Quote (Azrad @ Apr 17 2010 08:28pm)
The file size of the .txt files is similar to just a sack full of zeros. When i scrolled through them with a hex editor. I saw nothing but 0's. It is possible there were some non-zeros there I didn't notice but I don't think so. IF they only contain 0's then they can't possibly contain any data. Think about it this way:
If you are given the message:
00000000000
And the desired message is:
eat at joes
The algorithm to do this is literally "eat at joes". In other words to change the original message to the desired message you need the entire desired message. If you have the entire desired message then you don't need the original message. If you don't have the entire desired message, you can never transform the original into the desired message. If the original message was not just 0's, but was "eat at joes" scrambled we might have something to work with, but this does not appear to be the case. Summary: I'm sorry but those files contain nothing; there is nothing to restore

Your only hope is to find a different copy of those files.
I'll use your keys on the m$word files and have a look.
Yeah, I do not have access to the image I got the files out of, but I would be willing to bet that he buried something in the slack of those text documents, rather than having it in the documents themselves. Thanks for confirming that they are worthless as-is though.
Just as a side note, I am a fairly competent Windows user (however, I am obviously ignorant as to *nix operations and objects), I was just looking for second opinions on these. These files were part of a huge image that was full of files that were encrypted, altered, and hidden in many other ways to test what we learned in our forensics class this semester. These were just the few that have evaded me, as of yet.
Thanks for looking at these mate, you seem like a nice guy.
This post was edited by GodFollower on Apr 17 2010 09:02pm