ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "File Format Identification"

From ForensicsWiki
Jump to: navigation, search
m
m (Bibliography)
Line 29: Line 29:
 
; [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
 
; [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
  
 
+
; Karresand Martin, Shahmehri Nahid. File type identification of data fragments by their binary structure. In:
 +
Proceedings of the IEEE workshop on information assurance; 2006b. p. 140–7. [http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]]
  
 
[[Category:Bibliography]]
 
[[Category:Bibliography]]

Revision as of 03:11, 20 October 2008

File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.

Tools

libmagic

  • Written in C.
  • Rules in /usr/share/file/magic and compiled at runtime.
  • Powers the Unix “file” command, but you can also call the library directly from a C program.
  • http://sourceforge.net/projects/libmagic

DROID

TrID

Stellent/Oracle Outside-In

Bibliography

Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.

Predicting the Types of File Fragments, William Calhoun, Drue Coles, DFRWS 2008 [slides]
Karresand Martin, Shahmehri Nahid. File type identification of data fragments by their binary structure. In

Proceedings of the IEEE workshop on information assurance; 2006b. p. 140–7. [slides]