Computer System Basics 1 Number Systems & Text Representation
Computer ForensicsBACS 371
Computer System Basics
Number Systems Decimal (base 10) Binary (base 2) Octal (base 8) Hexadecimal (base 16) Conversions Little Endian vs. Big Endian
Text Representation ASCII EBCDIC Unicode
Number Systems
Decimal – base 10 Binary – base 2 Octal – base 8 Hexadecimal – base 16
Decimal Number System
Base 10 Uses digits 0~9 Based on powers of 10
105 104 103 102 101 100
100,000 10,000 1000 100 10 1
3 2 7 1 9 4
3 * 105 = 300,0002 * 104 = 20,0007 * 103 = 7,0001 * 102 = 1009 * 101 = 904 * 100 = 4-------------------------------TOTAL = 327,194
Binary Number System
Base 2 Uses digits 0~1 Based on powers of 2
25 24 23 22 21 20
32 16 8 4 2 1
1 1 0 1 0 1
1 * 25 = 321 * 24 = 160 * 23 = 01 * 22 = 40 * 21 = 01 * 20 = 1-------------------------------1101012 = 5310
Base 10 Base 2
0 0
1 1
2 10
3 11
4 100
5 101
6 110
7 111
8 1000
9 1001
10 1010
11 1011
12 1100
13 1101
14 1110
15 1111
Octal Number System
Base 8 Uses digits 0~7 Based on powers of 8
84 83 82 81 80
4096 512 64 8 1
7 0 2 6 5
7 * 84 = 28,6720 * 83 = 02 * 82 = 1286 * 81 = 485 * 80 = 5-------------------------------702658 = 28,85310
Base 10 Base 8
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 10
9 11
10 12
11 13
12 14
13 15
14 16
15 17
Hexadecimal Number System Base 16
Uses digits 0~9 and A, B, C, D, E, F Based on powers of 16
165 164 163 162 161 160
1,048,576 65,536 4096 256 16 1
3 F 7 A 0 E3 * 165 = 3,145,728F * 164 = 983,0407 * 163 = 28,672A * 162 = 25600 * 161 = 0E * 160 = 14-------------------------------3F7A0E16 = 10,451,47010
Base 10 Base 16
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
9 9
10 A
11 B
12 C
13 D
14 E
15 F
Number System Comparison
Decimal Binary Octal Hexadecimal
0 0 0 0
1 1 1 1
2 10 2 2
3 11 3 3
4 100 4 4
5 101 5 5
6 110 6 6
7 111 7 7
8 1000 10 8
9 1001 11 9
10 1010 12 A
11 1011 13 B
12 1100 14 C
13 1101 15 D
14 1110 16 E
15 1111 17 F
Number System Representations Binary
01001101b
010011012
Octal 115o – note: trailing charter is a lowercase ‘oh’ 1158
Hexadecimal 0x4D -- note: leading character is a zero 4Dh 4D16
Little Endian vs. Big Endian
http://www.noveltheory.com/TechPapers/endian.aspPlease read this.
Deals with the order that bytes are stored in Intel-based versus non Intel-based computers. Intel-based are normally PC-type computers Non Intel-based are normally mainframe computers Little Endian – stored left-to-right (Intel-based) Big Endian – stored right-to-left (mainframe)
Text Representations
Text values stored in a computer can be in several formats
ASCII EBCDIC Unicode (various types)
By far, the most common is ASCII
ASCII
ASCII, pronounced "ask-key", is the common code for microcomputer equipment
American Standard Code for Information Interchange Proposed by ANSI in 1963, and finalized in 1968 The standard ASCII character set consists of 128 decimal
numbers ranging from zero through 127 assigned to letters, numbers, punctuation marks, and the most common special characters
The first 32 codes are reserved for “non-printing” or “control” characters – supported original teletype systems
The Extended ASCII Character Set also consists of 128 decimal numbers and ranges from 128 through 255 representing additional special, mathematical, graphic, and foreign characters
ASCII Table
Extended ASCII Table
Text <-> Binary Converters http://students.washington.ed
u/cwei/tools/binary.shtml http://www.sitinthecorner.com/
binary/binary.php
TEXT
Hello World
BINARY01001000 01100101 01101100 01101100 01101111 00100000 01010111 01101111 01110010 01101100 01100100
Hex
48 65 6C 6C 6F 20 57 6F 72 6C 64
Text Binary Octal Hex
H 01001000 110 48
e 01100101 145 65
l 01101100 154 6C
l 01101100 154 6C
o 01101111 157 6F
00100000 040 20
WinHex View
EBCDIC
Extended Binary Code Decimal Interchange Code
Originally used by IBM-based mainframes
Totally different encoding scheme from ASCII and Unicode
Still used, but not as prevalent as in the past
Unicode
Character coding standard used in NTFS “Unicode provides a unique number for
every character, no matter what the platform, no matter what the program, no matter what the language.” http://www.unicode.org
Three varieties of Unicode Transformation Format UTF-8 – identical to ASCII for western
languages UTF-16 – 16-bits per character UTF-32 – 32-bits per character
Why do we care?
As a forensic analyst, you will be working with different number systems and encoding schemes.
You need to understand the conversion process between the different number systems and, if necessary, perform them by hand.
You also need to understand hexadecimal and ASCII well enough to be able to interpret “hex dumps.”
But wait…. There’s more!
All the encoding schemes covered only apply to “text” data.
There are different encoding methods for other types of digital evidence (e.g., numbers, dates, times, executable programs, …).
The computer stores everything as 1’s and 0’s and the way you (and the computer) interpret groups of bits depends upon the context.
Top Related