SANS Digital Forensics and Incident Response Blog: Daily Archives: Sep 29, 2010

6 Hex Editors for Malware Analysis

Hex editors allow examining and modifying a file at the low-level of bytes and bits, usually representing the file's contents in hexadecimal form. Some editors distinguish themselves at helping the user derive meaning from the examined file, extracting ASCII and Unicode contents, searching for patterns, recognizing common structures, and so on. There are lots of hex editors out there; I want to mention a few that I find particularly useful for analyzing malware and examining malicious document files.


FileInsight is a free hex editor from McAfee Labs that runs on Microsoft Windows (download zip file). As expected, it can perform