Elfs, Katz and the Big Zbikowski: 10 Trivial Digital Forensics Facts
One of the first things you learn as a digital investigator is … the magic of digital forensics. For this we have the concept of magic numbers, and which are identifiers of different file types. These magic numbers are a special gifts for digital investigators, as they make the job of finding things a whole lot easier [here]. So let’s have a bit of fun with 10 trivial facts on these magic numbers:
Trivial Fact 1: There’s an Elf in Linux. Unfortunately it’s not a Christmas Elf, but it is a magic file identifier for a LINUX executable, and where the file format starts with “.ELF” , and which defines the Executable and Linkable Format [here]:
Trivial Fact 2: The identifier for ZIP files was named after Phil Katz. At the start of a .ZIP file we will see the characters “PK”, and these are the initials of the creator of the ZIP file format. So what’s so special about PK? Ask any digital forensics investigator, and they will say that the two characters are often used to perform a quick search on a disk for ZIP files. We can see the “PK” magic number in all its glory [here]:
