A Visual Study of Primitive Binary Fragment Types

Abstract

We argue that visual analysis of binary data objects such as data files, process memory, and file systems presented as grayscale graphical depictions helps distinguish structurally different regions of data and thus facilitates a wide range of analytic tasks such as fragment classification, file type identification, location of regions of interest, and other tasks that require an understanding of the “primitive” data types the objects contain. We believe that, due to the high visual value of this data presentation, such visual analysis is an invaluable help in low-level study of binary data objects and in understanding their structure, and that tools for such visual analysis belong in the toolkit of every researcher studying binary data. In an effort to facilitate development of such tools, this paper presents a visual study of binary fragments created by common kinds of software, and offers a descriptive taxonomy of primitive binary fragments and their graphical depictions. Although significant research has gone into the study of binary fragments, the depth and breadth of this study to date has been limited. Thus the primary contribution of this paper is an extensible and visual taxonomy to assist and inform researchers conducting low-level analysis of binary objects.

5 Figures and Tables

Cite this paper

@inproceedings{Conti2010AVS, title={A Visual Study of Primitive Binary Fragment Types}, author={Gregory Conti and Sergey Bratus and Anna Shubina and A. J. Lichtenberg and Roy Ragsdale and Robert Perez-Alemany and Benjamin Sangster and Matthew Supan}, year={2010} }