top of page

Base64 encoding


When emails are sent from one system to another often Base64 encoding in employed in the Simple Message Transfer Protocol. So for example when we begin with an Outlook message (from the Enron email data set - see the August 7, 2015 Tip of the Night)

that is forwarded to a Hotmail account . . .

. . . and then we save that email as .eml file (used by MS Outlook express, or for emails sent outside the MS Exchange environment), and then open it in a text editor . . .

. . . we can see that the embedded image has been encoded into a series of alphanumeric characters. This is Base64 encoding - a way of converting binary information into text . Groups of 8 bit patterns are segmented into 6 bits and assigned any of the characters from A-Z; a-z; 0-9, or two other optional characters.

The Base64 encoding, can be decoded at http://www.askapache.com/online-tools/base64-image-converter/ . . . and encoded images can be viewed.

When conducting electronic discovery consider the fact that you may get false positives in base64 encoding, as it tends to randomly generate many sequences of strings that can by chance match keywords. See page 38, footnote 8 of Craig Ball's Electronic Discovery Workbook.


Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

​

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

​

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page