Langa Letter: Deep-Geek File And Disk Tools - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
2/9/2006
10:45 PM
Fred Langa
Fred Langa
Commentary
50%
50%

Langa Letter: Deep-Geek File And Disk Tools

A major brain-fade forces Fred Langa to search for the most powerful recovery tools he could find.

Hex Editors
In this context, "hex" stands for "hexadecimal," the low level, machine-friendly base-16 notation system used in many computer programs and codes.

In theory, a "hex editor" can let you see and modify anything and everything anywhere on your hard drive, including any and all kinds of files and their contents, and even the disk's own fundamental data structures.

Some hex editors are file-oriented; you can easily use this kind of tool to change program code even in executable files, in DLLs, and in other usually inaccessible places. You can use this kind of hex editor to remove annoying branding on some software. For example, you could change or remove the "Microsoft Internet Explorer" that appears at the top part of every IE browser window. That, or any other plain text coded within EXE and similar files, is easily changed with a hex editor.

Hex editors also are useful for exploring mystery files that you can't open by any other means: A hex editor will let you see what's in almost any file, and sometimes can provide enough clues so you can figure out what an unknown or unopenable file is, or where it came from.

File-oriented hex editors also often are optimized for the recovery of accidentally deleted files; they can let you find, identify, rename, and save (as a new file) anything that was mistakenly erased.

Some hex editors are geared to other special purposes, such as manually sorting out problems with the boot process or with partitions and logical disks; including unformatting, unpartitioning, or finding/undeleting lost partitions.

While task-specific hex editors can make certain tasks easier (mostly by pointing you in the right directions), general-purpose hex editors can do it all, letting you view -- and optionally modify -- anything that's anywhere on your hard drive. This kind of hex editor is often used in digital forensics and in heavy-duty file- and disk-recovery: It will show you absolutely everything on the hard drive -- including every file, every deleted file, and even bits or scraps of data left over outside the active, in-use file areas. This can include residual data from deletion or defragging operations; data in normally unviewable areas (such as the swapfile or pagefile); and data left in the "slack" space after an end-of-file marker. (If these concepts are unfamiliar to you, see the information here , here, or here.)

The flip side is that general-purpose hex editors show you so much "raw" data, they can be hard to use, especially if you've never used one before. The special-purpose editors may have simpler, easier-to-use interfaces, as long as you're using them for their more-limited intended purpose.

But the above three general categories aren't at all rigidly defined: under the skin, all hex editors share some basic similarities. The differences from one editor to the next reside mostly in what functions are being optimized and emphasized, and how the front ends or interfaces are built. When push comes to shove, a general-purpose editor can be used for something like editing boot records, for example; and a drive-oriented editor may be used for editing specific files.

One thing all the editors share in common is that they can be quite slow when you're searching today's huge hard drives. That's not the fault of the editor, but simply a reflection of the amount of data they may have to process. Plus, all hex editors can be dangerous and must be used with care -- they give you the power to modify almost anything on the hard drive, including things best left alone. Many hex editors come with some form of disk imaging built in; or at least come with the strong recommendation to make an image by some other means before attempting to use the editor. (With a fresh image, you'll be able to recover from any mistakes or errors.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll