Java Object Serialization (Java is a trade mark of Sun Microsystems, Inc.) encodes an objects graph as a stream of bytes that is unreadable by the user. The only way to inspect (and potentially modify) this stream of bytes is to write a Java application, linked with the library containing the definition classes of the serialized objects, that reads this stream and displays it in a user-friendly way.
Although Java Object Serialization is discussed in detail, the described method and system may be implemented in languages other than Java (for instance, C++, C# or JavaScript embedded in a browser).
Java Object Serialization is a mechanism that supports encoding of an object and the objects reachable from it into a stream of bytes, and the reverse decoding operation. This mechanism is broadly used to address two problems:
1. Persistence of a Java object graph.
2. Inter-process communication.
As far as inter-process communication is concerned, two types of usages have emerged:
2a. Remote Method Invocation (RMI) is a Java built-in framework for transparently manipulating instances living in a remote process.
2b. Use of the serialized stream as the message exchanged between a client and a server. In this case, Java Serialized Objects are often used as an alternative to XML (extended markup language), if both clients and servers are using Java.
Usages 1 and 2b have one common point: the “serialized form” of a Java object graph is stored in a location external to the software that is able to read and write it, be it the file system, a database or a communication layer such as the HTTP (hypertext transfer protocol) protocol. This aspect allows a user to inspect the content of the serialized form. There are various reasons why a user would want to do this:                In an application debugging phase, one would want to verify that the serialized form contains the expected data, to determinate if the problem occurs before serialization, or after deserialization (or on the client or server side if a client-server architecture is involved).        In a testing phase, one would want to test half of the system (data producing vs. data consuming), verifying that a sub-system sends the expected data, or accepts a set of input data, without relying of the other sub-systems.        While evaluating security, one would want to verify which data could be exposed to a malicious user.        
The common solution to address these concerns is to write an ad hoc Java application, linked with the library that contains the definition classes of the serialized objects. The Java application needs to be hand-written, or can be generated by an automatic tool that first deserializes the objects, then uses Java reflection to display their content. Either way, the definition classes library of the objects is required, and some manual steps are required in order to view the serialized stream content.