Difference between revisions of "File Format Identification"

From ForensicsWiki
Jump to: navigation, search
m
m
Line 2: Line 2:
  
 
=Tools=
 
=Tools=
 +
==libmagic==
 +
* Written in C.
 +
* Rules in /usr/share/file/magic and compiled at runtime.
 +
* Powers the Unix “file” command, but you can also call the library directly from a C program.
 +
* http://sourceforge.net/projects/libmagic
 +
 +
==DROID==
 +
* Writen in Java
 +
* Developed by National Archives of the United Kingdom.
 +
* http://droid.sourceforge.net
 +
 +
==TrID==
 +
* XML config file
 +
* Closed source; free for non-commercial use
 +
* http://mark0.net/soft-trid-e.html
 +
 +
==Stellent/Oracle Outside-In==
 +
* Proprietary but free demo.
 +
* http://www.oracle.com/technology/products/content-management/oit/oit_all.html
 +
 
[[Category:Tools]]
 
[[Category:Tools]]
  

Revision as of 20:28, 19 October 2008

File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.

Tools

libmagic

  • Written in C.
  • Rules in /usr/share/file/magic and compiled at runtime.
  • Powers the Unix “file” command, but you can also call the library directly from a C program.
  • http://sourceforge.net/projects/libmagic

DROID

TrID

Stellent/Oracle Outside-In

Bibliography