Difference between pages "Zip" and "File:5-Nexus4-RemoveScrews.jpg"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External file attributes)
 
 
Line 1: Line 1:
{{expand}}
 
  
.ZIP is an archive file format that supports lossless data compression.
 
 
<b>TODO</b> describe ZIP64
 
 
== File format ==
 
 
{| class="wikitable"
 
! align="left"| Characteristics
 
! Description
 
|-
 
| Byte order
 
| little-endian
 
|-
 
| Date and time values
 
|
 
|-
 
| Character strings
 
|
 
|}
 
 
=== Central directory (archived) file header ===
 
The central directory (archived) file header is variable of size and consists of:
 
 
{| class="wikitable"
 
! align="left"| Offset
 
! Size
 
! Value
 
! Description
 
|-
 
| 0
 
| 4
 
| "PK\x01\x02"
 
| Signature
 
|-
 
| 4
 
| 2
 
|
 
| Creator version
 
|-
 
| 6
 
| 2
 
|
 
| Extractor version
 
|-
 
| 8
 
| 2
 
|
 
| Flags
 
|-
 
| 10
 
| 2
 
|
 
| Last modification time
 
|-
 
| 12
 
| 2
 
|
 
| Last modification date
 
|-
 
| 14
 
| 4
 
|
 
| Checksum (CRC-32)
 
|-
 
| 18
 
| 4
 
|
 
| Uncompressed data size
 
|-
 
| 22
 
| 4
 
|
 
| Compressed data size
 
|-
 
| 26
 
| 2
 
|
 
| File name size
 
|-
 
| 28
 
| 2
 
|
 
| Extra field size
 
|-
 
| 30
 
| 2
 
|
 
| File comment size
 
|-
 
| 32
 
| 2
 
|
 
| Segment file (disk) number
 
|-
 
| 34
 
| 2
 
|
 
| internal file attributes
 
|-
 
| 36
 
| 4
 
|
 
| external file attributes
 
|-
 
| 40
 
| 4
 
|
 
| local header offset <br> The offset of the local header relative to the start of the segment file it is stored in.
 
|-
 
| 44
 
| ...
 
|
 
| File name
 
|-
 
| ...
 
| ...
 
|
 
| Extra field
 
|-
 
| ...
 
| ...
 
|
 
| File comment
 
|}
 
 
==== Creator version ====
 
The creator (or version made by) is 2 bytes of size and consists of:
 
{| class="wikitable"
 
! align="left"| Offset
 
! Size
 
! Value
 
! Description
 
|-
 
| 0
 
| 1
 
|
 
| ZIP format version <br> The value is stored as: ( major number x 10 ) + minor number
 
|-
 
| 1
 
| 1
 
|
 
| Creator system indicator
 
|}
 
 
===== Creator system indicator =====
 
{| class="wikitable"
 
! align="left"| Value
 
! Identifier
 
! Description
 
|-
 
| 0
 
|
 
| MS-DOS and OS/2 (FAT / VFAT / FAT32 file systems) or compatible systems
 
|-
 
| 1
 
|
 
| Amiga
 
|-
 
| 2
 
|
 
| OpenVMS
 
|-
 
| 3
 
|
 
| UNIX
 
|-
 
| 4
 
|
 
| VM/CMS
 
|-
 
| 5
 
|
 
| Atari ST
 
|-
 
| 6
 
|
 
| OS/2 H.P.F.S.
 
|-
 
| 7
 
|
 
| Macintosh
 
|-
 
| 8
 
|
 
| Z-System
 
|-
 
| 9
 
|
 
| CP/M
 
|-
 
| 10
 
|
 
| Windows NTFS
 
|-
 
| 11
 
|
 
| MVS (OS/390 - Z/OS)
 
|-
 
| 12
 
|
 
| VSE
 
|-
 
| 13
 
|
 
| Acorn Risc
 
|-
 
| 14
 
|
 
| VFAT
 
|-
 
| 15
 
|
 
| alternate MVS
 
|-
 
| 16
 
|
 
| BeOS
 
|-
 
| 17
 
|
 
| Tandem
 
|-
 
| 18
 
|
 
| OS/400
 
|-
 
| 19
 
|
 
| OS X (Darwin)
 
|-
 
| 20 - 255
 
|
 
| unused
 
|}
 
 
==== Internal file attributes ====
 
{| class="wikitable"
 
! align="left"| Value
 
! Identifier
 
! Description
 
|-
 
| 0x01
 
|
 
| If set the uncompressed data needs to be treated as text instead of binary data. <br> This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
 
|-
 
| 0x02
 
|
 
| If set the file contains control fields for mainframe data transfer support.
 
|}
 
 
==== External file attributes ====
 
The external attributes are creator system dependent.
 
 
The external attributes MS-DOS (0) is 4 bytes of size and consists of:
 
{| class="wikitable"
 
! align="left"| Offset
 
! Size
 
! Value
 
! Description
 
|-
 
| 0
 
| 1
 
|
 
| FAT (MS-DOS) file attributes.
 
|-
 
| 1
 
| 3
 
|
 
| Unknown
 
|}
 
 
The external attributes UNIX (3) is 4 bytes of size and consists of:
 
{| class="wikitable"
 
! align="left"| Offset
 
! Size
 
! Value
 
! Description
 
|-
 
| 0
 
| 1
 
|
 
| FAT (MS-DOS) file attributes.
 
|-
 
| 1
 
| 1
 
|
 
| Unknown
 
|-
 
| 2
 
| 12 bits
 
|
 
| The UNIX mode (or permission).
 
|-
 
| 3.4
 
| 4 bits
 
|
 
| Unknown (flags?) <br> 0x4 is regular file? <br> 0x8 is directory?
 
|}
 
 
== External Links ==
 
 
* [http://www.pkware.com/documents/casestudies/APPNOTE.TXT .ZIP File Format Specification], PKWARE Inc., September 1, 2012
 
* [http://en.wikipedia.org/wiki/Zip_(file_format) Wikipedia: Zip (file format)]
 
 
[[Category:File Formats]]
 

Latest revision as of 13:09, 6 December 2013