Base64 encoding

When emails are sent from one system to another often Base64 encoding in employed in the Simple Message Transfer Protocol. So for example when we begin with an Outlook message (from the Enron email data set - see the August 7, 2015 Tip of the Night)

that is forwarded to a Hotmail account . . .

. . . and then we save that email as .eml file (used by MS Outlook express, or for emails sent outside the MS Exchange environment), and then open it in a text editor . . .

. . . we can see that the embedded image has been encoded into a series of alphanumeric characters. This is Base64 encoding - a way of converting binary information into text . Groups of 8 bit patterns are segmented into 6 bits and assigned any of the characters from A-Z; a-z; 0-9, or two other optional characters.

The Base64 encoding, can be decoded at . . . and encoded images can be viewed.

When conducting electronic discovery consider the fact that you may get false positives in base64 encoding, as it tends to randomly generate many sequences of strings that can by chance match keywords. See page 38, footnote 8 of Craig Ball's Electronic Discovery Workbook.

Contact Me With Your Litigation Support Questions:

  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with