Forensics 101


Sometimes in forensics, we run into files that have odd or unknown file extensions. In these cases, it's helpful to look at some of the file format signatures to figure out what they are. We use something called "magic bytes" which are the first few bytes of a file.

What is the ASCII representation of the magic bytes for a RAR archive?


Wikipedia has an article containing a list of file signatures. The RAR file has a byte signature of 52 61 72 21 1A 07 or RAR!.

The accepted flag was, RAR!



Leave a comment