Up One Level


Hex Editor

 

Hex editors are commonly available 'tools' (or utilities) which allow the user to scrutinise and update the precise contents of the hard disk. Not only do they reveal the hexadecimal equivalent of the binary code in which the data is stored, but they also helpfully provide an ASCII converter which allows you to make sense of the contents. All fine so far. However, because they permit searches and updates, it is possible, indeed easy, to search for an expected string / word, and then update that string with a new value (e.g. by substituting the value '5644' for '9480'). Because the number of bytes has remained the same, the data file in which this string is found, may not have been corrupted, however the integrity of the data has been destroyed, and the subsequent user of the file may have little evidence of such tapering.

In addition, a hex editor is able to reveal data believed to be safe within password protected files, or even data in files which have been deleted but have yet to be overwritten.

The use of checksums can confirm that a file has not been tampered with, even slightly. However, more fundamentally, Security Officers should endeavour to prevent hex editors from being loaded onto any of the organisation's PCs / workstations in the first place.


*** The Information Security Glossary ***
Previous PageTop of this pageNext Page



Buy Now:

 

This Glossary forms part of the RUsecure Security Policy Suite... visit RUsecure Security Policy World
Use of the guidance contained within RUsecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word
 Risk Associates: Resources for Security Risk Analysis, ISO 17799 / BS7799, Security Policies and Security Audit