Software // Information Management
Commentary
2/9/2006
10:45 PM
Fred Langa
Fred Langa
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Langa Letter: Deep-Geek File And Disk Tools

A major brain-fade forces Fred Langa to search for the most powerful recovery tools he could find.

Hex Editors
In this context, "hex" stands for "hexadecimal," the low level, machine-friendly base-16 notation system used in many computer programs and codes.

In theory, a "hex editor" can let you see and modify anything and everything anywhere on your hard drive, including any and all kinds of files and their contents, and even the disk's own fundamental data structures.

Some hex editors are file-oriented; you can easily use this kind of tool to change program code even in executable files, in DLLs, and in other usually inaccessible places. You can use this kind of hex editor to remove annoying branding on some software. For example, you could change or remove the "Microsoft Internet Explorer" that appears at the top part of every IE browser window. That, or any other plain text coded within EXE and similar files, is easily changed with a hex editor.

Hex editors also are useful for exploring mystery files that you can't open by any other means: A hex editor will let you see what's in almost any file, and sometimes can provide enough clues so you can figure out what an unknown or unopenable file is, or where it came from.

File-oriented hex editors also often are optimized for the recovery of accidentally deleted files; they can let you find, identify, rename, and save (as a new file) anything that was mistakenly erased.

Some hex editors are geared to other special purposes, such as manually sorting out problems with the boot process or with partitions and logical disks; including unformatting, unpartitioning, or finding/undeleting lost partitions.

While task-specific hex editors can make certain tasks easier (mostly by pointing you in the right directions), general-purpose hex editors can do it all, letting you view -- and optionally modify -- anything that's anywhere on your hard drive. This kind of hex editor is often used in digital forensics and in heavy-duty file- and disk-recovery: It will show you absolutely everything on the hard drive -- including every file, every deleted file, and even bits or scraps of data left over outside the active, in-use file areas. This can include residual data from deletion or defragging operations; data in normally unviewable areas (such as the swapfile or pagefile); and data left in the "slack" space after an end-of-file marker. (If these concepts are unfamiliar to you, see the information here , here, or here.)

The flip side is that general-purpose hex editors show you so much "raw" data, they can be hard to use, especially if you've never used one before. The special-purpose editors may have simpler, easier-to-use interfaces, as long as you're using them for their more-limited intended purpose.

But the above three general categories aren't at all rigidly defined: under the skin, all hex editors share some basic similarities. The differences from one editor to the next reside mostly in what functions are being optimized and emphasized, and how the front ends or interfaces are built. When push comes to shove, a general-purpose editor can be used for something like editing boot records, for example; and a drive-oriented editor may be used for editing specific files.

One thing all the editors share in common is that they can be quite slow when you're searching today's huge hard drives. That's not the fault of the editor, but simply a reflection of the amount of data they may have to process. Plus, all hex editors can be dangerous and must be used with care -- they give you the power to modify almost anything on the hard drive, including things best left alone. Many hex editors come with some form of disk imaging built in; or at least come with the strong recommendation to make an image by some other means before attempting to use the editor. (With a fresh image, you'll be able to recover from any mistakes or errors.)

Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.