Craig Ball's Electronic Discovery Workbook Part 6 - Outline

Here's a continuation of my outline of the 2016 edition of Craig Ball's Electronic Discovery Workbook which I last posted about January 21, 2017.

IX. Encoding: Decimal, Binary, Hexadecimal and Base64 A. Decimal and Binary: Base 10 and Base Two 1. All digital evidence is encoded. 2. Base 10 – decimal system 3. Base 2 binary 4. Base 16 hexadecimal

B. Bits 1. Every bit a 0 or 1. 2. A binary number is only composed of 0’s and 1’s. Each 0 and 1 is multiplied by 2 to the nth power of its position in the binary number, running backwards and ending in zero, and then all are added together. E.g. So 10101 is (1 x 24)+(0 x 23)+(1 x 22)+(0 x 21)+(1 x 20), which adds up to 21.

C. Bytes 1. A byte is a string of 8 bits. 2. The biggest number that can be stored as one byte is 11111111 which is equal to 255. With 00000000 there are 256 numbers which can be stored as one byte. 3. Any number greater than 256 requires two bytes (256 x 256 = 65,536); greater than 65,536 requires 3 bytes. 4. Four bytes are called a long word.

D. ASCII Decoder Ring 1. American Standard Code for Information Interchange Set limited to 128 characters so any character can be expressed as seven bits (27 = 128) or less than one byte. 2. In the ASCII table a is 01100001 in binary and in decimal 097. [ (0 x 27) + (1 x 26) + (1 x 25) + (0 x 24) + (0 x 23) + (0 x 22) + (0 x 21) + (1 x 20) 3. Beyond the standard 128 characters additional characters were mapped to the same byte values by different systems or different code pages. 4. International standard developed in ISO-8859, but Microsoft adopts Windows code page using Windows-1252 (ANSI), mostly similar to ISO-8859.

E. Unicode 1. Standardizes the encoding of 100 written languages called scripts using 110,182 characters. 2. UTF-8 is the most widely used encoding standard and it incorporates the ASCII and ANSI sets.

F. Hex 1. Each digit can be any value from 0 to 15. 2. Four binary digits can be replaced by one hexadecimal digit. 3. A byte can be expressed as 2 hex characters. 4. To find what character a hex code represents refer to this chart where the first character is a row and the second a column. So ‘s’ would be 73, which in binary is 01110011.

5. ASCII is an encoding scheme, but the notation is hexadecimal. 6. Binary Header signature at the start of any file will serve to identity the type of data in the file. 50 4B or PK indicates a compressed ZIP file.

G. Base64 1. Everything in any email is plain text. Simple Mail Transfer Protocol (SMTP) supports only 7 bit ASCII characters. 2. Base64 substitutes 64 printable characters for (A-Z, a-z, 0-9, + and /) for any binary data or foreign characters, so attachments can be transmitted via email.