. Hexadecimal Number System • Base 16 • Uses digits 0~9 and A, B, C, D, E, F • Based on powers of 16 3 * 165 = 3,145,728 F * 164 = 983,040 7 * 163 = 28,672 A * 162 = 2560 0 * 161 = 0 E * 160 = 14 ------------------------------- 3F7A0E16 = 10,451,47010

  8. Number System Comparison

  9. Number System Representations • Binary • 01001101b • 010011012 • Octal • 115o – note: trailing charter is a lowercase ‘oh’ • 1158 • Hexadecimal • 0x4D -- note: leading character is a zero • 4Dh • 4D16

  10. Little Endian vs. Big Endian http://www.noveltheory.com/TechPapers/endian.asp Please read this. Deals with the order that bytes are stored in Intel-based versus non Intel-based computers. • Intel-based are normally PC-type computers • Non Intel-based are normally mainframe computers • Little Endian – stored left-to-right (Intel-based) • Big Endian – stored right-to-left (mainframe)

  11. Text Representations • Text values stored in a computer can be in several formats • ASCII • EBCDIC • Unicode (various types) By far, the most common is ASCII

  12. ASCII • ASCII, pronounced "ask-key", is the common code for microcomputer equipment • American Standard Code for Information Interchange • Proposed by ANSI in 1963, and finalized in 1968 • The standard ASCII character set consists of 128 decimal numbers ranging from zero through 127 assigned to letters, numbers, punctuation marks, and the most common special characters • The first 32 codes are reserved for “non-printing” or “control” characters – supported original teletype systems • The Extended ASCII Character Set also consists of 128 decimal numbers and ranges from 128 through 255 representing additional special, mathematical, graphic, and foreign characters

  13. ASCII Table

  14. Extended ASCII Table

  15. Text <-> Binary Converters • http://students.washington.edu/cwei/tools/binary.shtml • http://www.sitinthecorner.com/binary/binary.php TEXT Hello World BINARY 01001000 01100101 01101100 01101100 01101111 00100000 01010111 01101111 01110010 01101100 01100100 Hex 48 65 6C 6C 6F 20 57 6F 72 6C 64

  16. WinHex View

  17. EBCDIC • Extended Binary Code Decimal Interchange Code • Originally used by IBM-based mainframes • Totally different encoding scheme from ASCII and Unicode • Still used, but not as prevalent as in the past

  18. Unicode • Character coding standard used in NTFS • “Unicode provides a unique number for every character, no matter what the platform, no matter what the program, no matter what the language.” http://www.unicode.org • Three varieties of Unicode Transformation Format • UTF-8 – identical to ASCII for western languages • UTF-16 – 16-bits per character • UTF-32 – 32-bits per character

  19. Why do we care? • As a forensic analyst, you will be working with different number systems and encoding schemes. • You need to understand the conversion process between the different number systems and, if necessary, perform them by hand. • You also need to understand hexadecimal and ASCII well enough to be able to interpret “hex dumps.”

  20. But wait…. There’s more! • All the encoding schemes covered only apply to “text” data. • There are different encoding methods for other types of digital evidence (e.g., numbers, dates, times, executable programs, …). • The computer stores everything as 1’s and 0’s and the way you (and the computer) interpret groups of bits depends upon the context.

More Related