ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "File Format Identification"

From ForensicsWiki
Jump to: navigation, search
m
m
Line 2: Line 2:
  
 
=Tools=
 
=Tools=
 +
==libmagic==
 +
* Written in C.
 +
* Rules in /usr/share/file/magic and compiled at runtime.
 +
* Powers the Unix “file” command, but you can also call the library directly from a C program.
 +
* http://sourceforge.net/projects/libmagic
 +
 +
==DROID==
 +
* Writen in Java
 +
* Developed by National Archives of the United Kingdom.
 +
* http://droid.sourceforge.net
 +
 +
==TrID==
 +
* XML config file
 +
* Closed source; free for non-commercial use
 +
* http://mark0.net/soft-trid-e.html
 +
 +
==Stellent/Oracle Outside-In==
 +
* Proprietary but free demo.
 +
* http://www.oracle.com/technology/products/content-management/oit/oit_all.html
 +
 
[[Category:Tools]]
 
[[Category:Tools]]
  

Revision as of 01:28, 20 October 2008

File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.

Tools

libmagic

  • Written in C.
  • Rules in /usr/share/file/magic and compiled at runtime.
  • Powers the Unix “file” command, but you can also call the library directly from a C program.
  • http://sourceforge.net/projects/libmagic

DROID

TrID

Stellent/Oracle Outside-In

Bibliography