Member-only story
What’s Magic In Cybersecurity?
Well, it’s those special magic numbers that give the game away
Well, in cybersecurity and digital forensics, a magic number is a special way of investigating a file type (such as an image or a document), without looking at the file extension. In this way we can scan documents in network connections or on disks in a fast way, and where we only have to sample the first (or last) few bytes to discover certain types of files. An intruder may hide a file type with a different file extension, such as to change an .EXE to a .PDF, and avoid virus scanners and intrusion detection systems (IDSs). With magic number detection, we can dive into the file and look for certain patterns of data.
Magic numbers
Sometimes we need to scan a disk at a low level and determine the files that are contained on a disk. One method of determining the files is to look for standard signatures, normally using standard sequences at the start of the file. I’ve tried to gather as many of these signatures as possible for key file types (see Table 1) [here]. For example, an Abobe Illustrator file should start with the hex sequence of 0x25, 0x50, 0x44, 0x46 (which is the ASCII characters of %PDF), and which shows that it is a standard PDF file. If we scan a disk and find this signature, it may thus be an Illustrator file.
