Difference between pages "Yahoo! Mail Header Format" and "File Format Identification"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m
 
Line 1: Line 1:
DomainKey-Signature
+
File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.
<pre>
+
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
+
  s=s1024; d=yahoo.com;
+
  h=Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
+
  b=ql3kRKrhner1LTFFVBgCYI1uqK4+8hrb6d/Fefr/HkLuObQwIrIpEXA1OiagbuFZU+H+ue1anFvm1cHQ4hjpdUcjpIIPL7ldNL9YnOxauugdVW+
+
  OpbTvAu0XaGf2t7eBqOWJF0Y5gM7TE27WdElgVRikunfCQca1VFV6KSuQP0o=;
+
</pre>
+
  
Mail Header
+
=Tools=
<pre>
+
==libmagic==
Date: Sat, 28 Jul 2007 03:13:23 -0700 (PDT)
+
* Written in C.
From: Username <username@sendinghost.com>
+
* Rules in /usr/share/file/magic and compiled at runtime.
Subject: header test
+
* Powers the Unix “file” command, but you can also call the library directly from a C program.
To: Username <username@receivinghost.com>
+
* http://sourceforge.net/projects/libmagic
MIME-Version: 1.0
+
 
Content-Type: multipart/alternative; boundary="0-557670082-1185617603=:22564"
+
==DROID==
Content-Transfer-Encoding: 8bit
+
* Writen in Java
Message-ID: <244695.22564.qm@web45214.mail.sp1.yahoo.com>
+
* Developed by National Archives of the United Kingdom.
</pre>
+
* http://droid.sourceforge.net
 +
 
 +
==TrID==
 +
* XML config file
 +
* Closed source; free for non-commercial use
 +
* http://mark0.net/soft-trid-e.html
 +
 
 +
==Stellent/Oracle Outside-In==
 +
* Proprietary but free demo.
 +
* http://www.oracle.com/technology/products/content-management/oit/oit_all.html
 +
 
 +
[[Category:Tools]]
 +
 
 +
=Bibliography=
 +
Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.
 +
 
 +
* Mason McDaniel, Automatic File Type Detection Algorithm, Masters Thesis, James Madison University,2001
 +
 
 +
* [http://www2.computer.org/portal/web/csdl/abs/proceedings/hicss/2003/1874/09/187490332a.pdf Content Based File Type Detection Algorithms], Mason McDaniel and M. Hossain Heydari, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003.
 +
 
 +
* [http://www1.cs.columbia.edu/ids/publications/FilePrintPaper-revised.pdf Fileprints: identifying file types by n-gram analysis], LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B..,  IProceeding of the 2005 IEEE workshop on information assurance; 2005 [http://www.itoc.usma.edu/workshop/2005/Papers/Follow%20ups/FilePrintPresentation-final.pdf [slides]]
 +
 
 +
* [http://ieeexplore.ieee.org/iel5/10992/34632/01652088.pdf  File type identification of data fragments by their binary structure. ], Karresand Martin, Shahmehri Nahid. Proceedings of the IEEE workshop on information assurance; 2006b. p. 140–7. [http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]]
 +
 
 +
* FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.
 +
 
 +
* [https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2007-19.pdf Using Artificial Neural Networks for Forensic File Type Identification], Ryan M. Harris, Master's Thesis, Purdue University, May 2007
 +
 
 +
* [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
 +
 
 +
[[Category:Bibliography]]

Revision as of 00:32, 20 October 2008

File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.

Tools

libmagic

  • Written in C.
  • Rules in /usr/share/file/magic and compiled at runtime.
  • Powers the Unix “file” command, but you can also call the library directly from a C program.
  • http://sourceforge.net/projects/libmagic

DROID

TrID

Stellent/Oracle Outside-In

Bibliography

Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.

  • Mason McDaniel, Automatic File Type Detection Algorithm, Masters Thesis, James Madison University,2001
  • FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.