Resource Center

How-Tos

Magnet IEF Feature Profile: Hex & Text Viewer

    Overview:

    Magnet IEF reports some of the most important data for files and artifacts. However, examiners often need to dig even deeper into an artifact or file to better understand its purpose or value. Hex and Text Viewers, now built into Magnet IEF Report Viewer, allow examiners to view the raw data and:

    1. Confirm/validate the results that Magnet IEF has returned for a given artifact
    2. Perform manual searches, providing additional context related to an artifact
    3. Dig deeper for additional data that might be found in a file

    Hex and Text Viewers are an essential part of an examiner’s toolkit and will assist them in conducting additional analysis beyond the refined results provided by IEF.

    How it works:

    From within the Magnet IEF Report Viewer, first select the artifact you would like to examine. In the bottom right window, you will be presented with several tabs including “Details,” “Hex,” and “Text” (there may be additional tabs depending on the artifact being examined).

    The “Details” tab will display the traditional IEF report details in, as always, an easy to interpret format, just as it has in previous versions.

    The “Hex” tab will display a hexadecimal view of the raw data for the associated file or artifact. If the artifact is carved, Report Viewer will jump to and highlight the referenced data for the given artifact. The Hex Viewer will also provide examiners with the location of the artifact (file name and path, physical sector, and offset) to help validate their results.

    The “Text” tab will translate the same raw data in a text format, which may assist examiners in interpreting  some of the artifact data. Text Viewer also shows the source path of the file being examined on the system. By default, Report Viewer will display the text in Unicode; however, it also allows the examiner to modify the view with various ASCII and Unicode styles.

    In order to view the hex or text values of a given file or artifact, Magnet IEF Report Viewer must have access to the original evidence/image. If the evidence has not moved from its original location when it was searched, IEF will automatically find it. However, if it was moved, the examiner will need to provide the new path to the source files in order to use the Hex and Text viewers.

    In summary, the Hex and Text Viewers allow examiners to dig deeper into artifacts and files to better understand recovered evidence.

    Related Resources

    How-Tos

    How-Tos

    Introducing Magnet Automate Essentials

    Magnet Automate Essentials provides you with everything you need to build automated workflows across your entire DFIR toolkit to help you complete your digital investigations faster, easier, and more reliably.

    February 14, 2024 • About a 1 minute view
    How-Tos

    How-Tos

    Exploring the New User Interface Features in Review 5.0

    Magnet Review was designed to make it fast and easy for users to uncover the data they need. Review includes several options to help reviewers considerably reduce their time to

    April 25, 2023 • About a 1 minute view
    How-Tos

    How-Tos

    Getting Started With Magnet AXIOM Cyber

    This getting started with Magnet AXIOM Cyber playlist has been developed to help you quickly get up to speed on the basics with Magnet AXIOM Cyber. In this series of

    November 18, 2022 • About a 2 minute view
    Resource Center Home

    Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

    Start modernizing your digital investigations today.

    Top