|
|
| Line 1: |
Line 1: |
| − | File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.
| + | #REDIRECT [[Operating system]] |
| − | | + | |
| − | =Tools=
| + | |
| − | ==libmagic==
| + | |
| − | * Written in C.
| + | |
| − | * Rules in /usr/share/file/magic and compiled at runtime.
| + | |
| − | * Powers the Unix “file” command, but you can also call the library directly from a C program.
| + | |
| − | * http://sourceforge.net/projects/libmagic
| + | |
| − | | + | |
| − | ==DROID==
| + | |
| − | * Writen in Java
| + | |
| − | * Developed by National Archives of the United Kingdom.
| + | |
| − | * http://droid.sourceforge.net
| + | |
| − | | + | |
| − | ==TrID==
| + | |
| − | * XML config file
| + | |
| − | * Closed source; free for non-commercial use
| + | |
| − | * http://mark0.net/soft-trid-e.html
| + | |
| − | | + | |
| − | ==Stellent/Oracle Outside-In==
| + | |
| − | * Proprietary but free demo.
| + | |
| − | * http://www.oracle.com/technology/products/content-management/oit/oit_all.html
| + | |
| − | | + | |
| − | [[Category:Tools]]
| + | |
| − | | + | |
| − | =Bibliography=
| + | |
| − | Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.
| + | |
| − | | + | |
| − | * Mason McDaniel, [[Media:Mcdaniel01.pdf|Automatic File Type Detection Algorithm]], Masters Thesis, James Madison University,2001
| + | |
| − | | + | |
| − | * [http://www2.computer.org/portal/web/csdl/abs/proceedings/hicss/2003/1874/09/187490332a.pdf Content Based File Type Detection Algorithms], Mason McDaniel and M. Hossain Heydari, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003.
| + | |
| − | | + | |
| − | * [http://www1.cs.columbia.edu/ids/publications/FilePrintPaper-revised.pdf Fileprints: identifying file types by n-gram analysis], LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B.., IProceeding of the 2005 IEEE workshop on information assurance; 2005 [http://www.itoc.usma.edu/workshop/2005/Papers/Follow%20ups/FilePrintPresentation-final.pdf [slides]]
| + | |
| − | | + | |
| − | * [http://ieeexplore.ieee.org/iel5/10992/34632/01652088.pdf File type identification of data fragments by their binary structure. ], Karresand Martin, Shahmehri Nahid. Proceedings of the IEEE workshop on information assurance; 2006. p. 140–7. [http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]]
| + | |
| − | | + | |
| − | * FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.
| + | |
| − | | + | |
| − | * [https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2007-19.pdf Using Artificial Neural Networks for Forensic File Type Identification], Ryan M. Harris, Master's Thesis, Purdue University, May 2007
| + | |
| − | | + | |
| − | * [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
| + | |
| − | | + | |
| − | * [http://www.micsymposium.org/mics_2005/papers/paper7.pdf File Type Detection Technology], Douglas J. Hickok, Daine Richard Lesniak, Michael C. Rowe, 2005 Midwest Instruction and Computing Symposium.
| + | |
| − | | + | |
| − | * # Karresand M., Shahmehri N., [[http://dx.doi.org/10.1007/0-387-33406-8_35 Oscar: File Type Identification of Binary Data in Disk Clusters and RAM Pages]], Proceedings of IFIP International Information Security Conference: Security and Privacy in Dynamic Environments (SEC2006), Springer, ISBN 0-387-33405-x, pp 413-424, May 22 - 24, Karlstad, Sweden. Journal page.
| + | |
| − | | + | |
| − | [[Category:Bibliographies]]
| + | |
