Difference between revisions of "Gzip"

From Forensics Wiki
Jump to: navigation, search
(Extra flags)
Line 46: Line 46:
 
| Operating system <br> Value that indicates on which operating system the gzip file was created.
 
| Operating system <br> Value that indicates on which operating system the gzip file was created.
 
|}
 
|}
 +
 +
==== Compression method ====
 +
* 0-7 - Reserved
 +
* 8 - "deflate" or zlib compressed data
  
 
==== Extra flags ====
 
==== Extra flags ====

Revision as of 01:33, 28 November 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Contents

File format

The gzip file (.gz) format consists of:

  • a file header
  • optional extra headers, such as the original file name,
  • a body, containing a DEFLATE-compressed payload
  • an 8-byte footer, containing a CRC-32 checksum and the length of the original uncompressed data.

File header

The file header is 10 bytes in size and contains:

Offset Size Value Description
0 2 0x1f 0x8b Signature (or identification byte 1 and 2)
2 1 Compression Method
3 1 Flags
4 4 Last modification time
Contains a POSIX timestamp.
8 1 Extra flags
9 1 Operating system
Value that indicates on which operating system the gzip file was created.

Compression method

  • 0-7 - Reserved
  • 8 - "deflate" or zlib compressed data

Extra flags

If compression method is 8 the following extra flags can be defined:

  • 0x02 - compressor used maximum compression, slowest algorithm
  • 0x04 - compressor used fastest algorithm

External Links