Difference between revisions of "File Format Identification"

From ForensicsWiki
Jump to: navigation, search
m
m (Bibliography)
(One intermediate revision by one other user not shown)
Line 43: Line 43:
 
* [http://www.micsymposium.org/mics_2005/papers/paper7.pdf File Type Detection Technology], Douglas J. Hickok, Daine Richard Lesniak, Michael C. Rowe, 2005 Midwest Instruction and Computing Symposium.
 
* [http://www.micsymposium.org/mics_2005/papers/paper7.pdf File Type Detection Technology], Douglas J. Hickok, Daine Richard Lesniak, Michael C. Rowe, 2005 Midwest Instruction and Computing Symposium.
  
* Karresand and Shahmehri, 2006 Martin Karresand and Nahid Shahmehri, Oscar – file type identification of binary data in disk clusters and RAM pages, IFIP security and privacy in dynamic environments vol. 201 (2006) p. 413–424.  
+
* # Karresand M., Shahmehri N., [[http://dx.doi.org/10.1007/0-387-33406-8_35 Oscar: File Type Identification of Binary Data in Disk Clusters and RAM Pages]], Proceedings of IFIP International Information Security Conference: Security and Privacy in Dynamic Environments (SEC2006), Springer, ISBN 0-387-33405-x, pp 413-424, May 22 - 24, Karlstad, Sweden. Journal page.  
  
[[Category:Bibliography]]
+
[[Category:Bibliographies]]

Revision as of 12:51, 1 January 2009

File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.

Tools

libmagic

  • Written in C.
  • Rules in /usr/share/file/magic and compiled at runtime.
  • Powers the Unix “file” command, but you can also call the library directly from a C program.
  • http://sourceforge.net/projects/libmagic

DROID

TrID

Stellent/Oracle Outside-In

Bibliography

Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.

  • FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.