Langa Letter: Deep-Geek File And Disk Tools - InformationWeek
Software // Information Management
10:45 PM
Fred Langa
Fred Langa
How Cloud Can Streamline Business Workflow
Jul 11, 2017
In order to optimize your utilization of cloud computing, you need to be able to deliver reliable ...Read More>>

Langa Letter: Deep-Geek File And Disk Tools

A major brain-fade forces Fred Langa to search for the most powerful recovery tools he could find.

Hex Editors
In this context, "hex" stands for "hexadecimal," the low level, machine-friendly base-16 notation system used in many computer programs and codes.

In theory, a "hex editor" can let you see and modify anything and everything anywhere on your hard drive, including any and all kinds of files and their contents, and even the disk's own fundamental data structures.

Some hex editors are file-oriented; you can easily use this kind of tool to change program code even in executable files, in DLLs, and in other usually inaccessible places. You can use this kind of hex editor to remove annoying branding on some software. For example, you could change or remove the "Microsoft Internet Explorer" that appears at the top part of every IE browser window. That, or any other plain text coded within EXE and similar files, is easily changed with a hex editor.

Hex editors also are useful for exploring mystery files that you can't open by any other means: A hex editor will let you see what's in almost any file, and sometimes can provide enough clues so you can figure out what an unknown or unopenable file is, or where it came from.

File-oriented hex editors also often are optimized for the recovery of accidentally deleted files; they can let you find, identify, rename, and save (as a new file) anything that was mistakenly erased.

Some hex editors are geared to other special purposes, such as manually sorting out problems with the boot process or with partitions and logical disks; including unformatting, unpartitioning, or finding/undeleting lost partitions.

While task-specific hex editors can make certain tasks easier (mostly by pointing you in the right directions), general-purpose hex editors can do it all, letting you view -- and optionally modify -- anything that's anywhere on your hard drive. This kind of hex editor is often used in digital forensics and in heavy-duty file- and disk-recovery: It will show you absolutely everything on the hard drive -- including every file, every deleted file, and even bits or scraps of data left over outside the active, in-use file areas. This can include residual data from deletion or defragging operations; data in normally unviewable areas (such as the swapfile or pagefile); and data left in the "slack" space after an end-of-file marker. (If these concepts are unfamiliar to you, see the information here , here, or here.)

The flip side is that general-purpose hex editors show you so much "raw" data, they can be hard to use, especially if you've never used one before. The special-purpose editors may have simpler, easier-to-use interfaces, as long as you're using them for their more-limited intended purpose.

But the above three general categories aren't at all rigidly defined: under the skin, all hex editors share some basic similarities. The differences from one editor to the next reside mostly in what functions are being optimized and emphasized, and how the front ends or interfaces are built. When push comes to shove, a general-purpose editor can be used for something like editing boot records, for example; and a drive-oriented editor may be used for editing specific files.

One thing all the editors share in common is that they can be quite slow when you're searching today's huge hard drives. That's not the fault of the editor, but simply a reflection of the amount of data they may have to process. Plus, all hex editors can be dangerous and must be used with care -- they give you the power to modify almost anything on the hard drive, including things best left alone. Many hex editors come with some form of disk imaging built in; or at least come with the strong recommendation to make an image by some other means before attempting to use the editor. (With a fresh image, you'll be able to recover from any mistakes or errors.)

2 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll