Difference between revisions of "File Format Identification"

From ForensicsWiki
Jump to: navigation, search
m
m (Bibliography)
(One intermediate revision by the same user not shown)
Line 27: Line 27:
 
Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.
 
Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.
  
; [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
+
* Mason McDaniel, Automatic File Type Detection Algorithm, Masters Thesis, James Madison University,2001
  
; [http://ieeexplore.ieee.org/iel5/10992/34632/01652088.pdf File type identification of data fragments by their binary structure. ], Karresand Martin, Shahmehri Nahid. Proceedings of the IEEE workshop on information assurance; 2006b. p. 140–7. [http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]]
+
* [http://www2.computer.org/portal/web/csdl/abs/proceedings/hicss/2003/1874/09/187490332a.pdf Content Based File Type Detection Algorithms], hicss,pp.332a, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003.
  
; [http://www1.cs.columbia.edu/ids/publications/FilePrintPaper-revised.pdf Fileprints: identifying file types by n-gram analysis], LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B..,  IProceeding of the 2005 IEEEworkshop
+
* [http://www1.cs.columbia.edu/ids/publications/FilePrintPaper-revised.pdf Fileprints: identifying file types by n-gram analysis], LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B..,  IProceeding of the 2005 IEEEworkshop
 
on information assurance; 2005 [http://www.itoc.usma.edu/workshop/2005/Papers/Follow%20ups/FilePrintPresentation-final.pdf [slides]]
 
on information assurance; 2005 [http://www.itoc.usma.edu/workshop/2005/Papers/Follow%20ups/FilePrintPresentation-final.pdf [slides]]
  
; [http://www2.computer.org/portal/web/csdl/abs/proceedings/hicss/2003/1874/09/187490332a.pdf Content Based File Type Detection Algorithms], hicss,pp.332a, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003.
+
* [http://ieeexplore.ieee.org/iel5/10992/34632/01652088.pdf  File type identification of data fragments by their binary structure. ], Karresand Martin, Shahmehri Nahid. Proceedings of the IEEE workshop on information assurance; 2006b. p. 140–7. [http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]]
 +
 
 +
* [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
  
 
[[Category:Bibliography]]
 
[[Category:Bibliography]]

Revision as of 23:18, 19 October 2008

File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.

Tools

libmagic

  • Written in C.
  • Rules in /usr/share/file/magic and compiled at runtime.
  • Powers the Unix “file” command, but you can also call the library directly from a C program.
  • http://sourceforge.net/projects/libmagic

DROID

TrID

Stellent/Oracle Outside-In

Bibliography

Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.

  • Mason McDaniel, Automatic File Type Detection Algorithm, Masters Thesis, James Madison University,2001

on information assurance; 2005 [slides]